Computer Security
[EN] securityvulns.ru no-pyccku


libwmf multiple security vulnerabilities
Published:14.07.2015
Source:
SecurityVulns ID:14583
Type:library
Threat Level:
6/10
Description:Multiple memory corruptions.
Affected:LIBWMF : libwmf 0.2
CVE:CVE-2015-4696 (Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.)
 CVE-2015-4695 (meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.)
 CVE-2015-4588 (Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.)
 CVE-2015-0848 (Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.)
Original documentdocumentUBUNTU, [USN-2670-1] libwmf vulnerabilities (14.07.2015)

AirLink101 SkyIPCam1620W commands injection
Published:14.07.2015
Source:
SecurityVulns ID:14585
Type:remote
Threat Level:
5/10
Description:Commands injection, hardcoded credentials.
Affected:AIRLINK : AirLink101 SkyIPCam1620W
CVE:CVE-2015-2280
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection (14.07.2015)

stunnel authentication bypass
Published:14.07.2015
Source:
SecurityVulns ID:14581
Type:remote
Threat Level:
5/10
Description:Authentication is possible if redictions are used.
Affected:STUNNEL : Stunnel 5.13
CVE:CVE-2015-3644 (Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3299-1] stunnel4 security update (14.07.2015)

EMC RecoverPoint for Virtual Machines restriction bypass
Published:14.07.2015
Source:
SecurityVulns ID:14584
Type:local
Threat Level:
5/10
Description:Privilege escalation.
Affected:EMC : RecoverPoint for VMs 4.2
CVE:CVE-2015-4526 (EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface.)
Original documentdocumentEMC, ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability (14.07.2015)

ipTime routers code execution
Published:14.07.2015
Source:
SecurityVulns ID:14587
Type:remote
Threat Level:
5/10
Description:Code execution via shell characters injection into DHCP request hostname.
Original documentdocumentPierre Kim, ipTIME n104r3 vulnerable to CSRF and XSS attacks (14.07.2015)
 documentPierre Kim, 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request (14.07.2015)

Android backup content spoofing
Published:14.07.2015
Source:
SecurityVulns ID:14588
Type:local
Threat Level:
4/10
Description:Malware application can spoof content of the adb backup.
Affected:GOOGLE : Android 5.1
CVE:CVE-2014-7952
Original documentdocumentImre RAD, CVE-2014-7952, Android ADB backup APK injection vulnerability (14.07.2015)

AirLive IP cameras commands injection
Published:14.07.2015
Source:
SecurityVulns ID:14586
Type:remote
Threat Level:
5/10
Description:Few commands injection possibilities.
Affected:AIRLIVE : AirLive BU-3025
 AIRLIVE : AirLive POE-200CAM
 AIRLIVE : AirLive WL-2000CAM
 AIRLIVE : AirLive MD-3025
 AIRLIVE : AirLive BU-2015
 AIRLIVE : AirLive BU-3026
CVE:CVE-2015-2279
 CVE-2014-8389
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2015-0012] - AirLive Multiple Products OS Command Injection (14.07.2015)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.07.2015
Source:
SecurityVulns ID:14590
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MERETHIS : Centreon 2.5
 WORDPRESS : easy2map-photos 1.09
 SNORBY : Snorby 2.6
 ZENPHOTO : ZenPhoto 1.4
 WORDPRESS : wp-ecommerce-shop-styling 2.5
 WORDPRESS : easy2map 1.24
 DJANGO : django 1.7
 PHPLITEADMIN : phpLiteAdmin 1.1
 CYGNUS : sysPass 1.0
 AJAXCONTROLTOOLK : AjaxControlToolkit 15.0
CVE:CVE-2015-5144 (Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.)
 CVE-2015-5143 (The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.)
 CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.)
 CVE-2015-4617
 CVE-2015-4616 (Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.)
 CVE-2015-4615
 CVE-2015-4614 (Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.)
 CVE-2015-1561 (The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.)
 CVE-2015-1560 (SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.)
Original documentdocumentBrian Cardinale, CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal (14.07.2015)
 documentdisclosure_(at)_syss.de, [SYSS-2015-031] sysPass - SQL Injection (14.07.2015)
 documentapparitionsec_(at)_gmail.com, phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS (14.07.2015)
 documentTim, SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8 (14.07.2015)
 documentapparitionsec_(at)_gmail.com, phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities (14.07.2015)
 document Federico Fazzi, Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability (14.07.2015)
 documentAlessandro Zala, CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 (14.07.2015)
 documentlarry0_(at)_me.com, SQL Injection in easy2map wordpress plugin v1.24 (14.07.2015)
 documentlarry0_(at)_me.com, Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 (14.07.2015)
 documentlarry0_(at)_me.com, SQL Injection in easy2map-photos wordpress plugin v1.09 (14.07.2015)
 documenthdau_(at)_deloitte.fr, Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution (14.07.2015)
 documentUBUNTU, [USN-2671-1] Django vulnerabilities (14.07.2015)

VMWare applications privilege escalation
Published:14.07.2015
Source:
SecurityVulns ID:14589
Type:local
Threat Level:
5/10
Description:Weak executable file DACL.
Affected:VMWARE : VMware Workstation 11.1
 VMWARE : VMware Horizon Client 5.4
 VMWARE : VMware Player 7.1
CVE:CVE-2015-3650 (vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread.)
Original documentdocumentVMWARE, NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability (14.07.2015)

Cisco ASA multiple security vulnerabilities
Published:14.07.2015
Source:
SecurityVulns ID:14582
Type:remote
Threat Level:
6/10
Description:Multiple DoS conditions, commads injections, information disclosure, certificate validation bypass.
Affected:CISCO : Cisco ASA 9.1
CVE:CVE-2014-3394 (The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.)
 CVE-2014-3393 (The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.)
 CVE-2014-3392 (The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136.)
 CVE-2014-3391 (Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.)
 CVE-2014-3390 (The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.)
 CVE-2014-3389 (The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582.)
 CVE-2014-3388 (The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327.)
 CVE-2014-3387 (The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets, aka Bug ID CSCun11074.)
 CVE-2014-3386 (The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted series of GTP packets, aka Bug ID CSCum56399.)
 CVE-2014-3385 (Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556.)
 CVE-2014-3384 (The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401.)
 CVE-2014-3383 (The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176.)
 CVE-2014-3382 (The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027.)
Files:Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod