Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.09.2009
Detailed
6!HP Remote Graphics Software unauthorized access
   
 Adobe Photoshop Elements weak service permissions
document Weak permissions for AdobeActiveFileMonitor8.0 service allow executable file spoofing.
 TrustPort Antivirus / TrustPort PC Security weak security permissions
document Weak permissions for program files.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 RarLab WinRAR filenames spoof
document Visible filename inside ZIP archive can differ from extracted file name.
  


28.09.2009
Detailed
 xmltooling / opensaml / Shibboleth multiple security vulnerabilities
document Certificates spoofing, memory corruption.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco ACE XML Gateway information leakage
document Internal address of server is leaked on some HTTP requests.
 VLC Media Player buffer overflow
document Buffer overflow on .xspf playlists parsing.
  


25.09.2009
Detailed
6!Tivoli Storage Manager backup client buffer overflow
updated since 25.09.2007
document Buffer overflow on oversized TCP/1581 HTTP request Host: header.
  


24.09.2009
Detailed
8!Cisco IOS multiple security vulnerabilities
updated since 23.09.2009
document Multiple DoS conditions, restriction bypass.
6!Cisco Unified Communications Manager DoS
document Crash on SIP request handling.
6!Adobe Robohelp unauthorized access
document File upload and execution is possible for TCP/8080 Web server.
 glib library privilege escalation
document g_file_copy function sets symbolic link's permission if source file is copied by symbolic link.
 Sun Solarsi dmispd DoS
document Resource exhaustion in RPC-based service.
 newt library memory corruption
document Memory corruption on text field parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 24.09.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.09.2009
Detailed
6!squid proxy DoS
updated since 10.08.2009
document Crash on request or response headers parsing.
 HP-UX Role-Based Access Control privilege escalation
   
 HP Procurve IDM privilege escalation
   
 Avast Antivirus privilege esclalation
document Memory corruption on IOCTL processing.
 Xfig symbolic links vulnerability
document Different files are created in insecure manner.
 nginx directory traversal
document Directory traversal with webdav enabled.
 Check Point Connectra crossite scripting
document /Login/Login crossite scripting.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 23.09.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 changetrack shell characters vulnerability
document Shell characters vulnerability via filenames.
  


22.09.2009
Detailed
6!PostgreSQL multiple security vulnerabilities
document Denial of Service, privilege escalation, LDAP authentication bypass.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.09.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.09.2009
Detailed
6!Backdoor in Qnap storage devices
document During encryption additional encryptiuon key is created and stored in device flash memory.
6! Avaya Intuity Audix LX multiple security vulnerabilities
document Multiple web interface vulnerabilities including remote code exectuion.
  


18.09.2009
Detailed
7!Multiple BSD and Linux systems strfmon() libc / glibc function integer overflow
updated since 27.03.2008
document Integer overflow on format specificator in strfmon(). NULL pointer dereference in printf().
 libicu multibyte character sequences invalid parsing.
   
  


17.09.2009
Detailed
 QuickSoft EasyMail ActiveX buffer overflow
document Buffer overflows in connect() and AddAttachment() methods.
 nginx DNS cache poisoning
document Invalid implementation of caching algorithm.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP-UX bootpd DoS
   
 Apple Safari / WebKit DoS
document NULL pointer dereference on submitting form with empty select list <form> <select name="kill"><optgroup></optgroup></select> <input type="submit"> </form>
  


16.09.2009
Detailed
 3Com Wireless 8760 access point unauthorized access
document During authorized user's session it's possible for another user to access configuration pages without authentication.
  


15.09.2009
Detailed
6!nginx proxy server memory corruption
document Memory corruption on HTTP request URI.
6!Apple iPhone buffer overflow
document Buffer overflow in Audio Codecs on AAC and MP3 streams parsing.
6!BSD systems kevent race conditions
updated since 24.08.2009
document Race conditions on SMP systems.
 Proland Software Protector Plus antivirus weak permissions
document Executable files have Everyone:Full Control permissions.
 WarFTPd FTP Server DoS
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


14.09.2009
Detailed
7!libpurple / Pidgin multiple security vulnerabilities
document Multiple vulnerabilities on MSN, Yahoo IM, IRC, jabber protocol parsing.
 htmldoc buffer overflow
document Buffer overflow on oversized MEDIA SIZE comment.
 Siemens Gigaset SE361 router DoS
document Crash on TCP/1723 data.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


11.09.2009
Detailed
8!Apple QuickTime multiple security vulnerabilities
document Buffer overflow on MPEG-4, H.264 and FlashPix data parsing.
7!Mozilla Firefox multiple security vulnerabilities
updated since 10.09.2009
document Code execution, memory corruptions, address spoofing, hidden certificate installation.
  


10.09.2009
Detailed
 FreeRADIUS RADIUS server DoS
document Crash on zero-length Tunnel-Password attribute.
 TkMan symbolic links vulnerability
document Different symbolic links vulnerabilities on temporary files handling.
 cmus symbolic links vulnerability
document Insecure creation of /tmp/cmus-status file.
 screenie symbolic links vulnerabilities
document Temporary file /tmp/.screenie.##### is created in insecure way.
 LMBench symbolic links vulnerability
document Insecure temporary files creation.
 gcc-xml symlink vulnerability
document Symbolic links vulnerability on insecure temporary files creation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 aria2 download manager buffer overflow
document Buffer overflow on DHT parsing.
 dnsmasq TFTP server multiple security vulnerabilities
document Heap buffer overrun, NULL pointer dereference.
  


09.09.2009
Detailed
8!Microsoft Windows Wireless LAN AutoConfig service buffer overflow
document Buffer overflow on access point frame parsing.
8!Microsoft Windows Media formats security vulnerabilities
document Uninitialized pointer free() on ASF files parsing, memory corruption on MP3 files parsing.
8!Microsoft Windows JavaScript engine memory corruption
document Memory corruption on "arguments" keyword parsing.
7!Microsoft DHTML ActiveX code execution
   
6!yTNEF и Evolution TNEF attachment decoder
document Buffer overflow, directory traversal.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. ALFcontact for
  IBM Lotus Notes 8.5 RSS Widget crossite scripting
document Scripting in local host zone is possible.
 Novell eDirectory DoS
document CPU exhaustion on TCP/8028 requests processing.
 Nokia Trolltech Qt4 SSL certificate spoofing
document certificate spoofing with \0 symbol in domain name.
  


08.09.2009
Detailed
6!GemStone/S buffer overflow
document Buffer overflow in /opt/gemstone/sys/stoned on -e and -l command line switches.
6!IPSwitch WS_FTP format string vulnerability
document Format string vulnerability on HTTP server response parsing.
 Apple Safari / WebKit DoS
document Stack overflow (stack memory exhaustion) on eval() expression parsing.
  


07.09.2009
Detailed
6!OpenOffice multiple security vulnerabilities
updated since 02.09.2009
document Buffer overflow and integer overflow on Microsoft Word and EMF documents parsing, vulnerable version in included VCRedist_x86.
 VMWare VMnc code multiple security vulnerabilities
document Buffer overlfow on video files parsing.
 cyrus-imapd / Dovecot integer overflow
document Integer overflow on SIEVE mail flow management scripts processing.
  


04.09.2009
Detailed
8!Adobe Acrobat / Reader code execution
updated since 21.02.2009
document Vulnerability is used in-the-wild for hidden malware installations. Recomendations are to disable PDF displaying inside browser and Javascript in PDF documents. Buffer overflow in JBIG2 decoding, buffer overflow in getIcon() javascript function.
 silc format string vulnerability
document Multiple format string vulnerabilities on different messages parsing.
 Asterisk IAX2 DoS
document 15-bit call number resource exhaustion.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. ALFcontact for Joomla: crossite scripting.
  


03.09.2009
Detailed
 devscripts code execution
document perl sctipt downloaded from untrusted source is executed.
  


02.09.2009
Detailed
6!dnsmasq multiple security vulnerabilities
document Multiple vulnerabilities on TFTP processing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 02.09.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Opera Unite multiple security vulnerabilities
document Request spoofing, crossite scripting, information leak, etc.
 BKAV eOffice code execution
   
 VMWare Studio directory traversal
document Directory traversal in Web interface.
 Network Appliance NetCache DoS
document Error on Cache-Control: prefetch processing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru