Computer Security
[EN] securityvulns.ru no-pyccku



28.10.2013
Detailed
7!X.Org use-after-free
document Use-after-free during ImageText request processing.
6!Cisco Identity Services Engine multiple security vulnerabilities
document Authentication bypass, code execution.
6!Linux kernel mulriple security vulnerabilities
updated since 09.09.2013
document Privilege escalations, information leakages, DoS conditions.
 PolarSSL multiple security vulnerabilities
document DoS, buffer overflows, timing attacks.
 Watchguard Server Center XSS
document Multiple crossite scripting vulnerabilities.
 NetGear ReadyNAS code execution
document Web interface commands injection.
 Mozilla nss uninitialized memory dereference
document Uninitialized memory dereference on decryption.
 RSA Authentication Agent authentication bypass
document Protection bypass on agent crash.
 CA SiteMinder crossite scripting
   
 Librack multiple security vulnerabilities
document DoS, code execution.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 27.10.2013
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Apport weak permissions
document Weak permissions on created sump files.
 Suds symbolic links vulnerability
document Symbolic links vulnerability on temporary fiels creation.
  


13.10.2013
Detailed
7!Cisco ASA / FWSM multiple security vulnerabilities
document Privilege escalation, authentication bypass, DoS.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


12.10.2013
Detailed
6!systemd security vulnerabilities
document Integer overflow, protection bypass, privilege escalation.
6!HP Business Process Monitor security vulnerabilities
document Information leak, code execution.
 Cyrus SASL DoS
document Crash on some values for password's salt.
 xinetd privilege escalation
document tcpmux-server service is executed with root privileges.
 GnuPG security vulnerabilities
document Protection bypass, DoS.
 Network Audio System security vulnerabilities
updated since 02.10.2013
document Code execution, Denial of service.
  


09.10.2013
Detailed
8!Microsoft Windows multiple security vulnerabilities
updated since 09.10.2013
document .Net code execution, comctl32.dll integer overflow.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruption.
7!Microsoft Office multiple security vulnerabilities
document Memory corruptions on Word and Excel documents parsing.
7!Microsoft Sharepoint security vulnerabilities
document Memory corruption on Excel files parsing, crossite scripting.
6!Samsung DVR security vulnerability
document Authentication bypass, information leakage.
6!HP Service Manager unauthorized access
   
6!HP Intelligent Management Center multiple security vulnerabilities
document Code execution, authentication bypass, SQL injection, unauthorized access.
 Evolution / libcamel messages encryption vulnerabilities
document Under some conditions messages are encrypted with wrong key.
 RSA Authentication Agent for PAM protection bypass
document Login attepts are not limited.
 Netgear ProSafe switches security vulnerabilities
document Information leakage, DoS.
 libmobiledevices symbolic links vulnerability
document Symbolic links vulnerability on emporary files creation.
 HP StoreOnce DoS
   
 Asterisk security vulnerabilities
document Few DoS conditions on SIP parsing.
 IBM Lotus iNotes XSS
document Few crossite scripting vulnerabilities.
 Cisco Secure Access Control Server authentication bypass
document Authentication bypass if EAP-FAST protocol is used.
 AVTech digital video recorders multiple security vulnerabilities
document RTSP parsing buffer overflow, web interface buffer overflow, protection bypass.
 VMWare ESX / ESXi NFC DoS
document Unhandled exception on Network File Copy protocol handling.
 Synology DiskStation Manager multiple security vulnerabilities
document Multiple web interface vulnerabilities
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Apache OpenJPA code execution
document User-controlled data it stored in local executable file.
 xpdf / poppler ESC sequences injection
document Terminal control ESC sequences injection.
 Aloaha PDF Suite buffer overflow
document Buffer overflow on PDF files parsing.
 EPS Viewer buffer overflow
document Buffer overflow on .EPS files parsing.
 Cyber-Ark Vault user enumeration
document Servers unswers are different for wrong username and password.
 Apple Motion integer overflow
document Integer overflow on .motn files parsing.
  


05.10.2013
Detailed
8!Apple Mac OS X multiple security vulnerabilities
updated since 03.10.2013
document Different vulnerabilities in multiple sustem components.
 HP FutureSmart MFP security vulnerabilities
document Weak PDF encryption, information leakage.
 EMC Atmos weak default installation
document Default database access with no password is allowed.
  


03.10.2013
Detailed
8!Apple Safari security vulnerabilities
document Memory corruptions.
8!Microsoft Sharepoint Server multiple security vulnerabilities
updated since 11.09.2013
document DoS, crossite scripting, memory corruptions, code execution.
7!Apple iTunes memory corruption
document ActiveX control memory corruption.
6!Cisco Prime Data Center / Prime Central security vulnerabilities
document Information disclosure, code execution, DoS conditions.
 GSTOOL weak PRNG generator
document Weak PRNG generator in CHIASMUS implementation.
 Gnome gdm symbolic links vulnerability
document Insecure temporary files creation.
 lightdm weak permissions
document .Xauthority files weak permissions.
 VMWare Zimbra Collaboration Suite replay attack
document It's possible to bypass authentication by replaying captured session.
 Chrony security vulnerabilities
document Buffer overflow and uninitializaed pointer dereference on server reply parsing.
 Citrix NetScaler DoS
document Crash on request processing in nsconfigd TCP/3008, TCP/3010.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 03.10.2013
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Security Guard CMS QT buffer overflow
document Buffer overflow on client request processing.
 Apple Face-Time protection bypass
document It's possible to access images.
 polkit authorization bypass in multiple application
updated since 02.10.2013
document Invalid Policy Kit authorization usage.
  


02.10.2013
Detailed
6!HP IceWall SSO, IceWall File Manager and IceWall Federation Agent multiple security vulnerabilities
document Multiple unauthorized access vulnerabilities.
6!Python SSL certificate check bypass
document Invalid NULL characters processing.
 git / Apple Xcode certificate spoofing
document Git certificate spoofing.
 Adtran Netvanta multiple security vulnerabilities
document Multiple web interface vulnerabilities.
 puppet security vulnerabilities
document Code execution, privilege escalation.
 Apple TV multiple security vulnerabilities
document Multiple vulnerabilities in differen subsystems.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP System Management Homepage multiple security vulnerabilities
document XSS, privilege escalation, unauthorized access, information leakage, DoS.
 HP ArcSight XSS
   
 perl Crypt::DSA weak PRNG generator
document Under some conditions, weak PRNG generator is used.
 libvirt memory corruption
document Memory corruption in remoteDispatchDomainMemoryStats()
 PineApp Mail-SeCure privilege escalation
document Unfiltered shell characters vulnerability.
 HP XP P9000 Command View Advanced Edition Suite Software crossite scripting
   
 IconCool PDFCool Studio memory corruption
document Memory corruption on PDF parsing.
  


01.10.2013
Detailed
8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Memory corruptions, integer overdlows, privilege escalations, code executions, information leakage.
6!HylaFAX buffer overflow
document Heap buffer overflow.
 EMC VPLEX Information leakage
document Cleartetext passwords in configuration files.
 PolicyKit protection bypass
document pkcheck race conditions.
 proftpd DoS
document DoS via mod_sftp and mod_sftp_pam modules.
 DavFS2 privilege escalation
document Shell characters vulnerability.
 libraw / libKDCraw DoS
document Crash on raw images parsing.
 txt2man symbolic links vulnerability
document Unsafe temporary files creation.
 Vino VNC server DoS
document Resources exhauston via connections.
 hplip symbolic lcinks vulnerability
document Unsafe temporary files handling.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod