Computer Security
[EN] securityvulns.ru
no-pyccku




31.08.2010
Detailed
 OpenOffice integer overflows
document Integer overflows in Impress.
  


30.08.2010
Detailed
 Cisco IOS XR BGP DoS
document Router may issue invalid announce on receiving prefix with malformed attribute.
 Deepin TFTP Server directory traversal
document Directory traversal on put / get operations.
 RealNetworks RealPlayer security vulnerabilities
document Memory corruption on FLV and IVR formats parsing.
 KDE okular buffer overflow
document Dynamic memory overflow on PDB files processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple browsers certificates validation weakness
document Wildmasks in certificates issued to IP address are enabled.
  


29.08.2010
Detailed
6!Apple Mac OS X memory corruption
document Memory corruption in Core Graphics on PDf files parsing.
  


26.08.2010
Detailed
8!Adobe Shockwave Player multiple security vulnerabilities
document Multiple memory corruptions.
7!Trend Micro Internet Security ActiveX code execution
document Code execution via extSetOwner
 GFI WebMonitor crossite scripting
document Crossite scripting in administration interface.
 HP MagCloud iPad App unauthorized data access
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Autonomy KeyView multiple security vulnerabilities
updated since 29.07.2010
document Buffer overflows, integer overflows, memory corruptions.
  


25.08.2010
Detailed
7!Novell iPrint multiple security vulnerabilities
updated since 08.08.2010
document Buffer overflows, unauthorized access, code execution, etc in iPrint Client Browser Plugin and iPrint Server.
 GNU gv symbolic links vulnerabilities
document Symbolic links vulnerability on temporary files creation.
  


23.08.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.08.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


20.08.2010
Detailed
6!SonicWALL SSL-VPN ActiveX format string vulnerability
document End-Point Interrogator/Installer ActiveX format string vulnerability in AuthCredential method.
 Muse media player buffer overflow
document Buffer overflow on .pls and .m3u playlists parsing :)
  


19.08.2010
Detailed
8!Apple iTunes multiple security uvlnerabilities
document Multiple memory corruptions on different media formats parsing, privilege escalations, code exeecution from network shares.
6!Microsoft Windows Kerberos tickets spoofing
document It's possible to logon with any account by manipulating network traffic.
 Triologic Media Player buffer overflow
document Buffer overflow on .m3u playlists parsing.
 Rekonq crossite scripting
document Crossite scriptin via error messages.
 FreeBSD / NetBSD Coda file system information leak
document Kernel memory information leak via IOCTL.
 Apache mod_proxy_http information leak
updated since 14.06.2010
document Under some conditions, server reply may be sent to wrong client.
  


17.08.2010
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Easy FTP Server buffer overflow
updated since 25.02.2010
document Buffer overflow on oversized CWD, DELE, STOR, RNFR, RMD, XRMD command.
  


16.08.2010
Detailed
7!Cisco IOS DoS
document Resources exhaustion via half open connections.
7!Microsoft Office multiple security vulnerabilities
updated since 11.08.2010
document Multiple memory corruptions on different data type parsing in Word and Excel.
 HP OpenView Network Node Manager code execution
   
 D-Link WBR-2310 wireless router DoS
document Crash on oversized HTTP request.
 SimpleWebServer DoS
document Crash on HTTP headers parsing.
 SWFTools integer overflows
document Integer overflows on PNG and JPEG files.
 Opera file download dialog spoofing
document It's possible to place windows on the top of file download dialog and to close it right before user's click.
  


14.08.2010
Detailed
9!Apple Webkit / Safari multiple security vulnerabilities
updated since 08.08.2010
document Information leak, crossdomain access, buffer overflows, memory corruptions.
 libpurple library / Pidgin DoS
document NULL pointer dereference on OSCAR protocol messages parsing (ICQ, AIM)
 Baby ASP Web Server / FTP Server / POP Server DoS
document Large number of established connections causes server to crash.
 Quick 'n Easy WEB Server / Quick 'n Easy FTP Server DoS
document Large number of established connections causes server to crash.
 gmime library buffer overflow
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 kvirc IRC client multiple security vulnerabilities
updated since 29.06.2010
document Directory traversal, format string vulnerability.
 TurboFTP FTP Server directory traversal
updated since 20.06.2010
document Directory traversal via mkdir and move command.
 libmikmod multiple buffer overflows
updated since 08.02.2010
document Multiple overflows on Impulse Tracker and Ultratracker format parsing.
  


12.08.2010
Detailed
6!PDF documents signature spoofing
document Document is hashed in a way it's possible to created 2 differently looging documents with same signature.
6!SAP Crystal Reports 2008 integer overflow
document Integer overflow on GIOP message processing.
6!Cisco Firewall Services Module / Adaptive Security Appliances / Application Control Engine multiple DoS conditions
updated since 05.08.2010
document DoS on SunRPC and SIP protocols inspection, DoS on TCP, RTSP, TLS connections and IKE.
 NetWordDLS Finger Server buffer overflow
document Oversized finger request buffer overflows.
 Novell Sentinel Log Manager code execution
document fileDownload and reportPluginUpload servlets allow privileged operations to be executed without authentication.
 Novell ZENWorks Remote Management Agent code execution
document Weak authentication allows code execution.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 w3m browser certificate spoofing
document It's possible to spoof certificate CN by using null character.
 2Wire rotuers session hijacking
document Weak PRNG implementation allows to hijack web administration session by guessing session id.
 Adobe Coldfusion administration panel directory traversals
document Multiple directory traversal vulnerabilities.
  


11.08.2010
Detailed
9!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruptions, crossite access.
8!Adobe Flash Player multiple security vulnerabilities
document Multiple memory corruptions.
8!Microsoft XML Core Services memory corruption
document Memory corruption on server's response pasrsing in XMLHTTP.
8!Microsoft Windows Schannel memory corruption
updated since 10.03.2009
document Memory corruption on TLS/SSL certificate parsing, certificate spoofing, connection hijacking.
7!Microsoft .Net and Silverlight security vulnerabilities
document Memory corruption, code execution.
7!Microsoft Windows SMB/CIFS service multiple security vulnerabilities
document Buffer overflow, privilege escalation, DoS.
7!Microsoft Windows DirectShow memory corruption
document Memory corruption on MP3 file parsing.
6!Microsoft Windows TCP/IP stack security vulnerabilities
document DoS, privilege escalation.
6!Microsoft Windows kernel multiple security vulnerabilities
updated since 10.08.2010
document Memory corruptions, privilege escalations, DoS.
 glpng library buffer overflow
document Heap buffer overflow in pngLoadRawF() function.
 Microsoft Windows Tracing Feature for Services security vulnerabilities
document Weak permissions on registry keys, buffer overflow on registry keys reading.
 Microsoft Windows Cinepak codec memory corruption
document Memory corruption on data decompression.
 Cisco Wireless Control System crossite scripting
updated since 09.08.2010
document Crossite scripting and SQL injection in Web interface.
 Microsoft Windows MovieMaker memory corruption
document Memory corruption on project file parsing.
  


09.08.2010
Detailed
6!Security vulnerabilities in HP ProCurve switches
document Unauthorized access, information leak, DoS.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 EMC Disk Library DoS
   
 QQ Computer Manager DoS
document Crash on IOCTL processing.
 socat buffer overflow
document Buffer overflow on command line arguments parsing.
  


08.08.2010
Detailed
6!Citrix Presentation Server Client buffer overflow
updated since 05.08.2010
document Buffer overflow on ICA server response parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 RSA enVision DoS
   
  


05.08.2010
Detailed
6!VxWorks weak wuthentication
document Weak password hashing algorythm with large collision probability.
6!Akamai Download Manager code execution
document It's possible to automatically download and execute file.
 Quick Easy FTP Server buffer overflow
document USER command buffer overflow.
 KMeleon buffer overflow
document Buffer overflow on oversized URL.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 cabextract code execution
   
 Apple Safari DoS
document Hang on oversized URL
  


03.08.2010
Detailed
6!Microsoft Windows shortcuts code execution
document Code execution on shortcut icon displaying.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru