Computer Security
[EN] securityvulns.ru
no-pyccku




27.11.2008
Detailed
6!SAMBA information disclosure
document Kernel memory disclosure on processing of few SMB request types.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CoBreeder: Crossite scripting.
  


26.11.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.11.2008
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CoBreeder: Crossite scripting.
 Google Chrome address bar spoofing
updated since 25.11.2008
document URIs with '@' are incorrectly displayed.
  


25.11.2008
Detailed
6!FreeBSD arc4random cryptographic weakness
document 5 minutes after system start generated psudo-random sequences are weak.
 Siemens C450IP/C475IP SIP phones DoS
document Malformed SIP request causes device to reboot.
 Amaya browser multiplesecurity vulnerabilities
document Buffer overflow on oversized href in <a> tag, buffer overflow on oversized id in <div> tag
  


24.11.2008
Detailed
8!Adobe Flash multiple security vulnerabilities
document Code execution, information leakage, DoS.
7!EMC Control Center SAN Manager multiple security vulnerabilities
document Buffer overflow, unauthroized files access via TCP/10444.
6!ffdshow codec buffer overflow
document Buffer overflow on oversized URI
6!KVIrc shell characters vulnerabilities
document Shell characters vulnerability on irc:/// URI parsing.
6!Apple iPhone Configuration Web Utility directory traversal
document ACcess outside web root is possible.
6!Linux kernel multiple security vulnerabilities
updated since 05.11.2008
document Buffer overflow on oversized ESSID in ndiswrapper. DoS with corrupter ext2 / ext3 filesystem.
 Microsoft Windows LDAP users enumeration
document Different serverreply on invalid username and invalid password.
 Linux kernel multiple security vulnerabilities
document Multiple DoS conditions
 WireShark DoS
document CPU resource exhaustion on oversized SMTP request.
 OpenSSH cryptographic weakness
document With low probability it's possible to recover few bits of plaintext.
 Microsoft Internet Explorer saved pages crossite scripting
updated since 21.08.2007
document Crossite scripting in context of local machine is possible on saving URL with address like http://site/--><script>alert("XSS")</script>
  


21.11.2008
Detailed
6!Sun Java System Identity Manager multiple security vulnerabilities
document Crossite request forgery, unauthorized access.
 HP OpenView Network Node Manager crossite scripting
   
 dovecot protection bypass
document Ivalid ACL parsing in ACL plugin. Privilege escalations.
 HPLIP DoS
document DoS against hpssd and alerting services.
 3Com AP8760 authentication bypass
document After initial password check autnentication is IP-address only.
 Streamripper multiple buffer overflows
document Buffer overflows on HTTP response headers parsing, .m3u and .pls playlists parsing.
 PHP safe_mode protection bypass
document It's possible to bypass protection with ini_set("error_log", "/hack/");
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Webglimpse: crossite scripting. CimWebCenter: crossite scripting.
 BitDefender antivirus DoS
document Crash on PDF file check in bdc.exe.
  


20.11.2008
Detailed
 Mozilla Firefox images information leak
document By using getImageData() with redirections it's possiblt to obtain crossite access to images.
 Microsoft Windows Vista memory corruption
document Kernel memory corruption on CreateIpForwardEntry2 call processing.
  


19.11.2008
Detailed
 Deutsche Telekom banking software multiple security vulnerabilities
document Outdated vulnerable versions of open source libraries are used.
 Exodus unuahorized files access
document It's possible to inject command argument via im:// URI.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Webglimpse: crossite scripting. CimWebCenter: crossite scripting.
 Opera buffer overflow
document Buffer overflow on oversized file:// URI.
  


14.11.2008
Detailed
9!Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities
document Information leak, free'd memory reusing, privilege escalation, buffer overflow, crossite scripting, protection bypass.
8!Oracle multiple security vulnerabilities
updated since 26.10.2008
document New quarterly updated fixes different types of security vulnerabilities.
6!GnuTLS certificates spoofing
document Invalid trust chain verification procedure.
 VM-Builder weak password
document Weak PRNG is used to generate virtual machine root password.
 HP Service Manager privilege escalation
   
 rPath Linux symbolic links vulnerability
document rapa-console init script symbolic links vulnerability.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Fusebox Framework: crossite scripting
 Internet Explorer, Opera, Google Chrome, Mozilla browsers DoS
updated since 03.10.2008
document window.close() в цикле на событие OnLoad() приводит к зависанию браузера. Multiple resource exhaustion attacks with Javascript.
  


12.11.2008
Detailed
7!Microsoft XML multiple security vulnerabilities
document Memory corruption, crossite scripting, information leak.
  


11.11.2008
Detailed
 ooVoo messenger and videochat agent buffer overflow
document Buffer overflow on oovoo: URI parsing.
 Google Chrome address spoofing
   
 DoS against libgadu / ekg Gadu-Gadu client
document Crash on contact description parsing.
 smcFanControl for Mac OS X buffer overflow
document Stack buffer overflow on -k command line option parsing.
  


10.11.2008
Detailed
8!OpenFire jabber server multiple security vulnerabilities
document Authentication bypass, SQL injection, crossite scripting.
7!ClamAV antivirus buffer overflow
document Buffer overflowon VBS files parsing.
6!VMWare security vulnereabilities
document Privilege escalation in guest OS due to invalid CPU emulation, directory traversal.
6!Dovecot IMAP server DoS
document Assertion on message headers parsing.
6!FAAD2 library buffer overflow
document Buffer overflow on MPEG-4 files parsing.
 Aruba Mobility Controller informaton leakage
document Knowing any SNMP community with read access it's possible to learn any SNMP community.
 NOS GetPlus download manager ActiveX buffer overflow / Acrobat Reader
   
 VLC Media Player security vulnerabilities
document Buffer overflows on RealText and .cue files parsing.
 HP Tru64 Unix showfile privilege escalation
   
 Microsoft Windows UnhookWindowsHookEx() DoS
document Race conditions on UnhookWindowsHookEx() call during active desktop switichin cause system to hang or crash.
 Graphviz array index overflow
document Array index overflow on DOT file with large number of Agraph_t elements.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CimWebCenter: crossite scripting, informationleakage.
 MySQL privilege escalation
updated since 22.07.2008
document It's possible to specify file of different database in CREATE TABLE.
 Microsoft Windows Explorer buffer overflow
updated since 01.06.2006
document Buffer overflow during right-click on .url file with oversized mhtml://mid: URL. Vulnerability can be used for hidden malware installation.
  


05.11.2008
Detailed
9!Adobe Acrobat / Reader multiple security vulnerabilities
document Buffer overflows, memory corruptions,code execution on PDF parsing.
 T-Mobile G1 phone Google Android protection bypass
document Pplication can run telnetd with root privileges.
  


04.11.2008
Detailed
10!Microsoft Windows code execution
updated since 24.10.2008
document It's possible toexecute code without authentication with RPC request UUID 4b324fc8-1670-01d3-1278-5a47bf6ee188 to browser service via SERVER (LanmanServer) service, TCP/139, TCP/445. Reccomendation is to disable browser service.
7!dmail / tmail MDA buffer overflow
document Buffer overflow in mail delivery foder argument.
6!Cups multiple security vulnerabilities
document Multiple integer overflows and heap buffer overflows in imagetops and texttops.
 HP System Management Homepage unauthorized access
   
 A-Link routers crossite scripting and request forgery
   
  


03.11.2008
Detailed
6!Novell eDirectory memory corruption
document Memory corruption on 'Get NCP Extension Information By Name Request' of NCP protocol.
6!IBM Tivoli Storage Manager Express buffer overflow
document Buffer overflow in dsmcat.exe service in Storage Manager for Microsoft SQL.
 Protection bypass and crossite scripting in Sonicwall SOHO
updated since 17.05.2002
document It's possible to access banned site and to insert javascript into log file by using URL javascript injection.
 Adobe Pagemaker buffer overflow
updated since 30.10.2008
document Buffer overflow on .PMD files parsing.
  


02.11.2008
Detailed
6!Oracle WebLogic Apache Connector buffer overflow
document Buffer overflow on oversized HTTP request argument.
 OpenOffice integer overflow
document Integer overflow on EMF files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 nfs protection bypass
document NIS netgroup restrictions are ignored by TCP Wrappers, allowing remote attackers to bypass intended access restrictions.
  


01.11.2008
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru