Computer Security
[EN] securityvulns.ru
no-pyccku




30.10.2009
Detailed
6!libhtml-parser-perl library DoS
document Infinite loop on HTML parsing.
6!BSD systems printf buffer overflows
document Multiple vulnerabilities on %f format specificator parsing.
 SafeNet SoftRemote buffer overflow
document Buffer overflow on policy file parsing.
 Microsoft Windows Media Player information leak
document Windows Media Player plugin allows to detect local file existance.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 2wire routers DoS
document It's possible to reboot device via TCP/50001 https Web interface without authorization.
  


29.10.2009
Detailed
6!VMWare multiple security vulnerabilities
document Privilege escalation in guest system. Directory traversal on access from guest to host system.
6!Hummingbird STR service / EMC Documentum eRoom / OpenText Search Server buffer overflow
document Buffer overflow on TCP/10500 traffic parsing.
6!Opera code execution
document Code execution via RSS feeds.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


28.10.2009
Detailed
7!CUPS / poppler / xpdf / Adobe Reader multipls security vulnerabilities
updated since 20.10.2009
document Integer overflows, race condiotions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Asterisk protection bypass
document ACL restrictions were not applied to SIP INVITE messages.
 Rising Antivirus / Firewall weak security permissions
document Weak permissions for program executables and services.
 Aruba wireless access points DoS
document Crash on malformed 802.11 association request frame.
 KDE multiple security vulnerabilities
document Crossaplication scripting in Ark, protocol URI handlers, KMail.
  


26.10.2009
Detailed
6!squidGuard buffer overflows
document Multiple buffer overflows.
6!Jetty multiple security vulnerabilities
document Crossite scripting, information leak.
6!CamlImages library integer overflows
updated since 03.07.2009
document Multiple overflows on PNG, TIFF, GIF, JPEG processing.
 Pegasus Mail buffer overflow
document Buffer overflow on POP3 server response parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.10.2009
Detailed
 Avast! Antivirus weak permissions
document Weak permissions for installation folder.
 Linux kernel DoS
document Local net r8169 driver DoS.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 22.10.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


22.10.2009
Detailed
6!Everfocus EDR1600 digital recorder authentication bypass
document It's possible to bypass authentication mechanism.
6!AlienArena game buffer overflow
document Buffer overflow on UDP/27901 packet parsing.
 TwonkyMedia Web Server crossite scripting
document Crossite scripting on error pages.
 Websense Email Security multiple security vulnerabilities
document Crossite scripting and DoS in Web administration interface.
  


20.10.2009
Detailed
7!PHP multiple security vulnerabilities
updated since 28.09.2009
document Certificates spoofing, memory corruptions on images parsing, information leakage.
 EMC Replistor DoS
document Crash on TCP/7144 data parsing.
 South River Technologies WebDrive privilege escalation
document Weak service permissions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.10.2009
Detailed
8!Adobe Acrobat / Reader multiple security vulnerabilities
updated since 14.10.2009
document Multiple memory corruptions, array index overflows, etc.
6!McKesson Horizon Clinical Infrastructure multiple hardcoded accounts
document Multiple unchangable hardcoded accounts.
6!3COM OfficeConnect routers multiple security vulnerabilities
document Backdoor accounts, password stored in clear text, code execution.
6!xpdf integer overflow
document Integer overflow during PDF parsing leads to heap overflow.
 Zoiper softphone DoS
document Crash on SIP request parsing.
 IBM DB2 JDBC DoS
document jdbcReadString() read behind memory.
 UiTV UiPlayer ActiveX buffer overflow
document Buffer overflow in UiCheck.dll
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.10.2009
Detailed
6!Microsoft Windows kernel multiple security vulnerabilities
updated since 13.10.2009
document Integer overflow, NULL pointer dereference, exception handler vulnerability.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco Unified Communications Manager / Cisco Unified Presence DoS
updated since 27.08.2009
document Multiple Denial of Service conditions on SIP and Skinny processing.
  


15.10.2009
Detailed
6!pygresql / mysql-ocaml / postgresql-ocaml SQL injection
document Text escaping functions are not colled for multibyte charsets.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


14.10.2009
Detailed
8!Microsoft GDI+ multiple security vulnerabilities
document Multiple vulnerabilities on WMF, PNG, TIFF, BMP parsing.
8!Microsoft .Net multiple security vulnerabilities
document Multiple vulnerabilities allow escape from sandbox environment.
7!Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.10.2009
document Multiple memory corruptions.
6!Samba multiple security vulnerabilities
document Local privileged files access, DoS, unauthorized remote access.
6!Microsoft Windows Media Runtime multiple security vulnerabilities
updated since 13.10.2009
document Buffer overflows, memory corruptions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


13.10.2009
Detailed
9!Microsoft Windows (including Windows 7) SMB2 array index overflow
updated since 08.09.2009
document Crash on SMB2 protocol NEGOTIATE PROTOCOL REQUEST SMB request parsing
9!Microsoft Active Template Library (ATL) multiple security vulnerabilities
updated since 29.07.2009
document Memory corruptions, information leak, initialization problem, leading to killbit protection bypass.
8!Microsoft Windows IIS FTP server buffer overflow
updated since 31.08.2009
document Buffer overflow in NLST command. Same vulnerability may be used for stack overflow (stack memory exhaustion) without need fo write access.
7!Microsoft Windows Indexing Service ActiveX memory corruption
   
6!Microsoft Windows LSA DoS
document Crash on NTLM authentication parsing.
6!Microsoft CryptoAPI certificate spoofing
document Certificate name spoofing with NULL byte.
6!Microsoft Windows Media Player buffer overflow
document Buffer overflow on .ASF files parsing.
6!CA Anti-Virus multiple security vulnerabilities
updated since 09.10.2009
document Multiple vulnerabilities on RAR archives parsing.
 kvm privilege escalation
document kvm_emulate_hypercall doesn't filter MMU hypercalls from ring 0.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Palm Pre DoS
document Crash on HTML parsing.
  


11.10.2009
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


09.10.2009
Detailed
6!FreeBSd race conditions (devfs)
updated since 03.10.2009
document Race conditions between devfs and VFS allow code execution.
6!FreeBSd race conditions (pipe)
updated since 03.10.2009
document Race conditions in pipes close() call allow code execution in kernel context.
 NetPBM DoS
document Crash on displaying image with large height.
 httpdx Web server buffer overflow
document Buffer overflow on GET response parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP printers crossite scripting
updated since 07.10.2009
document Crossite scripting in Jetdirect web interface for LaserJet and Color LaserJet printers.
  


07.10.2009
Detailed
 XLPD LPD server DoS
document Crash on invalid LPR request.
 Dopewars game server DoS
document Crash on parsing TCP/7902 data.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 wget certificate spoofing
document It's possible to spoof ceritificate by using NULL character in the Common Name.
 Bulletproof FTP client buffer overflow
document Buffer overflow on .bps files parsing.
  


06.10.2009
Detailed
6!Palm Pre unauthorized access
updated since 09.08.2009
document Multiple HTML injection conditions, including e-mail.
 Google Android multiple security vulnerabilities
document DoS via SMS, DoS via Dalvik API.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 AlleyCode HTML editor buffer overflow
document Buffer overflow on oversized TITLE.
  


04.10.2009
Detailed
7!perl IO::Socket::SSL certificate validation vulnerability
document IO-Socket-SSL host name is not correctly validated.
7!Google Googleapps code executions
document googleapps.url.mailto:// URI command injection.
7!Novell Netware buffer overflow
document Buffer overflow via NFS.
 OSISoft PI Server weak authentication
   
 Novell eDirectory crossite scripting
   
 Cerberus FTP server FTP server buffer overflow
document Buffer overflow during authentication.
 BackupPC privilege escalation
document Privilege escalation with CgiUserConfigEdit
  


03.10.2009
Detailed
7!AOL ActiveX buffer overflow
document Buffer overflow in Sb.SuperBuddy.1 control.
6!OpenSwan / StrongSwan multiple security vulnerabilities
document Multiple vulnerabilities in IKE implementation.
 VMWare Fusion multiple security vulnerabilities
document DoS and integer overflow on IOCTL processing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru