Computer Security
[EN] securityvulns.ru no-pyccku


Netgear Prosafe multiple security vulnerabilities
Published:14.09.2015
Source:
SecurityVulns ID:14687
Type:remote
Threat Level:
5/10
Description:Authentication bypass, privilege escalation.
Affected:NETGEAR : NetGear WMS5316
Original documentdocumentElliott Lewis, NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation. (14.09.2015)

SAP NetWeaver hardcoded credentials
Published:14.09.2015
Source:
SecurityVulns ID:14680
Type:remote
Threat Level:
6/10
Original documentdocumentERPScan inc, [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials (14.09.2015)
 documentERPScan inc, [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials (14.09.2015)

OpenSLP double free() vulnerability
Published:14.09.2015
Source:
SecurityVulns ID:14686
Type:library
Threat Level:
5/10
Affected:OPENSLP : OpenSLP 1.2
CVE:CVE-2015-5177
Original documentdocumentDEBIAN, [SECURITY] [DSA 3353-1] openslp-dfsg security update (14.09.2015)

SAP Mobile Platform XXE injection
updated since 29.06.2015
Published:14.09.2015
Source:
SecurityVulns ID:14555
Type:remote
Threat Level:
6/10
Description:Few XXE injections.
Affected:SAP : SAP Mobile Platform 2.3
CVE:CVE-2015-5068 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.)
 CVE-2015-2813 (XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.)
Original documentdocumentERPScan inc, [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository (14.09.2015)
 documentDarya Maenkova, [ERPSCAN-15-005] SAP Mobile Platform - XXE (29.06.2015)
 documentDarya Maenkova, [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE (29.06.2015)

Google Chrome / Oxide multiple security vulnerabilities
Published:14.09.2015
Source:
SecurityVulns ID:14682
Type:library
Threat Level:
6/10
Description:Restrictions bypass, DoS, memory corruptions, information disclosure.
CVE:CVE-2015-1302
 CVE-2015-1301 (Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2015-1300 (The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call.)
 CVE-2015-1299 (Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp.)
 CVE-2015-1294 (Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation.)
 CVE-2015-1293 (The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.)
 CVE-2015-1292 (The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.)
 CVE-2015-1291 (The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements.)
Original documentdocumentUBUNTU, [USN-2735-1] Oxide vulnerabilities (14.09.2015)

spice race conditions
Published:14.09.2015
Source:
SecurityVulns ID:14683
Type:local
Threat Level:
5/10
Description:Race conditions lead to memory corruption.
Affected:SPICE : scpie 0.12
CVE:CVE-2015-3247 (Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.)
Original documentdocumentUBUNTU, [USN-2736-1] Spice vulnerability (14.09.2015)

Synology Download Station crossite scripting
Published:14.09.2015
Source:
SecurityVulns ID:14684
Type:remote
Threat Level:
5/10
Description:Few crossite scripging possibilities.
Affected:SYNOLOGY : Synology Download Station 3.5
Original documentdocumentSecurify B.V., Multiple Cross-Site Scripting vulnerabilities in Synology Download Station (14.09.2015)

OpenLDAP DoS
Published:14.09.2015
Source:
SecurityVulns ID:14671
Type:library
Threat Level:
5/10
Description:Crash on processing BER data.
Affected:OPENLDAP : OpenLDAP 2.4
CVE:CVE-2015-6908 (The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3356-1] openldap security update (14.09.2015)

HP UCMDB information discosure
Published:14.09.2015
Source:
SecurityVulns ID:14674
Type:local
Threat Level:
5/10
Affected:HP : UCMDB 10.20
CVE:CVE-2015-5440 (HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information (14.09.2015)

FreeType uninitilized memory access
Published:14.09.2015
Source:
SecurityVulns ID:14672
Type:library
Threat Level:
5/10
Description:Uninitialized memory access on fonts parsing.
Affected:FREETYPE : FreeType 2.5
Original documentdocumentUBUNTU, [USN-2739-1] FreeType vulnerabilities (14.09.2015)

libvpau multiple security vulnerabilities
Published:14.09.2015
Source:
SecurityVulns ID:14673
Type:library
Threat Level:
5/10
Description:Privilege escalation because of incorrect envorionment variables handling.
Affected:LIBVPAU : libvdpau 1.1
CVE:CVE-2015-5200 (The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.)
 CVE-2015-5199 (Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.)
 CVE-2015-5198 (libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3355-1] libvdpau security update (14.09.2015)

EMC RSA Identity Management & Governance crossite scripting
Published:14.09.2015
Source:
SecurityVulns ID:14681
Type:remote
Threat Level:
5/10
Affected:EMC : RSA IMG 6.9
CVE:CVE-2015-4540 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2015-4539 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentEMC, ESA-2015-140: RSA® Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities (14.09.2015)

screen stack overflow
Published:14.09.2015
Source:
SecurityVulns ID:14688
Type:remote
Threat Level:
5/10
Description:Stack overflow leads to application crash.
Affected:SCREEN : screen 4.3
CVE:CVE-2015-6806 (The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3352-1] screen security update (14.09.2015)

Synology Video Station security vulnerabilities
Published:14.09.2015
Source:
SecurityVulns ID:14685
Type:remote
Threat Level:
5/10
Description:SQL injections, commands injection.
Affected:SYNOLOGY : Synology Video Station 1.5
Original documentdocumentSecurify B.V., Synology Video Station command injection and multiple SQL injection vulnerabilities (14.09.2015)

HP Version Control Repository Manager multiple security vulnerabilities
Published:14.09.2015
Source:
SecurityVulns ID:14678
Type:remote
Threat Level:
5/10
Description:Information disclosure, DoS, unauthorized access, buffer overflow, privilege escalation, crossite scripting.
Affected:HP : HP Version Control Repository Manager 7.4
CVE:CVE-2015-5413 (HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors.)
 CVE-2015-5412 (Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2015-5411 (HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.)
 CVE-2015-5410 (HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors.)
 CVE-2015-5409 (Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.)
 CVE-2015-0206 (Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.)
 CVE-2015-0205 (The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.)
 CVE-2015-0204 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.)
 CVE-2014-8275 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.)
 CVE-2014-3572 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.)
 CVE-2014-3571 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.)
 CVE-2014-3570 (The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.)
 CVE-2014-3569 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.)
Original documentdocumentHP, [security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and Linux, Multiple Vulnerabilities (14.09.2015)

HP lt4112 4G adapters code execution
Published:14.09.2015
Source:
SecurityVulns ID:14676
Type:remote
Threat Level:
7/10
Affected:HP : HP lt4112
CVE:CVE-2015-5368 (The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.)
 CVE-2015-5367 (The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBHF03408 rev.2 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code (14.09.2015)

EMC Documentum multiple security vulnerabilities
updated since 14.06.2014
Published:14.09.2015
Source:
SecurityVulns ID:13831
Type:remote
Threat Level:
8/10
Description:Code injection, privilege escalation.
Affected:EMC : Documentum D2 4.2
 EMC : Documentum eRoom 7.4
 EMC : Documentum Content Server 7.1
 EMC : Documentum Content Server 6.7
 EMC : Documentum Digital Asset Manager 6.5
 EMC : Documentum Foundation Services 6.7
CVE:CVE-2015-4544 (EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626.)
 CVE-2015-4537 (Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.)
 CVE-2015-4536 (EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file.)
 CVE-2015-4535 (Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket.)
 CVE-2015-4534 (Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter.)
 CVE-2015-4533 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513.)
 CVE-2015-4532 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514.)
 CVE-2015-4531 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622.)
 CVE-2015-4530 (Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518.)
 CVE-2015-4529 (Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.)
 CVE-2015-4528 (Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2015-4524 (Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.)
 CVE-2015-0551 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2015-0550 (Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors.)
 CVE-2015-0549 (Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2015-0548 (The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.)
 CVE-2015-0547 (The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.)
 CVE-2015-0518 (The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.)
 CVE-2015-0517 (The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.)
 CVE-2014-4639 (EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.)
 CVE-2014-4638 (EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors.)
 CVE-2014-4637 (Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.)
 CVE-2014-4636 (Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.)
 CVE-2014-4635 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-4629 (EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference.)
 CVE-2014-4626 (EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.)
 CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object.)
 CVE-2014-2521 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.)
 CVE-2014-2520 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.)
 CVE-2014-2518 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.)
 CVE-2014-2515 (EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.)
 CVE-2014-2514 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors.)
 CVE-2014-2513 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.)
 CVE-2014-2512 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-2511 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.)
 CVE-2014-2510 (The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
 CVE-2014-2508 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.)
 CVE-2014-2507 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods.)
 CVE-2014-2506 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.)
 CVE-2014-2503 (The thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.)
Original documentdocumentEMC, ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability (14.09.2015)
 documentEMC, ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability (14.09.2015)
 documentEMC, ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities (24.08.2015)
 documentEMC, ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability (24.08.2015)
 documentandrew_(at)_panfilov.tel, sysadmin privilege in EMC Documentum Content Server (24.08.2015)
 documentandrew_(at)_panfilov.tel, EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532) (24.08.2015)
 documentandrew_(at)_panfilov.tel, Privilege escalation through RPC commands in EMC Documentum Content Server (incomplete fix in CVE-2015-4532) (24.08.2015)
 documentEMC, ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability (24.08.2015)
 documentEMC, ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability (20.07.2015)
 documentEMC, ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability (20.07.2015)
 documentandrew_(at)_panfilov.tel, Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution (13.07.2015)
 documentEMC, ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities (05.07.2015)
 documentEMC, ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities (05.07.2015)
 documentandrew_(at)_panfilov.tel, Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects (05.07.2015)
 documentEMC, ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability (29.06.2015)
 documentEMC, ESA-2015-109: EMC Documentum D2 Cross-Site Scripting (29.06.2015)
 documentEMC, ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities (23.02.2015)
 documentEMC, ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities (13.01.2015)
 documentEMC, ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability (08.12.2014)
 documentEMC, ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities (21.09.2014)
 documentEMC, ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities (26.08.2014)
 documentEMC, ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability (26.08.2014)
 documentEMC, ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities (26.08.2014)
 documentEMC, ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities (26.08.2014)
 documentEMC, ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities (28.07.2014)
 documentEMC, ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability (28.07.2014)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom (28.07.2014)
 documentEMC, ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities (28.07.2014)
 documentEMC, ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection Vulnerability (14.06.2014)
 documentEMC, ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities (14.06.2014)

HP LoadRunner Controller code execution
Published:14.09.2015
Source:
SecurityVulns ID:14675
Type:local
Threat Level:
5/10
Affected:HP : LoadRunner 12.49
CVE:CVE-2015-5426 (Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756.)
Original documentdocumentHP, [security bulletin] HPSBMU03339 rev.1 - HP LoadRunner Controller, Local Execution of Arbitrary Code (14.09.2015)

HP Intelligent Provisioning code execution
Published:14.09.2015
Source:
SecurityVulns ID:14677
Type:remote
Threat Level:
6/10
Affected:HP : HP Intelligent Provisioning 1.62
 HP : HP Intelligent Provisioning 2.10
CVE:CVE-2015-2135 (Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBGN03387 rev.1 - HP Intelligent Provisioning, Remote Code Execution, Unauthorized Access (14.09.2015)

HP Virtual Connect Enterprise Manager / HP Matrix Operating Environment multiple security vulnerabilities
Published:14.09.2015
Source:
SecurityVulns ID:14679
Type:remote
Threat Level:
5/10
Description:Information disclosure.
Affected:HP : (HP Virtual Connect Enterprise Manager 7.4
 HP : (HP Matrix Operating Environment 7.4
CVE:CVE-2015-5433 (HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.)
 CVE-2015-5432 (HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.)
 CVE-2015-5431 (HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.)
 CVE-2015-5430 (HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.)
 CVE-2015-5429 (HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.)
 CVE-2015-5428 (HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429.)
 CVE-2015-5427 (HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.)
Original documentdocumentHP, [security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities (14.09.2015)
 documentHP, [security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities (14.09.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod