Computer Security
[EN] securityvulns.ru no-pyccku


1 Click ActiveX buffer overflow
Published:08.06.2015
Source:
SecurityVulns ID:14516
Type:client
Threat Level:
5/10
Description:SkinCrafter.dll buffer overflow
Affected:1CLICK : 1 Click Extract Audio 2.3
 1CLICK : 1 Click Audio Converter 2.3
Original documentdocumentVulnerability Lab, 1 Click Extract Audio v2.3.6 - Activex Buffer Overflow (08.06.2015)
 documentVulnerability Lab, 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow (08.06.2015)

Wing FTP Server security vulnerabilities
Published:08.06.2015
Source:
SecurityVulns ID:14517
Type:remote
Threat Level:
5/10
Description:Code execution and CSRF in web interface.
Affected:WING : Wing FTP Server 4.4
CVE:CVE-2015-4107
Original documentdocumentalex_haynes_(at)_outlook.com, [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities (08.06.2015)
 documentalex_haynes_(at)_outlook.com, [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability (08.06.2015)

CA Common Services privilege escalation
Published:08.06.2015
Source:
SecurityVulns ID:14518
Type:local
Threat Level:
5/10
Description:Multiple privilege escalation vulnerabilities.
Affected:CA : CA Client Automation 12.9
 CA : CA Workload Automation AE 11.3
 CA : CA Network and Systems Management 11.2
 CA : CA Virtual Assurance 12.9
 CA : CA NSM Job Management Option 11.2
CVE:CVE-2015-3318 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.)
 CVE-2015-3317 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors.)
 CVE-2015-3316 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable.)
Original documentdocumentCA, CA20150604-01: Security Notice for CA Common Services (08.06.2015)

HP WebInspect unauthorized access
Published:08.06.2015
Source:
SecurityVulns ID:14519
Type:remote
Threat Level:
5/10
CVE:CVE-2015-2125 (Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access (08.06.2015)

Apache mod_jk information disclosure
Published:08.06.2015
Source:
SecurityVulns ID:14520
Type:library
Threat Level:
5/10
Affected:APACHE : mod_jk 1.2
CVE:CVE-2014-8111 (Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3278-1] libapache-mod-jk security update (08.06.2015)

t1utils memory corruption
Published:08.06.2015
Source:
SecurityVulns ID:14521
Type:library
Threat Level:
5/10
Description:Memory corruption on fonts manipulation.
Affected:T1UTILS : t1utils 1.37
CVE:CVE-2015-3905 (Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.)
Original documentdocumentUBUNTU, [USN-2627-1] t1utils vulnerability (08.06.2015)

EMC RSA Web Threat Detection CSRF
Published:08.06.2015
Source:
SecurityVulns ID:14522
Type:remote
Threat Level:
5/10
Affected:EMC : RSA Web Threat Detection 5.0
CVE:CVE-2015-0541 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users.)
Original documentdocumentEMC, ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability (08.06.2015)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:08.06.2015
Source:
SecurityVulns ID:14523
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : Users Ultra 1.5
 WORDPRESS : WP Membership 4.2
 WORDPRESS : WP Photo Album Plus 6.1
 EKTRON : Ektron 9.10
 VFRONT : vfront 0.99
 WORDPRESS : zM Ajax Login & Register 1.0
 WORDPRESS : Free Counter 1.1
 MANAGEENGINE : ManageEngine EventLog Analyzer 10.0
 FUSIONFORGE : fusionforge 5.3
 DBNINJA : DbNinja 3.2
 ZEND : ZendFramework 1.12
 JSPADMIN : JSPAdmin 1.1
 SYSAID : SysAid Help Desk 14.4
 RESOURCESPACE : ResourceSpace 7.1
 ENHANCEDSQLPORTA : Enhanced SQL Portal 5.0
 SYMPHONY : Symphony CMS 2.6
 ANIMAGALLERY : AnimaGallery 2.6
 WORDPRESS : Form 1.0
 WORDPRESS : Xloner 3.1
CVE:CVE-2015-4338 (Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php.)
 CVE-2015-4337 (Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.)
 CVE-2015-4336 (cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file.)
 CVE-2015-4153 (Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.)
 CVE-2015-4109 (Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php.)
 CVE-2015-4084 (Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php.)
 CVE-2015-4050 (FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.)
 CVE-2015-4039
 CVE-2015-4038 (The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.)
 CVE-2015-4010 (Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php.)
 CVE-2015-3648 (Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.)
 CVE-2015-3647 (Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.)
 CVE-2015-3624 (Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.)
 CVE-2015-3154
 CVE-2015-3001 (SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.)
 CVE-2015-0850 (The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.)
 CVE-2014-9405
 CVE-2014-9382
Original documentdocumentlarry0_(at)_me.com, Xloner v3.1.2 wordpress plugin authenticated command execution and XSS (08.06.2015)
 documentvenkatesh.nitin_(at)_gmail.com, CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 (08.06.2015)
 documentd4rkr0id_(at)_gmail.com, AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability (08.06.2015)
 documentapparitionsec_(at)_gmail.com, Symphony CMS 2.6.2 (08.06.2015)
 documentapparitionsec_(at)_gmail.com, Symphony CMS XSS Vulnerability (08.06.2015)
 documenthyp3rlinx_(at)_gmail.com, Webgrind XSS vulnerability (08.06.2015)
 documentapparitionsec_(at)_gmail.com, DbNinja 3.2.6 Flash XSS Vulnerabilities (08.06.2015)
 documentapparitionsec_(at)_gmail.com, JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3275-1] fusionforge security update (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3276-1] symfony security update (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3249-2] jqueryui security update (08.06.2015)
 documentapparitionsec_(at)_gmail.com, vfront-0.99.2 CSRF & Persistent XSS (08.06.2015)
 documentapparitionsec_(at)_gmail.com, Enhanced SQL Portal 5.0.7961 XSS Vulnerability (08.06.2015)
 documenthuyngocbk_(at)_gmail.com, Freebox OS Web interface 3.0.2 XSS, CSRF (08.06.2015)
 documentjerold_(at)_v00d00sec.com, Ektron CMS 9.10 SP1 - CSRF Vulnerability (08.06.2015)
 documentjerold_(at)_v00d00sec.com, Ektron CMS 9.10 SP1 - XSS Vulnerability (08.06.2015)
 documentjerold_(at)_v00d00sec.com, Ektron CMS 9.10 SP1 - XSS Vulnerability (08.06.2015)
 documentHigh-Tech Bridge Security Research, Local PHP File Inclusion in ResourceSpace (08.06.2015)
 documentPedro Ribeiro, [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) (08.06.2015)
 documentjerold_(at)_v00d00sec.com, IBM Watson (Cognea) - XSS and Redirect Vulnerabilities (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3265-1] zendframework security update (08.06.2015)
 documentakashchavan0708_(at)_gmail.com, ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability (08.06.2015)
 documentVulnerability Lab, CRUCMS Crucial Networking - SQL Injection Vulnerability (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS] (08.06.2015)
 documentHigh-Tech Bridge Security Research, Stored XSS in WP Photo Album Plus WordPress Plugin (08.06.2015)

Apache Jackrabbit XXE
Published:08.06.2015
Source:
SecurityVulns ID:14524
Type:library
Threat Level:
6/10
Description:XXE via WebDAV request.
Affected:APACHE : Jackrabbit 2.10
CVE:CVE-2015-1833 (XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.)
Original documentdocumentJulian Reschke, CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability) (08.06.2015)

Sendio ESP information disclosure
Published:08.06.2015
Source:
SecurityVulns ID:14525
Type:remote
Threat Level:
5/10
Description:Session disclosure via Referer.
Affected:SENDIO : Sendio 7.2
CVE:CVE-2014-8391 (The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of request.)
 CVE-2014-0999 (Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability (08.06.2015)

dbusmock code execution
Published:08.06.2015
Source:
SecurityVulns ID:14526
Type:local
Threat Level:
4/10
CVE:CVE-2015-1326
Original documentdocumentUBUNTU, [USN-2618-1] python-dbusmock vulnerability (08.06.2015)

StrongSwan certificate spoofing
Published:08.06.2015
Source:
SecurityVulns ID:14527
Type:m-i-t-m
Threat Level:
5/10
Description:Server's certificate is validated after credentials are sent.
Affected:STRONGSWAN : strongSwan 5.3
CVE:CVE-2015-4171 (strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3282-1] strongswan security update (08.06.2015)

redis restrictions bypass
Published:08.06.2015
Source:
SecurityVulns ID:14529
Type:library
Threat Level:
5/10
Description:Lua sandbox escaping.
Original documentdocumentDEBIAN, [SECURITY] [DSA 3279-1] redis security update (08.06.2015)

PHP multiple security vulnerabilities
updated since 08.06.2015
Published:13.06.2015
Source:
SecurityVulns ID:14528
Type:library
Threat Level:
6/10
Description:NULL character injection, DoS, integer overflow, memory corruption.
Affected:PHP : PHP 5.6
CVE:CVE-2015-4026 (The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.)
 CVE-2015-4025 (PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.)
 CVE-2015-4024 (Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.)
 CVE-2015-4022 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.)
 CVE-2015-4021 (The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.)
Original documentdocumentHigh-Tech Bridge Security Research, Use-After-Free in PHP (13.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3280-1] php5 security update (08.06.2015)

wireshark multiple security vulnerabilities
updated since 08.06.2015
Published:29.06.2015
Source:
SecurityVulns ID:14515
Type:remote
Threat Level:
5/10
Description:Multiple memory corruptions in different dissectors.
Affected:WIRESHARK : Wireshark 1.12
CVE:CVE-2015-4652 (epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions.)
 CVE-2015-4651 (The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2015-3815 (The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906.)
 CVE-2015-3814 (The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
 CVE-2015-3813 (The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet.)
 CVE-2015-3812 (Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.)
 CVE-2015-3811 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.)
 CVE-2015-3810 (epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.)
 CVE-2015-3809 (The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3294-1] wireshark security update (29.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3277-1] wireshark security update (08.06.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod