Computer Security
[EN] securityvulns.ru
no-pyccku




30.09.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


29.09.2006
Detailed
 FiWin SS28S Wi-Fi phones backdoor account
document Phone has debug console with telnet access and hardcoded account 1 with password 1.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


28.09.2006
Detailed
6!IBM AIX utilities multiple security vulnerabilities
updated since 26.09.2006
document Xclock buffer overflow; utape, cfgmgr, rdist, uucp, snappd, named8 and mkvg privilege escalation; slip.login and Inventory Scout arbitrary file overwrite.
 Sun Solaris kernel SSL proxy server DoS
   
 HP-UX CIFS Server privilege scalation
   
 Sun Solaris syslog DoS
   
 NaviCOPA Web Server buffer overflow
document Buffer overflow on oversized GET request.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


27.09.2006
Detailed
10!Microsoft Windows / Internet Explorer 0-day vulnerability
updated since 20.09.2006
document Microsoft Vector Graphics Rendering Library vulnerability is used for hidden malware installation.
6!IpSwitch WS_FTP Server buffer overflow
updated since 18.09.2006
document Buffer overflow in XCRC, XSHA1, XMD5, Checksum FTP commands.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.09.2006
Detailed
 Sun Solaris IPv6 DoS
   
 Multiple FreeBSD kernel integer overflow
document Integer overflow and signed/unsigned conversion problems in i386_set_ldt().
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


25.09.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco 7905 SIP/SCCP/H.323 VoIP phone DoS
document DoS on dsniff arp spoofing.
  


23.09.2006
Detailed
 ContentKeeper information leak
document HTML web administration page contains administrator's password in cleartext.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple CA eTrust Security Command Center / eTrust Audit security vulnerabilities
updated since 22.09.2006
document Path disclosure, directory traversal, replay attacks.
  


22.09.2006
Detailed
9!Multiple Intel Centrino / PROSet / Apple Airport wireless drivers security vulnerabilities
updated since 10.08.2006
document Multiple vulnerabilities, including local privilege escalation anre remote code execution.
8!Multiple Windows kernel security vulnerabilities
updated since 09.08.2006
document Buffer overflow vulnerability allows privilege escalation, WinLogon user profile DLL privilege escalation, unhandled exception code execution vulnerability.
6!Multiple Apple QuickTime security vulnerabilities
updated since 13.09.2006
document Integer overflow on H.264 protocol parsing, heap buffer overflow on parsing FLIC files.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Half-Life / Counter Strike nosteam game servers DoS
document Windows dedicated server crashes on HLTV client connect if client versions is <= 27 and LKTV support is enabled (sv_proxies ="1")/
  


21.09.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.09.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 TFTPDWIN TFTP server buffer overflow
document Buffer overflow on oversized requested resource filename.
 RSA Keyon Manager audit functionality bypass
document Log records blocks are independently signed, making it possible to remove whole block without notice. Records are collected locally before being signed and sent to server, making it possible to tamper log entries.
 PHP mysql_error() crosssite scripting
document Crossite scripting is possible if mysql_error() result is used in application output.
  


20.09.2006
Detailed
7!Dr.Web antivirus buffer overflow
document Buffer overflow on oversized LHA archive directory name.
6!Cisco routers unauthorized SNMP access
document Read/write DOCSIS community exists on non-DOCSIS routers.
 Cisco Intrusion Prevention System DoS and protection bypass
document Malformed SSLv2 handshake DoS, fragmented packets filtering evasion.
 Cisco Guard crossite scripting
   
 WS_FTP FTP client buffer overflow
document Buffer overflow on PASV command response parsing.
 Citrix Access Gateway authentication bypass
document Unauthenticated access is possible if Advanced Access Control is used with LDAP authentication.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple OSU httpd security vulnerabilities
document Physical path and directory content disclosure.
  


19.09.2006
Detailed
 Busy Box web server directory traversal
document Directory traversal with /%2e%2e.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Linux kernel DoS
document Special SO_LINGER value for SCTP socket causes system to crash. ELF loader vulnerability on 64-bit system causes system to crash on malformed ELF binary.
 Symantec Antivirus format string security vulnerability
updated since 14.09.2006
document Format string vulnerability in Virus Alert Notification Message templates.
  


18.09.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.09.2006
Detailed
8!Multiple Firefox / Mozilla / SeaMonkey / Netscape browsers and Thunderbird security vulnerabilities
document Memory corruptions, crossite scripting, grame spoofing, RSA signature forgery, Auto update man-int-the-middle attacks. XBL javascript execution with e-mail.
 HP-UX X.25 utilities DoS
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


14.09.2006
Detailed
7!Cisco routers and Catalist switches multiple VTP security vulnerabilities
updated since 13.09.2006
document DoS, integer overflow and buffer oveflow on VTP (VLAN Trunking Protocol) packets parsing.
 HP-UX ARPA Transport Software DoS
   
 OpenView Operations unauthorized access
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple Mailman mail lists manager security vulnerabilities
updated since 04.09.2006
document Crossite scripting, DoS, log entris spoofing.
 Roxio Toast 7 privilege escalation
updated since 18.08.2006
document External applications are launched with relative path.
  


13.09.2006
Detailed
9!Multiple Microsoft Internet Explorer security vulnerabilities
updated since 08.08.2006
document Crossite scripting, crossite information access, FTP commands injection. Vulnerabilities can be used for hidden malware installation.
6!XFree / X.org integer overflows
document Multiple integer overflows on Type One fonts parsing.
 Multiple Macromedia Coldfusion security vulnerabilities
document DoS, crossite scripting, sandbox escaping.
 Multiple NetPerformer FRAD ACT security vulnerabilities
document Buffer overflow on oversized telnet username, LAND attack vulnerability.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 NetGear routers buffer overflow
document Buffer overflow on oversized username in Web interface.
 Microsoft Publisher memory corruption
updated since 12.09.2006
document Memory corruption on .pub files parsing.
  


12.09.2006
Detailed
 Microsoft Windows XP Pragmatic General Multicast memory corruption
document Memory corruption on parsing multicast PGM message if Microsoft Message Queuing Services (MSMQ) service is installed.
 Linux kernel ULE packet DoS
document Crash on receiving packet with zero SNDU length.
 Multithreaded TFTP (buffer overflow)
document Buffer overflow on oversized TFTP command.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Invalid Lotus Domino Web access sesssion cookie handling
document Server accepts session cookie after user logout.
  


11.09.2006
Detailed
6!PHP Safe Mode protection bypass
document By usgin ini_restore function it's possible to clear safe_mode variable.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 11.09.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


09.09.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 UnixWare / Solaris X11R6 buffer overflow
updated since 08.09.2006
document Buffer overflow in XKEYBOARD extension.
  


08.09.2006
Detailed
9!ICQ 2003 buffer overflow
document Heap buffer overflow on specific messages parsing.
6!Alvila Avast! antivirus buffer overflow
document Buffer overflow on LHA archives parsing.
6!Ipswitch IMail SMTP Server code execution
updated since 07.09.2006
document Stack buffer overflow on oversized hostname string within characters '@' and ':'.
6!Multiple PHP scripting language security vulnerabilities
updated since 18.08.2006
document "file_exists()", "imap_open()", and "imap_reopen()" function and cURL extension safe mode restriction bypass, buffer overflows in different functions on 64-bit systems, buffer overflow in GD extension on GIFs processing, stripos() out-of-memory reading, Incorrect memory_limit restrictions on 64-bit systems. Buffer overflow in LWZReadByte().
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple ICQ Toolbar vulnerabilities
document RSS crossite scripting, web configuration interface remote control.
  


07.09.2006
Detailed
6!WinACE archiver buffer overflow
updated since 09.09.2005
document Stack based buffer overflow on ACE archive with oversized filenames inside.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP-UX usermod file ownership change
document usermod -d <dir> -u <new uid> -m <username> command causes username to became owner for dir directory recursively.
 Canon ImageRunner information leak
document During address book export with web inteface different password types are visible in cleartext.
 Cisco IOS access control lists bypass with GRE
document Under some conditions it's possible to create GRE with payload to be forwarded from router's IP.
  


06.09.2006
Detailed
6!bind DNS server DoS
document assert() on multiple RRset records, crash on multiple recursive queries.
 AuditWizard information leak
document Administrator password is logged into world-readable log file.
 Avira AntiVir antivirus privilege escalation
document Privilege escalation with chatter attack.
 Easy Address Book Web Server format string vulnerability
document Format string vulnerability on URI request parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 05.09.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IBM DB2 database server DoS
updated since 18.08.2006
document Multiple DoS conditions in database server.
  


05.09.2006
Detailed
6!Microsoft Word 2000 unknown vulnerability
document Unknown security vulnerability is used hor hidden malware installation.
 J. River Media Center buffer overflow
document Buffer overflow on oversized TCP/8070 port string.
 dsocks socksifier buffer overflow
document Buffer overflow in name resolution functions.
 Alt-N Web Admini MDaemon account hijacking
document Administrator of any mail domain can redirect any mail of "MDaemon" system account to any account.
  


04.09.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Multiple tor security vulnerabilities
updated since 31.08.2006
document Maliscious server can cause DoS condition for client or may force client to route traffic to tor network.
 OpenLDAP privilege escalation
document User with 'selfwrite' ACL parameter can modify any attributes.
  


02.09.2006
Detailed
 GDB GNU debugger buffer overflow
document Buffer overflow on DWARF section parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Linux kernel UDF DoS
document System crash on connecting device (USB, CD-ROM) with invalid UDF filesystem.
 ISS BlackICE PC Protection DoS
updated since 01.09.2006
document Invalid NtOpenSection() hook causes sytem to crash if 3rd paramter is NULL.
  


01.09.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 capi4hylafax code execution
   
 Compression Plus library buffer overflow
document Buffer overflow on Zoo archives parsing.
 MySQL DoS
document Query with multiupdate and subselects can cause database server to crash.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru