Computer Security
[EN] securityvulns.ru no-pyccku



30.12.2013
Detailed
9!Microsoft Windows multiple security vulnerabilities
updated since 16.12.2013
document Memory corruption in graphics library, signature check bypass, use-after-free in scripting, multiple privilege escalations.
7!PHP memory corruption
updated since 24.12.2013
document Memory corruption in asn1_time_to_time_t()
6!libtar integer overflows
document Few integer overflows.
 iOS applications multiple seucrity vulnereabilities
updated since 15.07.2013
document Multiple application with remote data access are vulnerable.
  


24.12.2013
Detailed
8!Asterisk security vulnerabilities
document SMS parsing buffer overflow, Asterisk Manager privilege escalation.
8!Apple Safari multiple security vulnerabilities
document Information leakage, multiple memory corruptions.
 QT resources exhaustion
document Resources exhaustion leads to denial of service.
 Wireshark DoS
document Problems with NTLMSSPv2 and BSSGP dissectors.
 VMWare ESX / ESXi privilege escalation
document Files access privilege escalation.
 denyhosts DoS
document Invalid regular expression can be exploited to ban arbitrary IP address.
 llvm unsafe rpath
document rpath is set to /tmp
 RealPlayer buffer overflow
document Buffer overflow on RMP files parsing.
 Apple Motion buffer overflow
document Buffer overflow on .motn files parsing.
 libiodbc rpath vulnerability
document Unsafe rpath vulnerability in test applications.
  


23.12.2013
Detailed
9!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, XSS, information leakage, certificate check bypass.
8!Linux kernel multiple security vulnerabilities
updated since 09.12.2013
document Weak permissions, information leakage, privilege escalation, DoS.
7!ANSSI certificate is used for spoofing
document ANSSI agency uses valid intermediate certificate in traffic sniffing device.
7!OpenStack multiple security vulnerabilities
updated since 28.10.2013
document DoS, information leakage.
6!GnuPG acoustic attack
document It's possible to resover sensitive information via acousitc emanations.
 X.Org integer overflow
document Integer overflow.
 cURL certificates spoofing
updated since 26.11.2013
document Имя хоста не проверяется при включенном CURLOPT_SSL_VERIFYPEER.
  


16.12.2013
Detailed
9!Microsoft Exchange Server multiple security vulnerabilities
document Machine authentication check code execution, crossite scripting, Oracle components code execution.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruption and privilege escalations.
7!Microsoft SharePoint code execution
document It's possible to executed code via SharePoint page content.
6!Microsoft Office security vulnerabilities
document Informatio leakage on Sharepoint files access, Microsoft Office Shared Component information leakage.
 Microsoft SignalR library crossite scripting
document Forever Frame transport crossite scripting.
  


09.12.2013
Detailed
9!Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
updated since 26.11.2013
document Quarterly update fixes over 130 vulnerabilities in different products.
8!Chromium / Google Chrome multiple security vulnerabilities
document Address spoofing, memory corruptions, buffer overflows.
8!OpenSSL multiple security vulnerabilities
document NULL pointer dereference, off-by one buffer overflow, DoS.
7!libjpeg multiple security vulnerabilities
updated since 26.11.2013
document Buffer overflow, uninitialized memory reference.
6!Apple iPhone / iPad multiple securit vulnerabilities
updated since 01.10.2013
document Multiple vulnerabilities in different system components.
 Cisco Security Monitoring, Analysis and Response System crossite scripting
document Crossite scripting in web interface.
 Belkin NetCam backdoor
document Unchangable account.
 OpenVAS Manager / OpenVAS Administrator authentication bypass
document Access to some commands is not authenticated.
 VMWare privilege escalation
document Privilege escalation in the guest system via LGTOSYNC.SYS.
 pixman integer overflow
   
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 D-Link routers multiple security vulnerabilities
updated since 10.07.2013
document Shell characters injection, authentication bypass.
 GNU GIMP memory corruption
document Memory corruption on XWD files parsing.
 Osirix information leakage
document Secret key is copied into file.
 Pineapp MailSecure code execution
document Code execution via web interface.
 Intersystems Cache code execution
document Insecure default installation.
 SKIDATA RFID Freemotion.Gate code execution
document Code execution via TCP/7777 web interface.
  


02.12.2013
Detailed
 links browser integer overflow
document Integer overflow on HTML tables parsing.
  


01.12.2013
Detailed
8!quagga security vulnerabilities
document OSPF parsing buffer overflow, BGP DoS.
7!glibc security vulnerabilities
updated since 03.10.2013
document Integer overflows in pvalloc, valloc, posix_memalign/memalign/aligned_alloc, invalid PTR_MANGLE implementation, getaddrinfo() stack overflow, strcoll_l.c integer overflow and buffer overflow.
6!nbd privilege escalation
document Invalid access control lists processing.
6!HP Service Manager / HP ServiceCenter multiple security vulnerabilities
updated since 05.11.2013
document Code execution, privilege escalation, information leakage, XSS.
6!Ruckus protection bypass
updated since 17.06.2013
document It's possible to relay ssh connections without authentication, Web interface authentication bypass, crossite scripting.
 Sup-mail commands injection
document It's possible to inject commands via filename and Content-Type.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod