Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Office multiple security vulnerabilities
Published:14.06.2015
Source:
SecurityVulns ID:14534
Type:client
Threat Level:
6/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Office 2013
 MICROSOFT : Office 2010
CVE:CVE-2015-1770 (Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability.")
 CVE-2015-1760 (Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.")
 CVE-2015-1759 (Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.")
Files: Microsoft Security Bulletin MS15-059 - Important Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)

Microsoft Active Directory Federation Services crossite scripting
Published:14.06.2015
Source:
SecurityVulns ID:14535
Type:local
Threat Level:
5/10
Description:Crossite scipring in web interface.
Affected:MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 2012 Server
CVE:CVE-2015-1757 (Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Elevation of Privilege Vulnerability.")
Files: Microsoft Security Bulletin MS15-062 - Important Vulnerability in Active Directory Federation Services Could Allow Elevation of Privilege (3062577)

Microsoft Exchange multiple security vulnerabilities
Published:14.06.2015
Source:
SecurityVulns ID:14536
Type:remote
Threat Level:
5/10
Description:XSS, CSRF, HTML injection.
CVE:CVE-2015-2359 (Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability.")
 CVE-2015-1771 (Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability.")
 CVE-2015-1764 (The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability.")
Files: Microsoft Security Bulletin MS15-064 - Important Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)

CUPS security vulnerabilities
Published:14.06.2015
Source:
SecurityVulns ID:14537
Type:library
Threat Level:
6/10
Description:Code execution, crossite scripting.
Affected:CUPS : cups 2.0
CVE:CVE-2015-1159 (Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.)
 CVE-2015-1158 (The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.)
Original documentdocumentUBUNTU, [USN-2629-1] CUPS vulnerabilities (14.06.2015)

Elasticsearch files access
Published:14.06.2015
Source:
SecurityVulns ID:14538
Type:remote
Threat Level:
5/10
Description:snapshot API files access
Affected:ELASTIC : Elasticsearch 1.5
CVE:CVE-2015-4165
Original documentdocumentELASTIC, Elasticsearch vulnerability CVE-2015-4165 (14.06.2015)

VMWare applications multiple security vulnereabilities
Published:14.06.2015
Source:
SecurityVulns ID:14539
Type:library
Threat Level:
6/10
Description:Multiple memory corruptions, DoS.
CVE:CVE-2015-2341 (VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command.)
 CVE-2015-2340 (TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors.)
 CVE-2015-2339 (TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2338.)
 CVE-2015-2338 (TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2339.)
 CVE-2015-2337 (TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.)
 CVE-2015-2336 (TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a different vulnerability than CVE-2012-0897.)
 CVE-2012-0897 (Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.)
Original documentdocumentVMWARE, NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues (14.06.2015)

Cisco IOS XR
Published:14.06.2015
Source:
SecurityVulns ID:14540
Type:remote
Threat Level:
6/10
Description:Crash on IPv6 packet processing.
Affected:CISCO : IOS XR 4.0
CVE:CVE-2015-0769 (Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allows remote attackers to cause a denial of service (NPU ASIC scan and line-card reload) via crafted IPv6 extension headers, aka Bug ID CSCtx03546.)
Files:Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability

Alcatel-Lucent OmniSwitch security vulnerabilities
Published:14.06.2015
Source:
SecurityVulns ID:14541
Type:remote
Threat Level:
5/10
Description:Crossite scripting, session hijack.
Original documentdocumentRedTeam Pentesting, [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery (14.06.2015)
 documentRedTeam Pentesting, [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID (14.06.2015)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.06.2015
Source:
SecurityVulns ID:14543
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : se-html5-album-audio-player 1.1
 ISPCONFIG : ISPConfig 3.0
 SYMPHONY : Symphony CMS 2.6
 CONCRETE5 : Concrete5 CMS 5.7
 NOVELL : ZENworks 3.1
 ADOBE : Adobe Connect 9.3
 WORDPRESS : aviary-image-editor-add-on-for-gravity-forms 3.0
 ELASTIC : Kibana 4.0
 BONITASOFT : Bonita BPM 6.5
 SILVERSTRIPE : SilverStripe CMS 3.1
CVE:CVE-2015-4119 (Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php.)
 CVE-2015-4118 (SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2.)
 CVE-2015-4093 (Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2015-3898
 CVE-2015-3897 (Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.)
 CVE-2015-0343 (Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.)
Original documentdocumentstasvolfus_(at)_gmail.com, XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ) (14.06.2015)
 documentludwig.stage_(at)_syss.de, [SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting (14.06.2015)
 documentapparitionsec_(at)_gmail.com, ZCMS SQL Injection & Persistent XSS (14.06.2015)
 documentapparitionsec_(at)_gmail.com, Nakid-CMS CSRF, Persistent XSS & LFI (14.06.2015)
 documentEgidio Romano, [KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability (14.06.2015)
 documentEgidio Romano, [KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities (14.06.2015)
 documentEgidio Romano, [KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability (14.06.2015)
 documentapparitionsec_(at)_gmail.com, Symphony CMS XSS Vulnerability [Corrected Post] (14.06.2015)
 documentapparitionsec_(at)_gmail.com, SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities (14.06.2015)
 documentapparitionsec_(at)_gmail.com, SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities (14.06.2015)
 documentELASTIC, Kibana vulnerability CVE-2015-4093 (14.06.2015)
 documentHigh-Tech Bridge Security Research, Arbitrary File Disclosure and Open Redirect in Bonita BPM (14.06.2015)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in ISPConfig (14.06.2015)
 documentlarry0_(at)_me.com, Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin (14.06.2015)
 documentlarry0_(at)_me.com, Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 (14.06.2015)

Elastic Logstash directory traversal
updated since 14.06.2015
Published:27.07.2015
Source:
SecurityVulns ID:14542
Type:remote
Threat Level:
5/10
Description:Directory traversal in file output plugin.
Affected:ELASTIC : Logstash 1.5
 ELASTIC : Logstash 1.4
CVE:CVE-2015-5378
 CVE-2015-4152 (Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option.)
Original documentdocumentKevin Kluge, Logstash vulnerability CVE-2015-5378 (27.07.2015)
 documentELASTIC, Logstash vulnerability CVE-2015-4152 (14.06.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod