Computer Security
[EN] securityvulns.ru no-pyccku



18.12.2012
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 aptdaemon key validation vulnerability
document PPA GPG key is validated incorrectly.
  


17.12.2012
Detailed
6!VMWare View directory traversal
document VMware View Connection Server directory traversal.
 unity firefox extension crossorigin policy bypass
   
 Nova information leakage
document LVM images are not cleared on reallocation.
 btrfs DoS
document DoS via reproducable hash collisions.
  


13.12.2012
Detailed
9!Microsoft Windows multiple security vulnerabilities
document Buffer overflow on OpenType and TrueType fonts parsing, memory corruption on filname handling, DirectPlay buffer overflow, DirectAccess IP-HTTPS insufficient certificate check.
7!Microsoft Internet Explorer multiple security vulnerabilities
document Few use-after-free vulnerabilities.
6!Microsoft Word memory corruption
document Memory corruption on RTF parsing
 Microsoft Exchange DoS
document Invalid RSS feeds processing.
 apt information leakage
document Weak term.log file permission
  


12.12.2012
Detailed
7!gobofilter buffer overflow
document Buffer overflow on base64 parsing.
7!Linux kernel IPv6 filterin bypass
document It's possible to bypass filtering with overlapping fragments.
6!Maxthon and Avant browsers multiple security vulnerabilities
document Crossite scripting, information leakage, code execution.
 Internet Explorer information leakage
document Page can track any mouse movements, even behind the page.
 HP OpenVMS DoS
document DoS via LOGIN and ACME_LOGIN
  


11.12.2012
Detailed
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Snare multiple security vulnerabilities
document Information leakage, CSRF, XSS.
 DIMIN Viewer memory corruption
document Memory corruption on GIF parsing.
 Contaware FreeVimager memory corruption
document Memory corruption on GIF parsing.
 GNU GIMP memory corruption
document Memory corruption on XWD files parsing.
  


10.12.2012
Detailed
6!Microsoft Internet Explorer 7 memory corruption
document Memory corruption on redirection to data: uri containing some tags.
 FortiGate FortiWeb crossite scripting
document Few crossite scripting vulnerabilities.
 FortiGate FortiDB crossite scripting
document Few crossite scripting vulnerabilities.
 RSA NetWitness Informer multiple security vulnerabilities
document Web interface multiple vulnerabilities.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Forescout NAC multiple security vulnerabilities
updated since 03.12.2012
document Crossite scripting, protection bypass.
 OpenStack security vulnerabilities
updated since 29.10.2012
document User authorization vulnerabilities.
 RIM BlackBerry PlayBook information leakage
document Local HTML file can send any data outside.
  


09.12.2012
Detailed
6!Nagios XI security vulnerabilities
document Commands injection, SQL injection.
6!IBM Director code execution
document It's possible to load DLL from any location.
6!FreeSSHD / FreeFTPD authentication bypass
document Authentication results are not checked then client starts ssh session.
6!TVMOBiLi media server buffer overflow
document Buffer overflow while processing TCP/30888 GET request, multiple DoS conditions.
6!HP Intelligent Management Center User Access Manager unauthorized access
document uam.exe buffer overflow
 SonicWALL Continues Data Protection multiple security vulnerabilities
document Multiple web interface vulnerabilities.
 splunk DoS
document Crash on malcrafted packet.
 F5 FirePass SSL VPN information leakage
document CitrixAuth.php local files inclusion.
 HP LaserJet Pro 400 MFP unauthorized access
   
 HP Network Node Manager I unauthorized access
   
 xen multiple security vulnerabilities
document Multiple DoS conditions.
 python keyring weak cryptography
document Insecure cipher initializaton
 HP Integrated Lights-Out information leakage
   
 HP LaserJet printers crossite scripting
   
  


07.12.2012
Detailed
8!MySQL multiple security vulnerabilities
updated since 04.12.2012
document Buffer overflows, information leakage, privilege escalation, DoS.
 Apache Tomcat multiple security vulnerabilities
document Protection bypass, DoS.
 CUPS privilege escalation
document Weak permissions for configuration files.
 libtiff library DoS
document Crash on malformed DOTRANGE tag.
  


06.12.2012
Detailed
 CA XCOM code execution
   
 libxml2 buffer overflow
document Heap buffer overflow in xmlParseAttValueComplex
 ISC bind DoS
document Crash on malcrafted request processing if DNS64 option is enabled.
  


03.12.2012
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 26.11.2012
document Multiple memory corruptions, buffer overflows, privilege escalations and protection bypass.
6!MurmurHash algorythm vulnerabilities
document It's easy to predict collisions.
 EMC Smarts Network Configuration Manager security vulnerabilities
document Hardcoded ecnryption key, default unauthenticated connections.
 RSA Adaptive Authentication crossite scripting
   
 rssh security vulnerabilities
document Multiple environment limitation bypass possibilities.
 Safend Data Protector information leakage
document Private key is logged into user readable file.
  


02.12.2012
Detailed
8!libssh multiple security vulnerabilities
document Multiple memory corruptions.
8!Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
updated since 22.04.2012
document Over 90 vulnerabilities in different applications are fixed by quarterly update.
7!perl multiple security vulnerabilities
document Buffer overflow in decode_xs, Digest constructor buffer veorflow, x operator buffer overflow, CGI.pm headers injection.
6!Symantec Messaging Gateway multiple security vulnerabilities
updated since 19.09.2012
document Information leakage, crossite scripting, crossite requests forgery.
6!TrendMicro DataArmor / DriveArmor multiple security vulnerabilities
updated since 14.02.2012
document Restriction bypass, privilege escalation, encrypted data access.
 Apple TV security vulnerabilities
document Information leakage, code execution.
 lynx security vulnerabilities
document Buffer oveflow, insufficient certificate check.
 Linux security vulnerabilities
document Information leakage, DoS.
 Apache security vulnerabilities
document mod_proxy_ajp DoS vulnerabilities, TLS message length information leakage.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod