Computer Security
[EN] securityvulns.ru no-pyccku



31.12.2006
Detailed
 Durian Web Application Server multiple security vulnerabilities
document Buffer overflow on oversized request.
 Rediff Bol Downloader ActiveX code download and execution
document ActiveX element allow to upload and execute any code.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Total Commander iso_wincmd plugin buffer overflow
document Buffer overflow on ISO files parsing.
 MythControl buffer overflow
document Buffer overflow on parsing Bluetooth commands.
  


30.12.2006
Detailed
6!Multiple OpenSER vulnerabilities
updated since 29.12.2006
document Memory corruption on SMS parsing, buffer overflow on OSP parsing, on QuickCAM objects parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


29.12.2006
Detailed
6!xine-lib buffer overflow
document Buffer overflow on parsing Real streaming protocol.
  


28.12.2006
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 DB Hub memory corruption
document Memory corruption on malformed request parsing.
  


26.12.2006
Detailed
 w3m browser format string vulnerability
document Format string culnerability on certificate CN field.
 Microsoft Windows Client for Microsoft Network DoS
document Argument of NetrWkstaUserEnum() memory is not checked and used to allocate memory, creating condition for memory exhaustion.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


25.12.2006
Detailed
6!Multiple browsers DNS pinning protection bypass
document By emulatin Web server failure it's possible to bypass DNS pinning protection (protection against changing IP address resolution by DNS name for crossite access)
6!Novell NetMail IMAP server multiple buffer overflows
updated since 23.12.2006
document Buffer overflows on STOP, APPEND commands and on IMAP literals parsing.
 NeoTrace ActiveX buffer overflow
document Buffer overflow on oversized NeoTraceExplorer.NeoTraceLoader element TraceTarget() method argument.
 acFTP FTP Server DoS
document Crash on REST command with invalid argument.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


23.12.2006
Detailed
8!Multiple Oracle application server vulnerabilities
updated since 19.04.2005
document SQL injections, DoS, data modification, crossite scripting, privilege escalation, audit setings modification. Password is passed from JDeveloper to SQLPlus in cleartext. JDeveloper password is stored in cleartext in different XML configuration files. Cleartext FormBuilder password is stored in temporary files. Weak permissions for temporary files. Reading and writing any file with Oracle Reports. Command execution with Oracle Forms and Oracle Reports. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment.
 Http Explorer Web Server directory traversal
document Directory traversal with ../
 XM Ease Personal FTP Server format string vulnerability
document Format string vulnerability in FTP command.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.12.2006
Detailed
6!ESET NOD32 antivirus multiple security vulnerabilities
updated since 20.12.2006
document Buffer overflow on .DOC documents and .CAB archives parsing, DoS on CHM files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 WinFTP FTP server / Dream FTP Server buffer overflow
updated since 20.12.2006
document Buffer overflow on oversized PASV command.
  


20.12.2006
Detailed
8!Sun Java Runtime Environment multiple security vulnerabilities
document Multiple vulnerabilities allow sandbox protection bypass and system functions access.
7!Multiple Mozilla Firefox / Thunderbird / Seamonkey security vulnerabilities
document Crossite scripting with functions prototypes. Information leak. Buffer overflows on oversized Content-Type fields in messages. Memory corruption on SVG header. Crossite scripting with img.src. DoS. JavaScript watchpoint privilege escalation. CSS image cursor property buffer overflow. Multiple memory corruptions.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.12.2006
Detailed
6!Intel 2200BG 802.11 wireless drivers memory corruption
document Memory corruption on beacon-frames parsing.
6!Mandiant First Response multiple security vulnerabilities
document DoS on SSL parsing in HTTPS interface, data manipulation.
 Multiple Linux kernel security vulnerabilities
document IrDA TTP header buffer overflow. Tokenring memory corruption. do_coredump symbolic links problem.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 D-Bus cross-application messaging system DoS
document Vulnerability in match_rule_equal allows application to remove rules of different applications.
  


18.12.2006
Detailed
6!MailEnable POP3 server buffer overflow
document Buffer overflow in POP3 PASS command.
 Linux Kernel Bluetooth CAPI DoS
document It's possible to overwrite internal kernel objects with CAPI message.
 Multiple IBM Websphere security vulnerabilities
document JSP pages source code access.
 Allied Telesis AT-9000/24 ethernet switche unauthorized access
document Administration interface may be accessed from any VLAN.
 Star FT Pserver DoS
document Crash on imcomplete PORT / oversized RETR command.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.12.2006
Detailed
7!Microsoft Word / Open Office 0-day security vulnerability
updated since 06.12.2006
document 2 different unknown vulnerabilities are used for hidden malware installation.
 Sambar FTP service DoS
document Crash on oversized SIZE command.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


15.12.2006
Detailed
6!Microsoft Project Server 2003 information leak
document Username and password for Microsoft SQL Server account is sent by client request.
 HP Integrated Lights Out unauthorized access
document Unauthorized access if SSH with key based authentication is used.
 BitDefender multiple software products buffer overflow
document Heap buffer overflow on PE files parsing.
 Kerio Mail Server DoS
document Server crash on LDAP queries processing.
 italkplus buffer overflow
   
 Coolplayer buffer overflows
document Multiple buffer overflows.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 15.12.2006
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Microsoft Windows quartz.dll DoS
document Division by zero on malformed MIDI file or WMV file.
  


14.12.2006
Detailed
7!Multiple Symantec Veritas NetBackup security vulnerabilities
document CONNECT_OPTIONS and oversized requests to bpcd.exe buffer overflows.
6!GNOME gdmchooser format string vulnerability
document Format string vulnerability in remote hostname.
6!Multiple HyperAccess telnet / ssh terminal security vulnerabilities
document Code execution with .HAW files and telnet: protocol handler.
6!Quicktime crossite scripting
document XML file with .MOV extension allows to execute script in local zone with qtnext parameter of EMBED tag with embedded short movie.
6!Multiple Sun Solaris vulnerabilities
document Buffer overflow in ld.so doprf(), directory traversal on parsing different environment variables in ld.so.
6!OpenLDAP slapd LDAP server buffer overflow
document Buffer overflow on Kerberos v4 authentication.
 CA Anti-Virus multiple DoS conditions
document Multiple NULL pointer dereferences.
 enemies-of-carlotta mailing list processor shell characters
document Shell characters problem on e-mail address parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 SiteKiosk security protection bypass
document It's possible to access disk content with broser path ABOUT:hello<a href=\>click here</a>.
 IBM DB2 database server DoS
document NULL pointer dereference on malformed SQLJRA packet.
 kdegraphics KDE graphics library DoS
document Malformed EXIF section of JPEG file causes infinite recursion with stack overflow (stack memory consumption).
  


13.12.2006
Detailed
7!Microsoft Internet Explorer / Outlook Express multiple security vulnerabilities
updated since 12.12.2006
document Memory corruption on Javascript errors processing and Javascript normalize() function. Temporary Internet Files crossite access. Buffer overflow on Windows Address Book (WAB) parsing.
6!Microsoft Visual Studio WMI Object Broker ActiveX code execution
updated since 12.12.2006
document Object can be used to bypass internet zone restrictions.
 Sophos Anti-Virus multiple security vulnerabilities
updated since 30.10.2006
document Crash on parsing malformed RAR, CHM and petite-packed files. Buffer overflow on CPIO and SIT archives parsing.
  


12.12.2006
Detailed
7!Microsoft Windows Media Format Runtime buffer overflow
document Buffer oveflows on parsing ASF (.ASF, .WMV, .WMA) and ASX files.
6!Microsoft RIS Server weak permissions
document It's possible to write files via TFTP.
6!Microsoft Windows CSRSS privilege escalation
document It's possible to elevate privileges with manifest file.
6!Microsoft Windows SNMP service buffer overflow
   
  


11.12.2006
Detailed
 IBM WebSphere Host On-Demand authentication bypass
document Some URLs allow access without authentication.
 D-Link D-LINK DWL-2000AP+ wireless access point DoS
document ARP packets flood causes device to crash.
 Winamp Web Interface multiplse security vulnerabilities
document Buffer overflows, directory traversal and protection bypass.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 ColdFusion MX7 multiple security vulnerabilities
document Information leak, crossite scripting protection bypass.
  


10.12.2006
Detailed
6!AOL ActiveX element buffer overflow
document Buffer overflow in CDDBControlAOL.CDDBAOLControl ActiveX control.
 Filezilla FTP Server DoS
document Crash on invalid FTP commands sequence.
 Net-SNMP security protection bypass
document Under some conditions write access may be obtained to read-only community.
 Newtone ImageKit ActiveX buffer overflow
document Buffer overflow in Newtone ImageKit ActiveX Control.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 ClamAV antivirus DoS
updated since 08.12.2006
document High recursion of MIME parts causes antivirus to crash.
  


09.12.2006
Detailed
6!PHP safe_mode and open_basedir protection bypass
document It's possible to access directories above basedir with session_save_path().
6!MailEnable IMAP Server multiple security vulnerabilities
updated since 01.12.2006
document Buffer overflow in EXAMINE, SELECT, DELETE commands.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Sophos antivirus and Trend Micro antivirus RAR files DoS
document Endless loops and hangs on scanning archives with pack_size and head_size of zero.
  


08.12.2006
Detailed
7!Intel network adapters drivers privilege escalation
document Buffer overflow on processing IOCTL_NDIS_QUERY_SELECTED_STATS NDIS request.
6!madwifi buffer overflow
document Buffer overflow in Atheros driver on SIOCGIWSCAN signal processing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 l2tpns layer 2 tunnelling protocol network server buffer overflow
   
  


07.12.2006
Detailed
8!GnuPG uninitialized memory problem
document Using of uninitialized data allows attacked to overwrite stored function pointed and execute code.
6!Citrix Presentation Server client for Windows buffer overflow
document Buffer overflow in Wfica.ocx ActiveX SendChannelData function.
 Linksys WIP 330 VoIP wireless phone DoS
document nmap scan causes device to crash.
 2X ThinClientServer replay attacks
document It's possible to create administrative account by replaying creation request with different username.
 ruby DoS
updated since 05.11.2006
document SPU axhaustion in CGI library on parsing HTTP request with invalid MIME booundaries.
  


06.12.2006
Detailed
6!F-Prot antivirus buffer overflow
document Buffer overflow on parsing CHM and ACE files.
6!FireWire IOCTL integer overflow in different BSD-based Unix system
updated since 16.11.2006
document Negative IOCTL paramter value allows read access to kernel memory.
6!Convert-UUlib / Barracuda Spam Firewall buffer overflow
updated since 28.04.2005
document Buffer overflow on BinHex encoding parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Adobe Download Manager buffer overflow
document Stack buffer overflow on parsing AOM files.
  


05.12.2006
Detailed
6!IBM Tivoli Storage Manager buffer overflow
document Multiple buffer overflows on parsing port TCP/1500 traffic.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Symantec LiveState Agent privilege escalation
document It's possible to launch Windows Explorer with SYSTEM privileges.
 KOffice integer overflow
updated since 30.11.2006
document OLEfilter integer overflow on .PPT file open.
  


02.12.2006
Detailed
6!WinRAR buffer overflow
document Buffer overflow on oversized filename in 7ZIP archive.
 BlzeVideo HDTV Player buffer overflow
document Buffer overflow on .PLF files parsing.
 VUPlayer buffer overflow
document Buffer overflow on .M3U files parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Novell ZENworks multiple security vulnerabilities
document Heap buffer overflows in Novell ZENworks Asset Management and Novell ZENworks Asset Management Collection client.
 Microsoft Windows spoolss DoS
document Memory exhaustion in GetPrinterData() function.
  


01.12.2006
Detailed
7!NetBSD and Mac OS X ftpd / tnftpd buffer overflow
document Buffer overflow in NLST FTP command file globbing.
6!Novell Netware Client multiple security vulnerabilities
updated since 29.11.2006
document Buffer overflow in EnumPrinters() and OpenPrinter() functions. Format string vulnerability in Novell Modular Authentication Services.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Quintessential Player buffer overflow
document .PLS, .M3U, M3u-8 playlists buffer overflow.
 Songbird Media Player format string
document Format string vulnerability on M3U files parsing.
 libgsf buffer overflow
updated since 30.11.2006
document ole_init_info() heap overflow.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod