Computer Security
[EN] securityvulns.ru no-pyccku


file utility / libmagic / PHP DoS
updated since 18.02.2014
Published:04.05.2014
Source:
SecurityVulns ID:13572
Type:library
Threat Level:
5/10
Description:Infinite recursion on some file types detection, buffer overread, CPU exhaustion.
Affected:FILE : file 5.11
CVE:CVE-2014-2270 (softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.)
 CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.)
 CVE-2013-7345 (The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.)
Original documentdocumentSLACKWARE, [slackware-security] php (SSA:2014-111-02) (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2873-1] file security update (13.03.2014)
 documentDEBIAN, [SECURITY] [DSA 2861-1] file security update (18.02.2014)

libmms buffer overflow
Published:04.05.2014
Source:
SecurityVulns ID:13704
Type:library
Threat Level:
6/10
Description:Buffer overflow in get_answer() on MMS over HTTP processing.
Affected:LIBMMS : libmms 0.6
CVE:CVE-2014-2892 (Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2916-1] libmms security update (04.05.2014)

CUPS crossite scripting
Published:04.05.2014
Source:
SecurityVulns ID:13707
Type:remote
Threat Level:
5/10
Description:Crossite scripting in Web interface.
Affected:CUPS : cups 1.7
CVE:CVE-2014-2856 (Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.)
Original documentdocumentUBUNTU, [USN-2172-1] CUPS vulnerability (04.05.2014)

HP iLO DoS
Published:04.05.2014
Source:
SecurityVulns ID:13708
Type:remote
Threat Level:
5/10
Description:Device crashes on request with Hearbleed exploitation demonstration.
Affected:HP : iLO 2
CVE:CVE-2014-2601 (The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.)
 CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.)
Original documentdocumentHP, [security bulletin] HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service (04.05.2014)

FreeBSD bfs deadlock
Published:04.05.2014
Source:
SecurityVulns ID:13709
Type:remote
Threat Level:
5/10
Description:It's possible to cause deadlock on valid operations order.
Affected:FREEBSD : FreeBSD 8.4
 FREEBSD : FreeBSD 9.2
 FREEBSD : FreeBSD 10.0
CVE:CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:05.nfsserver (04.05.2014)

rsync DoS
Published:04.05.2014
Source:
SecurityVulns ID:13710
Type:library
Threat Level:
4/10
Description:Resourcs exhaustion.
Affected:RSYNC : rsync 3.1
CVE:CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.)
Original documentdocumentUBUNTU, [USN-2171-1] rsync vulnerability (04.05.2014)

Apple iOS multiple security vulnerabilities
Published:04.05.2014
Source:
SecurityVulns ID:13712
Type:library
Threat Level:
7/10
Description:Unsafe cookie handling, protection ypass, information leakage, multiple WebKit vulnerabilities.
Affected:APPLE : Apple iOS 7.1
CVE:CVE-2014-1713 (Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.)
 CVE-2014-1320 (IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.)
 CVE-2014-1313 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1312 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1311 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1310 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1309 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1308 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1307 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1305 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1304 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1303 (Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.)
 CVE-2014-1302 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1300 (Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.)
 CVE-2014-1299 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1298 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.)
 CVE-2014-1295 (Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack.")
 CVE-2013-2871 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.)
Original documentdocumentAPPLE, APPLE-SA-2014-04-22-2 iOS 7.1.1 (04.05.2014)

Apple TV multiple security vulnerabitilies
Published:04.05.2014
Source:
SecurityVulns ID:13713
Type:library
Threat Level:
6/10
Description:Unsafe cookie handling, protection ypass, information leakage, multiple WebKit vulnerabilities.
Affected:APPLE : Apple TV 6.1
CVE:CVE-2014-1713 (Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.)
 CVE-2014-1320 (IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.)
 CVE-2014-1313 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1312 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1311 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1310 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1309 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1308 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1307 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1305 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1304 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1303 (Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.)
 CVE-2014-1302 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1300 (Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.)
 CVE-2014-1299 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1298 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.)
 CVE-2014-1295 (Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack.")
 CVE-2013-2871 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.)
Original documentdocumentAPPLE, APPLE-SA-2014-04-22-3 Apple TV 6.1.1 (04.05.2014)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.05.2014
Source:
SecurityVulns ID:13714
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OPENDOCMAN : OpenDocMan 1.2
 APACHE : Archiva 1.3
 KNOWLEDGETREE : KnowledgeTree 3.7
 CGILUA : CGILua 5.2
 TYPO3 : si_bibtex 0.2
 DRUPAL : Drupal 7.26
 DRUPAL : Drupal 6.30
 DRUPAL : VideoWhisper 7
 LIVETEX : Timelive 6.5
 DOMPDF : dompdf 0.6
 DJANGO : django 1.7
 MODX : MODX Revolution 2.2
 BUGZILLA : Bugzilla 4.5
 EKTRON : Ektron CMS 8.7
 XCLONER : XCloner Standalone 3.5
 ORBITSCRIPTS : Orbit Open Ad Server 1.1
 XCLONER : XCloner Wordpress plugin 3.1
 CMSIMPLE : CMSimple 3.54
 OPENCLASSIFIEDS : Open Classifieds 2.1
 ILCH : Ilch CMS 2.0
 ADROTATE : AdRotate 3.9
 APACHE : Syncope 1.1
 WORDPRESS : Js-Multi-Hotel 2.2
 CU3ER : CU3ER 1.24
 WORDPRESS : Wordpress 3.8
CVE:CVE-2014-2983 (Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.)
 CVE-2014-2875
 CVE-2014-2737 (SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.)
 CVE-2014-2736 (Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.)
 CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.)
 CVE-2014-2715 (Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.php.)
 CVE-2014-2654 (Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/.)
 CVE-2014-2579 (Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.)
 CVE-2014-2540 (SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.)
 CVE-2014-2383 (dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.)
 CVE-2014-2340 (Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.)
 CVE-2014-2219 (Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter.)
 CVE-2014-2042 (Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.)
 CVE-2014-2024 (Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.)
 CVE-2014-1946
 CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.)
 CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.)
 CVE-2014-1908 (The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.)
 CVE-2014-1907 (Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.)
 CVE-2014-1906 (Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.)
 CVE-2014-1905 (Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.)
 CVE-2014-1854 (SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.)
 CVE-2014-1517 (The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.)
 CVE-2014-1217 (Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.)
 CVE-2014-0472 (The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path.")
 CVE-2014-0166 (The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.)
 CVE-2014-0111 (Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings.")
 CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.)
 CVE-2013-2187 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.)
Original documentdocumentMustLive, Multiple vulnerabilities in Flexolio for WordPress (04.05.2014)
 documentMustLive, Multiple vulnerabilities in Js-Multi-Hotel for WordPress (04.05.2014)
 documentMustLive, XSS and FPD vulnerabilities in Js-Multi-Hotel for WordPress (04.05.2014)
 documentMustLive, Vulnerabilities in Js-Multi-Hotel for WordPress (04.05.2014)
 documentMustLive, Multiple vulnerabilities in Joomla-Base (04.05.2014)
 documentMustLive, Multiple vulnerabilities in JoomLeague for Joomla (04.05.2014)
 documentMustLive, XSS and CS vulnerabilities in DSMS (04.05.2014)
 documentMustLive, DoS via tables corruption in WordPress (04.05.2014)
 documentMustLive, New vulnerabilities in Google Maps plugin for Joomla (04.05.2014)
 documentMustLive, Vulnerabilities in plugins with CU3ER for WordPress, Joomla, SilverStripe and Plone (04.05.2014)
 documentMustLive, CS and XSS vulnerabilities in CU3ER (04.05.2014)
 documentMustLive, CS, XSS and FPD vulnerabilities in multiple plugins with CU3ER for WordPress (04.05.2014)
 documentAPACHE, [SECURITY] CVE-2014-0111 Apache Syncope (04.05.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in AdRotate (04.05.2014)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin (04.05.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Ilch CMS (04.05.2014)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in OpenDocMan (04.05.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Open Classifieds (04.05.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in CMSimple (04.05.2014)
 documentHigh-Tech Bridge Security Research, –°ross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin (04.05.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in Orbit Open Ad Server (04.05.2014)
 documentHigh-Tech Bridge Security Research, –°ross-Site Request Forgery (CSRF) in XCloner Standalone (04.05.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in mAdserve (04.05.2014)
 documentwebmaster_(at)_josephzeng.com, [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7 (04.05.2014)
 documentLpSolit_(at)_gmail.com, Security advisory for Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12 (04.05.2014)
 documentAPACHE, [SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution (04.05.2014)
 documentAPACHE, [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability (04.05.2014)
 documentcraig.arendt_(at)_stratumsecurity.com, Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl (04.05.2014)
 documentcraig.arendt_(at)_stratumsecurity.com, Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2 (04.05.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-2383 - Arbitrary file read in dompdf (04.05.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive (04.05.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive (04.05.2014)
 documentmdgh9_(at)_yahoo.com, [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2914-1] drupal6 security update (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2913-1] drupal7 security update (04.05.2014)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex (04.05.2014)
 documentFelipe M. Aragon, Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability (04.05.2014)

Sitecom routers predictable WAP key
Published:04.05.2014
Source:
SecurityVulns ID:13715
Type:remote
Threat Level:
4/10
Description:Default WAP key can be computed from device MAC address.
Affected:SITECOM : Sitecom WLR-4000
 SITECOM : Sitecom WLR-4004
Original documentdocumentroberto.paleari_(at)_emaze.net, Weak firmware encryption and predictable WPA key on Sitecom routers (04.05.2014)

WD Arkeia Network Backup security vulnerabilities
Published:04.05.2014
Source:
SecurityVulns ID:13716
Type:remote
Threat Level:
5/10
Description:Code execution, directory traversal.
Affected:WD : Arkeia 10.2
CVE:CVE-2014-2846 (Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances (04.05.2014)

Ruby Actionpack / Actionmailer multiple security vulnerabilities
Published:04.05.2014
Source:
SecurityVulns ID:13717
Type:library
Threat Level:
5/10
Description:DoS, crossite scripting.
Affected:RUBY : Ruby on Rails 4.0
CVE:CVE-2013-6417 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.)
 CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.)
 CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.)
 CVE-2013-4491 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.)
 CVE-2013-4389 (Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update (04.05.2014)

json-c security vulnerabilities
Published:04.05.2014
Source:
SecurityVulns ID:13718
Type:library
Threat Level:
5/10
Description:Buffer overflow, weak hashing algorithm.
Affected:JSONC : json-c 0.11
CVE:CVE-2013-6371 (The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.)
 CVE-2013-6370 (Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:079 ] json-c (04.05.2014)

McAfee Security Scanner Plus privilege escalation
Published:04.05.2014
Source:
SecurityVulns ID:13719
Type:local
Threat Level:
4/10
Description:Privilege escalation via executable spoofing.
Original documentdocumentStefan Kanthak, Buggy insecure "security" software executes rogue binary during installation and uninstallation (04.05.2014)

PCNetSoftware RAC Server DoS
Published:04.05.2014
Source:
SecurityVulns ID:13720
Type:local
Threat Level:
4/10
Description:DoS via IOCTL call.
Affected:PCNETWOFTWARE : RAC Server 4.0
CVE:CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys, which triggers a buffer over-read.)
Original documentdocumentadvisories_(at)_portcullis-security.com, CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server (04.05.2014)

SAP Router timing attacks information leakage
Published:04.05.2014
Source:
SecurityVulns ID:13721
Type:remote
Threat Level:
5/10
Description:It's possible to find a valid password via statistical attacks.
Affected:SAP : SAP Router 721
CVE:CVE-2014-0984 (The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtrain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2014-0003] - SAP Router Password Timing Attack (04.05.2014)

EMC Cloud Tiering Appliance information leakage
Published:04.05.2014
Source:
SecurityVulns ID:13722
Type:remote
Threat Level:
6/10
Description:XML External Entity information leakage.
Affected:EMC : Cloud Tiering Appliance 10
CVE:CVE-2014-0645 (EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.)
 CVE-2014-0644 (EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.)
Original documentdocumentEMC, ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities (04.05.2014)

WinSCP proteciton bypass
Published:04.05.2014
Source:
SecurityVulns ID:13723
Type:m-i-t-m
Threat Level:
5/10
Description:Server X.509 certificate is not validated.
Affected:WINSCP : WinSCP 5.5
CVE:CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Original documentdocumentMicha.Borrmann_(at)_SySS.de, CVE-2014-2735 - WinSCP: missing X.509 validation (04.05.2014)

Python Imaging Library security vulnerabilities
Published:04.05.2014
Source:
SecurityVulns ID:13724
Type:library
Threat Level:
5/10
Description:Symbolic links vulnerabilities.
Affected:PYTHON : python-imaging 1.1
CVE:CVE-2014-1933 (The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.)
 CVE-2014-1932 (The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.)
Original documentdocumentUBUNTU, [USN-2168-1] Python Imaging Library vulnerabilities (04.05.2014)

Net-SNMP multiple security vulnerabilities
Published:04.05.2014
Source:
SecurityVulns ID:13725
Type:remote
Threat Level:
5/10
Description:Multiple DoS conditions.
Affected:NETSNMP : Net-SNMP 5.5
CVE:CVE-2014-2310 (The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.)
 CVE-2014-2285 (The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.)
 CVE-2014-2284 (The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.)
 CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.)
Original documentdocumentUBUNTU, [USN-2166-1] Net-SNMP vulnerabilities (04.05.2014)

Adobe Flash Player multiple security vulnerabilities
Published:04.05.2014
Source:
SecurityVulns ID:13726
Type:client
Threat Level:
8/10
Description:Use-after-free, buffer overflow, restrictions bypass, crossite scripting.
Affected:ADOBE : Flash Player 13.0
 ADOBE : Air 13.0
CVE:CVE-2014-0515 (Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.)
 CVE-2014-0509 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-0508 (Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.)
 CVE-2014-0507 (Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0506 (Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.)
 CVE-2014-0504 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors.)
 CVE-2014-0503 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.)
 CVE-2014-0502 (Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.)
 CVE-2014-0499 (Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.)
 CVE-2014-0498 (Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0497 (Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0492 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak.")
 CVE-2014-0491 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors.)
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own) (04.05.2014)
Files:Security updates available for Adobe Flash Player
 Security updates available for Adobe Flash Player
 Security updates available for Adobe Flash Player
 Security updates available for Adobe Flash Player
 Security updates available for Adobe Flash Player
 Security updates available for Adobe Flash Player

Adobe Reader Mobile code execution
Published:04.05.2014
Source:
SecurityVulns ID:13727
Type:client
Threat Level:
6/10
Description:Code execution via unsafe javascript interface.
Affected:ADOBE : Adobe Reader Mobile 11.1
CVE:CVE-2014-0514 (The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.)
Original documentdocumentSecurify B.V., Adobe Reader for Android exposes insecure Javascript interfaces (04.05.2014)
Files:Security update available for Adobe Reader Mobile

Different Ruby gems security vulnerabilities
updated since 08.01.2014
Published:04.05.2014
Source:
SecurityVulns ID:13481
Type:library
Threat Level:
5/10
Description:Crossite scripting, code execution, information leakage.
Affected:RUBY : Gem Webbynode 1.0
 RUBY : Gem Bio Basespace SDK 0.1
 RUBY : Gem sprout 0.7
 RUBY : Gem i18n 0.6
 RUBY : Gem Arabic Prawn 0.0
 RUBY : Gem sfpagent 0.4
CVE:CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.)
 CVE-2014-2322 (lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.)
 CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.)
Original documentdocumentlarry0_(at)_me.com, Remote Command Injection in Ruby Gem sfpagent 0.4.14 (04.05.2014)
 documentlarry0_(at)_me.com, Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem (04.05.2014)
 documentlarry0_(at)_me.com, Command injection in Ruby Gem Webbynode 1.0.5.3 (08.01.2014)
 documentlarry0_(at)_me.com, Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line (08.01.2014)
 documentlarry0_(at)_me.com, Command injection vulnerability in Ruby Gem sprout 0.7.246 (08.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2830-1] ruby-i18n security update (08.01.2014)

QEMU multiple security vulnerabilities
updated since 04.05.2014
Published:15.05.2014
Source:
SecurityVulns ID:13705
Type:local
Threat Level:
6/10
Description:DoS, memory corruptions, buffer overflow.
Affected:QEMU : QEMU 2.0
CVE:CVE-2014-3461 (hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks.")
 CVE-2014-2894 (Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.)
 CVE-2014-0223 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.)
 CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.)
 CVE-2014-0150 (Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.)
 CVE-2013-7336 (The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.)
 CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.)
 CVE-2013-4544 (hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.)
 CVE-2013-4541 (The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.)
Original documentdocumentcve-assign_(at)_mitre.org, [oss-security] Re: CVE request: Qemu: usb: fix up post load checks (15.05.2014)
 documentP J P, [oss-security] CVE-2014-0223 Qemu: qcow1: Validate image size (15.05.2014)
 documentP J P, [oss-security] CVE-2014-0222 Qemu: qcow1: Validate L2 table size (15.05.2014)
 documentP J P, [oss-security] CVE request: Qemu: usb: fix up post load checks (15.05.2014)
 documentUBUNTU, [USN-2182-1] QEMU vulnerabilities (04.05.2014)

Linux kernel multiple security vulnerabilities
updated since 04.05.2014
Published:29.05.2014
Source:
SecurityVulns ID:13706
Type:remote
Threat Level:
7/10
Description:Memory corruptions in STCP, DCCP and CIFS, KVM and pseudo tty privilege escalations, DoS.
Affected:LINUX : kernel 3.13
CVE:CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.)
 CVE-2014-3144 (The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.)
 CVE-2014-3122 (The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.)
 CVE-2014-2851 (Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.)
 CVE-2014-2706 (Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.)
 CVE-2014-2678 (The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.)
 CVE-2014-2673 (The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.)
 CVE-2014-2672 (Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.)
 CVE-2014-2568 (Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.)
 CVE-2014-2523 (net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.)
 CVE-2014-2309 (The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.)
 CVE-2014-1738 (The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.)
 CVE-2014-1737 (The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.)
 CVE-2014-0196 (The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.)
 CVE-2014-0155 (The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.)
 CVE-2014-0101 (The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.)
 CVE-2014-0100 (Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.)
 CVE-2014-0069 (The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.)
 CVE-2014-0055 (The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.)
 CVE-2014-0049 (Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.)
 CVE-2012-6647 (The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command.)
Original documentdocumentUBUNTU, [USN-2228-1] Linux kernel vulnerabilities (29.05.2014)
 documentREDHAT, [oss-security] CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference (15.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2926-1] linux security update (15.05.2014)
 documentREDHAT, [oss-security] CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message (10.05.2014)
 documentSUSE, [oss-security] Linux kernel floppy ioctl kernel code execution (10.05.2014)
 documentUBUNTU, [USN-2196-1] Linux kernel vulnerability (07.05.2014)
 documentUBUNTU, [USN-2179-1] Linux kernel vulnerabilities (04.05.2014)
 documentUBUNTU, [USN-2173-1] Linux kernel vulnerabilities (04.05.2014)
Files:CVE-2014-0196 DOS PoC
 CVE-2014-0196: Linux kernel <= v3.15-rc4: raw mode PTY local echo race condition Slightly-less-than-POC privilege escalation exploit For kernels >= v3.14-rc1

Apple Mac OS X multiple security vulnerabilities
updated since 04.05.2014
Published:09.04.2015
Source:
SecurityVulns ID:13711
Type:library
Threat Level:
8/10
Description:Unsafe cookie handling, code execution via different formats and protocols, privilege escalation, information leakage.
Affected:APPLE : Mac OS X 10.9
CVE:CVE-2014-1322 (The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.)
 CVE-2014-1321 (Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.)
 CVE-2014-1320 (IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.)
 CVE-2014-1319 (Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.)
 CVE-2014-1318 (The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.)
 CVE-2014-1316 (Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.)
 CVE-2014-1315 (Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.)
 CVE-2014-1314 (WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.)
 CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.)
 CVE-2014-1295 (Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack.")
 CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.)
 CVE-2013-5170 (Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.)
 CVE-2013-4164 (Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.)
Original documentdocumentAPPLE, APPLE-SA-2014-04-22-1 Security Update 2014-002 (04.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod