Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 22.02.2015
Published:23.02.2015
Source:
SecurityVulns ID:14273
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BUGZILLA : Bugzilla 4.2
 LANDESK : Landesk Management Suite 9.5
 RADEXSCRIPT : Radexscript CMS 2.2
 WORDPRESS : Liftux holding_pattern 0.6
 NINJAFORMS : Ninja Forms 2.8
 WORDPRESS : Easing Slider 2.2
 ARTICLEFR : articleFR 3.0
 PIWIGO : Piwigo 2.7
 ZARAFA : zarafa 7.1
 FATFREECRM : Fat Free CRM 0.13
 UNIT4 : Prosoft HRMS 8.14
 BMC : BMC Footprints 11.5
 JUIFILTERRULES : jui_filter_rules 1.6
 HYBRIS : Hybris 5.3
 FORKCMS : Fork CMS 3.8
 MANAGEENGINE : ManageEngine Desktop Central 9
 PANDORAFMS : Pandora FMS 5.1
 MYLITTLEFORUM : my little forum 2.3
 DJANGO : django 1.7
CVE:CVE-2015-1614 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher[caption] parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page.)
 CVE-2015-1585 (Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account.)
 CVE-2015-1518 (SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.)
 CVE-2015-1517 (SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.)
 CVE-2015-1467 (Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.)
 CVE-2015-1436 (Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php.)
 CVE-2015-1435 (Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php.)
 CVE-2015-1434 (Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.)
 CVE-2015-1364 (SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.)
 CVE-2015-1363 (Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/.)
 CVE-2015-1172 (Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.)
 CVE-2014-9465 (senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.)
 CVE-2014-9331 (Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do.)
 CVE-2014-8871
 CVE-2014-8630 (Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.)
 CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx.)
Original documentdocumentalex_haynes_(at)_outlook.com, CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability (23.02.2015)
 documenttien.d.tran_(at)_itas.vn, articleFR CMS 3.0.5 - Arbitrary File Upload (23.02.2015)
 documenttien.d.tran_(at)_itas.vn, articleFR CMS 3.0.5 - SQL injection vulnerability (23.02.2015)
 documenttien.d.tran_(at)_itas.vn, articleFR CMS 3.0.5 - XSS vulnerability (23.02.2015)
 documentsven_(at)_bsddaemon.org, [CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5 (23.02.2015)
 documentborg_(at)_servernet.se, CVE-2015-1172 Wordpress-theme remote arbitrary code (23.02.2015)
 documentMANDRIVA, [ MDVSA-2015:030 ] bugzilla (23.02.2015)
 documentMANDRIVA, [ MDVSA-2015:036 ] python-django (23.02.2015)
 documentayman.abdelaziz_(at)_helpag.com, BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting Vulnerabilities (XSS) (23.02.2015)
 documentitas.team_(at)_itas.vn, Radexscript CMS 2.2.0 - SQL Injection vulnerability (23.02.2015)
 documentMANDRIVA, [ MDVSA-2015:040 ] zarafa (22.02.2015)
 documentHigh-Tech Bridge Security Research, Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin (22.02.2015)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in my little forum (22.02.2015)
 documentVulnerability Lab, Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability (22.02.2015)
 documentsn_(at)_1dn.eu, Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability (22.02.2015)
 documentjerold_(at)_v00d00sec.com, UNIT4 Prosoft HRMS XSS Vulnerability (22.02.2015)
 documentsven_(at)_bsddaemon.org, [CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5 (22.02.2015)
 documentl0om, Cosmoshop - XSS on Admin-Login Mask (22.02.2015)
 documentkingkaustubh_(at)_me.com, Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher (22.02.2015)
 documentkingkaustubh_(at)_me.com, CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher (22.02.2015)
 documentRedTeam Pentesting, [RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite (22.02.2015)
 documentsven_(at)_bsddaemon.org, [CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3 (22.02.2015)
 documenttschmid_(at)_ernw.de, PHP Code Execution in jui_filter_rules Parsing Library (22.02.2015)

IBM Endpoint Manager crossite scripting
Published:23.02.2015
Source:
SecurityVulns ID:14278
Type:remote
Threat Level:
5/10
Description:Relay Diagnostics crossite scripting.
Affected:IBM : Tivoli Endpoint Manager 9.1
CVE:CVE-2014-6137 (Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentRedTeam Pentesting, [RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page (23.02.2015)

LG On Screen Phone authentication bypass
Published:23.02.2015
Source:
SecurityVulns ID:14283
Type:local
Threat Level:
4/10
Description:Authentication is IP address based.
Affected:LG : On-Screen Phone 4.3
CVE:CVE-2014-8757 (LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request.)
Original documentdocumentImre RAD, LG On Screen Phone authentication bypass (CVE-2014-8757) (23.02.2015)

HP SiteScope privilege escalation
Published:23.02.2015
Source:
SecurityVulns ID:14286
Type:local
Threat Level:
5/10
Affected:HP : HP SiteScope 11.24
CVE:CVE-2014-7882 (Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMU03232 rev.3 - HP SiteScope, Remote Elevation of Privilege (23.02.2015)

Cisco WebEx Meetings Server code execution
Published:23.02.2015
Source:
SecurityVulns ID:14288
Type:remote
Threat Level:
7/10
Description:Shell injection.
CVE:CVE-2015-0589 (The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.)
Files:Cisco WebEx Meetings Server Command Injection Vulnerability

liveMedia integer overflow
Published:23.02.2015
Source:
SecurityVulns ID:14281
Type:library
Threat Level:
5/10
Description:Integer overflow on RTSP parsing.
Affected:LIVENETWORK : Live555 Streaming Media 2011.08
CVE:CVE-2013-6933 (The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3156-1] liblivemedia security update (23.02.2015)

Samba memory corruption
Published:23.02.2015
Source:
SecurityVulns ID:14289
Type:remote
Threat Level:
8/10
Description:Uninitilezed pointer free'ing potentially leads to code execution.
Affected:SAMBA : Samba 3.6
CVE:CVE-2015-0240 (The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.)
Files:Samba vulnerability (CVE-2015-0240)

Apache Tomcar request spoofing
Published:23.02.2015
Source:
SecurityVulns ID:14280
Type:remote
Threat Level:
6/10
Description:Request spoofing on chunked encoding processing.
Affected:APACHE : Tomcat 8.0
CVE:CVE-2014-0227 (java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.)
Original documentdocumentAPACHE, [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling (23.02.2015)

vorbis-tools DoS
Published:23.02.2015
Source:
SecurityVulns ID:14282
Type:library
Threat Level:
5/10
Description:out-of-bounds read on raw files processing.
Affected:VORBISTOOLS : vorbis-tools 1.4
CVE:CVE-2014-9640 (oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:037 ] vorbis-tools (23.02.2015)

condor code execution
Published:23.02.2015
Source:
SecurityVulns ID:14285
Type:local
Threat Level:
5/10
Description:Unfiltered shell characters on mailx invocation.
Affected:CONDOR : condor 8.2
CVE:CVE-2014-8126
Original documentdocumentDEBIAN, [SECURITY] [DSA 3149-1] condor security update (23.02.2015)

EMC Captiva Capture information leakage
Published:23.02.2015
Source:
SecurityVulns ID:14284
Type:remote
Threat Level:
5/10
Description:Cleartext password may be logged.
Affected:EMC : Captiva Capture 7.1
CVE:CVE-2015-0519 (The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file.)
Original documentdocumentEMC, ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability (23.02.2015)

Mooplayer buffer overflow
Published:23.02.2015
Source:
SecurityVulns ID:14279
Type:local
Threat Level:
4/10
Description:Buffer overflow on .m3u files parsing.
Affected:MOOPLAYER : MooPlayer 1.3
Original documentdocumentsaman.j.l33t_(at)_gmail.com, Mooplayer 1.3.0 'm3u' SEH Buffer Overflow POC (23.02.2015)

HP UCMDB information disclosure
Published:23.02.2015
Source:
SecurityVulns ID:14287
Type:remote
Threat Level:
5/10
Affected:HP : Universal CMD 10.11
CVE:CVE-2014-7883 (HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.)
Original documentdocumentHP, [security bulletin] HPSBMU03239 rev.1 - HP UCMDB, Remote Disclosure of Information (23.02.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod