Computer Security
[EN] securityvulns.ru
no-pyccku




29.12.2009
Detailed
6!Microsoft IIS protection bypass
document It's possible to bypass 3rd party upload protection by file extension, because part of filename after semicolon is ingored then detecting file type. E.g. script.asp;.jpg is treated by web server as ASP file.
 Perl DBD::Pg module buffer overflow
document pg_getline buffer overflow, DoS.
 MIT Kerberos 5 DoS
document NULL pointer dereference on cross-relarm authentication.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 setfacl / getfacl symbolic links vulnerability
document Symbolic links are followed on recursive operation.
  


23.12.2009
Detailed
 kvm virtualization multiple security vulnerabilities
document Privilege escalation, DoS.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


22.12.2009
Detailed
 Allied Telesyn TFTP Daemon buffer overflow
document Buffer overflow on request parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


21.12.2009
Detailed
6!HP OpenView Storage Data Protector code execution
updated since 17.12.2009
   
 acpid weak file permission
document Log file is created world readable.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


17.12.2009
Detailed
8!Mozilla Firefox multiple security vulnerabilities
document Multiple memory corruptions on HTML and media formats parsing, NTLM reflection attacks, location spoofing, privilege escalation, information leak.
7!Nullsoft WinAmp multiple security vulnerabilities
document Buffer overflows and integer overflows on Oktalyzer, Ultratracker, Impulse Tracker files parsing, JPEG, PNG.
 Cisco ASA SSL VPN protection bypass
document It's possible to bypass URL filtering feature.
 VMWare vCenter / ESX / WebWorks Help crossite scripting
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


16.12.2009
Detailed
6!Kaspersky Lab Multiple products privilege escalation
document BASES directory contains executable files and has weak security permissions.
 Easy File Sharing Web Server information leak
document Access to files.sdb file is allowed.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Quick Heal Antiviral products weak permissions
updated since 13.10.2009
document Weak permissions on installation folder.
 VideoCache for squid privilege escalation
document It's possible to elevate privileges from squid to root user if root executes vccleane script.
  


15.12.2009
Detailed
9!Oracle applications multiple security vulnerabilities
updated since 15.01.2009
document Oracle Critical Patch Update fixes >40 of different vulnerabilities in all Oracle applications.
7!Symantec Veritas multiple applications unauthorized access
updated since 10.12.2009
document Authentication bypass in TCP/14300 VRTSweb.exe allows code execution.
6!PostgreSQL multiple security vulnerabilities
document SSL certificate spoofing, privilege escalation.
 Trango Broadband Wireless networks traffic hijacking and spoofing
document No authentication for end-point device is supported.
 firefox-sage RSS reader crossite scripting
document It's possible to inject script into RSS data.
 Intellicom NetBiterConfig buffer overflow
document Buffer overflow on HMS HICP protocol parsing.
 Monkey web server DoS
document Crash on processing client's request.
 Zabbix monitoring server multiple security vulnerabilities
document SQL injection, command execution, DoS conditions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 APC Switched Rack PDU crossite scripting
document Crossite scripting in Web administration interface.
 Mozilla Codesighs memory corruption
document Buffer overflow on file parsing.
  


11.12.2009
Detailed
7!Linux kernel multiple security vulnerabilities
document Crash on malformed IP packet defragmentation, privilege escalation with Ext4 "move extents" ioctl.
  


10.12.2009
Detailed
9!Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.12.2009
document Multiple memory corruptions, code execution.
8!Microsoft Windows Intel Indeo codecs multiple
updated since 09.12.2009
document Multiple vulnerabilities on video files parsing.
6!Microsoft Wordpad / Office Text Converters memory corruption
updated since 09.12.2009
document Memory corruption on Office 97 documents parsing.
 CA Service Desk crossite scripting
document freeaccess.spl and webengine CGIs are vulnerable to crossite scripting.
 GRUB 2 password bypass
document Error in password protection allows to boot system by guessing first character of the password.
 HP OpenView NNM multiple security vulnerabilities
updated since 09.12.2009
document Multiple vulnerabilities in different CGI applications.
  


09.12.2009
Detailed
8!Adobe Flash Player multiple security vulnerabilities
document Buffer overflow on JPEG parsing, integer overflow on ActionScript execution.
7!Microsoft Internet Authentication Service multiple security vulnerabilities
document MS-CHAP authentication bypass, memory corruption.
7!Microsoft Windows Active Directory Federation Service multiple security vulnerabilities
document Code execution, session hijack.
7!Microsoft Windows DoS
document LSASS DoS on ISAKMP IPSec messages parsing.
6!Microsoft Project memory corruption
document Memory corruption on Microsoft Office files parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 ntp server DoS
document NTP packet from the spoofed address of server itself causes resources exhaustion.
 HP OpenView Data Protector Application Recovery Manager DoS
updated since 08.12.2009
   
 U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) privilege escalation
updated since 04.12.2009
document Application executes all executables with predefined names found in system.
 Mozilla Firefox dialog spoofing
document It's possible to spoof form URL.
  


08.12.2009
Detailed
6!Novell iPrint Client multiple security vulnerabilities
document Buffer overflows in ActiveX.
 CoreHTTP Web server buffer overflow
document Off-by-one buffer overflow on request method handling.
  


04.12.2009
Detailed
7!FreeBSD privilege escalation
updated since 01.12.2009
document It's possible to bypass environment variables filtering on suid program execution.
 DevIL library buffer overflow
document Buffer overflow in GetUID() function on DICOM image format parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 freebsd-update weak permissions
document Read permission is always set for updated files.
 QEMU virtual machines DoS
document Invalid configuration of virtio network.
 PHP multiple security vulnerabilities
updated since 24.11.2009
document safe_mode bypass via different functions.
 DAZ Studio code execution
document Code execution via .ds, .dsa, .dse, .dsb.
  


02.12.2009
Detailed
6!Crossite scripting in multiple SSL VPN applications
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Lateral Arts Photobox ActiveX buffer overflows
document Buffer overflows in different object's properties.
 Roxio Creator integer overflow
document Integer overflow via image dimensions.
  


01.12.2009
Detailed
6!PHP multiple security vulnerabilities
document Multiple buffer overflows, memory corruptions and DoS conditions.
 Asterisk RTP DoS
document Crash on RTP comfort noise payload processing.
 Dovecot weak permissions
document Weak permissions during installation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Eureka Mail buffer overflow
updated since 26.10.2009
document Buffer overflow on POP3 / SMTP server response parsing.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru