Computer Security
[EN] securityvulns.ru no-pyccku


LibreOffice memory corruption
Published:22.02.2015
Source:
SecurityVulns ID:14271
Type:library
Threat Level:
5/10
Description:Memory corruption on RTF parsing.
Affected:LIBREOFFICE : Libreoffice 4.3
CVE:CVE-2014-9093 (LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3163-1] libreoffice security update (22.02.2015)

NetGear WNDR security vulnerabilities
Published:22.02.2015
Source:
SecurityVulns ID:14274
Type:remote
Threat Level:
5/10
Description:Information leakage, authentication bypass.
Affected:NETGEAR : NetGear WNR2200
 NETGEAR : NetGear WNR2500
 NETGEAR : NetGear WNDR3700
Original documentdocumentPeter Adkins, NetGear WNDR Authentication Bypass / Information Disclosure (22.02.2015)

UnZip multiple security vulnerabilities
updated since 23.12.2014
Published:22.02.2015
Source:
SecurityVulns ID:14173
Type:remote
Threat Level:
5/10
Description:Few buffer overflows.
Affected:UNZIP : unzip 6.0
CVE:CVE-2015-1315 (Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.)
 CVE-2014-9636 (unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.)
 CVE-2014-8141
 CVE-2014-8140
 CVE-2014-8139
Original documentdocumentUBUNTU, [USN-2502-1] unzip vulnerabilities (22.02.2015)
 documentDEBIAN, [SECURITY] [DSA 3152-1] unzip security update (11.02.2015)
 documentAndrea Barisani, [oCERT-2014-011] UnZip input sanitization errors (23.12.2014)

ISC bind named DoS
Published:22.02.2015
Source:
SecurityVulns ID:14272
Type:remote
Threat Level:
6/10
Description:DNSSEC parsing assert().
Affected:ISC : bind 9.10
CVE:CVE-2015-1349 (named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.)
Original documentdocumentUBUNTU, [USN-2503-1] Bind vulnerability (22.02.2015)

Netatmo Weather Station information leakage
Published:22.02.2015
Source:
SecurityVulns ID:14275
Type:remote
Threat Level:
5/10
Description:Information leakage.
CVE:CVE-2015-1600
Original documentdocumentjullrich_(at)_sans.edu, CVE-2015-1600 - Netatmo Weather Station Cleartext Password Leak (22.02.2015)

Elasticsearch restrictions bypass
Published:22.02.2015
Source:
SecurityVulns ID:14277
Type:library
Threat Level:
5/10
Description:Sandbox restrictions bypass.
Affected:ELASTIC : elasticsearch 1.3
 ELASTIC : elasticsearch 1.4
CVE:CVE-2015-1427 (The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.)
Original documentdocumentELASTIC, Elasticsearch vulnerability CVE-2015-1427 (22.02.2015)

Google mail application DoS
Published:22.02.2015
Source:
SecurityVulns ID:14276
Type:remote
Threat Level:
5/10
Description:DoS on message parsing.
Affected:GOOGLE : Google Email App 4.2
CVE:CVE-2015-1574 (The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a "Content-Disposition: ;" header in an e-mail message.)
Original documentdocumentHector Marco, CVE-2015-1574 - Google Email App 4.2.2 remote denial of service (22.02.2015)

PHP multiple security vulnerabilities
updated since 11.02.2015
Published:22.02.2015
Source:
SecurityVulns ID:14261
Type:library
Threat Level:
6/10
Description:exif_process_unicode() DoS, var_unserializer.re code execution, information disclosure.
Affected:PHP : PHP 5.6
CVE:CVE-2015-1352 (The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.)
 CVE-2015-1351 (Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2015-0232 (The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.)
 CVE-2015-0231 (Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.)
 CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.)
Original documentdocumentUBUNTU, [USN-2501-1] PHP vulnerabilities (22.02.2015)
 documentMANDRIVA, [ MDVSA-2015:032 ] php (11.02.2015)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 22.02.2015
Published:23.02.2015
Source:
SecurityVulns ID:14273
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BUGZILLA : Bugzilla 4.2
 LANDESK : Landesk Management Suite 9.5
 RADEXSCRIPT : Radexscript CMS 2.2
 WORDPRESS : Liftux holding_pattern 0.6
 NINJAFORMS : Ninja Forms 2.8
 WORDPRESS : Easing Slider 2.2
 ARTICLEFR : articleFR 3.0
 PIWIGO : Piwigo 2.7
 ZARAFA : zarafa 7.1
 FATFREECRM : Fat Free CRM 0.13
 UNIT4 : Prosoft HRMS 8.14
 BMC : BMC Footprints 11.5
 JUIFILTERRULES : jui_filter_rules 1.6
 HYBRIS : Hybris 5.3
 FORKCMS : Fork CMS 3.8
 MANAGEENGINE : ManageEngine Desktop Central 9
 PANDORAFMS : Pandora FMS 5.1
 MYLITTLEFORUM : my little forum 2.3
 DJANGO : django 1.7
CVE:CVE-2015-1614 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher[caption] parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page.)
 CVE-2015-1585 (Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account.)
 CVE-2015-1518 (SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.)
 CVE-2015-1517 (SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.)
 CVE-2015-1467 (Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.)
 CVE-2015-1436 (Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php.)
 CVE-2015-1435 (Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php.)
 CVE-2015-1434 (Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.)
 CVE-2015-1364 (SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.)
 CVE-2015-1363 (Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/.)
 CVE-2015-1172 (Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.)
 CVE-2014-9465 (senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.)
 CVE-2014-9331 (Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do.)
 CVE-2014-8871
 CVE-2014-8630 (Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.)
 CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx.)
Original documentdocumentalex_haynes_(at)_outlook.com, CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability (23.02.2015)
 documenttien.d.tran_(at)_itas.vn, articleFR CMS 3.0.5 - Arbitrary File Upload (23.02.2015)
 documenttien.d.tran_(at)_itas.vn, articleFR CMS 3.0.5 - SQL injection vulnerability (23.02.2015)
 documenttien.d.tran_(at)_itas.vn, articleFR CMS 3.0.5 - XSS vulnerability (23.02.2015)
 documentsven_(at)_bsddaemon.org, [CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5 (23.02.2015)
 documentborg_(at)_servernet.se, CVE-2015-1172 Wordpress-theme remote arbitrary code (23.02.2015)
 documentMANDRIVA, [ MDVSA-2015:030 ] bugzilla (23.02.2015)
 documentMANDRIVA, [ MDVSA-2015:036 ] python-django (23.02.2015)
 documentayman.abdelaziz_(at)_helpag.com, BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting Vulnerabilities (XSS) (23.02.2015)
 documentitas.team_(at)_itas.vn, Radexscript CMS 2.2.0 - SQL Injection vulnerability (23.02.2015)
 documentMANDRIVA, [ MDVSA-2015:040 ] zarafa (22.02.2015)
 documentHigh-Tech Bridge Security Research, Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin (22.02.2015)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in my little forum (22.02.2015)
 documentVulnerability Lab, Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability (22.02.2015)
 documentsn_(at)_1dn.eu, Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability (22.02.2015)
 documentjerold_(at)_v00d00sec.com, UNIT4 Prosoft HRMS XSS Vulnerability (22.02.2015)
 documentsven_(at)_bsddaemon.org, [CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5 (22.02.2015)
 documentl0om, Cosmoshop - XSS on Admin-Login Mask (22.02.2015)
 documentkingkaustubh_(at)_me.com, Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher (22.02.2015)
 documentkingkaustubh_(at)_me.com, CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher (22.02.2015)
 documentRedTeam Pentesting, [RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite (22.02.2015)
 documentsven_(at)_bsddaemon.org, [CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3 (22.02.2015)
 documenttschmid_(at)_ernw.de, PHP Code Execution in jui_filter_rules Parsing Library (22.02.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod