Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в libwmf
Опубликовано:14 июля 2015 г.
Источник:
SecurityVulns ID:14583
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:LIBWMF : libwmf 0.2
CVE:CVE-2015-4696 (Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.)
 CVE-2015-4695 (meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.)
 CVE-2015-4588 (Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.)
 CVE-2015-0848 (Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.)
Оригинальный текстdocumentUBUNTU, [USN-2670-1] libwmf vulnerabilities (14.07.2015)

Инъекция команд в AirLink101 SkyIPCam1620W
Опубликовано:14 июля 2015 г.
Источник:
SecurityVulns ID:14585
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекция команд, неизменяемая учетная запись.
Затронутые продукты:AIRLINK : AirLink101 SkyIPCam1620W
CVE:CVE-2015-2280
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection (14.07.2015)

Обход аутентификации в stunnel
Опубликовано:14 июля 2015 г.
Источник:
SecurityVulns ID:14581
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможен обход аутентификации при использовании перенаправлений.
Затронутые продукты:STUNNEL : Stunnel 5.13
CVE:CVE-2015-3644 (Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3299-1] stunnel4 security update (14.07.2015)

Обход ограничений в EMC RecoverPoint for Virtual Machines
Опубликовано:14 июля 2015 г.
Источник:
SecurityVulns ID:14584
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий.
Затронутые продукты:EMC : RecoverPoint for VMs 4.2
CVE:CVE-2015-4526 (EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface.)
Оригинальный текстdocumentEMC, ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability (14.07.2015)

Выполнение кода в маршрутизаторах ipTime
Опубликовано:14 июля 2015 г.
Источник:
SecurityVulns ID:14587
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода через инъекцию shell-символов в имя хоста DHCP-запроса.
Оригинальный текстdocumentPierre Kim, ipTIME n104r3 vulnerable to CSRF and XSS attacks (14.07.2015)
 documentPierre Kim, 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request (14.07.2015)

Подмена содержимого резервной копии в Android
Опубликовано:14 июля 2015 г.
Источник:
SecurityVulns ID:14588
Тип:локальная
Уровень опасности:
4/10
Описание:Вредоносное приложение может подменить содержимое резервной копии системы.
Затронутые продукты:GOOGLE : Android 5.1
CVE:CVE-2014-7952
Оригинальный текстdocumentImre RAD, CVE-2014-7952, Android ADB backup APK injection vulnerability (14.07.2015)

Инъекция команд в IP-камерах AirLive
Опубликовано:14 июля 2015 г.
Источник:
SecurityVulns ID:14586
Тип:удаленная
Уровень опасности:
5/10
Описание:Несколько возможностей инъекции команд.
Затронутые продукты:AIRLIVE : AirLive BU-3025
 AIRLIVE : AirLive POE-200CAM
 AIRLIVE : AirLive WL-2000CAM
 AIRLIVE : AirLive MD-3025
 AIRLIVE : AirLive BU-2015
 AIRLIVE : AirLive BU-3026
CVE:CVE-2015-2279
 CVE-2014-8389
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2015-0012] - AirLive Multiple Products OS Command Injection (14.07.2015)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:14 июля 2015 г.
Источник:
SecurityVulns ID:14590
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:MERETHIS : Centreon 2.5
 WORDPRESS : easy2map-photos 1.09
 SNORBY : Snorby 2.6
 ZENPHOTO : ZenPhoto 1.4
 WORDPRESS : wp-ecommerce-shop-styling 2.5
 WORDPRESS : easy2map 1.24
 DJANGO : django 1.7
 PHPLITEADMIN : phpLiteAdmin 1.1
 CYGNUS : sysPass 1.0
 AJAXCONTROLTOOLK : AjaxControlToolkit 15.0
CVE:CVE-2015-5144 (Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.)
 CVE-2015-5143 (The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.)
 CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.)
 CVE-2015-4617
 CVE-2015-4616 (Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.)
 CVE-2015-4615
 CVE-2015-4614 (Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.)
 CVE-2015-1561 (The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.)
 CVE-2015-1560 (SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.)
Оригинальный текстdocumentBrian Cardinale, CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal (14.07.2015)
 documentdisclosure_(at)_syss.de, [SYSS-2015-031] sysPass - SQL Injection (14.07.2015)
 documentapparitionsec_(at)_gmail.com, phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS (14.07.2015)
 documentTim, SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8 (14.07.2015)
 documentapparitionsec_(at)_gmail.com, phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities (14.07.2015)
 document Federico Fazzi, Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability (14.07.2015)
 documentAlessandro Zala, CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 (14.07.2015)
 documentlarry0_(at)_me.com, SQL Injection in easy2map wordpress plugin v1.24 (14.07.2015)
 documentlarry0_(at)_me.com, Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 (14.07.2015)
 documentlarry0_(at)_me.com, SQL Injection in easy2map-photos wordpress plugin v1.09 (14.07.2015)
 documenthdau_(at)_deloitte.fr, Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution (14.07.2015)
 documentUBUNTU, [USN-2671-1] Django vulnerabilities (14.07.2015)

Повышение привилегий в продуктах VMWare
Опубликовано:14 июля 2015 г.
Источник:
SecurityVulns ID:14589
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения на исполняемый файл.
Затронутые продукты:VMWARE : VMware Workstation 11.1
 VMWARE : VMware Horizon Client 5.4
 VMWARE : VMware Player 7.1
CVE:CVE-2015-3650 (vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread.)
Оригинальный текстdocumentVMWARE, NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability (14.07.2015)

Многочисленные уязвимости безопасности в Cisco ASA
Опубликовано:14 июля 2015 г.
Источник:
SecurityVulns ID:14582
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные DoS условия, инъекция команд, раскрытие информации, проблемы с валидацией сертификатов.
Затронутые продукты:CISCO : Cisco ASA 9.1
CVE:CVE-2014-3394 (The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.)
 CVE-2014-3393 (The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly implement authentication, which allows remote attackers to modify RAMFS customization objects via unspecified vectors, as demonstrated by inserting XSS sequences or capturing credentials, aka Bug ID CSCup36829.)
 CVE-2014-3392 (The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows remote attackers to obtain sensitive information from process memory or modify memory contents via crafted parameters, aka Bug ID CSCuq29136.)
 CVE-2014-3391 (Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.)
 CVE-2014-3390 (The Virtual Network Management Center (VNMC) policy implementation in Cisco ASA Software 8.7 before 8.7(1.14), 9.2 before 9.2(2.8), and 9.3 before 9.3(1.1) allows local users to obtain Linux root access by leveraging administrative privileges and executing a crafted script, aka Bug IDs CSCuq41510 and CSCuq47574.)
 CVE-2014-3389 (The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582.)
 CVE-2014-3388 (The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCuo68327.)
 CVE-2014-3387 (The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets, aka Bug ID CSCun11074.)
 CVE-2014-3386 (The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted series of GTP packets, aka Bug ID CSCum56399.)
 CVE-2014-3385 (Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556.)
 CVE-2014-3384 (The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401.)
 CVE-2014-3383 (The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176.)
 CVE-2014-3382 (The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027.)
Файлы:Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород