Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows multiple security vulnerabilities
Published:15.10.2014
Source:
SecurityVulns ID:14016
Type:library
Threat Level:
9/10
Description:Restrictions bypass and memory corruptions in Internet Explorer, .Net code execution, TrueType embedded fonts code execution, OLE code execution, message queue service and FAT32 driver privilege escalation.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
CVE:CVE-2014-4971 (Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.)
 CVE-2014-4148 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability.")
 CVE-2014-4141 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-4140 (Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability.")
 CVE-2014-4138 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4132.)
 CVE-2014-4137 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4133.)
 CVE-2014-4134 (Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-4133 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4137.)
 CVE-2014-4132 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4138.)
 CVE-2014-4130 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4132 and CVE-2014-4138.)
 CVE-2014-4129 (Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-4128 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-4127 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-4126 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-4122 (Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability.")
 CVE-2014-4121 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability.")
 CVE-2014-4115 (fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka "Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability.")
 CVE-2014-4114 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability.")
 CVE-2014-4113 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability.")
 CVE-2014-4075 (Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability.")
 CVE-2014-4073 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability.")
Files: Microsoft Security Bulletin MS14-056 - Critical Cumulative Security Update for Internet Explorer (2987107)
  Microsoft Security Bulletin MS14-057 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
  Microsoft Security Bulletin MS14-058 - Critical Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
 Microsoft Security Bulletin MS14-059 - Important Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
  Microsoft Security Bulletin MS14-060 - Important Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
  Microsoft Security Bulletin MS14-062 - Important Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
  Microsoft Security Bulletin MS14-063 - Important Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)

Microsoft Word code execution
Published:15.10.2014
Source:
SecurityVulns ID:14017
Type:client
Threat Level:
8/10
Description:Code execution on Word document parsing.
Affected:MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : Office for Mac 2011
 MICROSOFT : SharePoint Server 2010
 MICROSOFT : Office Web Apps 2010
CVE:CVE-2014-4117 (Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document, aka "Microsoft Word File Format Vulnerability.")
Files: Microsoft Security Bulletin MS14-061 - Important Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Published:15.10.2014
Source:
SecurityVulns ID:14018
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions, buffer overflows, restriction bypass.
Affected:MOZILLA : Firefox 32.0
 MOZILLA : Firefox ESR 31.1
 MOZILLA : Thunderbird 31.1
CVE:CVE-2014-1586 (content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away.)
 CVE-2014-1585 (The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming.)
 CVE-2014-1584 (The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.)
 CVE-2014-1583 (The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.)
 CVE-2014-1582 (The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority.)
 CVE-2014-1581 (Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.)
 CVE-2014-1580 (Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.)
 CVE-2014-1578 (The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.)
 CVE-2014-1577 (The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.)
 CVE-2014-1576 (Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style.)
 CVE-2014-1575 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors.)
 CVE-2014-1574 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
Files:Mozilla Foundation Security Advisory 2014-74
 Mozilla Foundation Security Advisory 2014-75
 Mozilla Foundation Security Advisory 2014-76
 Mozilla Foundation Security Advisory 2014-77
 Mozilla Foundation Security Advisory 2014-78
 Mozilla Foundation Security Advisory 2014-79
 Mozilla Foundation Security Advisory 2014-80
 Mozilla Foundation Security Advisory 2014-81
 Mozilla Foundation Security Advisory 2014-82

wpa_supplicant shell characters vulnerability
Published:15.10.2014
Source:
SecurityVulns ID:14019
Type:client
Threat Level:
6/10
Description:Insufficient character filtering.
CVE:CVE-2014-3686 (wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.)
Original documentdocumentUBUNTU, [USN-2383-1] wpa_supplicant vulnerability (15.10.2014)

Requests library security vulnerabilities
Published:15.10.2014
Source:
SecurityVulns ID:14020
Type:library
Threat Level:
5/10
Description:Authentication information leaks are possible.
Affected:PYTHON : requests 2.2
CVE:CVE-2014-1830 (Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.)
 CVE-2014-1829 (Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.)
Original documentdocumentUBUNTU, [USN-2382-1] Requests vulnerabilities (15.10.2014)

HP System Management Homepage multiple security vulnerabilities
updated since 05.10.2014
Published:15.10.2014
Source:
SecurityVulns ID:13993
Type:remote
Threat Level:
5/10
Description:DoS, XSS, CSRF, clickjacking, unauthorized access, information leakage.
Affected:HP : HP System Management Homepage 7.3
CVE:CVE-2014-7874 (Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2014-2642 (HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.)
 CVE-2014-2641 (Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2014-2640 (Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-6712 (The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.)
 CVE-2013-6422 (The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.)
 CVE-2013-6420 (The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.)
 CVE-2013-4545 (cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Original documentdocumentHP, [security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery (15.10.2014)
 documentHP, [security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities (05.10.2014)

Embarcadero Delphi / C++ Builder VCL library buffer overflow
Published:15.10.2014
Source:
SecurityVulns ID:14021
Type:library
Threat Level:
5/10
Description:Buffer overflow on BMP parsing.
Affected:EMBARCADERO : C++Builder XE6
 EMBARCADERO : Delphi XE6
CVE:CVE-2014-0994 (Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows context-dependent attackers to execute arbitrary code via the BITMAPINFOHEADER.biClrUsed field in a BMP file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0993.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow (15.10.2014)

Open-Xchange multiple security vulnerabilities
Published:15.10.2014
Source:
SecurityVulns ID:14022
Type:remote
Threat Level:
6/10
Description:XSS, directory traversal, SSRF, restrictions bypass.
Affected:OPENXCHANGE : Open-Xchange 7.6
CVE:CVE-2014-5238
 CVE-2014-5237 (Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.)
 CVE-2014-5236
 CVE-2014-5235 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.)
 CVE-2014-5234 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via a folder publication name.)
Original documentdocumentOPENXCHANGE, Open-Xchange Security Advisory 2014-09-15 (15.10.2014)

HttpFileServer code execution
Published:15.10.2014
Source:
SecurityVulns ID:14023
Type:remote
Threat Level:
5/10
Description:Code execution via GET request.
Affected:REJETTO : HttpFileServer 2.3
CVE:CVE-2014-6287 (The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.)
Original documentdocumentdanielelinguaglossa_(at)_gmail.com, HttpFileServer 2.3.x Remote Command Execution (15.10.2014)

VMware NSX and vCNS information disclosure
Published:15.10.2014
Source:
SecurityVulns ID:14024
Type:remote
Threat Level:
5/10
Affected:VMWARE : VMware NSX 6.0
 VMWARE : vCloud Networking and Security 5.5
CVE:CVE-2014-3796 (VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.)
Original documentdocumentVMWARE, NEW VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability (15.10.2014)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.10.2014
Source:
SecurityVulns ID:14025
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:STORESPRITE : Storesprite 7
 JOBSCHEDULER : JobScheduler 1.7
 OSCLASS : OsClass 3.4
 AVOLVE : ProjectDox 8.1
 PHPCAS : php-Cas 1.3
 INNOVATIVESERVIC : Sierra Library Services 1.2
 AEROHIVE : Aerohive Hive Manager 6.1
 S3QL : s3ql 1.11
 INNOVATIVEINTERF : Encore Discovery Solution 4.3
 OWNCLOUD : owncloud 7.0
 VEMBU : Storegrid 4.4
 ZEND : Zend 1.12
 ARTICLEFR : ArticleFR 11.06
 E2 : E2 2844
 E107 : E107 2.0
 KANBOARD : Kanboard 1.0
 WEB2PROJECT : web2Project 3.1
 ENDECA : Endeca Latitude 2.2
 CGIHTTPSERVER : CGIHTTPServer 3.4
CVE:CVE-2014-6308 (Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.)
 CVE-2014-6280 (Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php.)
 CVE-2014-5393 (Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.)
 CVE-2014-5392 (XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.)
 CVE-2014-5391 (Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).)
 CVE-2014-5136 (Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.)
 CVE-2014-5129 (Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox 8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-5127 (Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.)
 CVE-2014-4914
 CVE-2014-4736 (SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.)
 CVE-2014-4734 (Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.)
 CVE-2014-4172
 CVE-2014-4170
 CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.)
 CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.)
 CVE-2014-3737 (Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to brand.php, related to the currencyUrl function.)
 CVE-2014-3119
 CVE-2014-1546 (The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with the _bz_callback character set.)
 CVE-2014-0992 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter.)
 CVE-2014-0991 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter.)
 CVE-2014-0990 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter.)
 CVE-2014-0989 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.)
 CVE-2014-0988 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.)
 CVE-2014-0987 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.)
 CVE-2014-0986 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.)
 CVE-2014-0985 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.)
 CVE-2014-0485 (S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.)
Original documentdocumentRedTeam Pentesting, [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution (15.10.2014)
 documentRedTeam Pentesting, [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting (15.10.2014)
 documentRedTeam Pentesting, [RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery (15.10.2014)
 documentVulnerability Lab, Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities (15.10.2014)
 documentiedb.team_(at)_gmail.com, ClipBucket CMS Xss Vulnerability (15.10.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in Dolphin (15.10.2014)
 documentHigh-Tech Bridge Security Research, Multiple SQL Injection Vulnerabilities in web2Project (15.10.2014)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite (15.10.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Request Forgery (CSRF) in Kanboard (15.10.2014)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in e107 (15.10.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in Е2 (15.10.2014)
 documentHigh-Tech Bridge Security Research, Improper Access Control in ArticleFR (15.10.2014)
 documentMANDRIVA, [ MDVSA-2014:145 ] php-ZendFramework (15.10.2014)
 document[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities], [CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities] (15.10.2014)
 documentSenderek Web Security, ownCloud Unencrypted Private Key Exposure (15.10.2014)
 documentRomano, Christian, Encore Discovery Solution Multiple Vulnerability Disclosure (15.10.2014)
 documentehoward_(at)_novacoast.com, SaaS Marketing platform Hubspot export vulnerability (15.10.2014)
 documentPedro Ribeiro, [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert (15.10.2014)
 documentDEBIAN, [SECURITY] [DSA 3013-1] s3ql security update (15.10.2014)
 documentDisclosure_(at)_security-assessment.com, Aerohive Hive Manager and Hive OS Multiple Vulnerabilities (15.10.2014)
 documentRomano, Christian, Sierra Library Services Platform Multiple Vulnerability Disclosure (15.10.2014)
 documentMOZILLA, Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14 (15.10.2014)
 documentDEBIAN, [SECURITY] [DSA 3017-1] php-cas security update (15.10.2014)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2014-0005] - Advantech WebAccess Vulnerabilities (15.10.2014)
 documentRomano, Christian, Avolve Software ProjectDox Multiple Vulnerability Disclosure (15.10.2014)
 documentChristian Schneider, CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in "JobScheduler" (15.10.2014)
 documentChristian Schneider, CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler" (15.10.2014)
 documentChristian Schneider, CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in "JobScheduler" (15.10.2014)
 documentOnur Yilmaz, Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308 (15.10.2014)
 documentOnur Yilmaz, Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280 (15.10.2014)

serf / Apache httpcomponents HttpClient / Jakarta Commons HttpClient SSL validation bypass
Published:15.10.2014
Source:
SecurityVulns ID:14026
Type:library
Threat Level:
5/10
Description:Invalid parsing of certificates with NUL character in CN.
Affected:SERF : Serf 1.3
CVE:CVE-2014-3504 (The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.)
 CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:170 ] jakarta-commons-httpclient (15.10.2014)

catfish code execution
Published:15.10.2014
Source:
SecurityVulns ID:14027
Type:local
Threat Level:
5/10
Description:catfish.py in current path is executed.
Affected:CATFISH : catfish 0.4
CVE:CVE-2014-2093 (Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:162 ] catfish (15.10.2014)

Avira License Application CSRF
Published:15.10.2014
Source:
SecurityVulns ID:14028
Type:remote
Threat Level:
5/10
Description:Crossite request forgery in web interface.
Original documentdocumentVulnerability Lab, Avira License Application - Cross Site Request Forgery Vulnerability (15.10.2014)

EMC RSA Identity Management and Governance authentication bypass
Published:15.10.2014
Source:
SecurityVulns ID:14029
Type:remote
Threat Level:
5/10
Description:Authentication bypass if NovellIM is used.
Affected:EMC : RSA Identity Management and Governance 6.8
CVE:CVE-2014-4619 (EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username.)
Original documentdocumentEMC, ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability (15.10.2014)

live buffer overflow
Published:15.10.2014
Source:
SecurityVulns ID:14030
Type:remote
Threat Level:
5/10
Description:Buffer overflow on RTSP library.
Affected:LIVE : live 2014.07
Original documentdocumentMANDRIVA, [ MDVSA-2014:144 ] live (15.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod