Computer Security
[EN] securityvulns.ru no-pyccku



26.11.2012
Detailed
6!Apache Tomcat multiple security vulnerabilities
document Authentication bypass and replay attacks on Digest authentication, DoS.
6!FreeBSD privilege escalation
document Kernel memory overwrite via Linux compatibility subsystem.
 Belkin wireless routers weak key
document Firmware WPA2 key is generated by MAC address.
 libunity memory corruption
document Memory corruption in hash tables handling.
 trousers DoS
document tcsd DoS
 libproxy buffer overflow
updated since 06.11.2012
document Integer overflow on Content-Length parsing leads to buffer overflow, buffer overflow on proxy.pac parsing.
 TP-LINK TL-WR841N security vulnerabilities
updated since 01.11.2012
document Directory traversal and crossite scripting in web interface.
  


18.11.2012
Detailed
8!Microsoft Excel multiple security vulnerabilities
document Bufer overflows, memory corruptions, use-after-free.
8!Microsoft Windows security vulnerabilities
document Windows Briefacese integer overflows, .Net protection bypass, information leakage and code execution, kernel drivers privilege escalations.
7!Microsoft Internet Explorer multiple security vulnerabilities
document Few different use-after-free vulnerabilities.
6!libtiff buffer overflow
updated since 28.10.2012
document Buffer overflow on PixarLog comperssion parsing, ppm2tiff buffer overflow.
 Media Player Classic security vulnerabilities
document Built-in web server DoS and crossite scripting.
 Applicure dotDefender format string vulnerability
document Format specificators are not escaped on error message generation.
 Samsung Kies Air security vulnerabilities
document DoS, authentication bypass.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Internet Information Services security vulnerabilities
document log files information leakage, FTP STARTTLS session command injection.
  


14.11.2012
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 EMC RSA Data Protection Manager security vulnerabilities
document Crossite scripting, restrictions bypass.
 OpenVAS Manager code execution
document Unescaped shell characters on OMP request processing.
 Huawei weak passwords encryption
document Passwords are stored in reversible encryption.
  


13.11.2012
Detailed
6!Sophos / Cisco Ironport products security vulnerabilities
updated since 06.11.2012
document Different vulnerabilities, including remote code execution.
 radsecproxy protection bypass
document It's possible to bypass SSL certificate check under some conditions.
  


09.11.2012
Detailed
7!Cisco Secure Access Control System authentication bypass
document Insufficient password check if TACACS+ authentication is used with LDAP.
7!Apple QuickTime multiple security vulnerabilities
document Multiple memory corruptions on different file formats and server responses parsing and in ActiveX components.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Glance unauthorized images deletion
document Insufficient access control validation.
 IcedTea-Web memory corruption
   
 Cisco Nexus 1000V protection bypass
document Under some conditions devices with invalid licenses and disabled protection do not display valid status.
  


06.11.2012
Detailed
6!Mesa code execution
document Invalid arrays handling.
 Ubuntu Remote Login Services information leakage
document Context information is purged insufficiently on user account switching.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Checkpoint SofaWare firewalls security vulnerabilities
document Crossite scripting, information leakage, crossite reqiests forgery, request redirections.
 Munin security vulnerabilities
document Symbolic links vulnerability, code execution.
  


05.11.2012
Detailed
6!Apple iOS 6.0 multiple security vulnerabilities
document Information leakage, protection bypass, memory corruption, race conditions.
 HP Performance Insight with Sybase DoS
   
  


02.11.2012
Detailed
6!Cisco Unified MeetingPlace Web Conferencing security vulnerabilities
document Buffer overflow, SQL injection.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Konqueror memory corruptions
document Few different memory corruptions.
 OpenOffice / LibreOffice DoS
document NULL pointer dereference on different formats parsing.
  


01.11.2012
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 01.11.2012
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod