Computer Security
[EN] no-pyccku

7!AIX libXm.a multiple bugs
7!Multiple IRIX bugs
document TCP connections spoofing, DoS.
7!IceCast array overflow
document Large number of headers in request leads to array overflow.
7!Multiple PHP request parsing bugs
updated since 16.09.2004
document Invalid request parameters parsing leads to leakage of memory content and rewriting of internal variables.
 PeopleSoft HRMS session spoofing
 Computer Associates Unicenter default password
document Database access password is stored in installation batch files as cleartext.
 freenet6 weak permissions
document tspc.conf file with login and password is world readable.
 MS SQL Server 7 buffer overflow
 HP StorageWorks protection bypass
document Protection bypass in Command View XP.
 ParaChat directory traversal
document Directory traversal with ..%5C/.

7!Multiple LessTif bugs
6!.Net server form authentication protection bypass
document By using backslash in the request path it's possible to access protected file.
 Linux CD protection bypass
document user with read-only access can bypass these permissions and perform write and erase operations on media in a drive.
 Multiple Emulive Server4 bugs
document DoS, protection bypass.
 Multiple DNS4ME bugs
document Crossite scripting, DoS.
 Multiple MyWebServer bugs
document DoS, administration interface protection bypass.
 AIX ctstrtcasd privilege escalation
document User can overwrite any file with -f option.
 Sendmail relaying
document Predefined user account is used to initialize SASL database.
 YahooPOPS buffer overflow
document Buffer overflow on oversized POP3 USER command and any SMTP request.

7!MDaemon buffer overflows
document Buffer overflows in multiple SMTP and IMAP commands.
6!Symantec Enterprise Firewall/Symantec Gateway Security multiple bugs
document DoS, UDP filtering bypass, SNMP information leakage.
 OpenBSD wuth RADIUS authorization module unauthorized access
document Response authenticator is not checked, it allows to spoof response from RADIUS server.
 Motorola Wireless Router WR850G unauthorized access
document Authentication bypass through web interface.
 Zinf buffer overflow
document Buffer overflow on parsing .jpg files.
 Canon imageRunner unauthorized access
document Printer accepts and prints SMTP messages.
 Multiple ActivePost bugs
document Buffer overflows, directory traversal, weak password encryption.
document Multiple bugs on malcrafted packet handling.
 Sophos Small Business Suite special DOS devices access
document By using special device name as a filename it's possible to access DOS device and bypass protection.
 Pinnacle ShowCenter DoS
document Web interface DoS with non-existant skin.
 PopMessenger DoS
document Program crashes on large number of characters outside base64 allowed range.
 jabberd DoS
document Server crashes on UTF8 data.
 Multiple getmail bugs
document Problems with file handling if application is executed with superuser privileges.
 ON Command CCM default pasword
document Few accounts with default passwords for Sybase database.

10!Buffer overflow in multiple OS telnetd
updated since 19.07.2001
document It's possible to overflow buffer with AYT telnet protocol command.
 CGI bugs
updated since 06.09.2004

 RSyncX privelege escalation
document Elevated privileges are not fully dropped.
 HP WebJetadmin code execution
 sdd/librmt bulnerability

6!Sudo symboli links problem
document Unsafe temporary fiels access in sudo -u.
6!Google Toolbar Local zone scripting
document By using resource from GoogleToolbar1.dll it's possible to execute scripting in local zone.
6!Microsoft Word WordPerfect filter buffer overflow
updated since 15.09.2004
document Buffer overflow on WordPerfect format parsing.
 Pigeon Server DoS
document Oversized username causes server to hang.
 Business Objects WebIntelligence protection bypass
document Access control is implemented on the client-side by only displaying the permitted actions in the browser.
 WhatsUp Gold special DOS device access
 Windows XP SP2 dangerous content filtering protection bypass
document Comment in predefined format causes content to bypass protection.
 multiple browsers cookie spoofing
updated since 25.08.2004
document It's possible to spoof cookies for few 3rd level domains.

7!Multiple BeaWeblogic bugs
document Weak JNDI trees protection, insufficient authorization for few weblogic.Admin methods, weak resource protection thorugh web.xml on case-insensitive filesystems, utilities passwords stored in cleartext, cleartext password leaked during reboot, technical information leak, logon with disabled accounts, important information sent in cleartext.
6!IBM Windows XP OEM version backdoor account
document During installation backdoor account is created with administrative privileges and empty password.
6!Multiple Apache bugs
document mod_dav DoS, local buffer overflows during config files parsing, potential buffer overflows in apr-util library.
6!squid buffer overflow
updated since 09.06.2004
document Buffer overflow if NTLM authentication is compiled.
 GNU Rarius SNMP integer overflow
document Integer overflow leads to unallocated memory access.
 MyServer multiple bugs
updated since 23.06.2003
document Multiple buffer overflows, directory travrsal, etc.

 SUS (extended su) format string bug
document Format string bug on syslog() call.
 Inkra 1504GX DoS
document Invalid IP options handling.

6!Multipel QNX utilities bugs
document Buffer overflow in Photon, format string in FTP client, race conditions in crrtrap.
6!Lexar JumpDrive Secure protection bypass
document It's possible to extract cleartext passwords.
 ZyXel Prestige information leak
document Memory fragments are leaked in ARP packets.
 Pingtel Xpressa DoS
document DoS through web interface.
 Multiple Samba bugs
document DoS against NetBIOS name service (nmbd), endless loop in SMBD.
 Mozilla Firefox weak permissions
document Weak permissions for executable files.

 Twin FTP Server directory traversal
 Serv-U DOS devices access
document STOUD command allows to access DOS devices.
 Gadu-Gadu buffer overflow
document Heap overflow in image send feature.
 StarOffice/OpenOffice symbolic links vulnerability
updated since 20.02.2001
document symlink problem during temporary files creation.

6!Multiple Axis products unauthorized access
updated since 25.08.2004
document It's possible to obtain or change administrative account anonymously.

 F-Secure Internet Gatekeeper DoS

7!Qt/imlib buffer overflow
updated since 22.08.2004
document Buffer overflow on BMP files paring.
6!Multiple Safari bugs
document Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access.
6!Usermin crossite scripting
document Crossite scripting with HTML messages.
 Net-Acct symbolic links problem
document Symbolic links problem on temporary files creation in "write_list()" and "dump_curr_list()" functions
 Serverview weak permissions
document Weak permissions for configuration file allow to change SNMP MIBs structure.
 multi-gnome-terminal information leak
document Keystrokes are logged to user's home in debugging mode.
 star privilege escalation
 cdrecord privilege escalation
document Privileges are not dropped on user specified program invocation.
 mpg123 buffer overflow
updated since 14.01.2003
document Stack overflow on mp3 frame processing in sync_stream() function.
 RKDetect - behaviour based rootkit detection utility
updated since 12.05.2004
document Rkdetect is a little anomaly detection tool which can find services hidden by generic Windows rootkits like Hacker Defender. Tool very simply. It enumerates services on remote computer through WMI (user level) and Services Control Manager (kernel level), compare result and display difference. In this way we can find hidden services which usual used to start rootkit. Similar approach can be used to enumerate processes, files, registry keys and anything that rootkits can to hide. Rkdetect available here: Updated on 08.09.2004: Support for localized systems added.

6!QNX PPPoEd buffer overflows
document Multipel buffer overflows on arguments parsing.
6!Engenio/LSI Logic Storage controllers DoS
updated since 06.09.2004
document Malcrafted TCP packet cause device to crash.

8!Multiple Microsoft Internet Explorer crossite scripting bugs
updated since 13.07.2004
document Same name function redirection crossite scripting, ADODB.Stream vulnerability variant (Shell.Application), mouse click hijacking with, Media Preview crossite scripting, drag-n-drop files to shell:Startup.
6!Solaris in.named DoS
document DoS during dynamic update handling.
 OpenCA crossite scripting
 Ruby symbolic links problem
document CGI::Session unsecurely creates temporary file.
 Multiple gnubiff bugs
document Buffer overflow and DoS in POP3 implementation.
 Dynalink routers backdoor account
document Built in account userNotUsed with userNotU password

6!Kazaa/Grokster Altnet download manager buffer overflows
document Buffer overflow in Altnet Download Manager.
 Multiple IMail DoS conditions
document Multiple bugs are fixed.
 CGI bugs
updated since 30.08.2004
 BadBlue DoS
document Number of concurrent connections is hardcoded.

 Multiple Xedus bugs
document Directory traversal, crossite scripting, DoS.
 Weak SSH default ocnfiguration
document TCP forwarding is allowed by default, it creates security problem for anonymous SSH access (for example with CVS).
 Apache mod_ssl DoS
document Child process goes to infinite loop on SSL connection abort.

 Multiple WinZip buffer overflows

6!Linux kernel integer overflows
document integer overflow on write() in kNFSd and XDR decoding.
 Cerbere Proxy DoS
document Oversized Host: header causes infinite loop.
 Keene Digital Media Server directory traversal
document Directory traversal with escape sequences.
 Player versus Player Gaming Network buffer overflow
document Buffer overflow in "/watchall" and "/unwatchall" commands.
 TYPSoft FTP Server DoS
document RETR . causes server to crash.
document Malformed CD causes server to crash.
 D-Link DCS-900 unauthorized IP address change
document Device is configured with broadcast packet without authentication.
 Debian calendar privilege escalation
document Privileges are not dropped on executing program specified by user.
document MLST command causes server to crash.
 SuSE memory cleartext passwords
document Cleartext passwords in memory are never wiped out, it leads to cleartext passwords visible in swap files.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod