Computer Security
[EN] no-pyccku

7!Linux kernel multiple security vulnerabilities
updated since 11.10.2014
document DoS conditions and buffer overflows in multiple drivers, multiple Ceph network file system vulnerabilities.
6!Apple TV security vulnerabilities
document Unauthorized bluetooth pairing, SSL poodle attack.
6!python integer overflow
document Integer overflow in buffer().
6!FreeBSD rtsold buffer overflow
document Buffer overflow on DNS response parsing.
6!FreeBSD routed DoS
document Crash on RIP packet from non-local network.
6!Apple Quicktime multiple security vulnerabilities
document Memory corruptions on video decoding, MIDI and m4a.
 EMC NetWorker Module for MEDITECH information leakage
document Cleartext passwords in the log files.
 EMC Avamar security vulnerabilities
document Information leakage, weak passwords encryption.
 FreeBSD namei information leakage
document Kernel memoryr content leakage.
 libxml DoS
document Resources exhaustion on XML parsing.
 OpenBSD DoS
document System crash on ELF parsing.
 pidgin security vulnerabilities
document Insufficient certificates check, directory traversal, memory corruptions, information leakage.
 ejabberd protection bypass
document Server does not enforces encryption.

8!Apple iTunes multiple security vulnerabilities
document 84 vulnerabilities on different formats and protocols parsing.
8!Apple OS X / OS X Server multiple security vulnerabilities
document 62 vulnerabilities in different system components.
 SAP Netweaver DoS
document DoS against "Standalone Enqueue Server" service.

 Cisco Telepresence multiple security vulnerabilities
document Few DoS conditions.
 HP Operations Agent crossite scripting
 IPy limitations bypass
document It's possible to bypass IP addresses filtering.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 16.10.2014
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

 WAGO-I/O-SYSTEM WebVisu information leakage
document User passwords can be retrieved.
 Schrack MICROCONTROL multiple security vulnerabilities
document Multiple bugs in web interface.
 Techboard/Syac backdoor
document Backdoor service is available via TCP/7339 port.
 HP Universal CMDB security vulnerabilities
document Information leakage, code execution.
 HP SiteScope authentication bypass
 Kerio Control SQL injection
document SQL injection in Web interface.
 IBM Algorithmics RICOS multiple security vulnerabilities
document Information leakage, crossite scripting, CSRF, privilege escalation, unauthorized accesss.
 HP Release Control уязвимости безопасности
document Privilege escalation, information leakage.
 Ansible security vulnerabilities
document Code execution, privilege escalation.
 Symantec Endpoint Protection Manager bruteforce
document Login attempts are not limited.
 LPAR2RRD code execution
 Mozilla Firefox and Microsoft Internet Explorer information leakage
document Memory content leakage is possible on crafted image parsing.

9!Microsoft Windows multiple security vulnerabilities
document Restrictions bypass and memory corruptions in Internet Explorer, .Net code execution, TrueType embedded fonts code execution, OLE code execution, message queue service and FAT32 driver privilege escalation.
8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, buffer overflows, restriction bypass.
8!Microsoft Word code execution
document Code execution on Word document parsing.
6!Open-Xchange multiple security vulnerabilities
document XSS, directory traversal, SSRF, restrictions bypass.
6!wpa_supplicant shell characters vulnerability
document Insufficient character filtering.
 live buffer overflow
document Buffer overflow on RTSP library.
 EMC RSA Identity Management and Governance authentication bypass
document Authentication bypass if NovellIM is used.
 Avira License Application CSRF
document Crossite request forgery in web interface.
 catfish code execution
document in current path is executed.
 serf / Apache httpcomponents HttpClient / Jakarta Commons HttpClient SSL validation bypass
document Invalid parsing of certificates with NUL character in CN.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 VMware NSX and vCNS information disclosure
 HttpFileServer code execution
document Code execution via GET request.
 Embarcadero Delphi / C++ Builder VCL library buffer overflow
document Buffer overflow on BMP parsing.
 Requests library security vulnerabilities
document Authentication information leaks are possible.
 HP System Management Homepage multiple security vulnerabilities
updated since 05.10.2014
document DoS, XSS, CSRF, clickjacking, unauthorized access, information leakage.

6!Android / MIUI multiple security vulnerabilities
document Browser CSP restrictions bypass is possible, DoS via NFC, Keystore buffer overflow.
 Suricata DoS
document Uninitialized memory access on SSH parsing.
 IBM AIX privilege escalation
document Privilege escalation via runtime linker.
 perl-Email-Address DoS
document resources exhaustion on address parsing.
 xerces-j DoS
document resources exhaustion on XML parsing.
 Xen multiple security vulnerabilities
document DoS, information leakage, privilege escalation.
 Draytek Vigor ACS-SI multiple security vulnerabilities
document Default account, unauthorized access, directory traversal.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 BMC Track-It multiple security vulnerabilities
document Code execution, information leakageб SQL injection.
 neuroML multiple security vulnerabilities
document Information disclosure, XXE.
 TP-Link routers security vulnerabilities
document Crossite scripting, DoS.

10!bash code execution
updated since 25.09.2014
document It's possible to place a function into content of any environment variable.
8!Cisco ASA multiple DoS vulnerabilities
document DoS on multiple protocols parsing, code executions, information leakgs, insufficient certificate validation.
 Exuberant Ctags DoS
document Infinite loop leads to resources exhaustion.
 apt symbolic links vulnerability
document Symbolic links vulnerability on temporary file creation.

6!HP Operations Manager for UNIX security vulnerabilities
document Few code edxecution vulnerabilities.
6!HP Sprinter multiple security vulnerabilities
document Multiple shell execution vulnerabilities.
 HP Records Manager crossite scripting

8!Google Chrome / Chromium multiple security vulnerabilities
document Restrictions bypass, memroy corruptions, information leakage, URL spoofing.
 perl-XML-DT symbolic links vulnerability
document mkxmltype and mkdtskel symbolic links vulnerability.
 HP MPIO privilege escalation
 rsyslog DoS
document DoS on request parsing.
 Ultra Electronics / AEP Networks SSL VPN security vulnerabilities
document SQL injection, directory traversal.
  HP Systems Insight Manager multiple security vulnerability
document Privilege escalation, crossite scripting, clickjacking.
 libvirt security vulnerabilities
document DoS vulnerabilities.
 ZyXEL SBG-3300 security vulnerabilities
document DoS, crossite scripting.
 elasticsearch weak CORS policy
document Crossite requests to local network are possible.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod