Computer Security
[EN] securityvulns.ru
no-pyccku




28.10.2010
Detailed
6!libvirt library multiple security vulnerabilities
document Multiple possibilities to access host resources from guest machine.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.10.2010
Detailed
7!GNU C dynamic linker privilege escalation
updated since 24.10.2010
document Invalid $ORIGIN processing allows to load user library into suid application.
  


24.10.2010
Detailed
6!Linux kernel RDS protocol privilege escalation
document It's possible to overwite kernel memory regions via recvmsg() for RDS protocol.
 libpurple library / Pidgin DoS
document Crash on base64 decoding in different protocols.
 LibSMI ibrary code execution
document Buffer overflow on oversized numerical OID.
 SAP BusinessObjects default password
document Deafault account admin/axis2 is used for AXIS2 installation.
 HP Systems Insight Manager multiple security vulnerabilities
document Directory traversal, crossite scripting.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Windows Mobile double free vulnerability
document Double free on receiving VCF via MMS/bluetooth.
  


23.10.2010
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey / NSS multiple security vulnerabilities
document Multiple memory corruptions, buffer overflows, crossite scripting, TLS/SSL vulnerabilities, code execution.
  


19.10.2010
Detailed
 RealPlayer buffer overflow
document Buffer overflow on QCP format parsing.
 HP ProCurve access points / access controllers / mobility controllers privilege escalation
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.10.2010
Detailed
8!Microsoft Office security vulnerabilities
updated since 13.10.2010
document Multiple memory corruptions, array index and buffer overflows, etc in Microsoft Word and Excel.
 freeciv unauthorized access
document It's possible to access files and execute commands via scenario.
  


13.10.2010
Detailed
9!Microsoft Windows multiple security vulnerabilities
document Multiple privilege escalation with different drivers. MFC buffer overflow. EOT and OTF fonts memory corruptions and integer overflow. comctl32 buffer overflow. LPC buffer overflow. SChannel DoS.
9!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruptions, cross domain information disclosure.
6!poppler library multiple security vulnerabilities
document Different vulnerabilities on PDF parsing.
6!Microsoft Windows Wordpad / Windows Shell code execution
document Code execution via embedded COM object.
6!Media Player Network Sharing memory corruption
document Use-after-free vulneraebility on RTSP request parsing.
6!Microsoft Sharepoint SafeHTML crossite scripting
document Few crossite scripting possibilities.
 Wireshark DoS
document Stack overflow on ASN.1 parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Windows 2008 Shared Cluster Disks weak permissions
document Everyone:Full Control permissions is granted on new disks by default.
 Windows Media Player memory corruption
document Memory corruption if page with WMP ActiveX is reloaded.
 Microsoft .Net JIT memory corruption
document Memory corruption during SMIL code compilation on 64 bit architecture.
 Directory traversal in multiple FTP clients
updated since 05.08.2010
document It's possible for file to be downloaded outside directory choosen by user.
  


11.10.2010
Detailed
 RSA Authentication Client information leal
document SENSITIVE and NON-EXTRACTABLE flags are ignored for shared kay, making it possible to extract it.
 HP Data Protector DoS
document NULL pointer dereference on TCP/5555 request parsing.
 Visual Synapse HTTP Server directory traversal
document Directory traversal with backslash.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


08.10.2010
Detailed
8!Adobe Acrobat / Reader multiple security vulnerabilities
updated since 06.10.2010
document Multiple memory corruptions, code executions, privilege escalations, shell character vulnerabilities.
 libESMTP SSL vulnerabilities
document It's possible to spoof certificate by different ways.
  


06.10.2010
Detailed
6!MIT Kerberos 5 uninitialized pointer
document Uninitialized pointer dereferense on TGS request processing.
 PostgreSQL code execution
document It's possible to execute any code with external procedures.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


05.10.2010
Detailed
7!IBM TSM FastBack multiple security vulnerabilities
document Multiple code execution and denial of service conditions.
6!HP-UX Directory Server / Red Hat Directory Server multiple security vulnerabilities
document Information leak, privilege escalation.
6!Novell iManager directory traversal
document Directory traversal via nps.jar.
 SAP Management Console DoS
document Multiple DoS conditions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Novell edirectory DoS
document NCP (TCP/524) DoS.
 Qt Creator code execution
document Dynamic libraries are loaded with relative path.
  


01.10.2010
Detailed
 libtiff memory corruption
document Memory corruption on TIFF image parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru