Computer Security
[EN] securityvulns.ru no-pyccku



30.10.2012
Detailed
8!Oracle Java / OpenJDK multiple security vulnerabilities
updated since 25.10.2012
document 30 of different vulnerabilities
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 CorePlayer flash video player crossite scripting
document Crossite scripting via callback parameter
 EMC Avamar Client for VMware weak encryption
document Server access password is stored locally in cleartext.
  


29.10.2012
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 12.10.2012
document Information leakage, multiple memory corruptions, crossite scripting, etc.
6!Sybase ASE security vulnerabilities
document Повышение привилегий, выполнение кода.
 Cisco ASA-CX Context-Aware Security appliance / Cisco Prime Security Manager DoS
document File resources exhaustion.
 Cisco Unified Presence / Jabber Extensible Communications Platform DoS
document Crash on stream header parsing.
 RSA BSAFE security vulnerabilities
document BEAST attacks, buffer overflows.
 Beaker information leakage
document Information leakage in AES ECB mode.
 IBM Informix Dynamic Server buffer overflow
document SET COLLATION buffer overflow.
 IBM DB2 privilege escalation
document Privilege escalation via GET_WRAP_CFG_C and GET_WRAP_CFG_C2 stored procedures.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Sitecom Home Storage Center security vulnerabilities
document SQL injection, XSS.
  


28.10.2012
Detailed
9!Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
updated since 28.07.2012
document Approx. 90 of diffent vulnerabilities in different applications.
8!exim buffer overflow
document Buffer overflow on DKIM handling
 hostapd security vulnerabilities
document Buffer overflow, weak permissions.
 cups-pk-helper privilege escalation
document Insecure CUPS functions call.
 tinyproxy proxy server DoS
document Crash on request headers parsing.
 HP/H3C / Huawei equipment information leakage
document Information leakage via SNMP.
 RealPlayer buffer overflow
document Buffer overflow on oversized filename in wathced folder.
  


25.10.2012
Detailed
9!Microsoft Internet Explorer memory corruption
updated since 19.09.2012
document Use-after-free vulnereability is actively used in-the-wild to install malware.
  


22.10.2012
Detailed
7!CA ARCserve Backup security vulnerabilities
document Security vulnerabilities in RPC requests handling.
 SonicWALL EMail Security multiple security vulnerabilities
document Crossite scripting, crossite request forgery, etc.
 Palo Alto Networks GlobalProtect certificate spoofing
document Server certificate is no checked
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IBM Lotus Notes Traveler security vulnerabilities
document Crossite scripting, crossite request forgery, URL redirection.
 modsecurity for Apache protection bypass
document It's possible to bypass filtering with double '\r' in boundary identifier.
 F5 Firepass URL redirection
document Uncontrolled redirection from my.activation.cns.php3 page.
  


17.10.2012
Detailed
6!Ezhometech EzServer memory corruption
document Memory corruption on RTMP AMF request parsing
6!Valve Steam multiple security vulnerabilities
document Buffer overflows, code executions and game engines vulnerabilities can be exploited via steam:// URI handler.
 RSA Adaptive Authentication information leakage
   
 graphicsmagick memory corruption
document Memory corruption on PNG parsing.
 Visual Tools DVRs multiple security vulnerabilities
document Information leakage, code execution.
 Hardcoreview memory corruption
document Memory corruption on GIF parsing
  


15.10.2012
Detailed
7!Microsoft Excel code execution
document Code execution on .xls files parsing.
6!Cisco WebEx multiple security vulnerabilities
document Multiple memory corruptions and buffer overflows.
6!Cisco ASA / FWSM multiple security vulnerabilities
document Buffer overflow, multiple DoS conditions.
6!EMC NetWorker Module for Microsoft Applications security vulnerabilities
document Code execution, information leakage.
 utempter information spoofing
document User supplied data is not checked before writing to utmp.
 Apache Cloudstack default account
document Default account with known password.
 VLC code execution
document Code execution on PNG files parsing.
 VMWare applications security vulnerabilities
document VMware Movie Decoder code execution, vCenter Operations crossite scripting, vCenter CapacityIQ directory travesal.
 Ruby restrictions bypass
document Untainted strings modification is possible.
 BigPond 3G21WB security vulnerabilities
document Hard coded credentials, commands injection.
  


12.10.2012
Detailed
6!bind DoS
document A problem in RBT algorythm implementation causes hang on specific combination of records.
  


10.10.2012
Detailed
7!Microsoft Windows kernel integer overflow
document Kernel integer overflow leads to privilege escalation.
6!Microsoft Windows kerberos server DoS
document NULL pointer dereference on authentication request.
 hostapd buffer overflow
document Buffer overflow during EAP authentication.
 Key Systems Electronic Key Lockers unauthorized access
document Unauthentication port TCP/1010 service access
 Endpoint Protector multiple security vulnerabilities
document Multiple crossite scripting possibilities.
 bacula restriction bypass
document ACLs are not enforced properly.
 Logica HotScan buffer overflow
document Buffer overflow on SWIFT Alliance Access Interface request parsing.
 WingFTP DoS
document Crash on ZIP archive requests processing.
 Microsoft SQL Server crossite scripting
document SQL Server Report Manager crossite scripting.
 Fortigate UTM WAF Appliance multiple security vulnerabilities
document Privilege escalation, crossite scripting.
 GTA UTM Firewall multiple security vulnerabilities
document Multiple crossite scripting possibilities.
 soapbox protection bypass
document It's possible to bypass protection by launching second application instance.
  


09.10.2012
Detailed
6!Multiple Microsoft web applications crossite scripting
document Insufficient HTML sanitization
6!Microsoft Word security vulnerabilities
document Memory corruption, use-after-free.
 Microsoft Fast Search Server vulnerabilities
document Multiple vulnerabilities in Oracle Outside In built-in libraries.
 Microsoft Works memory corruption
document Memory corruption on Word files parsing.
  


07.10.2012
Detailed
 Novell Groupwise DoS
document Crash on iCal parsing.
  


05.10.2012
Detailed
6!RSA SecurID Authentication Agent / RSA Authentication Client protection bypass
document Under some condition user may login with windows credentials only.
6!libxslt multiple security vulnerabilities
document Information leakages, DoS conditions, memory corruptions.
 HP Operations Orchestration code execution
   
 HP SiteScope multiple security vulnerabilities
document Information leakage, code execution.
 HP IBRIX X9000 information leakage
   
 HP Network Node Manager i information leakage
   
 XnView buffer overflow
document Buffer overflow on JLS files parsing.
  


04.10.2012
Detailed
6!Novell Groupwise directory traversal
document HTTP interface directory traversal.
6!Apple TV multiple security vulnerabilities
document Multiple vulnerabilities on different formats and protocols parsing.
6!DartWebserver buffer overflow
document Buffer overflow on HTTP request parsing.
 dbus privilege escalation
document Privilege escalation via environment variables.
 guacamole buffer overflow
document Buffer overflow on request parsing.
 CA License privilege escalation
document Code execution with system rights, files modification.
 QEMU memory corruption
document Memory corruption on terminal emulation.
 Tochiba ConfigFree multiple security vulnerabilities
document Multiple vulnerabilities on CF7 files parsing.
 RubyGems https vulnerabilities
document Insufficient certificate validation, redirection to insecure protocols.
 STARTTLS vulnerability in different mail applications
updated since 10.03.2011
document Atacker can inject cleartext commands before TLS phase.
  


01.10.2012
Detailed
8!Apple Mac OS X multiple security vulnerabilities
updated since 24.09.2012
document Multiple vulnerabilities in different subsystems.
7!Cisco IOS multiple security vulnerabilities
document Multiple DoS conditions in different protocols implementations.
6!Cisco Catalyst switches DoS
document Crash on malformed packet parsing.
6!xinitd restrictions bypass
document tcpmux invalid service type check
 Cisco Unified Communications Manager DoS
document Crash on SIP parsing.
 Apache security vulnerabilities
document mod_negotiation crossite scripting, local shared library privilege escalation
 Smartfren Connex weak permissions
document Weak permissions for executable files lead to privilege escalation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Transmission crossite scripting
document Transmission web client crossite scripting
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod