Computer Security
[EN] securityvulns.ru no-pyccku


NVidia drivers privilege escalation
Published:10.05.2014
Source:
SecurityVulns ID:13756
Type:local
Threat Level:
5/10
Description:Privilege escalation via X.Org drivers.
CVE:CVE-2013-5987 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBHF02946 rev.1 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege (10.05.2014)

OnApp SSH keys cloning
Published:10.05.2014
Source:
SecurityVulns ID:13757
Type:remote
Threat Level:
4/10
Description:ECDSA host keys are not regenerated after system image cloning.
Original documentdocumentJames Renken, SSH key cloning problem in OnApp templates (10.05.2014)

HP Network Node Manager crossite scripting
Published:10.05.2014
Source:
SecurityVulns ID:13758
Type:remote
Threat Level:
5/10
Affected:HP : Network Node Manager I 9.20
CVE:CVE-2013-6220 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMU03035 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross-Site Scripting (XSS) (10.05.2014)

cups-filters code execution
Published:10.05.2014
Source:
SecurityVulns ID:13759
Type:library
Threat Level:
5/10
Description:cups-browsed shell characters vulnerabiilty.
Affected:CUPS : cups-filters 1.0
CVE:CVE-2014-2707 (cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues.")
Original documentdocumentUBUNTU, [USN-2210-1] cups-filters vulnerability (10.05.2014)

rxvt-unicode code execution
Published:10.05.2014
Source:
SecurityVulns ID:13760
Type:local
Threat Level:
5/10
Affected:RXVT : rxvt-unicode 9.20
CVE:CVE-2014-3121 (rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.)
Original documentdocumentUBUNTU, [SECURITY] [DSA 2925-1] rxvt-unicode security update (10.05.2014)

Apache mod_security protection bypass
Published:10.05.2014
Source:
SecurityVulns ID:13761
Type:remote
Threat Level:
5/10
Description:Protection bypass via chunked encoding.
Affected:APACHE : mod_security 2.7
CVE:CVE-2013-5705 (apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:081 ] apache-mod_security (10.05.2014)

AVG Remote Administration multiple security vulnerabilities
Published:10.05.2014
Source:
SecurityVulns ID:13762
Type:remote
Threat Level:
5/10
Description:Authentication bypass, code execution, static encryption key.
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140508-0 :: Multiple critical vulnerabilities in AVG Remote Administration (10.05.2014)

Cisco WebEx multiple security vulnerabilities
Published:10.05.2014
Source:
SecurityVulns ID:13763
Type:library
Threat Level:
7/10
Description:Memory corruption on different formats parsing.
Affected:CISCO : WebEx Business Suite 29.2
CVE:CVE-2014-2136 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166.)
 CVE-2014-2135 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603.)
 CVE-2014-2134 (Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458.)
 CVE-2014-2133 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565.)
 CVE-2014-2132 (Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application crash) via a crafted (1) .wrf or (2) .arf file that triggers a buffer over-read, aka Bug ID CSCuh52768.)
Files: Cisco Security Advisory Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.05.2014
Source:
SecurityVulns ID:13764
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MEDIAWIKI : MediaWiki 1.22
 VMTURBO : VM Turbo Operations Manager 4.5
 BCSW : BSCW 5.0
 OPENASSESMENT : TAO 2.5
 OFFIRA : Offiria 2.1
 SOAPPY : SOAPpy 0.12
 RUBY : Ruby on Rails 4.2
 DOVECOT : Dovecot 2.2
CVE:CVE-2014-3430 (Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.)
 CVE-2014-3243 (SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted SOAP request containing a large number of nested entity references.)
 CVE-2014-3242 (SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
 CVE-2014-3225 (Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.)
 CVE-2014-3146 (Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.)
 CVE-2014-2989 (Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a request to Users/add.)
 CVE-2014-2689 (Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php.)
 CVE-2014-2665 (includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.)
 CVE-2014-2301 (OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/.)
 CVE-2014-0130 (Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.)
Original documentdocumentREDHAT, [oss-security] CVE request: python-lxml clean_html() input sanitization flaw (10.05.2014)
 documenthenri_(at)_nerv.fi, [oss-security] CVE request: Denial of Service attacks against Dovecot v1.1+ (10.05.2014)
 documentDolev Farhi, [oss-security] CVE Request - Local File inclusion in Cobbler (10.05.2014)
 documentRafael Mendonca Franca, [oss-security] Unsafe Query Risk in Active Record (10.05.2014)
 documentRafael Mendonca Franca, [oss-security] [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations (10.05.2014)
 documentfeer james, [oss-security] CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities (10.05.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Offiria (10.05.2014)
 documentHigh-Tech Bridge Security Research, –°ross-Site Request Forgery (CSRF) in TAO (10.05.2014)
 documentRedTeam Pentesting, [RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW (10.05.2014)
 documentJamal Pecou, Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier (10.05.2014)
 documentMANDRIVA, [ MDVSA-2014:083 ] mediawiki (10.05.2014)

GNU Emacs
Published:10.05.2014
Source:
SecurityVulns ID:13765
Type:local
Threat Level:
5/10
Description:Symbolic links vulnerability on temporary files creation.
Affected:NCSA : Mosaic 2.1
 GNU : Emacs 24.3
CVE:CVE-2014-3426 (NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID.)
 CVE-2014-3425 (NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID.)
 CVE-2014-3424 (lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.)
 CVE-2014-3423 (lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.)
 CVE-2014-3422 (lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.)
 CVE-2014-3421 (lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.)
Original documentdocumentSteve Kemp, [oss-security] CVE Request - Predictable temporary filenames in GNU Emacs (10.05.2014)

HP Fibre Channel switches information leakage
Published:10.05.2014
Source:
SecurityVulns ID:13766
Type:remote
Threat Level:
5/10
CVE:CVE-2014-2603 (Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information (10.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod