Computer Security
[EN] securityvulns.ru
no-pyccku

  


30.12.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress: local file include, directory traversal and information leak.
 ClamAV antivirus multiple security vulnerabilities
document Protection bypass with UUEncode, race conditions on temporary files creation.
  


29.12.2007
Detailed
6!Multiple security vulnerabilities in different Exif libraries (libexif, exiv2, exiftags)
document Multiple DoS conditions, integer overflows, buffer overflows on parsing JPEG/TIFF/RIFF EXIF data.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress: directory traversal and information leak.
 CoolPlayer media player buffer overflow
document Buffer overflow on OGG Vorbis parsing.
 Persists Software XUpload ActiveX control buffer overflow
updated since 26.12.2007
document Buffer overflow in AddFolder() method.
  


28.12.2007
Detailed
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress: DoS, crossite scripting, arbitrary files deletion.
 Extended Module Player multiple security vulnerabilities
document Multiple buffer overflows.
 libnemesi RTSP client library multiple security vulnerabilities
document Multiple buffer overflows.
 Feng RTSP streaming server multiple security vulnerabilities
document Multiple buffer overflows and DoS conditions.
 inotify buffer overflow
   
  


27.12.2007
Detailed
 PHP set_time_limit limitation bypass
document It's possible to use ini_set("max_execution_time", 90000000); in safe mode instead of set_time_limit.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


26.12.2007
Detailed
8!Macrovision InstallShield ActiveX code execution
updated since 02.11.2007
document Unsafe Update Service ActiveX method allows code execution.
6!AOL AIM YGP Picture Editor ActiveX control buffer overflow
document Buffer overflows in different properties.
6!Live for Speed game buffer overflow
updated since 15.10.2007
document Buffer overflow on skin file parsing.
 ZoomPlayer media player buffer overflow
document Buffer overflow on ZPL file parsing.
 Ada Image server directory traversal
document Multiple directory traversal variants.
 Apache Tomcat weak default permissions
document JULI logging component allow arbitrary files overwriting.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 26.12.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PRO-search: crossite scripting and DoS.
 ZyXEL P-330W routers crossite scripting
document Crossite scripting in Web administration interface.
 Total Player media player buffer overflow
document Buffer overflow on .m3u file parsing.
  


24.12.2007
Detailed
9!AOL Instant messenger code execution
updated since 26.09.2007
document Microsoft Internet Explorer control is used for HTML content rendering without limiting zone access.
7!Microsoft Windows Message Queuing buffer overflow
updated since 12.12.2007
document Buffer overflow in RPC interface (TCP/2103).
6!Ingres database / CA security products multiple security vulnerabilities
updated since 22.06.2007
document Multiple heap buffers overflows on TCP/10916 and TCP/10923 requests parsing. Local unauthorized files access with 'wakeup'. Buffer overflow in uuid_from_char() SQL function, privilege escalation.
 pdflib buffer overflow
document Buffer overflow during PDF generation on oversized PDF file.
 Microsoft Office Publisher /Word DoS
document Crash on malformed .pub file with WordArt object parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.12.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress <= 2.0.9: crossite scripting.
 Adobe Flash Player sandbox protection bypass
updated since 10.08.2007
document SecurityErrorEvent can be used for client ports scanning.
 WinUAE Amiga emulator buffer overflow
document Buffer overflow on gzip'ed floppy disk image parsing.
  


22.12.2007
Detailed
7!HP Software Updates ActiveX unauthorized access
updated since 20.12.2007
document Unsafe SaveToFile() method allows access to filesystem.
  


21.12.2007
Detailed
7!Linux multiple security vulnerabilities
document DoS with minix filesystem, integer overflow in hrtimer subsystem, buffer overflow on ISDN IOCTL handling, invalid coredump files handling.
 IBM Domino Web Access Upload Control ActiveX buffer overflow
document Buffer overflow in InstallBrowserHelperDll with General_ServerName property.
 MySQL SHOW TABLE STATUS DoS
   
 Appian Enterprise Business Process Management Suite DoS
document Application hang on malformed TCP/5400 packet.
 HP Tru64 File-on-File Mounting File System DoS
   
 HP-UX rpc.yppasswdd DoS
   
  


20.12.2007
Detailed
6!id3lib library array overflow
document extflags array overflow on ID3v2 array parsing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


19.12.2007
Detailed
7!ClamAV antivirus integer overflow
document Integer overflow leading to heap buffer overflow on MEW packer parsing.
6!Cisco Firewall Services Module DoS
updated since 19.12.2007
document Device crash on application traffic analisys.
6!Asterisk unauthorized access
document IP restriction is not checked for users with no password configured.
 Perforce revision control system DoS
document HTTP request with empty boy and non-zero Content-Length causes CPU exhaustion.
 Google toolbar information spoofing
document Add button dialog spoofing.
 Apache + smbfs information leak
document It's possible to retrieve script source.
 Apple Mac OS X mount_smbfs buffer overflow
document Buffer overflow on command line -W argument parsing.
 Linux kernel hpet timers DoS
   
  


18.12.2007
Detailed
8!Trend Micro ServerProtect unauthorized access
document TCP/5168 RPC-based service unauthorized access to system functions.
6!HP-UX swagentd buffer overflow
document Buffer overflow in sw_rpc_agent_init RPC function.
6!Mac OS X insecure system update
document Insecure uncrypted/unsigned protocol is used for system update.
 St. Bernard Open File Manager buffer overflow
document Buffer overflow on dynamic TCP port traffic parsing.
 KDE multiple DoS conditions
   
 RaidenHTTPD Web server directory traversal
document Directory traversal in web administration script.
 syslog-ng DoS
document NULL pointer dereference on malformed timestamp format.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 18.12.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm: Crossite scripting.
  


17.12.2007
Detailed
 Perl Net::DNS package multiple security vulnerabilities
updated since 13.07.2007
document Weak DNS ID generation allows response spoofing, DoS on parsing DNS request.
  


16.12.2007
Detailed
8!Samba buffer overflow
updated since 12.12.2007
document Buffer overflow in send_mailslot() on parsing domain logon request.
6!Novell Groupwise client buffer overflow
document Buffer overflow on oversized SRC property of IMG tag.
6!HP Info Center ActiveX code execution
updated since 13.12.2007
document Few unsafe methods are explosed.
 wpa_supplicant driver DoS
document Crash on parsing TSF data.
 IRC Services DoS
document DoS on oversized password.
 Portage information leak
document etc-update utilities stores sensitive information in insecure temporayr file.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress: information leakage
 Microsoft Office unsigned data
updated since 13.12.2007
document Metadata file and hyperlink desination is not signed on document signing.
  


13.12.2007
Detailed
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.12.2007
document Multiple memory corruptions.
8!Microsoft Windows DirectX multiple security vulnerabilities
updated since 12.12.2007
document Synchronized Accessible Media Interchange (SAMI), WAV and AVI.
6!Переполнения буфера в Novell NetMail AntiVirus Agent
document Buffer overflow in avirus.exe via random TCP port.
6!BarracudaDrive Web Server multiple security vulnerabilities
document Directory traversal, script source access, dile deletion, HTML injection, DoS.
 OpenOffice certificate information spoofing
document It's possible to spoof information about certificate used for signing.
 QK SMTP Server DoS
   
 Meridian Prolog Manager weak encryption
document Weak username/password encryption.
 PEAR::MDB2 information leak
document Under some conditions it's possible to proxy requests to different objects, including local files.
 DosBox sandbox protection bypass
document Any application inside emulator can use mount command to mount any folder.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Rotabanner: crossite scripting
  


12.12.2007
Detailed
8!Microsoft Windows Media code execution
document Code execution with ASF files.
7!Microsoft Windows Vista ALPC privilege escalation
document Code execution in kernel context with Advanced Local Procedure Call.
7!Microsoft Windows SafeDisk driver buffer overflow
updated since 20.10.2007
document Buffer overflow in secdrv.sys driver allows code execution in syste, context.
6!Microsoft Windows Vista SMBv2 packets signature bypass
document Invalid implementation of digital signing.
6!squid proxy server DoS
updated since 06.12.2007
document Invalid cash update reply processing.
 libnfsidmap / NFS privilege escalation
document Under some conditions, file owner is determined incorrectly.
  


09.12.2007
Detailed
8!CA ArcServe Backup multiple security vulnerabilities
   
7!Heimdal RADIUS server memory corruption
document free() of uninitialized pointer on invalid user name.
6!3ivx MP4 codec buffer overflow
document Buffer overflow on MP4 tags parsing.
6!Firefly Media Server multiple security vulnerabilities
document Directory traversal, authentication bypass. DoS.
6!HTTP File Server directory traversal
document Durectory traversal on file upload.
6!Simple HTTPD multiple security vulnerabilities
document Directory traversal, script source code access.
6!Easy File Sharing Web Server multipel security vulnerabilities
document Directory traversal, information leak.
 e2fsprogs utilities multiple security vulnerabilities
document Multiple integer overflows.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


07.12.2007
Detailed
9!Cisco security Agent buffer overflow
updated since 06.12.2007
document Buffer overflow on SMB/CIFS parsing (TCP/139, TCP/445).
7!Skype URL handler buffer overflow
document Heap buffer overflow on skype4com URL handler.
 liblcms / lcms buffer overflow
document Buffer overflow on JPEG ICC profile processing.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


06.12.2007
Detailed
7!Alwil Avast! antivirus memory corruption
document 4-byte overflow on TAR archive parsing.
6!CA BrightStor ARCserve Backup unauthorized RPC access
updated since 27.11.2007
document Multiple unsafe methods are available with RPC interface.
 Battle for Wesnoth unauthorized access
document It's possivle to access files through game client.
 Cisco 7940 / Nokia N95 phones DoS
document Race conditions on SIP protocol handling.
 Hugin symbolic links vulnerability
document Unsafe temporary files creation.
 zabbix privilege escalation
document Super-user privileges are not droppen on user-supplied application execution.
 CiscoWorks crossite scripting
   
 VLC Player ActiveX code exectuion
document Few uninitialized pointers references.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Opera CPU exhaustion
document BMP file in special format causes CPU exhaustion.
 Firefox DoS
document Invalid INPUT tag designMode property processing.
 SonicWALL Global VPN Client format string vulnerability
document Format stirng vulnerability on configuration file parsing.
  


05.12.2007
Detailed
6!hsqldb / OpenOffice code execution
document It's possible to execute Java code embedded to OpenOffice database document.
 Apple Mac OS X widgets codeexecution
   
 rsync security restrictions bypass
   
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 05.12.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


03.12.2007
Detailed
 sing pinging utility privilege escalation
document -L parameter allow to ovewrite files.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Drupal Captcha: CAPTCHA bypass.
  


02.12.2007
Detailed
8!AuickTime buffer overflow
document Buffer overflow on RTSP response Contet-Type header parsing parsing.
 MyTV privilege escalation
document Under Mac OS X application allows access to system menu with root privileges.
 QEMU virtual machine buffer overflow
document Buffer overflow in TranslationBlock on application execution in Guest OS.
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 02.12.2007
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm: CAPTCHA bypass and XSS.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 
Links
Kauf SoftCialo Softabs verkauf online drmed.eu



Rating@Mail.ru