Computer Security
[EN] securityvulns.ru
no-pyccku

  


27.11.2011
Detailed
8!Google –°hrome multiple security vulnerabilities
document Code execution, privilege escalation, DoS.
7!ffmpeg library multiple security vulnerabilities
updated since 11.11.2011
document Memory corruption on MKV and AVS/CAVS containers parsing.
6!Linux kernel multiple security vulnerabilities
document Multiple DoS conditions.
6!MaraDNS buffer overflow
document Buffer overflow on request parsing.
6!HP Network Node Manager i multiple security vulnerabilities
updated since 21.11.2011
document Crossite scripting, unauthorized access, information disclosure.
6!freetype library multiple security vulnerabilities
updated since 16.07.2010
document Memory corruptions on fonts parsing.
6!ldns buffer overflow
updated since 07.05.2009
document Buffer overflow on records parsing.
 Software Center certificate spoofing
document insufficient check for server certificates.
 HP Operations Agent / HP Performance Agent unauthorized access
document 
 HP Integrated Lights-Out unauthorized access
document Unauthorized access if HP Directories Support is used.
 HP StorageWorks P4000 code execution
document 
 HP-UX System Administration Manager privilege escalation
document 
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Puppet multiple security vulnerabilities
updated since 01.10.2011
document Multiple file overwrite vulnerabilities, certificates spooging.
  


25.11.2011
Detailed
8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Crossite scripting, code execution, memory corruptions, information leakage.
  


21.11.2011
Detailed
6!CA Directory buffer overflow
document Buffer overflow on SNMP-packet parsing.
6!ProFTPD memory corruption
document Use after free()
 iGuard Biometric Access Control multiples security
document 
 DVR Remote ActiveX code execution
document It's possible to load dynamic library via DVRobot.DLL
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 InduSoft WebStudio ActiveX buffer overflow
updated since 05.09.2011
document Different ActiveX methods buffer overflows.
 OpenTTD DoS
updated since 21.11.2011
document Multiple DoS conditions.
  


20.11.2011
Detailed
8!SAP NetWeaver multiple security vulnerabilities
document Authentication bypass, crosste scripting, code injection, information leakage.
8!bind DNS server DoS
document Crash on packet parsing.
 SAP Crystal Report Server crossite scripting
document Crossite scripting in pubDBLogon/
 Jetty Web server / VMware vCenter directory traversal
document 
 OpenLDAP buffer overflow
document Off-by-one overflow on LDIF parsing.
 system-config-printer content spoofing
document Unsafe conneciton is used to download drivers.
  


16.11.2011
Detailed
7!Apple iPhone multiple security vulnerabilities
document URL spoofing, memory corruption, protection bypass.
7!ISC DHCP dhclient DHCP client shell unfiltered characters vulnerability
updated since 12.04.2011
document Shell characters vulnerability on server options processing.
 Apple iTunes insecure updates
document Software updtes were checked insecurely.
 Apple Mac Os X sandbox protection bypass
document It's possible to bypass sandbox restriction by controlling different applications.
  


11.11.2011
Detailed
9!Oracle Java multiple security vulnerabilities
updated since 24.10.2011
document Quarterly CPU fixes 20 different vulnerabilities.
7!Adobe Shockwave Player multiple security vulnerabilities
document Multiple memory corruptions.
6!"Digicert Sdn. Bhd." weak certificates
document Few weak certificates were issued by intermediate CA.
 Apache Tomcat privilege escalation
document Privilege escalation via manager app.
 Xen multiple security vulnerabilities
document Multiple DoS conditions, PCI passthorough privilege escalation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 11.11.2011
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 libmodplug library multiple security vulnerabilities
document Memory corruptions on different media formats.
 Cisco Unified Communications Manager / Cisco Unified Contact Center Express directory traversal
updated since 31.10.2011
document Directory traversal in embedded web services on TCP/8080 and TCP/9080 ports.
  


09.11.2011
Detailed
10!Microsoft Windows kernel UDP processing integer overflow
document Integer overflow leads to code execution via the flow of UDP packets to closed port.
 Microsoft Windows DoS
document Crash on TTF fonts parsing.
 Microsoft Windows active directory authentication bypass
document Certificate revocation list is not checked on LDAPs access.
  


06.11.2011
Detailed
 Singtel 2wire routers CSRF
document Unchangable account, CSRF.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Toshiba eStudio authentication bypass
updated since 24.10.2011
document Known URLs can be accessed without authentication.
  


05.11.2011
Detailed
7!HP OpenVMS unauthorized access via POP3/IMAP server
document 
 Open VMS SMTP server DoS
document 
  


04.11.2011
Detailed
 EMC Documentum eRoom protection bypass
document It's possible to bypass file type upload limitations.
 Wireshark sniffer multipe security vulnerabilities
document Uninitialized memory dereference, buffer overflow.
 Oracle Hyperion ActiveX security vulnerabilities
updated since 01.11.2011
document Buffer overflow in ODBC driver used by ActiveX component, unsafe methods.
 Cisco Small Business SRP500 crossite request forgery
document Crossite request forgery in administration interface.
 RSA Key Manager Appliance session termination vulnerabilty
document Session may be not properly terminated after logout.
  


01.11.2011
Detailed
6!D-Link DIR-300 multiple security vulnerabilities
document Router management system for D-Link DIR-300 information leakage.
 PlotLineControl ActiveX integer overflow
document Integer overflow in LinePutPoint method
 YaTFTPSvr TFTP Server directory traversal
document 
 radvd multiple security vulnerabilities
document Privilege escalation, buffer overflow, DoS.
 Nova weak cryptography
document It's possible to computer EC2_SECRET_KEY with known EC2_ACCESS_KEY
 Apple Mail.app DoS
document Crash on large number of MIME parts.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru