Computer Security

Search:Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku




28.09.2007
Detailed
8!Multiple OpenSSL security vulnerabilities
updated since 29.09.2006
document Multiple DoS conditions in server and client functions, SSL_get_shared_ciphers() buffer overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.09.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Linux kernel JFFS2 filesystem permissions vulnerability
document New permissions are not saved to media, cause the use of older permissions on media remount.
  


27.09.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.09.2007
Detailed
6!PostgreSQL dblink library multiple security vulnerabilities
document Privilege escalation.
 Linux kernel ALSA information leak
document snd_proc_mem_read returns uninitialized kernel memory data.
 Microsoft Windows Explorer PNG DoS
document Infinite loop on invalid PNG file parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 PHP disable_functions function aliases protection bypass
document Function, disabled with disable_functions, may be invoked by it's alias.
  


25.09.2007
Detailed
6!Tivoli Storage Manager backup client buffer overflow
document Buffer overflow on oversized TCP/1581 HTTP request Host: header.
6!KDE kdm privilege escalation
document It's possible to login without password under certain circumstances.
6!64-bit Linux kernel privilege escalation
document Insufficient registry access validation on 32-bit syscalls emulation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.09.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


24.09.2007
Detailed
7!CA ARCServe Backup multiple security vulnerabilities
document Authentication bypass, multiple buffer overflows TCP/1900.
6!ImageMagic multiple security vulnerabilities
document Multiple vulnerabilities on BMP, DCM and another graphics formats parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 GreenSQL SQL firewall crossite scripting
document Crossite scripting via admin's panel alerts.
  


22.09.2007
Detailed
 Microsoft ISA SOCKSv4 information leak
document Server replies with last IP address it proxied to on empty packet.
  


21.09.2007
Detailed
7!VMWare software multiple security vulnerabilities
document Multiple bugs, including remote DHCP server vulnerabilities are fixed.
6!Adobe Acrobat / Reader 0-day vulnerability
document Undisclosed vulnerability in PDF parsing can be used for code execution.
6!t1lib library / PHP buffer overflow
document Buffer overflow in intT1_Env_GetCompletePath()
 ClamAV antivirus multiple security vulnerabilities
document DoS on RTF and HTML parsing.
 Dibbler DHCPv6 server/client implementation multiple seucrity vulnerabilities
document Reading behined allocated memory, NULL pointer dereferences, etc.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.09.2007
Detailed
6!Multiple antiviral / firewall applications SSDT hooked functions vulnerabilities
   
6!OpenOffice integer overflow
document Integer overflow on TIFF images parsing.
6!Alcatel-Lucent OmniPCX code execution
document Code execution in Web interface.
 python imageop integer overflow
document imageop.tovideo function integer overflow
 Level One WBR3404TX wireless router crossite scripting
document Web interface crossite scripting.
 Automated Solutions Modbus TCP Slave ActiveX memory corruption
document Memory corruption on TCP/502 request handling.
 OpenSSH privilege escalation
document Invalid usage of X11 cookies.
 RemoteDocs R-Viewer multiple security vulnerabilities
document Code execution with RDZ files. Information leak.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 ISO images extracting software directory traversal
updated since 28.04.2006
document Directory traversal whiel extracting directory from ISO image.
  


17.09.2007
Detailed
6!Boa webserver Intersil extension (multiple wireless access points) buffer overflow
document Buffer overflow in HTTP Basic authentication allows to access device without password.
 AXIS 207W web camera multiple security vulnerabilities
document Crossite scripting, request forgery.
 Microsoft Foundation Classes FindFile buffer overflow
document Buffer overflow on oversized thirst argument.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP System Management Homepage for Windows incomplete update
document Some system updates may not be installed if HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM) present on the same host.
  


14.09.2007
Detailed
6!lighttpd buffer overflow
document mod_fastcgi buffer overflow on headers parsing.
6!WinSCP unfiltered shell characters security vulnerability
document Shell characters problem on sftp:// and scp:// URL handlers.
 Apache mod_proxy denial of service
document Buffer overread on server ersponse parsing.
 Qt library buffer overflow
document Buffer overflow on Unicode strings parsing.
 po4a symbolic links problem
document Symbolic links problem on /tmp/gettextization.failed.po file creation.
  


13.09.2007
Detailed
7!Apple Quicktime code execution
document It's possible to execute script in browser's system context.
7!MIT Kerberos buffer overflow
updated since 06.09.2007
document Buffer overflow on oversized string in RPC library svcauth_gss_validate() function.
6!Autodesk Backburner backdoor
document Service accepts commands thorugh TCP/3234.
6!Oracle Jinitiator ActiveX buffer overflow
document Multiple stack based buffer overflows.
 Quagga bgpd BGP routing daemon DoS
document Crash on invalid OPEN and UPDATE requests.
 Apache crossite scripting
document Crossite scripting with UTF-7 characters on directories listing and error messages.
 Multiple video players memory corruption
document Memory corruption on malformed AVI file.
 AOL Instant Messenger alerts spoofing
   
 Ekiga VoIP/video application DoS
document SIPURL::GetHostAddress() invalid memory allocation.
 RSA Envision crossite scripting
document Crossite scripting with username.
 X.Org X server composite extention buffer overflow
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.09.2007
Detailed
6!Microsoft Agent ActiveX buffer overflow
updated since 11.09.2007
document Buffer overflow on oversized URL.
  


11.09.2007
Detailed
7!Microsoft MSN Messenger / Windows Live Messenger memory corruption
document Memory corruption on Webcam or Video Chat session establishment.
7!Trend Micro antiviral products multiple security vulnerabilities
updated since 22.08.2007
document Buffer overflow in SSAPI engine on oversized local path. Buffer overflow in ServerProtect on different TCP/5168 RPC requests.
6!Symantec Antivirus privilege escalation
updated since 12.07.2007
document It's possible to overwrite system memory regions with IOCTL 0x83022323 of \\symTDI\ device.
 Microsoft Windows Services for UNIX privilege escalation
document Invalid suid files handling.
 Microsoft Visual Studio RPT files code execution
   
 Samba nss_info extension privilege escalation
document Gid 0 is assigned to user, if "winbind nss info" configuration parameter has value "sfu" or "rfc2307".
 PHP safemode bypass
document By using LOAD_FILE, INTO DUMPFILE, INTO OUTFILE SQL modifiers it's possible to access files behind basedir.
 id3lib symbolic links security vulnerability
   
 IBM DB2 buffer overflow
document Buffer overflow in sysproc.auth_list_groups_for_authid function.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


08.09.2007
Detailed
6!Microsoft SQL Server Distributed Management Objects ActoveX buffer overflow
document Buffer overflow in SQLDMO.SQLServer Start method.
6!Apple Safari browser buffer overflow
document Buffer overflow via document.location.hash parameter.
6!Apple iTunes buffer overflow
document Buffer overflow on MP4 / AAC files covr tag parsing.
6!PHP multiple DoS conditions
updated since 06.09.2007
document Crash on oversized strings in fnmatch(), iconv_substr(), glob() and setlocale() functions.
 Eggdrop IRC client buffer overflow
document Buffer overflow on oversized private message.
 Total Commander / Unreal Commander / Magellan Explorer directory traversal
document Directory traversal with filename obtained from FTP server.
 Buffalo AirStation WHR-G54S crossite request forgery
document Request forgery in administration interface.
  


06.09.2007
Detailed
6!Cisco Video Surveillance IP Gateway / Services Platform unauthorized access
document Telnet password is not checked or default password can not be changed.
 Sophos Antivirus cross aplication scripting
document Cross application scripting on ZIP archive content logging.
 Fetchmail mail delivery DoS
document DoS on delivering mail report thorugh SMTP server.
 Alien Arena 2007 game server multiple security vulnerabilities
document DoS conditions, format string vulnerability.
  


04.09.2007
Detailed
6!Mailmarshal mail gateway directory traversal
document Vulnerable outdated ported version of 'tar' utility is used, making it's possible to overwrite system files via directory traversal vulnerability.
 Tor cross application scripting
document Cross applicaiton scripting via Tor proxy erro message.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Apache Tomcat crossite scripting
updated since 23.07.2007
document Crossite scripting in sendmail.jsp, calendar and CookieExample example scripts.
  
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru