Computer Security
[EN] securityvulns.ru no-pyccku



30.11.2004
Detailed
6!WS_FTP Server buffer overflow adn backdor
updated since 05.11.2001
document Buffer overflow in STAT and another commands. Built-in user accaount XXSESS_MGRYY with password X#1833 allows command execution on server.
 Jana Server DoS
document % character in request is handled incorrectly.
 FreeImage buffer overflow
document Buffer overflow on interleaved bitmaps processing.
 MDaemon privilege escalation
document It's possible to run application with LocalSytem privileges.
 Buffer overflow in CuteFTP
updated since 05.01.2003
document Buffer overflow on oversized server banner or reply.
  


29.11.2004
Detailed
 KDE SMB share link cleartext password
document SMB password is stored cleartext if desktop shortcut is created.
  


27.11.2004
Detailed
7!Buffer overflow in multiple RADIUS implementations
updated since 06.07.2001
document Multiple buffer overflows
6!MailEnable buffer overflow
document Buffer overflow on oversized IMAP command.
 BNC password protection bypass
document It's possible to connect with invalid password.
 CGI bugs
updated since 22.11.2004
   
  


25.11.2004
Detailed
 CMailServer multiple bugs
document Buffer overflow, SQL injection, crossite scripting.
  


24.11.2004
Detailed
6!jabberd buffer overflow
document Buffer overflow on oversized username.
 WinFTP weak encryption
document Cleartext passwords are stored in the world readable file.
 Open Dc Hub buffer overflow
updated since 24.11.2004
document Buffer overflow on ForceMove command processing.
 PrevX protection bypass
document Protection can be bypassed by direct physical memory access.
 Fastream DoS
document HEAD command socket leak.
 SecureCRT command execution
document Unsafe telnet: protocol handling.
 ZyXEL Prestige 650 unauthorized access
document It's possible remotely reload router's configuration with /rpFWUpload.html.
 WeOnlyDo!/CoffeeCup FTP buffer overflow
document Buffer overflow during server reply parsing.
  


22.11.2004
Detailed
 Sacred DoS
document Server doesn't have connection timeout and doesn't support more than 17 connections.
 TC-IDE unfiltered shell characters problem
document Shell characters filtering problem on external program execution in multiple utilities.
 Altiris AClient privilege escalation
document It's possible to execute external application with local system privileges.
 Mailtraq privilege escalation
document It's possible to execute external application with LocalSystem account.
 Timbuktu DoS
updated since 21.01.2002
document Large number of connections causes service to crash.
 Danware NetOp information leak
document System information leak.
  


19.11.2004
Detailed
 DMS POP3 Server buffer overflow
document Buffer overflow on oversized username.
 CGI bugs
updated since 15.11.2004
   
  


18.11.2004
Detailed
 FreeBSD fetch integer overflow
document Interger overflow on HTTP headeres parsing.
 GIMPS, [email protected], ChessBrain weak permissions
document Unprivileged user's file are executed with superuser privileges.
 CScope symbolic links problem
document Symlink problem on temporary files.
 Multiple Linux smbfs bugs
document Multiple bugs on parsing server replies.
  


16.11.2004
Detailed
 Skype buffer overflow
document callto: URL buffer overflow
 SAMBA buffer overflow
updated since 15.11.2004
document By setting small buffer in TRANSACT2_QFILEPATHINFO it's possible to cause dynamic memory buffer overflow on oversized path.
  


15.11.2004
Detailed
 NetNote DoS
document Malcrafted string to TCP/6123 causes program to crash.
 Webroot Spy Sweeper weak encryption
document Password is stored in registry uencrypted.
 Attachment spoofing code execution in Eudora
updated since 28.05.2003
document If "attach" and "attach.exe" co-exist in message and "attach" is clicked, "attach.exe" will be silently executed instead.
 Internet Explorer cookie spoofing
document Under certain conditions it's possible to change cookie path.
  


13.11.2004
Detailed
7!Cisco Security Agent buffer overflow
document Race conditions leading to buffer overflow.
 unarj buffer overflow
document Buffer overflow on oversized archive filename.
 CGI bugs
updated since 10.11.2004
   
 Pavuk buffer overflow
updated since 27.07.2004
document Buffer overflow on parsing digest authentication.
  


11.11.2004
Detailed
8!Multiple MIT Kerberos bugs
updated since 01.09.2004
document Multiple double free() problems, DoS.
6!Cisco IOS DHCP DoS
document Malcrafted packet blocks input queue.
 Sun ONE Messaging Server session hijacking
document Webmail sessions hijacking.
 SQLGrey SQL injection
document SQL injectiuon with sender/recepient e-mails.
 Samhain privilege escalation
document Privilege escalation if "-t update" option is used.
 CCProxy buffer overflow
document Buffer overflow on oversized URL.
 ez-ipupdate format string bug
   
 BNC buffer overflow
document Buffer overflow on server response parsing.
 Nortel Contivity VPN information leak
document Messages for wrong username and wrong password are different.
 HP PSC 2510 unauthorized access
document Device can be anonymously accessed via FTP.
 04WebServer multiple bugs
updated since 11.11.2004
document Crossite scripting, DOS device access.
 RealVNC DoS
updated since 30.08.2004
document More than 60 concurrent TCP connections causes server to crash.
  


10.11.2004
Detailed
6!Kerio Firewall DoS
document Problem with IP options processing allow to crash firewall with single packet.
 Samba DoS
document Accessing directory with large number of '*' in the name lead to smbd CPU exhastion.
 mtink symbolic links problem
document Symboli links problem on temporary files creation.
 Microsoft ISA 2000 DNS cache poisoning
document Content spoofing by DNS cache poisoning.
  


09.11.2004
Detailed
 MiniShare buffer overflow
document Buffer overflow on oversized request URI.
 Ruby DoS
updated since 09.11.2004
document Malcrafted request to CGI module leads to infinite loop.
 up-imapproxy multiple bugs
document Signed/unsigned conversion and memory management bugs.
 Java InitialDirContext DoS
document Integer overflow on large number of name resolutions.
 FreeAmp buffer overflow
document Buffer overflow on playlist parsing.
 Gentoo symbolic links problem
document dispatch-conf and dpkg symbolic links problem.
 Microsoft Internet Explorer information leak
document It's possible to check file existance in the standard folder.
  


08.11.2004
Detailed
 602 Lan Suit DoS
document Multiple resources consuption DoS conditions.
  


06.11.2004
Detailed
6!DHCP format tring bug
document Format string bug via DNS name on syslog() call.
 CGI bugs
updated since 01.11.2004
   
  


04.11.2004
Detailed
 Info-Zip buffer overflow
document Buffer overflow on oversized path file comperssing.
  


03.11.2004
Detailed
6!Cisco Secure ACS protection bypass
document IF EAP-TLS is used validity of ceritifcation agency is not checked.
 HP OpenView Operations privilege escalation
   
 proxytunnel format string bug
document Format string bug on syslog().
 Speedtouch USB driver for linux format string bugs
document Format string bug on syslog() call.
 WinRAR code execution
document Undisclosured bug on archive repair.
 lvm symbolic links
document Incorrect temporary directory creation in lvmcreate_initrd и davfs2.
  


02.11.2004
Detailed
7!Internet Explorer HTML Help Control ActiveX crossite scripting
document By clicking control element, it's possible to activate script in context of different site or local system.
 Cherokee formatstring bug
updated since 21.04.2004
document Format string bug on syslog() call and gile logging in NCSA format, cherokee_logger_ncsa_write_string().
  


01.11.2004
Detailed
6!Linux iptables logging DoS
document integer overflow causes kernel crash if logging is enabled.
6!Sun Java System Web Proxy Server buffer overflow
   
 Caudium DoS
document Malfromed HTTP request causes server to crash.
 Multiple Chesapeake TFTP Server bugs
document Directory traversal, DoS.
 bogofilter DoS
document Problems with quoted-printable encoding parsing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod