Computer Security
[EN] securityvulns.ru
no-pyccku

  


31.10.2007
Detailed
6!McAfee E-Business server buffer overflow
document Buffer overflow on authentication request processing.
6!Cups buffer overflow
document Buffer overflow on IPP protocol parsing.
6!Perdition IMAP proxy server format string vulnerability
document Format string vulnerability with IMAP tag.
6!IPSwitch IMail client buffer overflow
document Buffer overflow on oversized MIME boundary.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


30.10.2007
Detailed
7!IBM AIX multiple utilities vulnerabilities
document Security vulnerabilities in bellmail, ftp, lquerypv, lqueryvg, dig, crontab, swcons.
6!Opera browser multiple security vulnerabilities
document Code execution, crossite access
6!Sun Java JRE / JDK multiple security vulnerabilities
updated since 29.10.2007
document Multiple sandbox restriction bypass vulnerabilities.
6!zlib compression library DoS
updated since 06.07.2005
document DoS on invalid data stream (including ones of PNG files).
  


29.10.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IBM Tivoli Storage Manager Client crossite scripting
document CAD Service log files crossite scripting.
  


28.10.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: directory traversal in autohtml.php and autohtml0.php allows to obtain password hashes. By requesting non-existant file it's possible to disclosure installation directory.
  


26.10.2007
Detailed
 Serverkit shttp web server directory traversal
document Directory traversal with HEAD request is possible.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 TrendMicro antivirus privilege escalation
document Buffer overflows and \\.\Tmfilter device insecure access permissions.
 MLDonkey backdoor access
document 'p2p' account with empty password and valid shell is created during installation.
  


24.10.2007
Detailed
7!IBM Lotus Notes multiple security vulnerabilities
updated since 23.10.2007
document Buffer overflow on viewing of different attachment types, information leak between local users thorugh memory mapped files.
6!Miranda instant messenger multiple security vulnerabilities
document Yahoo! messenger plugin multiple buffer overflows.
6!HP OpenView unauthorized access
document HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) unauthorized access thorugh httpd.tkd.
6!Microsoft Windows TCP/IP stack IGMP DoS
updated since 15.02.2006
document System hangs on malformed IGMPv3 packet.
 RSA Keon crossite scripting
document Crossite scripting in Request-spk.xuda and Add-msie-request.xuda components.
 Debian Linux reprepro authentication bypass
document Unkonwn package signatures are not checked .
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 24.10.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.10.2007
Detailed
8!Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities
document Code exectuion with invalid % encoding in Windows, lcaol files accesss with sftp URL, content spoofing, user input focus stealing, memory corruption, code execution.
6!3proxy double free() security vulnerability
document Double free() on FTP proxy OPEN request handling.
6!Apple iPhones multiple security vulnerabilities
document Vulnerable version of libtiff allows code execution and, as a result, allows to unlock phone.
 Citrix Access Gateway information leak
document HTTP session cookie is passed through HTTP GET request parameters, making it possible to leak it value thorugh Referer: field or in the browsing history.
 Zaptel драйвер buffer overflow
document Buffer overflow on oversized IOCTL interface name.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


20.10.2007
Detailed
7!Nortel Unistream IP Phone / Softphone / Communication Server multiple security vulnerabilities
document Buffer overflow, eavesdroping. multiple DoS conditions.
6!libpng multiple security vulnerabilities
document Multiple DoS conditions on PNG images parsing.
 GMail Mobile DoS
document DoS on large message recevied during composing the message.
 CA Host-Based Intrusion Prevention System crossite scripting
document Crossite scripting with log files.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.10.2007
Detailed
8!Double free() in zlib
updated since 12.03.2002
document Double free() call on same memory chunk causes heap corruption with potential code execution.
  


18.10.2007
Detailed
6!Cisco PIX / ASA / Firewall Service Module multiple security vulnerabilities
document Vulnerabilities on MGGP and TLS parsing.
6!TIBCO SmartPGM FX multiple security vulnerabilities
   
 Cisco Unified Communications unaurhoized access
document Any active directory user has access to web administration tools.
 Asterisk cdr_addon_mysql SQL injection
document SQL injection with destination number.
 Balsa e-mail client buffer overflow
document Buffer overflow on oversized IMAP server response.
 IrfanView buffer overflow
document Buffer overlfow on .pal files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Mathcad protection bypass
document It's possible to bypass 'Protect Worksheet' protection.
  


16.10.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 16.10.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.10.2007
Detailed
6!Apache Tomcat WebDav directory traversal
document It's possible to retrieve file by aboslute path with LOCK DAV request.
6!Opal library / Ekiga memory corruption
document Insufficient SIP Content-Length validation allows to overwrite single byte of memory.
6!TK graphics library buffer overflow
document Buffer overflow on GIF images parsing
 Cisco CallManager / OpenSer authentication relaying attacks
document Insufficient Digest authentication validation allows active man-in-the-middle to access resources unrequested by client.
 Netgear SSL312 crossite scripting
document Crossite scripting with Web interface.
 VImpX ActiveX buffer overflow
document Buffer overflow with oversized RejectRecordFile paramater.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Linux Madwifi wireless drivers DoS
document Assert on oversized "extended supported rates" beacon frame.
 Microsoft Internet Explorer executable files download filter protection bypass
document It's possible to upload file to temporary internet files folder by adding GET parameters to filename, e.g. http://example.com/program.exe?1.cda/
  


13.10.2007
Detailed
7!Firebird SQL server buffer overflow
document Oversized TCP/3050 server service request buffer overflow.
7!EMC replistor buffer overflow
updated since 13.10.2007
document Buffer overflow in server service (TCP/7144).
7!IBM DB database JDBC service multiple security vulnerabilities
document DB2JDS (TCP/6789) format string vulnerability and multiple DoS conditions.
6!libFlac / WinAMP multiple integer overflows
document Multiple integer overflows on FLAC sound format parsing.
6!MySQL multiple security vulnerabilities
document Denial of service, privilege escalation.
 hplip shell characteres
document hpssd utility shell charactesr vulnerability.
 OpenSSL DTLS code execution
   
  


12.10.2007
Detailed
7!CA BrightStor ARCServe BackUp multiple security vulnerabilities
document TCP/6504 RPC-based requests processing multiple buffer overflows.
6!G Data antivirus buffer overflow
document ScanObjectBrowser.DLL SelectPath() function buffer overflow.
6!Asterisk malformed MIME boundary multiple buffer overflows and DoS
updated since 27.08.2007
document Multiple buffer overflows and crash on malformed MIME boundary if IMAP storage is used for Voicemail.
 CiscoWorks Wireless LAN Solution Engine Cisco Wireless Control System Conversion Utility default password
document Conversion utility adds default password.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.10.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Linux initscripts weak permissions
document Weak permissions for /var/log/btmp files cause information leak about unsuccessful logon attempt.
 World in Conflict game server DoS
document NULL pointer dereference on invalid TCP/52999 port data.
 3Com 3CRWER100-75 unauthorized access
document Under specific conditions it's possible to access wireless router administration interface from external network.
  


11.10.2007
Detailed
6!Kasrpsrsky Online Scanner ActiveX format string security vulnerability
document Multiple format string vulnerabilities.
6!Microsoft Windows RPC DoS
updated since 10.10.2007
document Denial of Service during authentication in RPC-based services.
 HP System Management Homepage crossite scripting
   
 Cisco routers IOS LPD server buffer overflows
document Buffer overflow if oversized local hostname is set.
  


10.10.2007
Detailed
8!Microsoft Outlook Express / Windows Mail NNTP buffer overflow
document Heap memory overflow on NNTP server reply parsing.
6!Microsoft Internet Explorer multiple security vulnerabilities
document Memory corruption, address bar spoofing.
6!Linux mount / umount privilege escalation
document Invalid order of setuid / setgid calls and unchecked return value.
 Kodak Image Viewer memory corruption
document Memory corruption on image files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


09.10.2007
Detailed
 Linksys SPA-941 phones crossite scripting
document Crossite scripting throught web interface with SIP requests.
  


08.10.2007
Detailed
6!Apple Safari / iPhone crossite access
document Script can access source code of the page from different domain.
 QGit git repository graphical interface symbolic links
document Insecure temporary files creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 08.10.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


06.10.2007
Detailed
 The Dawn of Time MUD game format string vulnerability
document Buffer overflow in HTTP authentication.
 Dropteam game multiple security vulnerabilities
document Buffer overflows, format string vulnerabilities.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


05.10.2007
Detailed
6!NetSupport Manager unauthorized access
updated since 24.09.2007
document Unauthenticated access is possible thorugh TCP/5405.
 FSD flight simulator game server buffer overflows
updated since 04.10.2007
document Multiple buffer overflows, including HELP command.
  


04.10.2007
Detailed
7!X11 X Font Server integer overflow
document Integer overflow in QueryXBitmaps / QueryXExtents requests.
6!Borland Interbase / Firebird database server multiple buffer overflows
document Buffer overflows on multiple functions arguments.
6!Multiple FPS game servers buffer overflow with PunkBuster
document Buffer overflow on oversized packet if PunkBuster protection is turned on.
6!Linux kernel multiple security vulnerabilities
document Multiple DoS conditions.
6!mIRC unfiltered shell characters vulnerability
document Shell characters are not filtered on invoking external URL handler, making it's possible to use URLs like mailto:%xx../../../../../../../../../../../windows/system32/calc.exe".bat
6!CA BrightStor Hierarchical Storage Manager multiple security vulnerabilities
updated since 27.09.2007
document Buffer overflows, integer overflows and SQL injections.
 Sun Solaris FIFO filesystem information leak
document Integer overflow on IOCTL processing allows large memory regions reading.
 pidgin DoS
document Application crash on user not on the target's buddy list sending a "nudge," a feature of the MSN protocol.
 RMake privilege escalation
document /dev/zero device works as /dev/port in chrooted environment.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 MPlayer buffer overflow
document Buffer overflow on AVI files parsing.
 elinks information leak
document POST form data is sent over HTTP instead of HTTPs.
  


02.10.2007
Detailed
7!Checkpoint VPN-1 / Firewall-1 multiple security vulnerabilities
document Multiple buffer overflows / memory corruptions.
6!smbfptd FTP server format string vulnerability
document Format string vulnerability on directory listing creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


01.10.2007
Detailed
6!Ruby Net::HTTPS library certificates validation cryptographic vulnerability
document Certificate's CN field is not validated against DNS name, making it's possible to use valid certificate with wrong CN.
 Cisco Catalist loopback address access protection bypass
document SNMP access by address 127.0.0.x is possible, making it possible to bypass IP filtering.
 Airdesense Airsensor M520 multiple security vulnerabilites
document DoS and buffer overflow.
 Axis IP cameras crossite scripting
document It's possible to spoof video content by using crossite scripting attacks.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 01.10.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Promise NAS NS4300N superuser access protection bypass
document It's possible to bypass resttrictions for direct remote root access.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru