Computer Security
[EN] securityvulns.ru
no-pyccku

  


26.12.2011
Detailed
9!Microsoft Windows multiple security vulnerabilities
updated since 15.12.2011
document Buffer overflow on TTF fonts parsing, OLE objects memory corruption, CSRSS and kernel privilege escalations, ActiveX code execution.
9!Adobe Flash Player multiple security vulnerabilities
updated since 11.11.2011
document Multiple memory corruptions, buffer overflows, crossite data access.
6!Enterasys NetSight buffer overflow
document nssyslogd buffer overflow on UDP/514 packet parsing.
6!Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.12.2011
document Information leakage, insecure library loading.
 WhatsApp messenging protocol multiple security vulnerabilities
document Unauthroized user status change, registration bypass, cleartext data transmission.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 WellinTech KingView buffer overflow
document Buffer overflow on TCP/777 request parsing.
 pfSense invalid certificates issue
document All certificates are issued with CA:true flag.
 Unbound DNS resolver DoS conditions
document Different denial of service conditions
 IBM TS3100 / IBM TS3200 tape libraries authentication bypass
document Authentication bypass in Web interface.
 libarchive library buffer overflow
document Buffer overflow on ISO 9660 image parsing.
 tor buffer overflows
document Heap buffer overflow on SOCKS request parsing.
 Asterisk SIP processing security vulnerabilities
updated since 11.12.2011
document DoS, information leakage.
 Google Crome for Androind certificate information spoofing
document It's possible to spoof certificate information by using IFRAME.
  


22.12.2011
Detailed
9!Microsoft Windows win32k.sys memory corruption
document Integer overflow on the frame with large height.
  


19.12.2011
Detailed
8!Adobe Acrobat / Reader multiple security vulnerabilities
document Vulnerabilities are used in-the-wild for unauthorized access
6!Restorepoint security vulnerabilities
document Code execution, privileg escalation.
6!Websense multiple security vulnerabilities
document Code execution, crossite scripting.
6!libxml library security vulnerabilities
document Buffer overflow, unallocated memory reference.
6!Microsoft Windows multiple applications DLL hijacking
updated since 26.08.2010
document If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory.
 EMC RSA Adaptive Authentication (On-Premise) security vulnerabilities
document Protection bypass is possible.
 zFTPServer irectory traversal
document Directory traversal in rmdir command.
 JasPer library security vulnerabilities
document Buffer overflow and memory corruption on JPEG2000 parsing.
 Nova unauthroized access
document It's possible to overwrite files.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 bzip2 bzexe symbolic links vulnerability
document Insecure temporary files creation.
 libpurple / Pidgin DoS
updated since 27.11.2011
document Crash on SILC protocol parsing, crash on OSCAR parsing (AIM, ICQ).
 Sterling Trader integer overflow
updated since 02.10.2011
document Interger overflow on network request parsing.
 libcap protection bypass
document chdir() is not called after chroot().
  


15.12.2011
Detailed
7!Microsoft Office multiple security vulnerabilities
document Privilege escalation, use-after-free, insecure DLL loading, memory corruption.
6!Microsoft Active Directory buffer overflow
document Buffer overflow on LDAP request parsing.
 Microsoft Windows Media memory corruption
document Memory corruption on .dvr-ms files parsing.
  


12.12.2011
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Linux kernel multiple security vulnerabilities
document Multiple vulnerabilities in file systems implementations.
 ACPI scripts privilege escalation
document invalid power button events processing, invalid umsk handling.
 WinAmp integer overflows
document Different integer overflows in AVI parsing.
 colord SQL injection
document 
 Dovecot insufficient SSL certificates validation
document Insuficcient certificate validation if used as an SSL proxy.
  


11.12.2011
Detailed
7!RealNetworks RealPlayer multiple security vulnerabilities
updated since 05.12.2011
document Multiple vulnerabilities on different media formats parsing.
6!Trend Micro Control Manager buffer overflow
document Buffer overflow on TCP/20101 request parsing.
 chasen library buffer overflow
document Buffer overflow on text string parsing.
 ISC DHCP DoS
document Incorrect regular expressions handling.
 HP Application Lifestyle Management symbolic links vulnerability
document Insecurty temporary files creation.
 CA SiteMidner crossite scripting
document login.fcc crossite scripting
 Novell ZENworks Asset Management directory traversal
updated since 14.04.2011
document Directory traversal on file upload.
 HTC Touch2 memory corruption
document Memory corruption on 3g2 video files processing.
  


07.12.2011
Detailed
 Serv-U FTP server security vulnerabilities
document Resource exhaustion, administrative session hijacking.
 MIT Kerberos 5 DoS
document TGS Null pointer dereference. TGS assertion failure.
  


05.12.2011
Detailed
7!Multiple HP printers unauthorized access
document Remote Firmware Update option is enabled by default and allows to replace firmware via TCP/9100.
6!Siemens Automation License Manager multiple security vulnerabilities
document Code execution, unauthorized files access, DoS.
 Siemens SIMATIC WinCC flexible multiple security vulnerabilities
document HmiLoad and miniweb multiple security vulnerabilities.
 Oxide M0N0X1D3 HTTP server directory traversal
document There are multiple weays to download arbitrary files.
 3S CoDeSys multiple security vulnerabilities
document Buffer overflow, integer overflow, DoS conditions.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 04.12.2011
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


04.12.2011
Detailed
9!FreeBSD libc code execution
document lib/nss_compat.so.1 library in chroot environment is loaded. Vulnerability is used in-the-wild remotely against FTP-servers.
8!glibc multiple security vulnerabilities
document Privilege escalation via shared libraries, fnmatch() buffer overflow, DoS conditions, crypt() blowfish weak ecnryption implementation.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru