Computer Security
[EN] securityvulns.ru no-pyccku



31.10.2011
Detailed
7!Adobe Acrobat / Reader multiple security vulnerabilities
updated since 16.09.2011
document Privilege escalation, memory leakage, code executions, multiple buffer overflows.
6!Novell iPrint buffer overflow
document GetDriverSettings() function buffer overflow.
6!Cisco Nexus switches protection bypass
updated since 13.09.2011
document It's possible to bypass ACL limitation. Local code execution.
 tor information discosure
document Combined attacks may be used to deaninmize user.
 HP-UX Containers privilege escalation
   
 Cisco Video Surveillance DoS
document Crash on RTSP packet parsing.
 HP Network Node Manager i information leakage
updated since 06.04.2011
   
  


26.10.2011
Detailed
6!pam buffer overflow
document pam_env module buffer overflow
 Alcatel Lucent OmniTouch Instant Communication Suite multiple security vulnerabilities
document Crossite scripting, request forgery.
 ClamAV antivirus DoS
document Crash on high recurson level.
 cyrus-imapd DoS
document Crash on parsing message References: header.
 zFTP FTP server buffer overflow
document Buffer overflow on STAT and CWD commands processing.
 D-Bus symbolic links vulnerability
document configure script insecure file creation
  


24.10.2011
Detailed
9!Oracle / Sun / People Soft applications multiple security vulnerabilities
document Quarterly CPU fixes >50 security vulnereabilities.
8!Apple OS X multiple security vulnerabilities
updated since 16.10.2011
document Multiple vulnerabilities in different system components.
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.10.2011
document Multiple memory corruptions with code execution.
7!tor multiple security vulnerabilities
updated since 19.01.2011
document Heap buffer overflow, DoS, key information leak.
6!Cisco Show and Share security vulnerabilities
document Authentication bypass, code execution.
6!HP Data Protector Notebook Extension multiple security vulnerabilities
   
6!Asterisk uninitilized memory reference
document Crash on SIP request processing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Cisco CiscoWorks Common Services code execution
document It's possible to execute code with LocalSystem privileges.
 HP MFP Digital Sending Software information leakage
   
 MIT krb5 FTP server privilege escalation
updated since 11.07.2011
document Daemon group privileges are not dropped. DoS conditions in different backends.
 Daemon Tools DoS
document Crash on IOCTL processing
  


23.10.2011
Detailed
 acpid DoS
updated since 26.05.2009
document Large number of connections leads to endless loop.
  


20.10.2011
Detailed
8!Multiple HTTP servers DoS
updated since 27.08.2011
document Range: header processing can lead to memory exhaustion.
6!X.Org multiple security vulnerabilities
document Memory corruprions, insecure lock file creation.
 SystemTap DoS
document Crash on ELF parsing.
  


16.10.2011
Detailed
9!Apple iPhone multiple security vulnerabilities
updated since 15.10.2011
document Multiple vulnerabilities in different system components and applications.
8!Apple iTunes multiple security vulnerabilities
document Multiple security vulnerabilities on different media formats parsing.
6!Apple TV multiple security vulnerabilities
document SSL vulnerabilities, vulnerabilities in different media formats parsing.
6!Microsoft Forefront Unified Access Gateway multiple security vulnerabilities
updated since 12.10.2011
document Code execution, crossite scripting, DoS.
 HP Onboard Administrator unauthorized access
   
 Abus IP cameras multiple security vulnerabilities
document Read/write files access and command execution.
 OpenSSL security vulnerabilities
document DoS, protection bypass.
 Microsoft Publisher memory corruption
document Memory corruption on .pub files parsing.
 G-WAN Web server buffer overflow
document Buffer overflow on request processing.
 conky symbolic links vulnerability
document Insecure temporary files creation.
 Samba security vulnerabilities
document Different mtab file related vulnerabilities lead to DoS.
 libxml2 memory corruption
updated since 19.06.2011
document Multiple vulnerabilities related to XPath processing.
 feh multiple security vulnerabilities
document Different vulnerabilities in graphics format parsing.
 wget unsafe files creation
document Local file is created with server controlled filename.
  


15.10.2011
Detailed
8!Apple Safari / WebKit multiple security vulnerabilities
document Crossite scripting, multiple memory corruption, code execution.
 Quassel IRC client weak permissions
document Weak permissions for user's files and directories.
  


12.10.2011
Detailed
7!PHP multiple security vulnerabilities
document Memory corruptions in different functions.
7!Microsoft Windows multiple security vulnerabilities
document Active Accessibility and Media Center insecure DLL loading
6!Microsoft .Net / Silverlight code execution
document It's possible to escape from sandbox.
 Microsoft Host Integration Server DoS
document Uninitialized pointer dereference, endless loop.
  


10.10.2011
Detailed
7!Cisco ASA / Cisco FSM multiple security vulnerabilities
document Multiple vulnerabilities in MSN, ILS and Sun RPC parsing, authentication bypass in TACACS+.
6!quagga route daemon multiple security vulnerabilities
document Multiple memory corruptions on OSPF and BGP packets parsing.
6!cyrus-imapd nntp server security vulnerabilities
document Buffer overflow, auuthentication bypass.
6!Anatomy Keyview multiple security vulnerabilities
document Memory corruption, integer overflow, buffer overflow.
6!Google Chrome security vulnerabilities
document Memory corruption on WebKit functions.
 VMWare buffer overflow
document Buffer overflow on UDF file system import.
 Cisco Network Admission Control Manager directory traversal
document HTTPS directory traversal.
 OpenOffice multiple security vulnerabilities
document Multiple memmory corruptions on .doc files import.
 ark archiver directory traversal
document Directory traversal during archive extraction.
 rpm multiple security vulnerabilities
document Multiple vulnerabilities on RPM file header parsing.
 UI spoofing in different QT applications
document Using Qt QLabel class to display security critical information allows interface spoofing.
  


04.10.2011
Detailed
 ThinVNC / ThinRDP directory traversal
document Directory traversal in embedded web server.
 Metropolis Technologies OfficeWatch directory traversal
document Embedded web server directory traversal.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 04.10.2011
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 SonicWall NSA 4500 protection bypass
document ARP spoofing protection doesn't work if used in conjunction
 Cytel Studio memory corruptions
document Memory corruptions on CY3, CYL, CYB files parsing.
 GenStat memory corruption
document Memory corruptions on GWB and GSH files processing.
  


02.10.2011
Detailed
9!Cisco IOS multiple security vulnerabilities
document IP SLA DoS, smart install (TCP/4786) code execution, memory leaks in IPS and firewall features, multiple SIP vulnerailibites, multiple protocols NAT translation DoS, multiple IPv6 DoS, DLSw DoS.
8!Novell Groupwise multiple security vulnerabilities
document Multiple memory corruptions, buffer overflows, integer overflows, heap array overflow.
7!Cisco 10000 routers DoS
document Crash on ICMP packets parsing.
6!Cisco Jabber Extensible Communications Platform / Cisco Unified Presence
document Resources exhaustion on XML parsing.
 PcVue ActiveX multiple security vulnerabilities
document Unsafe methods, array index overflow, code execution.
 FreeBSD domain socket name buffer overflow
document bind() buffer overflow on local (domain) sockets.
 Cisco Unified Communications Manager memory leak
document Memory leaks in SIP implementation.
 EViews memory corruptions
document Memory corruption on WF1 files parsing, buffer overflow on PRG parsing.
  


01.10.2011
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, crossite scripting, code executions, etc
 Wireshark multiple security vulnerabilities
document DoS on different protocols dissectors, unsafe dynamic library loading.
 Barracuda Backup multiple security vulnerabilities
document Authentication bypass, crossite scripting.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 mutt SSL certificate validation vulnerability
document SMTP and POP3 certificate hostname is not validated correctly.
 NCSS memory corruption
document Memory corruption on S0 files parsing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod