Computer Security
[EN] securityvulns.ru no-pyccku



26.10.2015
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Asset Manager information disclosure
document 
 HP ArcSight Logger security vulnerabilities
updated since 15.09.2015
document Authentication bypass, information disclosure.
  


25.10.2015
Detailed
9!Microsoft Windows multiple security vulnerabilities
document Internet Explorer / Edge multiple security vulnerabilities, VBScript / Jscript code execution, Windows Shell code execution, kernel privilege escsalation.
9!Apple iOS multiple security vulnerabilities
updated since 05.10.2015
document Screen unlock, information disclosure, restrictions bypass, multiple memory corruptions, weak encryption, multiple vulnerabilities in different libraries.
8!Google Chrome / Chromium / Oxide multiple security vulnerabilities
document Restrictions bypass, memory corruptions, information disclosure.
8!Microsoft Office multiple security vulnerabilities
document Multiple memory corruptions.
8!Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
updated since 05.10.2015
document Code execution, information disclosure, restrictions bypass, multiple memory corruptions, multiple libraries vulnerabilities.
8!Apple Safari / Webkit multiple security vulnerabilities
updated since 05.10.2015
document Information spoofing, information disclosure, restriction bypass, race conditions, memory corruptions.
8!Apple iTunes multiple security vulnerabilities
updated since 05.10.2015
document Multiple memory corruptions, DLL injections, multiple WebKit vulnerabilities, information disclosure.
6!owncloud multiple security vulnerabilities
document Code execution, authentication bypass, information disclosure, crossite scripting, DoS.
6!Cisco ASA multiple security vulnerabilities
document Multiple DoS conditions.
6!MiniUPnP library buffer overflow
document Buffer overflow on network request processing.
6!Apple watchOS security vulnerabilities
updated since 05.10.2015
document Information disclosure, memory corruptions, multiple vulnerabilities in different libraries.
6!Apple Xcode multiple security vulnerabilities
updated since 05.10.2015
document Restrictions bypass, weak encryption, information discosure, multiple svn vulnerabilities.
 owncloud client server spoofing
document Server certificate spoofing is possible.
 SAP NetWeaver security vulnerabilities
document Unauthorized access, XXE.
 ASUS RT-G32 security vulnerabilities
document XSS, CSRF.
 GDK-PixBuf security vulnerabilities
document Buffer overflow, integer overflow, on graphic formats processing.
 Apache Commons HttpClient DoS
document No timeout on handshake.
 Apple Keynote, Pages, Numbers, iWork multiple security vulnerabilities
document Restrictions bypass, memory corruptions.
 Different iOS / Android applications vulnerabilities
updated since 04.05.2015
document Information leaks, code execution, protection bypass, etc.
 Fortinet FortiClient multiple security vulnerabilities
document Multiple privilege escalations.
 SiS / XGI display managers privilege escalation
document IOCTL privilege escalation.
 Zhone routers multiple security vulnerabilities
document Authentication bypass, information disclosure, code execution.
 D-Link DCS-2103 security vulnerabilities
updated since 01.12.2014
document Directory traversal, information leakage, XSS, CSRF.
 ZTE Callisto 821+ ADSL router security vulnerabilities
updated since 30.05.2011
document Crossite scripting, crossite request forgery.
  


19.10.2015
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 05.10.2015
document Memory corruptions, information disclosure, DoS, buffer overflow, restrictions bypass.
7!LibreSSL security vulnerabilities
document DoS, buffer overflow.
6!PostgreSQL security vulnerabilities
document Information disclosure, DoS.
 Ubuntu Click restrictions bypass
document It's possible to trick user into giving escalated privileges.
  


12.10.2015
Detailed
8!Cisco IOS / Cisco IOS XE multiple security vulnerabilities
document Authentication bypass, DoS.
6!FreeSWITCH buffer overflow
document Buffer overflow on JSON parsing.
6!Cisco Prime multiple security vulnerabilities
document Restrictions bypass, privilege escalation, information disclosure.
6!libvirt / qemu multiple security vulnerabilities
document DoS, memory corruptions.
6!NVidia graphics drivers privilege escalation
document Privilege escalation via IOCTL processing.
 EMC RSA OneStep directory traversal
document Arbitrary files access.
 EMC RSA Web Threat Detection security vulnerabilities
document Information disclosure, privilege escalation.
 EMC RSA Archer GRC multiple seucurity vulnerabilities
document Restrictions bypass, crossite scripting, information disclosure.
 Tripwire IP360 authentication bypass
document Authentication bypass, privilege escalation.
 Unity Settings Daemon privilege escalation
document User's session access.
 Cisco TelePresence Server DoS
document Conference Control Protocol API buffer overflow.
 Cisco AnyConnect privilege escalation
document Privilege escalation via DLLs and DMG files.
 wireshark multiple security vulnerabilities
document Multiple vulnerabilities in different protocols dissectors.
 HP 3PAR Service Processor SPOCC information disclosure
document 
 Microsoft Exchange information disclosure
updated since 15.09.2015
document Information disclosure and spoofing, crossite scripting.
  


11.10.2015
Detailed
6!OpenSMTPD multiple security vulnerabilities
document DoS conditions, information disclosure, multiple memory corruptions.
 ZTE GPON security vulnerabilities
document Authentication bypass, information leakage.
 Netgear routers multiple security vulnerabilities
document Administration interface is accessible without password validation, CSRF.
 Huawei routers multiple security vulnerabilities
document XSS, CSRF, DoS, unsafe data transfer, RCE.
 Buffalo LinkStation authentication bypass
document Session validity is not checked on request.
 Veeam Backup & Replication information disclosure
document Password disclosure in the logfiles.
 Oxide security vulnerabilities
document Restrictions bypass.
 FreeType DoS
document Crash on fonts parsing.
 spice memory corruption
document Few different vulnerabilities.
 Tenda routers crossite scripting
document Crossite scripting in web interface.
  


05.10.2015
Detailed
8!rpcbind use-after-free
document User-after-free conditions.
6!libicu memory corruption
document Memory corruption on symbols parsing.
 Kapersky applications security vulnerabilities
document Weak authentication, weak hashing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod