Computer Security
[EN] securityvulns.ru
no-pyccku




30.11.2007
Detailed
6!FreeBSD pseudo-random numbers generator weakness
document SAme PRNG sequence may be reproduced twice under some conditions.
6!APC AP7932 unauthorized access
document Logical error in authentication process.
 Pioneers game multiple DoS conditions
document Uninitialized memory reference, failed assertion.
 TIBCO Rendezvous RVD Daemon memory leak
document Infinite loop with memory allocation on zero-sized packet.
 Asterisk multiple security vulnerabilities
document cdr_pgsql and res_config_pgsql SQL injection.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cryptographp: XSS.
  


29.11.2007
Detailed
6!IBM Lotus Notes buffer overflow
document Buffer overflow on Lotus WorkSheet files processing.
6!WireShark sniffer multiple security vulnerabilities
document Buffer overflow on SSL parsing, DoS on HTTP, MEGACO, Bluetooth SDP, RPC parsing.
 Symantec Backup Exec DoS
document bengine.exe (TCP/5633) integer overflows and NULL pointer dereference.
 Linux multiple security vulnerabilities
document Integer overflow on IEEE 802.11 frame, DoS with minix filesystem.
 TK Toolkit buffer overflow
document Buffer overflow on animated GIF loading.
 RubyGnome2 format string vulnerability
document Format string vulnerability in Gtk::MessageDialog.new.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 29.11.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Captcha! wordpress plugin: CAPTCHA protection bypass and XSS.
  


27.11.2007
Detailed
6!Mozilla Firefox / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions and race conditions.
6!Safenet Sentinel Protection Server directory traversal
document Web interface directory traversal.
6!Mozilla Forefox jar: URL crossite scripting
updated since 12.11.2007
document It's possible to fire crossite scripting attack via jar: protocol by uploading JAR, DOC, ZIP, etc files.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Anti Spam Image wordpress plugin: CAPTCHA protection bypass.
  


26.11.2007
Detailed
 Citrix NetScaler weak cryptography
document Username/password are stored as a part of cookie with encryption (XORing with reused key), making it's possible to discover parts of the password.
 DoS with skype URL handler
document It's possible to start unlimiteed number of application instances with skype: URL.
 nss_ldap information leak
document Race conditions in multithread applications.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Math Comment Spam Protection: Crossite scripting.
 PHP safe mode protection bypass with htaccess
updated since 27.06.2007
document It's possible to manipulate function ini_set() and session_save_path() with htaccess settings.
  


25.11.2007
Detailed
6!Cygwin Windows POSIX emulation libraries buffer overflow
document Buffer overflow on oversized filename.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Math Comment Spam Protection: CAPTCHA bypass
  


23.11.2007
Detailed
6!Gadu-Gadu instant messenger buffer overflow
document Buffer overflows on emotion icons parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. MoBiC-21: AIP CAPTCHA bypass
  


22.11.2007
Detailed
 Aurigma ImageUploader ActiveX image uploader
document Buffer overflows in GotoFolder() / CanGotoFolder() methods.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. ExpressionEngine: crossite scripting through responese splitting .
  


21.11.2007
Detailed
 Linksys Wireless ADSL Gateway crossite scripting
document Multiple crossite scripting vulnerabilities with /setup.cgi.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Nucleus: CAPTCHA protection bypass.
 Feynmf symbolic links vulnerability
document feynmf.pl symbolic linkcs vulnerability on temporary files creation.
 BitDefender online antivirus scanner ActiveX buffer overflow
document Buffer overflow in InitX method.
  


20.11.2007
Detailed
6!Alcatel OmniPCX audio stream hijack
document It's possible to hijack audio strem from server by sending TFTP request with filename containing victim's IP.
6!PHP multiple Denial of Service conditions
document Multiple denial of service conditions.
 Citrix NetScaler crossite scripting
document Crossite scripting in /ws/generic_api_call.pl.
 Belkin wireless routers denial of service
document Router is vulnerable to SYN-flood attack.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. HBH-Fusion: CAPTCHA protection bypass.
 Firefox / Konqueror / Safari certificate spoofing
updated since 19.11.2007
document Link between certificate and web site is not set, if certificate from unknown certification authirity is manually approved, making it's possible to use same certificate for different site withour warning.
  


19.11.2007
Detailed
 net-snmp DoS
document CPU resources exhaustion on GETBULK with large max-repeaters parameter value.
 LIVE555 media server DoS
document Uninitialized memory reading on RTSP query processing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Fusion: CAPTCHA protection bypass.
 MySQL DoS
document Invalid assertion on CONTAINS processing.
  


18.11.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cryptographp: CAPTCHA protection bypass.
  


17.11.2007
Detailed
6!AhnLab AntiVirus memory corruption
document Memory corruption on ZIP archives parsing.
6!libFLAC / WinAMP multiple security vulnerabilities
document 14 different vulnerabilities exist on FLAC media format files parsing.
6!Apple Mac OS X multiple security vulnerabilities
updated since 15.11.2007
document Mach ports privilege escalation. Multiple Appletalk protocol handling vulnerabilities. ldt privilege escalation.
 ComponentOne FlexGrid ActiveX multiple buffer overflows
document Buffer overflows on different object properties.
 Microsoft Jet Engine MDB files parsing buffer overflow
document Buffer overflow on MDB file access.
 Aruba Mobility Controller crossite scripting
document Crossite scripting in administration interface.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 15.11.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.11.2007
Detailed
7!Samba multiple security vulnerabilities
document Buffer overflow in GETDC mailslot request processing, buffer overflow in WINS server. Client IP may be spoofed.
  


15.11.2007
Detailed
7!Apple QuickTime multiple security vulnerabilities
updated since 06.11.2007
document Multiple buffer overflows and memory corruption on different graphics and video file formats.
  


14.11.2007
Detailed
7!Microsoft Windows URL code execution
document Invalid handling of %xx sequences on external URL handlers in Windows XP with Internet Explorer 7 installed allows to execute applications.
 IBM WebSphere MQ multiple security vulnerabilities
   
 KDE Konqueror cookie buffer overflow
document Buffer overflow on oversized cookie.
 Nagios plugins multiple security vulnerabilities
document Buffer overflows in check_snmp and check_http on server reply parsing.
 Emacs safe mode protection bypass
updated since 14.11.2007
document It's possible to bypass enable-local-variables safe mode.
 PHP multiple denial of service conditions
document DoS in stream_wrapper_register(), dgettext(), dcgettext(), dngettext(), gettext(), ngettext(), dcgettext() functions.
 Novell Netware client privilege escalation
document Unprivileged user can manipulate kernel memory with \.\nwfilter device.
 WinPcap driver array overflow
document Array index overflow in kernel mode on IOCTL handling.
 Oracle privilege escalation
document Multi-step sequence of operations allows user to get SYSDBA privileges.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: CAPTCHA protection bypass. Peter’s Random Anti-Spam Image: CAPTACHA protection bypass and crossite scripting.
  


12.11.2007
Detailed
6!Adobe Shockwave ActiveX buffer overflow
document Buffer overflow in ShockwaveVersion method.
6!IBM Informix Dynamic Server privilege escalation
document Directory traversal on DBLANG environment variable parsing allows to specify attacker-controlled NLS files, leading to possibility of format string attacks for suid applications.
 AOL Radio AmpX Active X buffer overflow
document Multiple buffer overflows in different methods.
 HP-UX Aries PA Emulator privilege escalation
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: CAPTCHA protection bypass.
  


08.11.2007
Detailed
6!Xpdf multiple security vulnerabilities
document Buffer overflows, integer overflows, array index overflows.
 Link Grammar / AbiWord buffer overflow
document Buffer overflow on oversized word.
 Oracle database server buffer overflow
document Buffer overflow in XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. mt-scode: CAPTCHA protection bypass.
  


07.11.2007
Detailed
7!PCRE and perl regular expression handling multiple security vulnerabilities
document Buffer overflows and memory corruptions on different regexps.
 Symantec Norton AntiVirus for Mac privilege escalation
document External application is executed by relative path.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 07.11.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress Peter’s Custom Anti-Spam Image: CAPTCHA protection bypass.
 Microsoft Sysinternals DebugView privilege escalation
document Dbgv.sys Driver allows any user to copy any data in kernel memory.
  


06.11.2007
Detailed
 Sun Solaris SRS Proxy Core
document srsexec syslog() call format string vulnerability.
 Firefly Media Server mt-dappd multiple security vulnerabilities
document Format string vulnerabilities, multiple DoS conditions.
  


05.11.2007
Detailed
7!OpenBSD DHCP server buffer overflow
updated since 12.10.2007
document Integer overflow with "maximum message size" option leads to buffer overflow.
 mono .Net runtime integer overflow
document Integer overflow in BigInteger implementation.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress Peter’s Custom Anti-Spam Image: CAPTCHA protection bypass.
  


02.11.2007
Detailed
7!Verity KeyView SDK / Lotus Notes multiple buffer overflows
document Buffer overflows on parsing .mif, .aw, .rtf, .exe, .dll, .ag, .doc.
7!Real Player multiple buffer overflows
updated since 25.10.2007
document ActiveX vulnerability is used in-the-wild for silent trojan code installation via Internet Explorer. In addition, there is a buffer overflow on .mov files parsing and .mp3 ID3 tags.
7!Oracle multiple security vulnerabilities
updated since 18.10.2007
document New quartly critical patch update fixes few dozens of security vulnerabilities.
6!SonicWall SSL VPN client multiple security vulnerabilities
document Multiple vulnerabilities with different ActiveX elements.
6!Novel Border Manager Client Trust buffer overflow
document Buffer overflow on UDP/3024 data parsing.
6!Symantec Altris deployment solution directory traversal
document Directory traversal in PXE with TFTP/MFTP protocols.
6!Multiple image viewers multiple security vulnerabilities
updated since 05.04.2007
document Multiple buffer overflows on BPM, TIFF, XPM, CLP, PSP, RAS, IFF, PNG images parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Ripe CMS: crossite scripting in http://site/contact-us with Name, address, Subject fields.
 HP OpenView Radia Integration Server directory traversal
document It's possible to access different directories by using constructions like ~root in TCP/3465 webserver.
 Blue Coat ProxySG crossite scripting
document Crossite scripting with administration interface.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 
Links
kredittkort
Hunts International Removals relocating to france providing free quotes



Rating@Mail.ru