Computer Security
[EN] securityvulns.ru
no-pyccku




31.10.2006
Detailed
6!Easy File Sharing Web Server protection bypass
document By using alternative NTFS-streams it's possible to retrieve protected data, including accounts and passwords.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


30.10.2006
Detailed
7!xsupplicant buffer overflow
   
6!wvWare library integer overflows
document Few integer overflows on Microsoft Word document parsing.
6!Multiple Novell eDirectory security vulnerabilities
updated since 23.10.2006
document Buffer overflows, double free() vulnerabilities.
 Microsoft Windows connection sharing DoS
document NULL-pointer dereference on DNS request proxying in Microsoft Windows NAT Helper.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 PostgreSQL database management system multiple DoS conditions
document Multiple DoS conditions on executing client requests.
  


26.10.2006
Detailed
6!AOL browser multiple security vulnerabilities
document Buffer overflows in different ActiveX controls.
6!NullSoft WinAmp Ultravox support multiple security vulnerabilities
document Buffer overflows on parsing different tags and headers.
6!Symantec AntiVirus privilege escalation
updated since 05.10.2006
document Insufficient address checks in SAVRT, NAVENG and NAVEX15 devices IOCTLS calls allos to overwrite kernel memory.
 Cisco Security Agent for Linux DoS
document Port scanning causes system resources exhaustion.
 INCA IM-204 DSL router multilpe security vulnerabilities
document Directory traversal, information leak.
 Multiple D-Link DSL-G624T ADSL Router security vulnjerabilities
document Crossite scripting, dfirectory traversal and another Web-interface vulnerabilities.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.10.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Tru64 dtmail buffer overflow
document Buffer overflow on -a flag parsing.
  


21.10.2006
Detailed
6!Multiple BrightStor ARCserve Backup security vulnerabilities
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.10.2006
Detailed
7!Asterisk remote buffer overflow
document Buffer overflow on parsing Cisco Skinny VoIP protocol.
7!Opera buffer overflow
document Buffer overflow on oversized URL.
7!Multiple ClamAV antivirus security vulnerabilities
updated since 16.10.2006
document Buffer overflow on PE files parsing, DoS on CHM parsing.
 Weak IBM Lotus Notes client permissions
document Application folder has Everyone:Full Control permissions.
 Multiple Airmagnet security vulnerabilities
document Crossite scripting and SQL injection in Web interface.
 Multiple HighWall IDS security vulnerabilities
document Crossie scripting and SQL injection in Web interface.
 HTTP header injection in Macromedia Flash plugin
   
 libksba DoS
document DoS on parsing X.509 certificate with trailing information.
 F5 Firepass crossite scripting
document my.acctab.php3 sid parameter crossite scripting.
 XSession race conditions
document Race conditions allows different user to see error messages.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.10.2006
Detailed
 IIS BlackIce PC Protection file lock protection bypass
document It's possible to delete file and spoof deleted with new copy by direct call to ZwDeleteFile() API.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.10.2006
Detailed
6!Microsoft Windows Object Packager dialog spoofing
updated since 11.10.2006
document Code execution with .RTF or .WRI file embedded object.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 KMail DoS
updated since 08.10.2006
document Crash on HTML parsing.
  


14.10.2006
Detailed
7!Apache web server mod_tcl security vulnerability
document Server format string vulnerabilities with HTTP request header names.
7!Multiple Linksys/ ZyXel / Edimax / Sitecom routers UPnP problems
updated since 23.05.2006
document UPnP AddPortMapping request requires no authentication. It makes it possible to create mapping between any external port and internal IP/port. Additionally, insufficient paramters validation allows code execution on router itself.
 Macromedia Breeze directory traversal
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


13.10.2006
Detailed
8!Microsoft Office multiple security vulnerabilities
updated since 11.10.2006
document Multiple Excel vulnerabilities on different records type parsing and formats conversion. Multiple Microsoft Word code execution vulnerabilities. Memory corruptions in different Office products.
6!Wireless Location Appliance default account
document 'root' account has dafult password.
6!Mcafee Network Agent buffer overflow
document Buffer overflow on oversized string to TCP/6646.
 BulletProof FTP client buffer overflow
document Buffer overflow on server reply parsing.
 Multiple FreeBSD vulnerabilities
document Multiple DoS conditions. Crash on ftruncate on non-file device. sched_setscheduler() DoS.
 HP Version Control Agen unauthorized access
   
 Toshiba bluetooth stack memory corruption
document Malformed bluetooth packet causes memory corruption.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 PHP safe_mode glob() protection bypass
document glob() function allows to check existance of file/directory and build directory listing.
 Google Earth buffer overflow
document Buffer overflow on .kml and .kmz files.
  


12.10.2006
Detailed
 Sun Solaris NSPR library privilege escalation
document Environment variable is used for log filename.
 AOL YGPPDownload ActiveX buffer overflow
document Buffer overflow in SetAlbumName() method of YGPPicDownload.dll AOL.PicDownloadCtrl.1.
 HP-UX TCP/IP DoS
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.10.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


11.10.2006
Detailed
10!Microsoft Windows WebViewFolderIcon ActiveX (integer overflow)
updated since 28.09.2006
document Integer overflow can be used for hidden malware installation.
7!Microsoft Windows drmstor.dll buffer overflow
document Buffer overflow in ActiveX element.
7!Microsoft Windows Server service multiple security vulnerabilities
document Denial of service and code execution vulnerabilities.
7!Multiple Microsoft XML service security vulnerabilities
document Crossdomain data access, buffer overflow.
6!Microsoft PowerPoinr memory corruption
updated since 28.09.2006
document 0-day vulberability in SlideShowWindows.View.GotoNamedShow() function is used for malware installation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FreeBSD ptrace() DoS
document Integer overflow in PT_LWPINFO.
 Multiple Microsoft Windows IPv6 security vulnerabilities
document TCP connection reset with ICMP or TCP packet, CPU exhaustion.
 ASP.NET crossite scripting
document Crossite scripting with AutoPostBack forms.
  


09.10.2006
Detailed
6!PHP integer overflow
document unserialize() function integer overflow.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 PHP open_basedir protection bypass
updated since 04.10.2006
document By using symbolic links in race period of time it's possible to bypass open_basedir protection.
 OpenSSH timing attacks
updated since 03.05.2003
document It's possible to check user's validity by measuring response time.
  


08.10.2006
Detailed
 shttpd web server buffer overflow
document Buffer overflow on oversized POST request URL.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


07.10.2006
Detailed
7!Multiple Computer Associates software products security vulnerabilities
updated since 06.10.2006
document Multiple buffer overflows in different network services (Discovery Service, Massage Engines, Backup Server, RPC-based services).
 Python repr() code execution
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


06.10.2006
Detailed
6!PHP integer overflow
document Integer overflow in dynamic memory allocation routines.
  


05.10.2006
Detailed
6!Trend Micro OfficeScan Client directory traversal
document Directory traversal in embedded HTTP server.
6!Multiple VoIP phones vulnerabilities
document Buffer overflows in integrated HTTP server. Buffer overflow on large UDP datagrams.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


04.10.2006
Detailed
6!HP Ignite-UX Server unauthorized access
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IBM Client Security passwords manager unauthroized access
document Password for site is stored based on site's title instead of URL.
 HP-UX SLP unauthorized access
document Unauthorized Service Locator Protocol access.
 Jetty directory traversal
updated since 03.10.2002
document Directory traversal on CGI apllications access.
  


03.10.2006
Detailed
8!Multiple MacOS X security vulnerabilities
updated since 02.10.2006
document Multiple local and client vulneragbilities in different subcomponents.
 Novell GroupWise Messenger DoS
document nmma.exe service crash on malformed HTTP POST val parameter.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Kerio Personal Firewall privilege escalation
document Insufficient hooked SSDT calls arguments validation.
  


02.10.2006
Detailed
8!0-day Mozilla Firefox code execution security vulnerability
document Vulnerability with javascript processing allows code execution.
7!Multiple MailEnable Mail server vulnerabilities
document Multiple buffer overflows and DoS conditions on SMTP NTLM authentication.
6!TrendMicro OfficeScan ActiveX format string
document Format string vulnerability in ATXCONSOLE.OCX control library.
6!McAfee ePolicy Orchestrator buffer overflow
document Buffer overflow in NAISERV.exe service.
 IBM Informix symbolic links security vulnerability
document On installation /tmp/installserver.txt file is insecurely created.
 migrationtools symbolic links problem
document Symbolic links problem on temporary files creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 02.10.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Indexing Service crossite scripting
updated since 12.09.2006
document Crossite scripting with UTF-7 characters in URL is possible.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru