Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.09.2008
Detailed
7!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 29.09.2008
document Memory corruptions, privilege escalation, crossite scripting, DoS, buffer overflow
6!HP Insight Diagnostics unauthorized files access
   
6!Novell ZenWorks ActiveX buffer overflow
document CanUninstall method buffer overflow.
6!Checkpoint ZoneAlarm DoS
document HTTP traffic parsing DoS.
6!MPlayer buffer overflow
document Three integer overflows on video files parsing lead to buffer overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 DATAC RealWin buffer overflow
document Buffer overflow on TCP/910 network packet reading.
 Linksys WRT350N unauthorized access
document Outdated SAMBA version is used, default admin:admin account is present and default guest account.
 CA Service Desk crossite scripting
updated since 30.09.2008
document Multiple crossite scripting vulnerabilities.
  


29.09.2008
Detailed
7!Cisco IOS, Cisco 10000, uBR10012, uBR7200 and Cisco UCM multiple security vulnerabilities
document DoS with L2TP, MPLS, IPS, SIP, SSL vulnerabilities, information leaks, multiple multicast security vulnerabilities, NAT SCP, IOS Software firewall application inspection security vulnerabilities.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. FCKEditor: arbitrary file upload eCaptcha: crossite scripting
 Internet Information Server and IAS ActiveX unauthorized access and DoS
document ActiveX allows privileged actions to be silently executed.
 BitlBee IM to IRC gateway multiple security vulnerabilities
document DoS, privilege escalation.
  


24.09.2008
Detailed
6!Unreal Tournament game server directory traversal
document Directory traversal in built-in Web-server.
 newsbeuter shell characters vulnerability
document Shell characters vulnerability on "open-in-browser" command.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Aruba Mobility Controller shared certificate
document All devices share same certificate with same private key.
  


22.09.2008
Detailed
6!IBM DB2 multiple security vulnerabilities
document XMLQUERY and XMLEXIST buffer overflow, CLR stored procedures privilege escalation and DoS.
 Microsoft Internet Explorer DoS
document Browser hangs on malcrafted PNG image.
 Mozilla Firefox / Opera / Microsoft Internet Explorer browsers DoS
document window.sidebar.addPanel() in the loop causes browser to hang.
  


20.09.2008
Detailed
6!Microsoft Outlook Express / Microsoft Outlook DoS
updated since 20.09.2008
document Crash on <style>*{position:relative}</style> <table>DoS</table> in HTML content.
 R symbolic links security vulnerability
document javareconf script insecure temporary fiels creation.
 Surgemail IMAP server DoS
document Crash on APPEND command processing.
 Wireshark / TShark multiple security vulnerabilities
document Multiple DoS conditions on different protocols parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.09.2008
Detailed
7!Apple QuickTime multiple security vulnerabilities
updated since 10.09.2008
document Integer overflow on PICT parsing, memory corruptions on STSZ, MDAT and H.264 parsing. Buffer overflows on AVC1 and Panorama PDAT parsing.
6!Landesk QIP Server buffer overflow
document Buffer overflow on TCP/12175 packet parsing.
 Airtel ADSL modems backdoor
document Undocumented accounts 'user' and 'support'.
 Microsoft Windows DoS
document Uninitialized memory reference on WRITE_ANDX SMB request handling.
 Unreal game engine multiple security vulnerabilities
updated since 15.09.2008
document Server integer overflow, client format string vulnerability.
 Nokia e90 phone Wi-Fi DoS
updated since 14.09.2008
document Device crash on malformed Wi-Fi frame.
 Baidu Hi instant messenger integer overflow
updated since 14.09.2008
document Integer overflow on encrypted message decyphering causes buffer overflow.
 InstallShield Update Services server spoofing
document Server's identity is not checked during update rules download.
  


15.09.2008
Detailed
 HP OpenVMS privilege escalation
document Privilege escalation with SMGRTL library.
 Avant Browser DoS
document Integer overflow on Javascript handling.
  


14.09.2008
Detailed
 Apple iPhone Safari DoS
document Invalid memory read on JavaScript alert() function.
 Linux kernel multiple security vulnerabilities
updated since 13.09.2008
document Multiple local DoS conditions, snd_seq_oss_synth_make_info() information leaks, integer overflows in DCCP and SCTP_AUTH_KEY.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 13.09.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


13.09.2008
Detailed
 ZoneAlarm Security Suite buffer overflow
document Buffer overflow on oversized path to file being scanned.
 Google Chrome browser multiple security vulnerabilities
updated since 04.09.2008
document Automatic file download, DoS, buffer overflows.
  


10.09.2008
Detailed
8!Microsoft Windows GDI library multiple security vulnerabilities
document Multiple vulnerabilities on different graphics format parsing.
7!Microsoft Windows Media Encoder ActiveX code execution
document Control supports unsafe methods.
6!Microsoft Windows Media Player memory corruption
document Server-Side playlists parsing memory corruption.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Sun M4000-M9000 chassis DoS
document Crash on a single domain requires long repair procedure and rebooting of whole chassis.
 Microsoft Office code execution
document Code execution on OneNote: URI.
  


09.09.2008
Detailed
6!VLC Media Player integer overflow
updated since 03.07.2008
document Integer overflow on WAV and TTA files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection.
 D-Link DIR-100 URL filtering bypass
document Filtering doesn't work for oversized URLs.
  


07.09.2008
Detailed
6!Atheros wireless drivers buffer overflow
document Buffer overflow on oversized information element.
6!Marvell wireless drivers multiple security vulnerabilities
document DoS, buffer overflow.
6!courier-autlib authentication library SQL injection
   
6!Cisco Secure ACS DoS
document Crash on EAP authentication parsing.
 dnsmasq multiple security vulnerabilities
document DNS records spoofing, DoS.
 HP OpenView Select Identity Connectors information leak
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection.
  


06.09.2008
Detailed
 ClamAV antivirus CHM files DoS
   
  


04.09.2008
Detailed
6!Cisco PIX and Cisco ASA multiple security vulnerabilities
document Multiple DoS conditions on SIP parsing and VPN authentication, memory leaks, information leak.
6!libtiff memory corruption
document Memory corruption on LZW decoding.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection.
 Novell iPrint client multiple security vulnerabilities
updated since 26.08.2008
document Information leak, multiple buffer overflow.
  


02.09.2008
Detailed
6!Netscape / RedHat Directory Server multiple security vulnerabilities
document DoS, Crossite scripting.
 Softalk IMAP Server DoS
document IMAP APPEND command handling vulnerability.
 WordNet library multiple buffer overflows
   
 VMWare multiple applications security vulnerabilities
document Multiple ActiveX vulnerabilities, privilege escalation, ISAPI filters DoS, third party components updates.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection.
 Dreambox DM500 DoS
document Device crashes on oversized HTTP request.
 Postfix DoS
document File descriptor leaks under Linux.
 Postfix mail server hardlinks privilege escalation
updated since 14.08.2008
document It's possible to cause Postfix to deliver mail to system file by using hardlinks to symlink (available against standard in Linux, IRIX, Solaris).
  


01.09.2008
Detailed
7!ipsec-tools / racoon IPSec DoS
document DoS attack with memory exhaustion.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. FeedBurner FeedSmith: crossite scripting, information leak. myPHPNuke: crossite scripting, SQL injection.
 Mita Scanner File Utility multiple security vulnerabilities
document Directory traversal, unauthorized access.
 Grub, DiskCryptor, LILO, DriveCrypt, TrueCRYPT and Intel, IBM, HP BIOS disk ebcryption utilities information leak
updated since 26.08.2008
document Cleartext password is not erased from BIOS data buffer.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru