Computer Security
[EN] securityvulns.ru no-pyccku



24.09.2012
Detailed
8!Apple iOS multiple security vulnerabilities
document Large number of vulnerabilities in different components.
8!Apple Safari / WebKit / Google Chrome multiple security vulnerabilities
document Information leakage, memory corruptions.
  


19.09.2012
Detailed
6!IBM SDK, Java Technology Edition multiple security vulnerabilities
document More than 10 different vulnerabilities with sanbox bypass.
6!icclib / ghostscript integer overflow
document Integer overflow on PostScript/PDF embedded images parsing.
6!Symantec Messaging Gateway backdoor
updated since 02.09.2012
document User 'support' with known insecure password is available by default.
 Apple RemoteDesktop information leakage
updated since 27.08.2012
document VNC enctyprion settings are ignored.
 gimp multiple security vulnereabilities
document Memory corruption on FIT, GIF, KiSS images parsing.
  


18.09.2012
Detailed
8!Adobe Flash Player multiple security vulnerabilities
document Multiple memory corruptions, information leak, integer overflow.
8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 02.09.2012
document Privilege escalation, multiple memory corruptions, buffer overflows, use-after-free, etc.
6!ISC bind DoS
document Crash on oversized resource record processing.
6!Linux kernel multiple security vulnerabilities
document DoS conditions, information leakage.
6!FreeRADIUS buffer overflow
document Buffer overflow on EAP-TLS processing.
 tor security vulnerabilities
document DoS conditions, information leakage.
 GnuPG key spoofing
document Invalid key id usage with a key server.
 Microsoft System Center Configuration Manager crossite scripting
   
 Microsoft Visual Studio Team Foundation Server crossite scripting
   
 Microsoft libraries security vulnerabilities
updated since 20.08.2012
document MSCOMCTL.OCX ActiveX code execution.
 ISC dhcp multiple security vulnerabilities
updated since 29.07.2012
document Multiple DoS conditions.
  


07.09.2012
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Business Availability Center security vulnerabilities
document Crossite scripting, requests spoofing, sessions hijacking.
 VMWare Tools privilege escalation
document It's possible to execute code via DLL hijacking.
 QNAP Turbo NAS privilege escalation
document It's possible to manipulate files by absolute path.
  


04.09.2012
Detailed
7!GNU libc buffer overflow
document Buffer overflow in strtod, strtof, strtold, and strtod_l string functions.
 MAPower / Sitecom / Conceptronic storage devices directory traversal
document Directory traversal via web interface.
 Adobe Photoshop buffer overflow
document Buffer overflow on TIFF parsing.
  


03.09.2012
Detailed
6!DataWatch Monarch BI multiple security vulnerabilities
document Crossite scripting, SQL injection in administration interface.
 Temenos T24 security vulnerabilities
document Authentication bypass, crossite scripting.
 Barracuda SSL VPN crossite scripting
document Multiple crossite scripting conditions.
 OpenStack Keystone limitations bypass
document Administrative user limitations and token lifetime limitations bypass.
 Dr. Web Enterprise Server crossite scripting
document Crossite scripting via logs.
 Citrix Access Gateway plugin security vulnerabilities
document Buffer overflow, integer overflow.
 Config::IniFiles symbolic links vulnerability
document Symbolic links vulnerability on temporary files creation.
 pcp multiple security vulnerabilities
document Buffer overflow, information leakage, DoS.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


02.09.2012
Detailed
8!Java environment limitations bypass
updated since 29.08.2012
document There are few ways to bypass limitations and execute privileged code from the applet.
7!EMC ApplicationXtender unauthorized access
updated since 27.08.2012
document It's possible to upload files to affected system.
6!Hewlett-Packard Intelligent Management Center buffer overflow
document Buffer overflow in UDP/1811 service
6!EMC Networker formatstring vulnerability
document Format string vulnerability on RPC request parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 02.09.2012
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 GE Proficy Historian ActiveX code execution
document KeyHelp code execution
 HP Application Lifecycle Management ActiveX memory ovewritting
document Memory overwritting of user-controlled address in XGO.ocx
 HP Operations Orchestration SQL injection
document SQL injection in TCP/9001 RSScheduler service
 Novell ZENWorks AdminStudio ActiveX memory corruption
document ISGrid.dll memory corruption
 Novell iPrint buffer overflow
document nipplib buffer overflow
 HP SiteScope multiple security vulnerabilities
document Multiple code execution possibilities via SOAP calls and UploadFileHandler.
 libgdata certificate spoofing
document Certificate is not validated allowing man-in-the-middle attack.
 squidguard DoS
document Request to oversized URL causes protection to switch off.
 Asterisk security vulnerabilities
document Asterisk Manager code execution, IAX2 protection bypass.
 HP iNode Management Center code execution
updated since 27.08.2012
document iNodeMngChecker.exe code execution on TCP/9090 request parsing.
 InduSoft Thin Client ActiveX buffer overflow
updated since 27.08.2012
document ISSymbol.ocx InternationalOrder paramter heap overflow.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod