Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.11.2009
Detailed
8!Oracle multiple security vulnerabilities
updated since 22.10.2009
document Oracle quarterly Critical Patch Update fixes approximately 40 vulnerabilities in different Oracle products.
6!MuPDF / SumatraPDF buffer overflow
updated since 30.11.2009
document Buffer overflow on PDF parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.11.2009
Detailed
 Wireshark multiple security vulnerabilities
document Multiple vulnerabilities on different protocols dissction.
 TYPSoft FTP Server DoS
document DELE command immediately after APPE command causes server to crash.
 Counter Strike game server DoS
document Protocol is not protected against blind command injection, making it's possible to e.g. terminate any client's game by spoofing "quit" packet blindly.
 dstat privilege escalation
document share libraries are searched in the working directory.
 Autodesk SoftImage code execution
document It's possible to embed commands into .scntoc files.
 Autodesk Maya code execution
document It's possible to embed scripts into application files.
 Autodesk 3DS Max code execution
document It's possible to embed code into .max files.
  


25.11.2009
Detailed
6!libvorbis library multiple security vulnerabilities
document Multiple vulnerabilities on ogg files parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 DXMSoft XM Easy Personal FTP Server DoS
updated since 11.11.2009
document Crash if LIST command is received before PASV or POST.
  


23.11.2009
Detailed
7!HP Operations Manager backdoor account
updated since 20.11.2009
document There is a hidden undocumented Tomcat account.
  


20.11.2009
Detailed
6!PHP file upload DoS
document POST request multipart/form-data with a large number of uploaded files causes resources exhaustion.
 HP Color LaserJet Printers unauthorized access
   
  


19.11.2009
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IBM SolidDB / HP OpenView NNM DoS
updated since 18.11.2009
document DoS against TCP/2315 (TCP/2690 for HP OV NNM) database engine.
  


18.11.2009
Detailed
9!Multiple TCP implementations different security vulnerabilities
updated since 09.09.2009
document Multiple security vulnerabilities in different operation sustems caused by resource exhaustions on maintaining TCP states table.
6!Rhinosoft Serv-U buffer overflow
document Buffer overflow in TEA (Tiny Encryption Algorithm) implementation.
6!Novell eDirectory buffer overflow
updated since 26.10.2009
document Buffer overflow in /dhost/modules?L:
 HP Discovery & Dependency Mapping Inventory code execution
   
  


17.11.2009
Detailed
6!Avast! Antivirus memory corruption
document Kernel memory corruption on IOCTL processing.
 Nortel switches crossite scripting
document Crossite scripting and crossite request forgery in BBI Web interface.
 Home FTP Server multiple security vulnerabilities
document Directory traversal on directory creation, DoS.
 Kaspersky Antivirus memory corruption
document Memory corruption on IOCTL processing.
 GIMP integer overflow
updated since 13.11.2009
document Integer overflow on .BPM, .PSD files parsing.
  


13.11.2009
Detailed
6!OpenLDAP certificate spoofing
document zero byte in common name is handled incorrectly.
 Yahoo Instant Messenger ActiveX DoS
document Null pointer dereference.
  


12.11.2009
Detailed
7!Microsoft Excel multiple security vulnerabilities
updated since 11.11.2009
document Multiple memory corruptions.
6!McAfee Network Security Manager multiple security vulnerabilities
document Authentication bypass, session hijacking, crossite scripting.
 Hewlett-Packard Procurve switches crossite scripting
document Crossite scriptign in web administration interface.
  


11.11.2009
Detailed
8!Microsoft Windows GDI code execution
document Memory corruption on EOT (Embedded Open Type) font parsing, privilege escalation, DoS.
8!Web Services on Devices Application Programming Interface API memory corruption
document Memory corruption on WSD (TCP/5357, TCP/5358, UDP/3702) network packet parsing.
7!Microsoft Word memory corruption
document Memory corruption during Microsoft word file parsing.
6!Microsoft Windows 2000 License Logging Server buffer overflow
document Buffer overflow on RPC call parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Marvell chipset wireless access points buffer overflow
document Buffer overflow on association request processing.
 Atheros based wireless access points DoS
document Memory corruption on frame parsing.
 Microsoft Active Directory DoS
document LSASS stack overflow (stack memory exhaustion).
  


09.11.2009
Detailed
7!Apple Safari buffer overflow
document Buffer overflow on oversized CSS background attribute.
6!Apache Tomcat for Windows backdoor account
document admin account with empty password is created during installation.
 Pidgin DoS
updated since 09.11.2009
document Crash on OSCAR protocol contact list parsing (ICQ and AIM).
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 09.11.2009
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Internet Explorer DoS
document Unremovable dialog with cycled setHomePage.
  


08.11.2009
Detailed
6!Linux kernel multiple security vulnerabilities
document Information leakage, DoS conditions, privilege escalation.
 PHP pdflib extension protection bypass
document pdf_open_file function doesn't check file path to match open_basedir.
 Code execution with blender files
document .blend files may contain python code with automatic execution.
 Google Chrome protection bypass
document Browser doesn't warn user on downloading potentially dangerous .mht, .mhtml, .svg files.
  


05.11.2009
Detailed
9!Sun Java multiple security vulnerabilities
document Multiple buffer overflows and code executions.
8!Adobe Shockwave Player Multiple security vulnerabilities
document Multiple vulnerabilities lead to code executions.
8!Mozilla Firefox / Seamonkey multiple security vulnerabilities
updated since 28.10.2009
document Buffer ovefflows, privilege escalation, information leak, crossite scripting.
6!Symantec Altiris Notification Server / Symantec Management Platform / Symantec Altiris Deployment Solution ActiveX buffer overflow
document ConsoleUtilities ActiveX buffer overflow
 Novell eDirectory DoS
document Hang on LDAP request with undefined Base DN
 IBM Tivoli Storage Manager buffer overflow
document CAD Service TCP/1581 buffer overflow
 Asterisk multiple security vulnerabilities
document Information leak, crossite scripting.
 Harris StarMAX 210 WiMax subscriber station crossite request forgery
document Request forgery in configuration Web interface.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Wireshark packet parsing vulnerabilities
document DoS and memory corruption on different capture files formats parsing.
  


02.11.2009
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru