Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.10.2008
Detailed
 Quassel IRC client command injection
document A CTCP ping where the value contains a CTCP quoted newline ('\020' + 'n') will let the Quassel core reply with a message containing an unquoted newline ('\n'). The IRC server interprets this as a command separator.
  


29.10.2008
Detailed
6!EATON MGE Office Protection Systems Network Shutdown Module unauthorized access
document Authentication bypass and code execution.
6!lynx code execution
document It's possible to execute code in Advanced Mode by redirecting to lynxcgi: URI.
 Altiris Deployment Server Agent privilege escalation
document multiple shatter-attacks.
 Wireshark sniffer multiple security vulnerabilities
document Multiple DoS conditions on different protocols parsing.
 GNU enscript buffer overflow
document Buffer overflow on text file conversion.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.10.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Trend Micro OfficeScan buffer overflow
updated since 15.09.2008
document Buffer overflow in cgiRecvFile.exe Web component.
 Microsoft Internet Explorer address bar spoofing
document There are few methods of address bar spoofing.
  


27.10.2008
Detailed
 VLC media player buffer overflow
document Buffer overflow on TiVo ty format parsing.
 HP OpenView Network Node Manager DoS
updated since 02.09.2008
   
  


26.10.2008
Detailed
6!Sun Java WebStart multiple security vulnerabilities
updated since 18.07.2008
document Sandbox limitation bypass, buffer overflow.
 HP SiteScope crossite scripting
document Script injections with SNMP traps.
 FireGPG multiple security vulnerabilities
document Information leakage with temporary files, insecure temporary files creation.
 Goodtech sshd buffer overflow
document Buffer overflow in sftp implementation.
 Symantec Veritas Storage Foundation unauthorized access
updated since 23.10.2008
document qioadmin utility allows local files read access. qiomkfile allows memory content reading.
 Opera crossite scripting
updated since 26.10.2008
document Crossite scripting with opera:historysearch.
  


24.10.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 24.10.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CNCat: crossite scripting via description field.
 Asterisk DoS
document Resources exhaustion on IAX request parsing.
  


23.10.2008
Detailed
6!Cisco PIX / ASA multiple security vulnerabilities
document Windows NT domain authentication bypass, IPv6 DoS, DoS because of memory leak in crypto accelerator
  


21.10.2008
Detailed
7!Microsoft Internet Explorer multiple security vulnerabilities
updated since 14.10.2008
document Memory corruptions, information hijack, crossite scripting.
  


18.10.2008
Detailed
6!Linux kernel multiple security vulnerabilities
updated since 14.10.2008
   
 Adobe Flash CS3 Professional / Adobe Flash MX 2004 multiple buffer overflows
document Multiple heap buffer overflows on .SWF files parsing.
 GNU tar buffer overflow
updated since 18.10.2007
   
  


16.10.2008
Detailed
7!Sun Java Web Proxy buffer overflow
document Buffer overflow on FTP resource GET request handling in HTTP proxy.
7!Microsoft Windows AFD driver privilege escalation
updated since 15.10.2008
document Kernel memory access is possible.
 libxml memory corruption
document Memory corruption on XML parsing
 VLC Mediaplayer memory corruption
document Memory corruption on XSPF playlists parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Xen privilege escalation
updated since 06.10.2007
document It's possible for DomU domain user to execute code in Dom0 context.
  


15.10.2008
Detailed
8!Microsoft Windows SMB buffer overflow
document Buffer overflow on SMB protocol parsing.
7!Microsoft Windows Virtual Address Descriptor manipulation privilege escalation
document Integer overflow leads to memory corruption.
7!CA ARCserve Backup multiple security vulnerabilities
updated since 12.10.2008
document Code execution, multiple DoS conditions.
6!Microsoft Host Integration Server buffer overflow
updated since 14.10.2008
document Buffer overflow in RPC-based service.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Windows 2000 Message Queuing code execution
document Code execution via RPC-based service.
 Microsoft Windows Internet Printing Service integer overflow
document Integer overflow after authentication.
 Microsoft Office multiple security vulnerabilities
updated since 14.10.2008
document cdo: URI information leak, multiple Excel memory corruptions.
  


14.10.2008
Detailed
6!Microsoft Windows 2000 Active Directory buffer overflow
document Buffer overflow on LDAP request processing.
6!Sun Solaris Solstice AdminSuite daemon buffer overflow
document Buffer overflow in sadmind adm_build_path() function.
 Microsoft Windows kernel multiple security vulnerabilities
document Double free() vulnerability and memory corruptions.
 Telecom Italia Alice Pirelli routers backdoor
document Specially constructed IP packet causes router's telnet/ftp/tftp functions to be activated.
 Marvel chipset wireless access points DoS
document Malformed association request causes access point to hang or reboot.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Lenovo Rescue and Recovery buffer overflow
document Buffer overflow in tvtumon.sys driver.
 Oracle privilege escaclation
document User with CREATE ANY DIRECTORY privileges can escalate privileges to SYSDBA.
 Mozilla FireFox information leak
updated since 08.10.2008
document Information leak on local HTML file opening.
  


12.10.2008
Detailed
6!Apple Mac OS X CUPS printing system code execution
document Buffer overflow in HP-GL/2 filter.
 Apache Tomcat information leak
document Race conditions allow to bypass IP address check.
  


09.10.2008
Detailed
7!Novell eDirectory multiple security vulnerabilities
document Multiple buffer overflows on TCP/8028 and TCP/8028 traffic parsing.
6!Gentoo Linux Portage privilege escalation
document Relative shared library search path in suid application.
 HP System Management Homepage crossite scripting
   
 Cisco Unity authentication bypass
document Authentication bypass to administration features if anonymous access is enabled.
 Windows kernel integer overflow
document Integer overflow in IopfCompleteRequest function.
 HP-UX NFS/ONCplus DoS
updated since 09.10.2008
   
 Motorola Timbuktu information leak
document User data is sent to central server.
 mon symbolic links vulnerability
document Symbolic links vulnerability on temporary files creation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 feta symbolic links vulnerability
document Symboliclinks vulnerability on temporayr files creation.
  


08.10.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


06.10.2008
Detailed
6!lighthttpd multiple security vulnerabilities
document DoS conditions, information leakage.
6!pam_krb5 privilege escalation
document Privilege escalation is possible if existing_ticket credentials caching option is used.
 VMWare privilege escalation
document 64-bit platforms guest system privilege escalation.
 Trend Micro OfficeScan directory traversal
document Directory traversal in update agent server part.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Mac OS X Mail.App insecure data storage
document Encrypted messages are stored in cleartext.
  


03.10.2008
Detailed
6!Multiple OpenSSH security vulnerabilities
updated since 28.09.2006
document Multiple different DoS conditions.
 Juniper Netscreen Firewall ScreenOS crossite scripting
document Persistant crossite scripting with username stored in logs.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FreeBSD IPv6 Neighbor Discovery Protocol security vulnerability
document A malicious IPv6 node sharing a common router but on a different physical segment from another node may be able to spoof Neighbor Discovery messages, allowing it to update router information for the victim node.
 Adobe Flash Player Plugin DoS
document NULL pointer dereferencecauses browser to crash.
  


02.10.2008
Detailed
6!Autodesk DWF Viewer ActiveX multiple security vulnerabilities
document Insecure methods allow to save and execute files.
 Asterisk multiple DoS conditions
document Application crashes on malformed IAX requests flood.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru