Информационная безопасность
[RU] switch to English


Межсайтовая подмена запросов EMC RSA Web Threat Detection
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14522
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:EMC : RSA Web Threat Detection 5.0
CVE:CVE-2015-0541 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users.)
Оригинальный текстdocumentEMC, ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability (08.06.2015)

Выполнение кода в dbusmock
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14526
Тип:локальная
Уровень опасности:
4/10
CVE:CVE-2015-1326
Оригинальный текстdocumentUBUNTU, [USN-2618-1] python-dbusmock vulnerability (08.06.2015)

Подмена сертификата в StrongSwan
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14527
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Сертификат сервера проверяется только после окончания авторизации.
Затронутые продукты:STRONGSWAN : strongSwan 5.3
CVE:CVE-2015-4171 (strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3282-1] strongswan security update (08.06.2015)

Несанкционированный доступ в HP WebInspect
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14519
Тип:удаленная
Уровень опасности:
5/10
CVE:CVE-2015-2125 (Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access (08.06.2015)

Раскрытие информации в Apache mod_jk
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14520
Тип:библиотека
Уровень опасности:
5/10
Затронутые продукты:APACHE : mod_jk 1.2
CVE:CVE-2014-8111 (Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3278-1] libapache-mod-jk security update (08.06.2015)

Повреждение памяти в t1utils
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14521
Тип:библиотека
Уровень опасности:
5/10
Описание:Повреждение памяти при манипуляции со шрифтами.
Затронутые продукты:T1UTILS : t1utils 1.37
CVE:CVE-2015-3905 (Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.)
Оригинальный текстdocumentUBUNTU, [USN-2627-1] t1utils vulnerability (08.06.2015)

Раскрытие информации в Sendio ESP
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14525
Тип:удаленная
Уровень опасности:
5/10
Описание:Раскрытие идентификатора сессии через Referer.
Затронутые продукты:SENDIO : Sendio 7.2
CVE:CVE-2014-8391 (The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of request.)
 CVE-2014-0999 (Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability (08.06.2015)

Обход ограничений в redis
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14529
Тип:библиотека
Уровень опасности:
5/10
Описание:Выход из ограниченной среды в lua.
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3279-1] redis security update (08.06.2015)

Переполнения буфера в ActiveX 1 Click
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14516
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера в SkinCrafter.dll
Затронутые продукты:1CLICK : 1 Click Extract Audio 2.3
 1CLICK : 1 Click Audio Converter 2.3
Оригинальный текстdocumentVulnerability Lab, 1 Click Extract Audio v2.3.6 - Activex Buffer Overflow (08.06.2015)
 documentVulnerability Lab, 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow (08.06.2015)

Уязвимости безопасности в Wing FTP Server
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14517
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода и CSRF в веб-интерфейсе администрирования.
Затронутые продукты:WING : Wing FTP Server 4.4
CVE:CVE-2015-4107
Оригинальный текстdocumentalex_haynes_(at)_outlook.com, [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities (08.06.2015)
 documentalex_haynes_(at)_outlook.com, [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability (08.06.2015)

Повышение привилегий в CA Common Services
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14518
Тип:локальная
Уровень опасности:
5/10
Описание:Многочисленные возможности повышения привилегий.
Затронутые продукты:CA : CA Network and Systems Management 11.2
 CA : CA Virtual Assurance 12.9
 CA : CA NSM Job Management Option 11.2
 CA : CA Client Automation 12.9
 CA : CA Workload Automation AE 11.3
CVE:CVE-2015-3318 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.)
 CVE-2015-3317 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors.)
 CVE-2015-3316 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable.)
Оригинальный текстdocumentCA, CA20150604-01: Security Notice for CA Common Services (08.06.2015)

XXE в Apache Jackrabbit
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14524
Тип:библиотека
Уровень опасности:
6/10
Описание:XXE через запрос WebDAV.
Затронутые продукты:APACHE : Jackrabbit 2.10
CVE:CVE-2015-1833 (XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.)
Оригинальный текстdocumentJulian Reschke, CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability) (08.06.2015)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14523
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:FUSIONFORGE : fusionforge 5.3
 DBNINJA : DbNinja 3.2
 ZEND : ZendFramework 1.12
 JSPADMIN : JSPAdmin 1.1
 WORDPRESS : zM Ajax Login & Register 1.0
 WORDPRESS : Free Counter 1.1
 MANAGEENGINE : ManageEngine EventLog Analyzer 10.0
 WORDPRESS : Users Ultra 1.5
 WORDPRESS : WP Membership 4.2
 WORDPRESS : WP Photo Album Plus 6.1
 EKTRON : Ektron 9.10
 VFRONT : vfront 0.99
 SYSAID : SysAid Help Desk 14.4
 RESOURCESPACE : ResourceSpace 7.1
 ENHANCEDSQLPORTA : Enhanced SQL Portal 5.0
 SYMPHONY : Symphony CMS 2.6
 ANIMAGALLERY : AnimaGallery 2.6
 WORDPRESS : Form 1.0
 WORDPRESS : Xloner 3.1
CVE:CVE-2015-4338 (Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php.)
 CVE-2015-4337 (Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.)
 CVE-2015-4336 (cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file.)
 CVE-2015-4153 (Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.)
 CVE-2015-4109 (Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php.)
 CVE-2015-4084 (Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php.)
 CVE-2015-4050 (FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.)
 CVE-2015-4039
 CVE-2015-4038 (The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.)
 CVE-2015-4010 (Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php.)
 CVE-2015-3648 (Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.)
 CVE-2015-3647 (Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.)
 CVE-2015-3624 (Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.)
 CVE-2015-3154
 CVE-2015-3001 (SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.)
 CVE-2015-0850 (The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.)
 CVE-2014-9405
 CVE-2014-9382
Оригинальный текстdocumentlarry0_(at)_me.com, Xloner v3.1.2 wordpress plugin authenticated command execution and XSS (08.06.2015)
 documentvenkatesh.nitin_(at)_gmail.com, CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 (08.06.2015)
 documentd4rkr0id_(at)_gmail.com, AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability (08.06.2015)
 documentapparitionsec_(at)_gmail.com, Symphony CMS 2.6.2 (08.06.2015)
 documentapparitionsec_(at)_gmail.com, Symphony CMS XSS Vulnerability (08.06.2015)
 documenthyp3rlinx_(at)_gmail.com, Webgrind XSS vulnerability (08.06.2015)
 documentapparitionsec_(at)_gmail.com, DbNinja 3.2.6 Flash XSS Vulnerabilities (08.06.2015)
 documentapparitionsec_(at)_gmail.com, JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3275-1] fusionforge security update (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3276-1] symfony security update (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3249-2] jqueryui security update (08.06.2015)
 documentapparitionsec_(at)_gmail.com, vfront-0.99.2 CSRF & Persistent XSS (08.06.2015)
 documentapparitionsec_(at)_gmail.com, Enhanced SQL Portal 5.0.7961 XSS Vulnerability (08.06.2015)
 documenthuyngocbk_(at)_gmail.com, Freebox OS Web interface 3.0.2 XSS, CSRF (08.06.2015)
 documentjerold_(at)_v00d00sec.com, Ektron CMS 9.10 SP1 - CSRF Vulnerability (08.06.2015)
 documentjerold_(at)_v00d00sec.com, Ektron CMS 9.10 SP1 - XSS Vulnerability (08.06.2015)
 documentjerold_(at)_v00d00sec.com, Ektron CMS 9.10 SP1 - XSS Vulnerability (08.06.2015)
 documentHigh-Tech Bridge Security Research, Local PHP File Inclusion in ResourceSpace (08.06.2015)
 documentPedro Ribeiro, [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) (08.06.2015)
 documentjerold_(at)_v00d00sec.com, IBM Watson (Cognea) - XSS and Redirect Vulnerabilities (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3265-1] zendframework security update (08.06.2015)
 documentakashchavan0708_(at)_gmail.com, ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability (08.06.2015)
 documentVulnerability Lab, CRUCMS Crucial Networking - SQL Injection Vulnerability (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS] (08.06.2015)
 documentHigh-Tech Bridge Security Research, Stored XSS in WP Photo Album Plus WordPress Plugin (08.06.2015)

Многочисленные уязвимости безопасности в PHP
дополнено с 8 июня 2015 г.
Опубликовано:13 июня 2015 г.
Источник:
SecurityVulns ID:14528
Тип:библиотека
Уровень опасности:
6/10
Описание:Проблема нулевого символа, DoS, целочисленное переполнение, повреждение памяти.
Затронутые продукты:PHP : PHP 5.6
CVE:CVE-2015-4026 (The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.)
 CVE-2015-4025 (PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.)
 CVE-2015-4024 (Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.)
 CVE-2015-4022 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.)
 CVE-2015-4021 (The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.)
Оригинальный текстdocumentHigh-Tech Bridge Security Research, Use-After-Free in PHP (13.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3280-1] php5 security update (08.06.2015)

Многочисленные уязвимости безопасности в Wireshark
дополнено с 8 июня 2015 г.
Опубликовано:29 июня 2015 г.
Источник:
SecurityVulns ID:14515
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные повреждения памяти в различных диссекторах.
Затронутые продукты:WIRESHARK : Wireshark 1.12
CVE:CVE-2015-4652 (epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions.)
 CVE-2015-4651 (The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2015-3815 (The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906.)
 CVE-2015-3814 (The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
 CVE-2015-3813 (The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet.)
 CVE-2015-3812 (Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.)
 CVE-2015-3811 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.)
 CVE-2015-3810 (epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.)
 CVE-2015-3809 (The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3294-1] wireshark security update (29.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3277-1] wireshark security update (08.06.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород