Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.01.2015
Source:
SecurityVulns ID:14189
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : Cforms 14.7
 MANTIS : mantis 1.2
 OSCLASS : OsClass 3.4
 SYMANTEC : Symantec Web Gateway 5.2
CVE:CVE-2014-8085 (Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.)
 CVE-2014-8084 (Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.)
 CVE-2014-8083 (SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.)
 CVE-2014-7862
 CVE-2014-7285 (The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.)
 CVE-2014-7146 (The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.)
Original documentdocumentz.fedotkin_(at)_infosec.ru, Remote Code Execution via Unauthorised File upload in Cforms 14.7 (02.01.2015)
 documentPedro Ribeiro, [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central (02.01.2015)
 documentEgidio Romano, [KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability (02.01.2015)
 documentEgidio Romano, [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability (02.01.2015)
 documentEgidio Romano, [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability (02.01.2015)
 documentEgidio Romano, [KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability (02.01.2015)
 documentEgidio Romano, [KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability (02.01.2015)

EMC RSA BSAFE triple handhsake TLS attacks
Published:02.01.2015
Source:
SecurityVulns ID:14190
Type:m-i-t-m
Threat Level:
7/10
Description:Certificate is not validated on renegotiation.
Affected:EMC : RSA BSAFE Micro Edition Suite 4.1
 EMC : RSA BSAFE SSL-J 6.1
CVE:CVE-2014-4630 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack.")
Original documentdocumentEMC, ESA-2014-158: RSA BSAFEĀ® Micro Edition Suite and SSL-J Triple Handshake Vulnerability (02.01.2015)

EMC Replication Manager / EMC AppSync privilege escalation
Published:02.01.2015
Source:
SecurityVulns ID:14191
Type:remote
Threat Level:
5/10
Description:Registry path is stored without quotes.
Affected:EMC : EMC Replication Manager 5.5
 EMC : EMC AppSync 2.1
CVE:CVE-2014-4634 (Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.)
Original documentdocumentEMC, ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability (02.01.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod