Computer Security
[EN] securityvulns.ru no-pyccku



31.10.2004
Detailed
 qwik-smtpd format string bug
document Format string bug on file logging.
  


30.10.2004
Detailed
6!MacOS X Privilege escalation
document It's possible to launch application before logon.
 ImageMagic buffer overflow
document Buffer overflow on EXIF format parsing.
 shadow privilege escalation
document It's possible to change account properties.
 PostgreSQL symbolic links
document make_oidjoins_check script temporary files problem.
 PHP+cURL local file access protection bypass
document It's possible to address any local file by file:// URL.
 catdoc symbolic links
document xlsview creates temporary files unsecurely.
 PuTTY SSH2 buffer overflow
updated since 28.10.2004
document Buffer overflow on SSH2_MSG_DEBUG packet processing.
 CGI bugs
updated since 25.10.2004
   
  


28.10.2004
Detailed
6!AppleQuickTime code execution
   
6!HP-UX Serviceguard privilege escalation
   
6!Real Player buffer overflow
document Buffer overflow on rjs (zipped skins) file processing.
  


27.10.2004
Detailed
6!libxml2 multiple buffer overflows
document Buffer overflow on URL parsing, name resolution.
6!libgd integer overflow
document Integer overflow during PNG format parsing.
 MailCarrier buffer overflow
document Buffer overflow in EHLO.
 zgv multiple integer overflows
document Multiple integer overflows on memory allocation.
 wvtftpd buffer overflow
document strcpy() buffer overflow
 pppd DoS
document Integer overflow on short packet length.
 inetutils tftp client buffer overflow
document Buffer overflow during name resolution.
 conexant chipset ADSL modems unauthorized access
updated since 06.07.2004
document It's possible to manage device with built-in passord via TCP/254
  


26.10.2004
Detailed
 socat format string bug
document syslog() format string bug with -ly option.
 GNU troff symbolic links problem
document Symbolic links problem in groffer.sh script.
 Netatalk symbolic links problem
document Symboli links problem in etc2ps.sh script.
 OpenSSL symbolic links problem
document der_chop Script symbolic links problem.
 MIT Kerberos symbolic links problem
document send-pr.sh symbolic links problem
 Multiple bugzilla bugs
document Information leak, unauthorized information change.
  


25.10.2004
Detailed
6!Multiple Linux kernel bugs
document ReiserFS DoS, hugetlbfs protection bypass.
 Solaris LDAP_RBAC privilege escalation
   
 rssh format string bug
   
 AbilityServer buffer overflow
document Buffer overflow in STRO command.
  


23.10.2004
Detailed
 Altiris Deployment Server server spoofing
document Mutual authentication absence and multicast based server detection allow to spoof server and obtain full control under managed network.
 HP-UX stmkfonts privilege escalation
document External program is called with relative path.
 CGI bugs
updated since 22.10.2004
   
  


22.10.2004
Detailed
8!Microsoft Windows multiple bugs
updated since 13.10.2004
document Windows management API privilege escalation with SetWindowLong()/SetWindowLongPtr() shatter attack, Virtual DOS Machine privilege escalation, EMF/WMF files code execution, DoS.
7!Multiple libpng bugs
updated since 05.08.2004
document Stack overflow, NULL pointer dereference, integer overflows.
6!Linux kernel race konditions
document Race conditions on TIOCSETLD during read/write operation on same terminal can cause system to crash and potentially may lead to privilege escalation.
 Multiple browsers tab vulnerabilities
document Multiple browsers allow tab spoofing.
 mpg123 buffer overflow
document getauthfromurl() buffer overflow
 LanDesk DoS
   
 Vypress Tonecast 1.3 DoS
   
 Multiple antivirii DoS
updated since 11.02.2003
document Creation of file with oversized path or special device name causes application to hang or allows detection bypassing. ZIP with zero archive length allow to bypass checking.
  


18.10.2004
Detailed
 Multiple 3crwe754g72-a bugs
document Information leak, crossite scripting.
 CGI bugs
   
  


16.10.2004
Detailed
6!VERITAS Cluster Server privilege escalation
   
 Yak! directory traversal
document Directory traversal in built-in FTP server.
 CGI bugs
updated since 11.10.2004
   
  


15.10.2004
Detailed
7!Adobe Acrobat / Acrobat Reader local file access
document SWF files embedded to document may access local files.
7!Multiple Macromedia JRun bugs
updated since 28.09.2004
document DoS, source code leakage, session hijacking, crossite scripting, buffer overflow.
6!Valve CS source format string bug
document Format string bug in name command.
 BNC protection bypass
document By using backspace it's possible to bypass command protection.
 3CRADSL72 information leak
document http://[routerIP]/app_sta.stm Contains information with administration user name and password.
 ShixxNOTE buffer overflow
document Buffer overflow on parsing network message.
 Tridcomm directory traversal
updated since 07.10.2004
   
  


14.10.2004
Detailed
6!Multiple bugs in Internet Explorer
updated since 23.08.2002
document New cumulative patch released by Microsoft.
 Microsoft Excel code execution
updated since 13.10.2004
document Buffer overflow on oversized strings copying.
  


13.10.2004
Detailed
8!Microsoft NNTP code execution
document Multiple bugs during XPAT command parsing.
6!Windows Shell buffer overflow
   
6!Windows SMTP service buffer overflow
document Buffer overflows during preconfigured DNS server reply analisys.
6!Microsoft WebDAV XML DoS
document Large number of attributes in requests causes resource exhaustion.
 RIM Blackberry buffer overflow
document Buffer overflow during meetings synchronization with Microsoft Exchange.
 ASN.1 compiler multiple bugs
   
 Multiple Microsoft Windows NT RPC bugs
   
 Windows 2003 server services weak permissions
document Permissions for distributed Link tracking Server and Internet Connection Firewall Service allow control by unprivileged users.
  


12.10.2004
Detailed
 squid SNMP DoS
document ASN.1 parsing problems.
  


11.10.2004
Detailed
8!Windows GDI+ libraries JPEG buffer overflow
updated since 15.09.2004
document Buffer overflow in JPEG parsing routines.
6!Local file access and code execution in Microsoft Internet Explorer and Netscape/Mozilla XML component
updated since 17.12.2001
document Microsoft's Microsoft.XMLHTTP and Mozilla XMLHttpRequest incorrectly handle redirection allowing to access local files.
 Multiple MySQL bugs
document DoS, protection bypass.
  


08.10.2004
Detailed
7!Multiple Cyrus-SASL bugs
document Buffer overflow in digestmda5.c and during environment parsing. User supplied modules are loaded into suid application.
 Flash Messaging DoS
document Problem with handling some Unicode characters.
 CGI bugs
updated since 04.10.2004
   
  


07.10.2004
Detailed
6!Apache mod_ssl format string bug
updated since 16.07.2004
document Format string bug if mod_ssl is used in conjunction with mod_proxy for SSL proxing (https://foo%s.example.com/).
 Antiviral protection bypasswith file permissions
document With execute only permission it's possible to bypass antiviral scanner and in some cases antiviral monitor.
 MaxDB DoS
document Invalid non-ASCII characters handling in IsAscii7 function.
 Neoteris IVE password bruteforcing
document Change password page doesn't limit the number of attempts.
  


06.10.2004
Detailed
8!SAMBA shared directory traversal
updated since 01.10.2004
document By using /.///etc path it's possible to access /etc directory.
8!Multiple Mozilla bugs
updated since 18.09.2004
document Buffer overflows in e-mail VCards, bitmpa decoders, UTF-8 conversion, POP3 protocol handling, send page feature; crossite scripting via link dragging.
6!Multiple cups bugs
updated since 16.09.2004
document Empty packet to UDP/631 causes browsing service to fail. Foomatic printers driver code execution, information leak from log files.
 NetworkActiv Web Server 1.0 DoS
document GET request with %25 causes CPU exhaustion.
 Apache mod_dav NULL pointer DoS
   
 FreeBSD syscons integer overflow
document CONS_SCRSHOT ioctl for syscons invalidely handles negative values.
 mod_python DoS
   
  


04.10.2004
Detailed
 sysstat symbolic links problem
updated since 11.03.2004
document unsafe isag utility temporary files creation.
 Xerces-C++ DoS
document Malcrafted XML document causes 100% CPU ussage for few minutes.
  


02.10.2004
Detailed
 Proxytunnel information leak
document Username and password are leaked.
 Vypress messenger buffer overflow
document Buffer overflow on broadcast packet handling.
 CGI bugs
updated since 27.09.2004
   
  


01.10.2004
Detailed
7!Kaspersky Antivirus privilege escalation
document By sending message to application it's possible to bypass password protection and execute application with local system privileges.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod