Computer Security
[EN] securityvulns.ru no-pyccku



30.09.2005
Detailed
6!Helix Player / Real Player format string bug
updated since 27.09.2005
document Format string bugs on .rt / .rp files parsing.
 Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 26.09.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


29.09.2005
Detailed
 AIX getconf buffer overflow
   
 AbiWord buffer overflow
document Buffer overflow on RTF files parsing.
 Multiple NateOn Messenger vulnerabilities
updated since 12.07.2005
document Directory listing leakage, DoS.
  


28.09.2005
Detailed
7!Multiple Linux kernel vulnerabilities
updated since 10.09.2005
document Remote DoS with netfilter ipt_recent module. Privilege escalation with sendmsg() for amd64 platform. Reading kernel memory and IO ports with raw_sendmsg(). Memory leaks with procfs for SCSI drivers. USB DoS.
 Polipo web server directory traversal
   
 Sun Solaris XSun / Xprt privilege escalation
   
 Multiple antiviruses file scanning bypass and format string bug
document It's possible to bypass file scanning by using special characters (for example \01) in filename. Format string bug perenset while parsing filename in BitDefender.
  


27.09.2005
Detailed
8!Multiple MacOS X vulnerabilites
document ImageIO GIF files parsing buffer overflow, Mail.app information leakage, QuickDraw Manager PICT files parsing buffer overflow, Java virtual machine quick time extensions safe mode protection bypass, Safari crossite scripting.
6!Bluetooth headset hijacking
document It's possible to pair headset with RFCOMM connection even if headset is not in pairing mode.
 RSyslog SQL injection
document SQL injection on syslog message.
 Sony PlayStation Portable buffer overflow
document Buffer overflow on TIFF files parsing.
 FL Studio music sequencer buffer overflow
document Buffer overflow on parsing .flp files.
 Sun Solaris UFS file system driver DoS
document It's possible to cause "soft hang" if UFS logging is enabled.
 Nokia smartphones Nobex service DoS
document Server stops responding after receiving archive with special characters in the filename.
  


26.09.2005
Detailed
7!MacOS X malloc() privilege escalation
document With MallocLogFile it's possible to overwrite any system file with application which uses malloc() function.
7!Qpopper poppassd shared library privilege escalation
document User can specify shared library path for suid application.
6!Mozilla / Netscape / Firefox browsers buffer overflow
document Buffer oveflow on "zero-width non-joiner" sequence of Arabic Unicode characters.
6!wzdftpd unfiltered shell characters problem
document popen() unfiltered characters on SITE EXEC command.
 Ruby safe level protection bypass
document Error in eval.c in enforcing safe level protection.
 HylaFax symbolic links problem
document Symbolic links problem on temporary file creation in xferfaxstats script.
 Linux kernel fget() DoS
document sockfd_put() call is missed in routing_ioctl(), leading to resource consumption and system crash.
 Multiple MultiTheftAuto game server vulnerabilities
document DoS (unallocated memory access), anonymous message-of-the-day (mod) modification.
 SecureW2 weak encryption
document Weak PRNG generation algorithm for TLS pre-master key.
 Stoney FTPd buffer overflow
document Buffer overflow in PORT FTP command.
 Courier mail server crossite scripting
document Internet Explorer Conditional Comments crossite scripting with sqwebmail.
 7-Zip archiver buffer overflow
document Buffer overflow on parsing ARJ archives.
 PowerArchiver buffer overflow
document Buffer overflow on ARJ and ACE archives parsing.
 Acer TravelMate notebooks smart cards protection bypass
document It's possible to bypass screen locking with help system.
 Microsoft Windows win32k.sys DoS
document WM_CLOSE event for active drop-down menu causes system to crash.
  


21.09.2005
Detailed
7!Multiple ClamAV antivirus vulnerabilities
updated since 21.09.2005
document Buffer overflow on checking UPX-packed files, infinite loop on checking FSG-packed files.
6!Multiple Opera Mail agent vulnerabilities
document Attached files are opened from local cache making it's possible to execute javascript in context of "file://". By adding ',' character to file extension it's possible to bypass content filtering.
 Rational ClearQuest crossite scripting
   
 Sun Solaris tl driver DoS
   
 BNBT / CBTT / XBNBT DoS
   
 Checkpoint VPN-1 DoS
document Flood with specific spoofed packets from local network causes firewall to hang.
 Multiple masqmail vulnerabilities
document Unfiltered shell characters in the From: address, symbolic links problem during log file creation.
 Safari browser memory corruption
updated since 21.09.2005
document Invalid address reference on address like data://<h1>crash</h1>.
 HP Tru64 Unix ftpd DoS
   
 bacula symbolic links vulnerability
document Temporary files are created insecurely.
 Sybari Antigen e-mail content filtering protection bypass
document Messages with "Antigen forwarded attachment" in the Subject are not checked.
 Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 21.09.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


18.09.2005
Detailed
 p2play game engine code execution
document It's possiblt to execute code thorugh object pickles.
  


17.09.2005
Detailed
 Arc symbolic links problem
document Insecure temporary files creation.
 YaST packages management system weak permissions
document /var/adm/YaST/InstSrcManager/IS_CACHE_0x0000000X/DATA/descr file is world writable. There is a buffer overflow on oversized package location while parsing this file.
 Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 12.09.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.09.2005
Detailed
6!Multiple Ahnlab V3 Antivirus vulnerabilities
document Privilege escalation with v3flt2k.sys driver, buffer overflow and directory traversal on archives scanning.
 ncompress symbolic links problem
document Symbolic links problem on temporary file creation.
 gwcc symbolic links problem
document Symbolic links problem on temporary file creation.
 FileZilla FTP client information leak
document Configuration including FTP sites access passwords is stored in public directory.
 vxFtpSrv FTP server for Pocket PC buffer overflow
document Buffer overflow on oversized USER command.
 vxWeb Web server for Pocket PC buffer overflow
document Buffer overflow on oversized request URI.
 vxTftpSrv TFTP server for Pocket PC buffer overflow
document Buffer overflow on oversized file name.
 SimpleCDR-X symbolic links problem
document Insecure temporary files creation.
 NuMega SoftICE Driver Studio authentication bypass
document It's posible to access DriverStudio Remote Control with NTLM Null session.
 Avocents CCM console server protection bypass
document It's possible to bypass port access control.
 Orion / Compaq HTTP Server crossite scripting
document Crossite scripting with error messages.
 Turquoise SuperStat Fidonet / Usenet statistics utility buffer overflow
document Buffer overflow on NNTP server reply parsing.
  


15.09.2005
Detailed
6!Multiple Centericq vulnerabilities
document Integer signedness errors and integer overflow on different platforms.
 Lotus Domino crossite scripting
   
 GNU Texinfo symbolic links problem
document texindex symbolic links problem during temporary file creation.
 LineControl Java Client information leak
document User's password is visible in log file.
 Oracle Reports SQL injection
document It's possible to inject SQL to report if it uses lexical references without parameter validation.
 gtkdiskfree symbolic links problem
document Symbolic links problem on temporary files creation.
 VisualBoyAdvanced Nintendo emulator buffer overflow
document Buffer overflow on command line arguments parsing.
  


14.09.2005
Detailed
6!Avira antivirus buffer overflow
document Buffer overflow on parsing ACE archives.
 common-lisp-controller privilege escalation
document It's possible to inject code into the cache to be executed by another user on the first run of application.
 Multiple Linksys WRT54G router vulnerabilities
document Buffer overflow and possibility for unauthorized configuration / firmware modification, static HTTPs key, DoS.
 Mozilla Firefox cleartext password leak
updated since 20.07.2005
document Weak authentication algorithm may be choosen by browser even if stronger one is supported by server.
  


13.09.2005
Detailed
6!Squid proxy server DoS
updated since 03.09.2005
document Error in sslConnectTimeout() function causes server to crash. Aborted request causes assert() in proxy server.
 Ingate Firewall / Ingate SIParator crossite scripting
document Administrative Web interface crossite scripting.
 rdiff-backup protection bypass
document Directory access restrictions do not work.
 TMSNC Textbased MSN Client format string bug
document wprintw() format string bug.
 Snort Intrusion detection system DoS
document Crash on parsing TCP options in verbose mode.
 pam_per_user authentication module privilege escalation
document Having valid credentials on the system, it's possible to login with any account.
  


12.09.2005
Detailed
7!XFree86 / X.ORG X server integer overflow
document Integer overflow on huge pixmap images.
 COOL! Remote Control DoS
document DoS on handling malformed data to TCP/11980 port.
  


10.09.2005
Detailed
7!Netscape / Mozilla / Firefox buffer overflow
updated since 09.09.2005
document Buffer overflow on the links with international domain names (IDN).
 IBM OS/400 multiple certificate handling vulnerabilities
document Multiple vulnerabilities in certificates storing and validation.
 IBM OS/400 SNMP agent DoS
document Malformed SNMP message causes SNMP Agent and Trap Manager service to fail.
 Sun Java System Web Proxy Server DoS
document Three different vulnerabilities leading to server crash.
 Zebedee encrypted tunnel server DoS
document Some internal protocol header parameters lead to assert() in server application.
 KillProcess administration utility buffer overflow
document Buffer overflow on oversized process PE FileDescription field.
 Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 05.09.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


09.09.2005
Detailed
7!Multiple GNU mailutils mail server and client tools vulnerabilities
updated since 26.05.2005
document imap4D IMAP server heap overflow, format string bug and DoS conditions, 'mail' and imap4d buffer overflows.
6!NOD32 antivirus buffer overflow
document Heap overflow on the processing of ARJ with oversized filenames inside archive.
 Cisco Content Services Switch authentication bypass
document In case of SSL authentication client can be granted access on SSL reauthentication.
 Checkpoint NGX rule definition vulnerability
document "CIFS" rule includes all traffic.
 Cisco IOS buffer overflow
document Buffer overflow in FTP / telnet proxy authentication option.
 SecureOL VE2 virtual environment protection bypass
document It's possible to address physical memory directly from NTVDM subsystem.
 CUPS Unix print system DoS
document HTTP GET request with ..\.. in the path causes infinite loop in service.
 DC++ dirrect connect protocol client DoS
document During transfer of bzip2 compressed filelist decompressed list size is not controlled leading to possibility of resource exhaustion.
  


07.09.2005
Detailed
6!Apache mod_ssl unauthenticated access
updated since 05.09.2005
document Client can access path with "SSLVerifyClient require" without authentication in global settings for vurtual host have "SSLVerifyClient optional".
 Symantec Brightmail Antispam DoS
document CPU exhaustion on deeply neted archives, crash on TNEF messages processing.
 KDE kcheckpass privilege escalation
document Symbolic links problem within /var/lock directory.
 WebArchiveX ActiveX component unaauthorized access
document Insecure methods are available through 'safe for scripting' component.
 Microsoft IIS 5.1 source code leak
document Special WebDAv request to script located at FAT volume allows to retrieve source code.
  


06.09.2005
Detailed
 OpenTTD game (Transport Tycoon Deluxe clone) format string bug
document Format string bug on network data parsing.
 Multiple Oracle 10g client vulnerabilities
document Vulnerable versions of third party utilities are installed to system path location.
  


05.09.2005
Detailed
6!PCRE regular expressions library integer overflow
updated since 22.08.2005
document pcre_compile.c {} regexp parameter integer overflow.
6!ICMP and TCP timestamp attacks to reset TCP connections
updated since 13.04.2005
document By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease.
 Rediff Bol 7.0 ActiveX information leak
document With FullAddressBook method of Fetch.FetchContact.1 ActiveX control it's possible to obtain whole Windows address book.
 Free SMTP Server open relay
document Restriction to localhost relaying only doesn't work in default configuration.
 Microsoft Windows keyboard events design flow
document Application with diferent user's credentials may send keyboard events to applications running in the same desktop emulating user input.
 Urban game buffer overflow
document Bufer overflow during environment variables parsing allow to obtain egid games.
  


03.09.2005
Detailed
 Few OpenSSH vulnerabilities
document GatewayPorts option can be incorrectly activated during dynamic port forwarding if no external interface is specified. If GSSAPIDelegateCredentials option is activated user who used different logon type can be delegated with GSSAPI credentials.
 Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 29.08.2005
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 BusinessMail email server buffer overflow
updated since 01.08.2005
document Buffer overflow in multiple SMTP commands.
 SlimFTPD buffer overflow
updated since 11.11.2004
document Buffer overflows in different FTP commands.
  


02.09.2005
Detailed
9!3COM Network Supervıser directory traversal
   
6!Barracuda Spam Firewall Appliance directory traversal
document Directory traversal in cgi-bin/img.pl requires no authentication.
6!Multiple Linux kernel bugs
   
6!Novell Netmail integer overflow
document Integer overflow on continuation request processing leads to heap overflow.
 silc symbolic links problem
document Symbolic links problem on tempoarry files creation.
 Polygen systemwide DoS
document Precompıled grammr objects fıles are created workld wrıtable.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod