Search:Vulnerability
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
29.12.2009
Detailed
6
!
Microsoft IIS protection bypass
It's possible to bypass 3rd party upload protection by file extension, because part of filename after semicolon is ingored then detecting file type. E.g. script.asp;.jpg is treated by web server as ASP file.
Perl DBD::Pg module buffer overflow
pg_getline buffer overflow, DoS.
MIT Kerberos 5 DoS
NULL pointer dereference on cross-relarm authentication.
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
setfacl / getfacl symbolic links vulnerability
Symbolic links are followed on recursive operation.
23.12.2009
Detailed
kvm virtualization multiple security vulnerabilities
Privilege escalation, DoS.
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
22.12.2009
Detailed
Allied Telesyn TFTP Daemon buffer overflow
Buffer overflow on request parsing.
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
21.12.2009
Detailed
6
!
HP OpenView Storage Data Protector code execution
updated since 17.12.2009
acpid weak file permission
Log file is created world readable.
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
17.12.2009
Detailed
8!
Mozilla Firefox multiple security vulnerabilities
Multiple memory corruptions on HTML and media formats parsing, NTLM reflection attacks, location spoofing, privilege escalation, information leak.
7
!
Nullsoft WinAmp multiple security vulnerabilities
Buffer overflows and integer overflows on Oktalyzer, Ultratracker, Impulse Tracker files parsing, JPEG, PNG.
Cisco ASA SSL VPN protection bypass
It's possible to bypass URL filtering feature.
VMWare vCenter / ESX / WebWorks Help crossite scripting
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
16.12.2009
Detailed
6
!
Kaspersky Lab Multiple products privilege escalation
BASES directory contains executable files and has weak security permissions.
Easy File Sharing Web Server information leak
Access to files.sdb file is allowed.
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Quick Heal Antiviral products weak permissions
updated since 13.10.2009
Weak permissions on installation folder.
VideoCache for squid privilege escalation
It's possible to elevate privileges from squid to root user if root executes vccleane script.
15.12.2009
Detailed
9!
Oracle applications multiple security vulnerabilities
updated since 15.01.2009
Oracle Critical Patch Update fixes >40 of different vulnerabilities in all Oracle applications.
7
!
Symantec Veritas multiple applications unauthorized access
updated since 10.12.2009
Authentication bypass in TCP/14300 VRTSweb.exe allows code execution.
6
!
PostgreSQL multiple security vulnerabilities
SSL certificate spoofing, privilege escalation.
Trango Broadband Wireless networks traffic hijacking and spoofing
No authentication for end-point device is supported.
firefox-sage RSS reader crossite scripting
It's possible to inject script into RSS data.
Intellicom NetBiterConfig buffer overflow
Buffer overflow on HMS HICP protocol parsing.
Monkey web server DoS
Crash on processing client's request.
Zabbix monitoring server multiple security vulnerabilities
SQL injection, command execution, DoS conditions.
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
APC Switched Rack PDU crossite scripting
Crossite scripting in Web administration interface.
Mozilla Codesighs memory corruption
Buffer overflow on file parsing.
11.12.2009
Detailed
7
!
Linux kernel multiple security vulnerabilities
Crash on malformed IP packet defragmentation, privilege escalation with Ext4 "move extents" ioctl.
10.12.2009
Detailed
9!
Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.12.2009
Multiple memory corruptions, code execution.
8!
Microsoft Windows Intel Indeo codecs multiple
updated since 09.12.2009
Multiple vulnerabilities on video files parsing.
6
!
Microsoft Wordpad / Office Text Converters memory corruption
updated since 09.12.2009
Memory corruption on Office 97 documents parsing.
CA Service Desk crossite scripting
freeaccess.spl and webengine CGIs are vulnerable to crossite scripting.
GRUB 2 password bypass
Error in password protection allows to boot system by guessing first character of the password.
HP OpenView NNM multiple security vulnerabilities
updated since 09.12.2009
Multiple vulnerabilities in different CGI applications.
09.12.2009
Detailed
8!
Adobe Flash Player multiple security vulnerabilities
Buffer overflow on JPEG parsing, integer overflow on ActionScript execution.
7
!
Microsoft Internet Authentication Service multiple security vulnerabilities
MS-CHAP authentication bypass, memory corruption.
7
!
Microsoft Windows Active Directory Federation Service multiple security vulnerabilities
Code execution, session hijack.
7
!
Microsoft Windows DoS
LSASS DoS on ISAKMP IPSec messages parsing.
6
!
Microsoft Project memory corruption
Memory corruption on Microsoft Office files parsing.
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
ntp server DoS
NTP packet from the spoofed address of server itself causes resources exhaustion.
HP OpenView Data Protector Application Recovery Manager DoS
updated since 08.12.2009
U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) privilege escalation
updated since 04.12.2009
Application executes all executables with predefined names found in system.
Mozilla Firefox dialog spoofing
It's possible to spoof form URL.
08.12.2009
Detailed
6
!
Novell iPrint Client multiple security vulnerabilities
Buffer overflows in ActiveX.
CoreHTTP Web server buffer overflow
Off-by-one buffer overflow on request method handling.
04.12.2009
Detailed
7
!
FreeBSD privilege escalation
updated since 01.12.2009
It's possible to bypass environment variables filtering on suid program execution.
DevIL library buffer overflow
Buffer overflow in GetUID() function on DICOM image format parsing.
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
freebsd-update weak permissions
Read permission is always set for updated files.
QEMU virtual machines DoS
Invalid configuration of virtio network.
PHP multiple security vulnerabilities
updated since 24.11.2009
safe_mode bypass via different functions.
DAZ Studio code execution
Code execution via .ds, .dsa, .dse, .dsb.
02.12.2009
Detailed
6
!
Crossite scripting in multiple SSL VPN applications
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Lateral Arts Photobox ActiveX buffer overflows
Buffer overflows in different object's properties.
Roxio Creator integer overflow
Integer overflow via image dimensions.
01.12.2009
Detailed
6
!
PHP multiple security vulnerabilities
Multiple buffer overflows, memory corruptions and DoS conditions.
Asterisk RTP DoS
Crash on RTP comfort noise payload processing.
Dovecot weak permissions
Weak permissions during installation.
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Eureka Mail buffer overflow
updated since 26.10.2009
Buffer overflow on POP3 / SMTP server response parsing.
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
