Computer Security
[EN] securityvulns.ru no-pyccku



30.12.2014
Detailed
6!mime-support shell characters injection
document run-mailcap special shell characters injection.
 PolarSSL DoS
document Memory leak on certificate parsing.
  


29.12.2014
Detailed
6!EMC RSA Adaptive Authentication authentication bypass
document Incorrect processing for device binding challenge.
 Samsung SyncThru Web Service unauthenticated access
document User's account is not checked.
 Apache CloudStac authentication bypass
document Password is not checked for LDAP binds.
 Technicolor DT5130 routers multiple security vulnerabilities
document Code execution, crossite scripting, open redirect.
 EMC Isilon InsightIQ crossite scripting
document 
 EMC RSA Archer multiple security vulnerabilities
document Crossite scripting, JRE vulnerabilities.
 Mobilis MobiConnect 3G ZDServer privilege escalation
document Weak permissions for system service and executable files.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Different iOS applications vulnerabilities
updated since 31.03.2014
document Information leaks, code execution, protection bypass, etc.
 EMC RSA Authentication Manager open redirect
document 
  


23.12.2014
Detailed
6!PHP security vulnerabilities
document Use-after-free in unserialize()
 Firebird DoS
document NULL pointer dereference.
 SoX buffer overflows
document Buffer overflows on wav parsing.
  


22.12.2014
Detailed
7!Different mailx versions security vulnerabilities
document Shell characters injection.
7!SAP applications multiple security vulnerabilities
updated since 04.08.2014
document Unauthorized access, crossite scripting, backdoor account, authentication bypass, unencrypted password transfer.
6!Mozilla nss information leakage
document Information leakage in QuickDER decoder.
6!ettercap multiple security vulnerabilities
document Multiple memory corruptions in different protocols dissectors.
6!NetIQ Access Manager multiple security vulnerabilities
document XXE, CSRF, XXS, information leakage.
 getmail security vulnerabilities
document Multiple vulnerabilities in certificates check.
 c-icap DoS
document Few different DoS conditions.
 libYAML DoS
document Assertion on strings parsing.
 GNU cpio buffer overflow
document Buffer overflow in process_copy_in() function.
 RPM security vulnerabilities
document Integer oveflow, code execution.
 Ekahau Real-Time Location Tracking System weak encryption
document It's possible to read and generate messages.
 Apache mod_wsgi privilege escalation
document Invalid error processing can lead to privilege escalation.
 CA LISA Release Automation multiple security vulnerabilities
document XSS, CSRF, SQL injection.
 HP OpenVMS POP3 DoS
document 
 GParted code execution
document Commands injections.
 NetIQ eDirectory NDS iMonitor security vulnerabilities
document Crossite scripting, information leakage.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Apple Xcode git client unauthorized files access
document Invali processing of characters case in special files names.
 Docker multiple security vulnerabilities
updated since 01.12.2014
document Symbolic links vulnerability, directory traversal, privilege escalation.
  


21.12.2014
Detailed
7!Apple Safari / Webkit multiple security vulnerabilities
updated since 11.12.2014
document Multiple memory corruptions.
7!Linux kernel multiple security vulnerabilities
updated since 11.12.2014
document DoS via SCTP, TechnoTrend/Hauppauge DEC USB driver buffer overflow, invalid registers handling in x86, ASLR bypass.
7!Apple iOS multiple security vulnerabilities
updated since 24.11.2014
document Information leakage, unsigned code execution, code execution, restrictions bypass, memory corruption.
  


11.12.2014
Detailed
8!X.Org X server and video drivers multiple security vulnerabilities
document Multiple memory corruptions and privilege escalations.
6!unbound DoS
document Resources exhaustion on recursive requests handling.
6!PowerDNS Recursor DoS
document Resources exhaustion.
6!SGI Tempo multiple security vulnerabilities
document Privilege escalation, information leakage.
 HP Smart Update Manager information disclosure
document 
 VMware vSphere multiple security vulnerabilities
document Crossite scripting, certificate validation issues, vulnerabilities in 3rd party packages.
 VMware vCloud Automation Center privilege escalation
document Privilege escalation via "Connect (by) Using VMRC" functionality.
 VMWare AirWatch information disclosure
document It's possible to access information of different tenant.
 Asterisk DoS
document WebSocket Server request parsing DoS.
 graphviz memory corruption
document Format string vulnerability on graphics format parsing.
  


10.12.2014
Detailed
7!FreeBSD stdlib fflush vulnereability
document Under some condition, heap buffer overflow can be caused by invalid fflush() behavior.
7!ISC bind named DoS
document Crash on recursive query parsing. Crash on GeoIP handling.
  


09.12.2014
Detailed
6!OpenSSL multiple security vulnerabilities
updated since 17.10.2014
document Poodle attack. Protocol version downgrade to SSL 3.0. Memory leaks in SRTP and session tickets. Insufficient no-ssl3 protection. Data leakage via padding attack.
  


08.12.2014
Detailed
8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Memory corruptions, buffer overflows, information leakage, DoS, privilege escalation.
6!qemu multiple security vulnerabilities
updated since 13.10.2014
document Multiple memory corruptions, DoS, information leakage.
  


03.12.2014
Detailed
 tcpdump multiple security vulnerabilities
document DoS, code execution, information leakage.
  


02.12.2014
Detailed
6!IBM Endpoint Manager code execution
document Code execution in Mobile Device Management Components.
 OpenVPN DoS
document DoS after authentication via control characters.
 D-Link DAP-1360 multiple security vulnerabilities
updated since 10.11.2014
document Crossite request forgery, information leakage, crossite scripting in web interface.
  


01.12.2014
Detailed
6!OpenStack multiple security vulnerabilities
document OpenStack Cinder information leakage, Keystone information leakage, Nova information leakage and restrictions bypass, Neutron restrictions bypass.
6!HP-UX authentication bypass
document HP-UX libpam_updbe authentication bypass.
 NetFlow Analyzer security vulnerabilities
document Directory traversal.
 mutt DoS
document Crash on password parsing.
 PicsArt Photo Studio missed SSL certificate check
document 
 KDE Konversation / Quassel IRC memory corruption
document Memory corruption on ECB decryption.
 KDE Clock KCM privilege escalation
document 
 HP Helion Cloud Development Platform restriction bypass
document Same key is used in different installations.
 MercadoLibre missing SSL certificate checks
document 
 Advantech EKI-6340 code execution
document Shell commands injection in Web interface.
 Advantech WebAccess buffer overflow
document ActiveX buffer overflow.
 Oxide multiple security vulnerabilities
document Multiple memory corruptions.
 Codemeter privilege escalation
document Weak service privileges.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Alcatel Lucent 1830 Photonic Service Switch XSS
document XSS in web interface.
 EntryPass N5200 information leakage
document Memory content leakage.
 Prey Anti-theft missing SSL certificate check
document 
 Advantech AdamView buffer overflow
document Buffer overflow on .gni files parsing.
 sniffit buffer overflow
document Buffer overflow in configuration file.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod