Computer Security
[EN] securityvulns.ru no-pyccku


Imagemagic security vulnerabilities
Published:31.03.2014
Source:
SecurityVulns ID:13653
Type:library
Threat Level:
6/10
Description:Memory corruptions on JPEG and PSD parsing.
Affected:IMAGEMAGIC : imagemagic 6.7
CVE:CVE-2014-2030
 CVE-2014-1958
 CVE-2012-0260 (The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.)
Original documentdocumentUBUNTU, [USN-2132-1] ImageMagick vulnerabilities (31.03.2014)

IcedTea Web information leakage
Published:31.03.2014
Source:
SecurityVulns ID:13654
Type:local
Threat Level:
5/10
Description:Weak permission for temporary files.
Affected:ICEDTEAWEB : IcedTea-Web 1.4
CVE:CVE-2013-6493 (The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.)
Original documentdocumentUBUNTU, [USN-2131-1] IcedTea Web vulnerability (31.03.2014)

Apache Tomcat multiple security vulnerabilities
updated since 28.02.2014
Published:31.03.2014
Source:
SecurityVulns ID:13578
Type:remote
Threat Level:
6/10
Description:Information leakage, DoS, session fixation.
Affected:APACHE : Tomcat 7.0
 APACHE : Tomcat 8.0
CVE:CVE-2014-0050 (MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.)
 CVE-2014-0033 (org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.)
 CVE-2013-4590 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
 CVE-2013-4322 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.)
 CVE-2013-4286 (Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.)
Original documentdocumentAPACHE, [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS (31.03.2014)
 documentAPACHE, [SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications (28.02.2014)
 documentAPACHE, [SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service) (28.02.2014)
 documentAPACHE, [SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure) (28.02.2014)
 documentAPACHE, [SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled (28.02.2014)

EMC Documentum TaskSpace security vulnerabilities
Published:31.03.2014
Source:
SecurityVulns ID:13655
Type:remote
Threat Level:
5/10
Description:Privilege escalation, information leakage.
Affected:EMC : Documentum TaskSpace 6.7
CVE:CVE-2014-0630 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL.)
 CVE-2014-0629 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.)
Original documentdocumentEMC, ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities (31.03.2014)

Symantec LiveUpdate Administrator security vulnerabilities
Published:31.03.2014
Source:
SecurityVulns ID:13646
Type:remote
Threat Level:
6/10
Description:Unaurhorized access, SQL injection.
Affected:SYMANTEC : Symantec LiveUpdate Administrator 2.3
CVE:CVE-2014-1645 (SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2014-1644 (The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator (31.03.2014)

libYAML buffer overflow
updated since 10.02.2014
Published:31.03.2014
Source:
SecurityVulns ID:13563
Type:library
Threat Level:
6/10
Description:Buffer oveflow on oversized tag.
Affected:YAML : LibYAML 0.1
CVE:CVE-2014-2525 (Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.)
 CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.)
Original documentdocumentAndrea Barisani, [oCERT-2014-003] LibYAML input sanitization errors (31.03.2014)
 documentDEBIAN, [SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update (27.03.2014)
 documentDEBIAN, [SECURITY] [DSA 2884-1] libyaml security update (27.03.2014)
 documentUBUNTU, [USN-2098-1] LibYAML vulnerability (10.02.2014)

EMC VPLEX multiple security vulnerabilities
Published:31.03.2014
Source:
SecurityVulns ID:13647
Type:remote
Threat Level:
5/10
Description:Directory traversal, protection bypass.
Affected:EMC : VPLEX GeoSynchrony 5.2
CVE:CVE-2014-0635 (Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.)
 CVE-2014-0634 (EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.)
 CVE-2014-0633 (The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.)
 CVE-2014-0632 (Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Original documentdocumentEMC, ESA-2014-016: EMC VPLEX Multiple Vulnerabilities (31.03.2014)

Apple iOS multiple security vulnerabilities
updated since 13.03.2014
Published:31.03.2014
Source:
SecurityVulns ID:13600
Type:library
Threat Level:
9/10
Description:Symbolic links vulnerability, root certificates problems, protection bypass, DoS, privilege escalation, memory corruption, information leakage, code execution.
Affected:APPLE : Apple iOS 7.0
CVE:CVE-2014-1294 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1293.)
 CVE-2014-1293 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1294.)
 CVE-2014-1292 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.)
 CVE-2014-1291 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.)
 CVE-2014-1290 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.)
 CVE-2014-1289 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.)
 CVE-2014-1287 (USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.)
 CVE-2014-1286 (SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.)
 CVE-2014-1285 (Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.)
 CVE-2014-1284 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2019. Reason: This candidate is a duplicate of CVE-2014-2019. Notes: All CVE users should reference CVE-2014-2019 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2014-1282 (The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name.)
 CVE-2014-1281 (Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.)
 CVE-2014-1280 (Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.)
 CVE-2014-1278 (The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.)
 CVE-2014-1277 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3948. Reason: This candidate is a duplicate of CVE-2013-3948. Notes: All CVE users should reference CVE-2013-3948 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2014-1276 (IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.)
 CVE-2014-1275 (Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.)
 CVE-2014-1274 (FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.)
 CVE-2014-1273 (dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.)
 CVE-2014-1272 (CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.)
 CVE-2014-1271 (CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.)
 CVE-2014-1270 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.)
 CVE-2014-1269 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.)
 CVE-2014-1267 (The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed.)
 CVE-2014-1252 (Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.)
 CVE-2013-6835 (TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.)
 CVE-2013-6635 (Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp.)
 CVE-2013-6629 (The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.)
 CVE-2013-6625 (Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event.)
 CVE-2013-5228 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.)
 CVE-2013-5227 (Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields.)
 CVE-2013-5225 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.)
 CVE-2013-5199 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.)
 CVE-2013-5198 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.)
 CVE-2013-5197 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.)
 CVE-2013-5196 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.)
 CVE-2013-5133 (Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.)
 CVE-2013-2928 (Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2013-2926 (Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to list elements.)
 CVE-2013-2909 (Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings.)
 CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.)
Original documentdocumentguillaume_(at)_binaryfactory.ca, [CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue (31.03.2014)
 documentNCC Group Research, NCC00596 Technical Advisory: iOS 7 arbitrary code execution in kernel mode (18.03.2014)
 documentAPPLE, APPLE-SA-2014-03-10-1 iOS 7.1 (13.03.2014)

PowerArchiver weak encrption
Published:31.03.2014
Source:
SecurityVulns ID:13649
Type:local
Threat Level:
4/10
Description:Native ZIP encryption is used instead of AES.
Affected:POWERARCHIVER : PowerArchiver 14ю02
CVE:CVE-2014-2319 (The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack.)
Original documentdocumentHanno Bock, PowerArchiver: Uses insecure legacy PKZIP encryption when AES is selected (CVE-2014-2319) (31.03.2014)

Oracle VirtualBox memory corruptions
Published:31.03.2014
Source:
SecurityVulns ID:13650
Type:remote
Threat Level:
6/10
Description:Multiple memory corruptions in 3D acceleration.
Affected:ORACLE : VirtualBox 4.3
CVE:CVE-2014-0983 (Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCOD)
 CVE-2014-0982 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0981. Reason: This issue was MERGED into CVE-2014-0981 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-0981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2014-0981 (VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities (31.03.2014)

Android protection bypass
Published:31.03.2014
Source:
SecurityVulns ID:13651
Type:library
Threat Level:
5/10
Description:It's possible to install and run application silently.
Original documentdocumentDaniel Divricean, Android Vulnerability: Install App Without User Explicit Consent (31.03.2014)

Linux kernel security vulnerabilities
updated since 08.01.2014
Published:31.03.2014
Source:
SecurityVulns ID:13475
Type:library
Threat Level:
9/10
Description:ptrace information leakage, debug functions privilege escalation, cprng weak PRNG, networking dissector DoS, multiple integer overflows, buffer overlows in WiMax, USB and different devices drivers, UDP fragmentation offload uninitialized memory, privilege escalations. NAT conntrack information leakage.
Affected:LINUX : kernel 2.6
 LINUX : kernel 3.11
 LINUX : kernel 3.12
CVE:CVE-2014-2038 (The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.)
 CVE-2014-1874 (The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.)
 CVE-2014-1690 (The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.)
 CVE-2014-1446 (The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.)
 CVE-2014-1438 (The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.)
 CVE-2014-0038 (The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.)
 CVE-2013-7281 (The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7271 (The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7270 (The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7269 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7268 (The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7267 (The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7266 (The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7265 (The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7264 (The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7263 (The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.)
 CVE-2013-7027 (The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.)
 CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls.)
 CVE-2013-6763 (The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511.)
 CVE-2013-6383 (The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.)
 CVE-2013-6382 (Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.)
 CVE-2013-6380 (The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.)
 CVE-2013-6378 (The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.)
 CVE-2013-6368 (The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.)
 CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.)
 CVE-2013-4592 (Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.)
 CVE-2013-4588 (Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.)
 CVE-2013-4587 (Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.)
 CVE-2013-4516 (The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.)
 CVE-2013-4515 (The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.)
 CVE-2013-4514 (Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions.)
 CVE-2013-4513 (Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation.)
 CVE-2013-4511 (Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.)
 CVE-2013-4470 (The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.)
 CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation.)
 CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.)
 CVE-2013-4299 (Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.)
 CVE-2013-2930 (The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.)
 CVE-2013-2929 (The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.)
Original documentdocumentUBUNTU, [USN-2140-1] Linux kernel vulnerabilities (31.03.2014)
 documentMANDRIVA, [ MDVSA-2014:038 ] kernel (18.02.2014)
 documentUBUNTU, [USN-2096-1] Linux kernel vulnerability (01.02.2014)
 documentMANDRIVA, [ MDVSA-2014:001 ] kernel (14.01.2014)
 documentUBUNTU, [USN-2075-1] Linux kernel vulnerabilities (08.01.2014)

Huawei E5331 Multiple security vulnerabilities
Published:31.03.2014
Source:
SecurityVulns ID:13652
Type:remote
Threat Level:
5/10
Description:Unauthorized access, CSRF.
Affected:HUAWEI : Huawei E5331
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140307-0 :: Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot (31.03.2014)

Different iOS applications vulnerabilities
updated since 31.03.2014
Published:29.12.2014
Source:
SecurityVulns ID:13648
Type:remote
Threat Level:
5/10
Description:Information leaks, code execution, protection bypass, etc.
Affected:ISTARTAPP : iStArtApp FileXChange 6.3
 EPHONE : ePhone Disk 1.0
 EASYFILEMANAGER : Easy FileManager 1.1
 MYPHOTOWIFISHARE : My Photo Wifi Share & PS 1.1
 LAZYBONE : Lazybone Studios WiFi Music 1.0
 FTPDRIVE : FTP Drive + HTTP 1.0
 WIRELESSDRIVE : Wireless Drive 1.1
 WIFILES : WiFiles HD 1.3
 MYPDFCREATOR : My PDF Creator & DE DM 1.4
 FILEHUB : File Hub 1.9
 MBDRIVEHD : mbDriveHD 1.0
 OFFICEASSISTANT : Office Assistant Pro 2.2
 JDISK : jDisk 2.0
 WIFICAMERAROLL : WiFi Camera Roll 1.2
 PHOTOWIFI : PhotoWIFI Lite 1.0
 VANCTECH : Vanctech File Commander 1.1
 ISHAREYOURMOVING : iShare Your Moving Library 1.0
 PRIVATEPHOTOVIDE : Private Photo+Video 1.1
 DEPOTWIFI : Depot WiFi 1.0
 AIRPHOTO : AirPhoto WebDisk 4.1
 PDFALBUM : PDF Album iOS 1.7
 IVAULT : iVault Private P&V 1.1
 BLUEME : BlueMe Bluetooth 5.0
 APPFISH : AppFish Offline Coder 2.2
 BLUETOOTHTEXTCHA : Bluetooth Text Chat 1.0
 APACHE : Cordova 2.9
 JOIDS : JOIDS 1.2
 SPAGOBI : SpagoBI 4.0
 ISCANONLINE : iScan Online Mobile 2.0
 BLUETOOTHPGOTOFI : Bluetooth Photo-File Share 2.
 ALLREADER : AllReader 1.0
 TIGERCOM : TigerCom My Assistant 1.1
 PRIVACYPRO : Privacy Pro v.2
 FILESDESKPRO : Files Desk Pro 1.4
 NGWIFITRANSFER : NG WifiTransfer Pro 1.1
 PHOTOWIFITRANSFE : Photo WiFi Transfer 1.01
 TIGERCOM : iFolder+ 1.2
 PHOTOORG : WonderApplications 8.3
 WIFIHD : WiFi HD 7.3
 EASYFTPPRO : Easy FTP Pro 4.2
 PHOTOSYNC : PhotoSync 2.2
 PHOTOSYNC : PhotoSync Wifi & Bluetooth 1.0
 VIDEOWIFI : Video WiFi Transfer 1.01
 FREEDISK : FreeDisk 1.01
 GS : GS Foto Uebertraeger 3.0
 USBWIFIFLASHDRIV : USB&WiFi Flash Drive 1.3
 BRIEFCASE : Briefcase 4.0
 CHATSECURE : ChatSecure IM 2.2
 PHOTORANGE : Photorange 1.0
 WWWFILESHAREPRO : WWW File Share Pro 7.0
 FOLDERPLUS : Folder Plus 2.5
 WEBDISK : WebDisk 2.1
 IFILEEXPLORER : iFileExplorer 6.51
 FILEMANAGER : File Manager 4.2
 IFUNBOXFREE : iFunBox Free 1.1
 FILEBUG : FileBug 1.5
 IBACKUP : iBackup 10.0
 IWIFIFORCHAT : iWifi for Chat 1.1
Original documentdocumentVulnerability Lab, iWifi for Chat v1.1 iOS - Denial of Service Vulnerability (29.12.2014)
 documentVulnerability Lab, iBackup v10.0.0.45 - Privilege Escalation Vulnerability (29.12.2014)
 documentVulnerability Lab, Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities (03.11.2014)
 documentVulnerability Lab, FileBug v1.5.1 iOS - Path Traversal Web Vulnerability (03.11.2014)
 documentVulnerability Lab, iFunBox Free v1.1 iOS - File Include Vulnerability (03.11.2014)
 documentVulnerability Lab, File Manager v4.2.10 iOS - Code Execution Vulnerability (03.11.2014)
 documentVulnerability Lab, File Manager v4.2.10 iOS - Code Execution Vulnerability (03.11.2014)
 documentVulnerability Lab, iFileExplorer v6.51 iOS - File Include Web Vulnerability (03.11.2014)
 documentVulnerability Lab, WebDisk+ v2.1 iOS - Code Execution Vulnerability (03.11.2014)
 documentVulnerability Lab, Folder Plus v2.5.1 iOS - Persistent Item Vulnerability (03.11.2014)
 documentVulnerability Lab, WWW File Share Pro v7.0 - Denial of Service Vulnerability (29.09.2014)
 documentVulnerability Lab, Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability (29.09.2014)
 documentVulnerability Lab, Photorange v1.0 iOS - File Include Web Vulnerability (29.09.2014)
 documentVulnerability Lab, ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability (29.09.2014)
 documentVulnerability Lab, Briefcase 4.0 iOS - Code Execution & File Include Vulnerability (29.09.2014)
 documentVulnerability Lab, USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability (29.09.2014)
 documentVulnerability Lab, GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability (29.09.2014)
 documentVulnerability Lab, SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability (29.09.2014)
 documentVulnerability Lab, Video WiFi Transfer 1.01 - Directory Traversal Vulnerability (11.08.2014)
 documentVulnerability Lab, FreeDisk v1.01 iOS - Multiple Web Vulnerabilities (11.08.2014)
 documentVulnerability Lab, PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability (11.08.2014)
 documentVulnerability Lab, PhotoSync v2.2 iOS - Command Inject Web Vulnerability (11.08.2014)
 documentVulnerability Lab, Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities (11.08.2014)
 documentVulnerability Lab, Photo Org WonderApplications v8.3 iOS - File Include Vulnerability (04.08.2014)
 documentVulnerability Lab, WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities (04.08.2014)
 documentVulnerability Lab, TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities (04.08.2014)
 documentVulnerability Lab, Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability (04.08.2014)
 documentVulnerability Lab, iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability (14.06.2014)
 documentVulnerability Lab, Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities (14.06.2014)
 documentVulnerability Lab, AllReader v1.0 iOS - Multiple Web Vulnerabilities (14.06.2014)
 documentVulnerability Lab, TigerCom My Assistant v1.1 iOS - File Include Vulnerability (14.06.2014)
 documentVulnerability Lab, Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability (14.06.2014)
 documentVulnerability Lab, Files Desk Pro v1.4 iOS - File Include Web Vulnerability (14.06.2014)
 documentVulnerability Lab, NG WifiTransfer Pro 1.1 - File Include Vulnerability (14.06.2014)
 documenticlelland_(at)_chromium.org, [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults (05.05.2014)
 documenticlelland_(at)_chromium.org, [CVE-2014-0072] Apache Cordova File-Transfer insecure defaults (05.05.2014)
 documentVulnerability Lab, Bluetooth Text Chat v1.0 iOS - Code Execution Vulnerability (04.05.2014)
 documentVulnerability Lab, AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability (04.05.2014)
 documentVulnerability Lab, BlueMe Bluetooth v5.0 iOS - Code Execution Vulnerability (04.05.2014)
 documentVulnerability Lab, iVault Private P&V 1.1 iOS - Path Traversal Vulnerability (04.05.2014)
 documentVulnerability Lab, PDF Album v1.7 iOS - File Include Web Vulnerability (04.05.2014)
 documentVulnerability Lab, AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability (04.05.2014)
 documentVulnerability Lab, Depot WiFi v1.0.0 iOS - Multiple Web Vulnerabilities (04.05.2014)
 documentVulnerability Lab, Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability (07.04.2014)
 documentVulnerability Lab, iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities (03.04.2014)
 documentVulnerability Lab, PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities (01.04.2014)
 documentVulnerability Lab, Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities (01.04.2014)
 documentVulnerability Lab, WiFi Camera Roll v1.2 iOS - Multiple Web Vulnerabilities (31.03.2014)
 documentVulnerability Lab, jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities (31.03.2014)
 documentVulnerability Lab, Office Assistant Pro v2.2.2 iOS - File Include Vulnerability (31.03.2014)
 documentVulnerability Lab, mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities (31.03.2014)
 documentVulnerability Lab, File Hub v1.9.1 iOS - Multiple Web Vulnerabilities (31.03.2014)
 documentVulnerability Lab, My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities (31.03.2014)
 documentVulnerability Lab, WiFiles HD v1.3 iOS - File Include Web Vulnerability (31.03.2014)
 documentVulnerability Lab, Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities (31.03.2014)
 documentVulnerability Lab, FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability (31.03.2014)
 documentVulnerability Lab, Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities (31.03.2014)
 documentVulnerability Lab, My Photo Wifi Share & PS 1.1 iOS - Local Command Injection Vulnerability (31.03.2014)
 documentVulnerability Lab, Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities (31.03.2014)
 documentVulnerability Lab, ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities (31.03.2014)
 documentVulnerability Lab, iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities (31.03.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod