Информационная безопасность
[RU] switch to English


DoS против file / libmagic / PHP
дополнено с 18 февраля 2014 г.
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13572
Тип:библиотека
Уровень опасности:
5/10
Описание:Бесконечная рекурсия при определении некоторых видов файлов, обращение по неинициализированной памяти, исчерпание ресурсов.
Затронутые продукты:FILE : file 5.11
CVE:CVE-2014-2270 (softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.)
 CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.)
 CVE-2013-7345 (The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.)
Оригинальный текстdocumentSLACKWARE, [slackware-security] php (SSA:2014-111-02) (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2873-1] file security update (13.03.2014)
 documentDEBIAN, [SECURITY] [DSA 2861-1] file security update (18.02.2014)

Переполнение буфера в Libmms
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13704
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера в функции get_answer() при обработке MMS over HTTP.
Затронутые продукты:LIBMMS : libmms 0.6
CVE:CVE-2014-2892 (Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2916-1] libmms security update (04.05.2014)

Межсайтовый скриптинг в CUPS
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13707
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в веб-интерфейсе.
Затронутые продукты:CUPS : cups 1.7
CVE:CVE-2014-2856 (Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.)
Оригинальный текстdocumentUBUNTU, [USN-2172-1] CUPS vulnerability (04.05.2014)

DoS против HP iLO
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13708
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ устройства на запросе, демонстрирующем уязвимость Heartbleed.
Затронутые продукты:HP : iLO 2
CVE:CVE-2014-2601 (The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.)
 CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.)
Оригинальный текстdocumentHP, [security bulletin] HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service (04.05.2014)

DoS через NFS в FreeBSD
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13709
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможно вызвать deadlock при корректной последовательности операций.
Затронутые продукты:FREEBSD : FreeBSD 8.4
 FREEBSD : FreeBSD 9.2
 FREEBSD : FreeBSD 10.0
CVE:CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.)
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:05.nfsserver (04.05.2014)

DoS через rsync
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13710
Тип:библиотека
Уровень опасности:
4/10
Описание:Исчерпание ресурсов.
Затронутые продукты:RSYNC : rsync 3.1
CVE:CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.)
Оригинальный текстdocumentUBUNTU, [USN-2171-1] rsync vulnerability (04.05.2014)

Многочисленные уязвимости в Apple iOS
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13712
Тип:библиотека
Уровень опасности:
7/10
Описание:Небезопасная работа с куки, обход защиты, утечка информации, многочисленные уязвимости в WebKit.
Затронутые продукты:APPLE : Apple iOS 7.1
CVE:CVE-2014-1713 (Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.)
 CVE-2014-1320 (IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.)
 CVE-2014-1313 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1312 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1311 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1310 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1309 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1308 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1307 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1305 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1304 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1303 (Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.)
 CVE-2014-1302 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1300 (Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.)
 CVE-2014-1299 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1298 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.)
 CVE-2014-1295 (Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack.")
 CVE-2013-2871 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2014-04-22-2 iOS 7.1.1 (04.05.2014)

Многочисленные уязвимости безопасности в Apple TV
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13713
Тип:библиотека
Уровень опасности:
6/10
Описание:Небезопасная работа с куки, обход защиты, утечка информации, многочисленные уязвимости в WebKit.
Затронутые продукты:APPLE : Apple TV 6.1
CVE:CVE-2014-1713 (Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.)
 CVE-2014-1320 (IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.)
 CVE-2014-1313 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1312 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1311 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1310 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1309 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1308 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1307 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1305 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1304 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1303 (Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.)
 CVE-2014-1302 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1300 (Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.)
 CVE-2014-1299 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1298 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.)
 CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.)
 CVE-2014-1295 (Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack.")
 CVE-2013-2871 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2014-04-22-3 Apple TV 6.1.1 (04.05.2014)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13714
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:OPENDOCMAN : OpenDocMan 1.2
 APACHE : Archiva 1.3
 KNOWLEDGETREE : KnowledgeTree 3.7
 CGILUA : CGILua 5.2
 TYPO3 : si_bibtex 0.2
 DRUPAL : Drupal 7.26
 DRUPAL : Drupal 6.30
 DRUPAL : VideoWhisper 7
 LIVETEX : Timelive 6.5
 DOMPDF : dompdf 0.6
 DJANGO : django 1.7
 MODX : MODX Revolution 2.2
 BUGZILLA : Bugzilla 4.5
 EKTRON : Ektron CMS 8.7
 XCLONER : XCloner Standalone 3.5
 ORBITSCRIPTS : Orbit Open Ad Server 1.1
 XCLONER : XCloner Wordpress plugin 3.1
 CMSIMPLE : CMSimple 3.54
 OPENCLASSIFIEDS : Open Classifieds 2.1
 ILCH : Ilch CMS 2.0
 ADROTATE : AdRotate 3.9
 APACHE : Syncope 1.1
 WORDPRESS : Js-Multi-Hotel 2.2
 CU3ER : CU3ER 1.24
 WORDPRESS : Wordpress 3.8
CVE:CVE-2014-2983 (Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.)
 CVE-2014-2875
 CVE-2014-2737 (SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.)
 CVE-2014-2736 (Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.)
 CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.)
 CVE-2014-2715 (Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.php.)
 CVE-2014-2654 (Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/.)
 CVE-2014-2579 (Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.)
 CVE-2014-2540 (SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.)
 CVE-2014-2383 (dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.)
 CVE-2014-2340 (Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.)
 CVE-2014-2219 (Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter.)
 CVE-2014-2042 (Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.)
 CVE-2014-2024 (Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.)
 CVE-2014-1946
 CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.)
 CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.)
 CVE-2014-1908 (The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.)
 CVE-2014-1907 (Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.)
 CVE-2014-1906 (Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.)
 CVE-2014-1905 (Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.)
 CVE-2014-1854 (SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.)
 CVE-2014-1517 (The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.)
 CVE-2014-1217 (Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.)
 CVE-2014-0472 (The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path.")
 CVE-2014-0166 (The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.)
 CVE-2014-0111 (Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings.")
 CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.)
 CVE-2013-2187 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.)
Оригинальный текстdocumentMustLive, Multiple vulnerabilities in Flexolio for WordPress (04.05.2014)
 documentMustLive, Multiple vulnerabilities in Js-Multi-Hotel for WordPress (04.05.2014)
 documentMustLive, XSS and FPD vulnerabilities in Js-Multi-Hotel for WordPress (04.05.2014)
 documentMustLive, Vulnerabilities in Js-Multi-Hotel for WordPress (04.05.2014)
 documentMustLive, Multiple vulnerabilities in Joomla-Base (04.05.2014)
 documentMustLive, Multiple vulnerabilities in JoomLeague for Joomla (04.05.2014)
 documentMustLive, XSS and CS vulnerabilities in DSMS (04.05.2014)
 documentMustLive, DoS via tables corruption in WordPress (04.05.2014)
 documentMustLive, New vulnerabilities in Google Maps plugin for Joomla (04.05.2014)
 documentMustLive, Vulnerabilities in plugins with CU3ER for WordPress, Joomla, SilverStripe and Plone (04.05.2014)
 documentMustLive, CS and XSS vulnerabilities in CU3ER (04.05.2014)
 documentMustLive, CS, XSS and FPD vulnerabilities in multiple plugins with CU3ER for WordPress (04.05.2014)
 documentAPACHE, [SECURITY] CVE-2014-0111 Apache Syncope (04.05.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in AdRotate (04.05.2014)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin (04.05.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Ilch CMS (04.05.2014)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in OpenDocMan (04.05.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Open Classifieds (04.05.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in CMSimple (04.05.2014)
 documentHigh-Tech Bridge Security Research, Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin (04.05.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in Orbit Open Ad Server (04.05.2014)
 documentHigh-Tech Bridge Security Research, Сross-Site Request Forgery (CSRF) in XCloner Standalone (04.05.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in mAdserve (04.05.2014)
 documentwebmaster_(at)_josephzeng.com, [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7 (04.05.2014)
 documentLpSolit_(at)_gmail.com, Security advisory for Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12 (04.05.2014)
 documentAPACHE, [SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution (04.05.2014)
 documentAPACHE, [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability (04.05.2014)
 documentcraig.arendt_(at)_stratumsecurity.com, Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl (04.05.2014)
 documentcraig.arendt_(at)_stratumsecurity.com, Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2 (04.05.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-2383 - Arbitrary file read in dompdf (04.05.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive (04.05.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive (04.05.2014)
 documentmdgh9_(at)_yahoo.com, [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2914-1] drupal6 security update (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2913-1] drupal7 security update (04.05.2014)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex (04.05.2014)
 documentFelipe M. Aragon, Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability (04.05.2014)

Предсказуемый ключ WAP в маршрутизаторах Sitecom
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13715
Тип:удаленная
Уровень опасности:
4/10
Описание:Ключ WAP по умолчанию можно определить по MAC-адресу устройства.
Затронутые продукты:SITECOM : Sitecom WLR-4000
 SITECOM : Sitecom WLR-4004
Оригинальный текстdocumentroberto.paleari_(at)_emaze.net, Weak firmware encryption and predictable WPA key on Sitecom routers (04.05.2014)

Уязвимости безопасности в WD Arkeia Network Backup
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13716
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах, выполнение кода.
Затронутые продукты:WD : Arkeia 10.2
CVE:CVE-2014-2846 (Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.)
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances (04.05.2014)

Многочисленные уязвимости безопасности в Ruby Actionpack / Actionmailer
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13717
Тип:библиотека
Уровень опасности:
5/10
Описание:DoS, межсайтовый скриптинг.
Затронутые продукты:RUBY : Ruby on Rails 4.0
CVE:CVE-2013-6417 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.)
 CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.)
 CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.)
 CVE-2013-4491 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.)
 CVE-2013-4389 (Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update (04.05.2014)

Уязвимости безопасности в библиотеке json-c
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13718
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера, слабый алгоритм хэширования.
Затронутые продукты:JSONC : json-c 0.11
CVE:CVE-2013-6371 (The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.)
 CVE-2013-6370 (Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:079 ] json-c (04.05.2014)

Повышение привилегий в McAfee Security Scanner Plus
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13719
Тип:локальная
Уровень опасности:
4/10
Описание:Повышение привилегий через подмену исполняемого файла.
Оригинальный текстdocumentStefan Kanthak, Buggy insecure "security" software executes rogue binary during installation and uninstallation (04.05.2014)

DoS против PCNetSoftware RAC Server
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13720
Тип:локальная
Уровень опасности:
4/10
Описание:DoS через IOCTL.
Затронутые продукты:PCNETWOFTWARE : RAC Server 4.0
CVE:CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys, which triggers a buffer over-read.)
Оригинальный текстdocumentadvisories_(at)_portcullis-security.com, CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server (04.05.2014)

Утечка информации через timing-атаки в SAP Router
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13721
Тип:удаленная
Уровень опасности:
5/10
Описание:Статистические атаки позволяют подобрать пароль.
Затронутые продукты:SAP : SAP Router 721
CVE:CVE-2014-0984 (The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtrain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2014-0003] - SAP Router Password Timing Attack (04.05.2014)

Утечка информации в EMC Cloud Tiering Appliance
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13722
Тип:удаленная
Уровень опасности:
6/10
Описание:Утечка информации через XML External Entity.
Затронутые продукты:EMC : Cloud Tiering Appliance 10
CVE:CVE-2014-0645 (EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.)
 CVE-2014-0644 (EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.)
Оригинальный текстdocumentEMC, ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities (04.05.2014)

Обход защиты в WinSCP
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13723
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Не проверяется X.509 сертификат сервера.
Затронутые продукты:WINSCP : WinSCP 5.5
CVE:CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Оригинальный текстdocumentMicha.Borrmann_(at)_SySS.de, CVE-2014-2735 - WinSCP: missing X.509 validation (04.05.2014)

Уязвимости безопасности в библиотеке Python Imaging Library
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13724
Тип:библиотека
Уровень опасности:
5/10
Описание:Проблема символьных линков.
Затронутые продукты:PYTHON : python-imaging 1.1
CVE:CVE-2014-1933 (The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.)
 CVE-2014-1932 (The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.)
Оригинальный текстdocumentUBUNTU, [USN-2168-1] Python Imaging Library vulnerabilities (04.05.2014)

Многочисленные уязвимости безопасности в Net-SNMP
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13725
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные DoS условия.
Затронутые продукты:NETSNMP : Net-SNMP 5.5
CVE:CVE-2014-2310 (The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.)
 CVE-2014-2285 (The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.)
 CVE-2014-2284 (The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.)
 CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.)
Оригинальный текстdocumentUBUNTU, [USN-2166-1] Net-SNMP vulnerabilities (04.05.2014)

Мнгочисленные уязвимости безопасности в Adobe Flash Player
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13726
Тип:клиент
Уровень опасности:
8/10
Описание:Использование памяти после освобождения, переполнение буфера, обход ограничений, межсайтовый скриптинг.
Затронутые продукты:ADOBE : Flash Player 13.0
 ADOBE : Air 13.0
CVE:CVE-2014-0515 (Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.)
 CVE-2014-0509 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-0508 (Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.)
 CVE-2014-0507 (Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0506 (Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.)
 CVE-2014-0504 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors.)
 CVE-2014-0503 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.)
 CVE-2014-0502 (Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.)
 CVE-2014-0499 (Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.)
 CVE-2014-0498 (Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0497 (Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0492 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak.")
 CVE-2014-0491 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own) (04.05.2014)
Файлы:Security updates available for Adobe Flash Player
 Security updates available for Adobe Flash Player
 Security updates available for Adobe Flash Player
 Security updates available for Adobe Flash Player
 Security updates available for Adobe Flash Player
 Security updates available for Adobe Flash Player

Выполнение кода через Adobe Reader Mobile
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13727
Тип:клиент
Уровень опасности:
6/10
Описание:Выполнение кода через небезопасный javascript-интерфейс.
Затронутые продукты:ADOBE : Adobe Reader Mobile 11.1
CVE:CVE-2014-0514 (The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.)
Оригинальный текстdocumentSecurify B.V., Adobe Reader for Android exposes insecure Javascript interfaces (04.05.2014)
Файлы:Security update available for Adobe Reader Mobile

Уязвимости безопасности в различных Ruby gem
дополнено с 8 января 2014 г.
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13481
Тип:библиотека
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, выполнение кода, утечка информации.
Затронутые продукты:RUBY : Gem Webbynode 1.0
 RUBY : Gem Bio Basespace SDK 0.1
 RUBY : Gem sprout 0.7
 RUBY : Gem i18n 0.6
 RUBY : Gem Arabic Prawn 0.0
 RUBY : Gem sfpagent 0.4
CVE:CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.)
 CVE-2014-2322 (lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.)
 CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.)
Оригинальный текстdocumentlarry0_(at)_me.com, Remote Command Injection in Ruby Gem sfpagent 0.4.14 (04.05.2014)
 documentlarry0_(at)_me.com, Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem (04.05.2014)
 documentlarry0_(at)_me.com, Command injection in Ruby Gem Webbynode 1.0.5.3 (08.01.2014)
 documentlarry0_(at)_me.com, Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line (08.01.2014)
 documentlarry0_(at)_me.com, Command injection vulnerability in Ruby Gem sprout 0.7.246 (08.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2830-1] ruby-i18n security update (08.01.2014)

Многочисленные уязвимости безопасности в QEMU
дополнено с 4 мая 2014 г.
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13705
Тип:локальная
Уровень опасности:
6/10
Описание:DoS, повреждения памяти, переполнение буфера.
Затронутые продукты:QEMU : QEMU 2.0
CVE:CVE-2014-3461 (hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks.")
 CVE-2014-2894 (Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.)
 CVE-2014-0223 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.)
 CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.)
 CVE-2014-0150 (Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.)
 CVE-2013-7336 (The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.)
 CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.)
 CVE-2013-4544 (hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.)
 CVE-2013-4541 (The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.)
Оригинальный текстdocumentcve-assign_(at)_mitre.org, [oss-security] Re: CVE request: Qemu: usb: fix up post load checks (15.05.2014)
 documentP J P, [oss-security] CVE-2014-0223 Qemu: qcow1: Validate image size (15.05.2014)
 documentP J P, [oss-security] CVE-2014-0222 Qemu: qcow1: Validate L2 table size (15.05.2014)
 documentP J P, [oss-security] CVE request: Qemu: usb: fix up post load checks (15.05.2014)
 documentUBUNTU, [USN-2182-1] QEMU vulnerabilities (04.05.2014)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 4 мая 2014 г.
Опубликовано:29 мая 2014 г.
Источник:
SecurityVulns ID:13706
Тип:удаленная
Уровень опасности:
7/10
Описание:Повреждения памяти через STCP, DCCP и CIFS, повышение привилегий в KVM и через псевдо tty, DoS.
Затронутые продукты:LINUX : kernel 3.13
CVE:CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.)
 CVE-2014-3144 (The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.)
 CVE-2014-3122 (The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings.)
 CVE-2014-2851 (Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.)
 CVE-2014-2706 (Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.)
 CVE-2014-2678 (The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.)
 CVE-2014-2673 (The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.)
 CVE-2014-2672 (Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.)
 CVE-2014-2568 (Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.)
 CVE-2014-2523 (net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.)
 CVE-2014-2309 (The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.)
 CVE-2014-1738 (The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.)
 CVE-2014-1737 (The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.)
 CVE-2014-0196 (The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.)
 CVE-2014-0155 (The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.)
 CVE-2014-0101 (The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.)
 CVE-2014-0100 (Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.)
 CVE-2014-0069 (The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.)
 CVE-2014-0055 (The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.)
 CVE-2014-0049 (Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.)
 CVE-2012-6647 (The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command.)
Оригинальный текстdocumentUBUNTU, [USN-2228-1] Linux kernel vulnerabilities (29.05.2014)
 documentREDHAT, [oss-security] CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference (15.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2926-1] linux security update (15.05.2014)
 documentREDHAT, [oss-security] CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message (10.05.2014)
 documentSUSE, [oss-security] Linux kernel floppy ioctl kernel code execution (10.05.2014)
 documentUBUNTU, [USN-2196-1] Linux kernel vulnerability (07.05.2014)
 documentUBUNTU, [USN-2179-1] Linux kernel vulnerabilities (04.05.2014)
 documentUBUNTU, [USN-2173-1] Linux kernel vulnerabilities (04.05.2014)
Файлы:CVE-2014-0196 DOS PoC
 CVE-2014-0196: Linux kernel <= v3.15-rc4: raw mode PTY local echo race condition Slightly-less-than-POC privilege escalation exploit For kernels >= v3.14-rc1

Многочисленные уязвимости безопасности в Apple Mac OS X
дополнено с 4 мая 2014 г.
Опубликовано:9 апреля 2015 г.
Источник:
SecurityVulns ID:13711
Тип:библиотека
Уровень опасности:
8/10
Описание:Небезопасная работа с Cookie, выполнение кода при разборе различных форматов и протоколов, повышение привилегий, утечка информации.
Затронутые продукты:APPLE : Mac OS X 10.9
CVE:CVE-2014-1322 (The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.)
 CVE-2014-1321 (Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.)
 CVE-2014-1320 (IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.)
 CVE-2014-1319 (Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.)
 CVE-2014-1318 (The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.)
 CVE-2014-1316 (Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.)
 CVE-2014-1315 (Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.)
 CVE-2014-1314 (WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.)
 CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.)
 CVE-2014-1295 (Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack.")
 CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.)
 CVE-2013-5170 (Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.)
 CVE-2013-4164 (Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2014-04-22-1 Security Update 2014-002 (04.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород