Информационная безопасность
[RU] switch to English


Многочисленнные уязвимости безопасности в Microsoft Windows
дополнено с 18 ноября 2014 г.
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14090
Тип:библиотека
Уровень опасности:
9/10
Описание:Выполнение кода через OLE, многочисленные уязвимости в Internet Explorer, выполнение кода через Schannel, выполнение кода через XML Core Services, повышение привилегий через TCP/IP, повышение привилегий через Windows Audio Service, повышение привилегий через .NET Framework, обход ограничений в RDP, обход ограничений в IIS, повышение привилегий в IME, DoS через драйверы ядра.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
CVE:CVE-2014-6353 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6352 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.)
 CVE-2014-6351 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6350 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6349.)
 CVE-2014-6349 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6350.)
 CVE-2014-6348 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6342.)
 CVE-2014-6347 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6346 (Microsoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability.")
 CVE-2014-6345 (Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability.")
 CVE-2014-6344 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6343 (Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6342 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6348.)
 CVE-2014-6341 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4143.)
 CVE-2014-6340 (Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability.")
 CVE-2014-6339 (Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability.")
 CVE-2014-6337 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6332 (OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability.")
 CVE-2014-6323 (Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability.")
 CVE-2014-6322 (The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability.")
 CVE-2014-6321 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability.")
 CVE-2014-6318 (The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka "Remote Desktop Protocol (RDP) Failure to Audit Vulnerability.")
 CVE-2014-6317 (Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka "Denial of Service in Windows Kernel Mode Driver Vulnerability.")
 CVE-2014-4149 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability.")
 CVE-2014-4143 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6341.)
 CVE-2014-4118 (XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability.")
 CVE-2014-4077 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.)
 CVE-2014-4076 (Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability.")
Оригинальный текстdocumentVulnerability Lab, Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064) (24.08.2015)
 documentdisclosures_(at)_korelogic.com, KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation (02.02.2015)
Файлы: Microsoft Security Bulletin MS14-064 - Critical Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
  Microsoft Security Bulletin MS14-065 - Critical Cumulative Security Update for Internet Explorer (3003057)
  Microsoft Security Bulletin MS14-066 - Critical Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
  Microsoft Security Bulletin MS14-070 - Important Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
  Microsoft Security Bulletin MS14-071 - Important Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
  Microsoft Security Bulletin MS14-072 - Important Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
  Microsoft Security Bulletin MS14-074 - Important Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
 Microsoft Security Bulletin MS14-078 - Moderate Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719)
  Microsoft Security Bulletin MS14-079 - Moderate Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (3002885)
 https://technet.microsoft.com/en-us/library/security/ms14-076.aspx

Обход ограничений в OpenSSH
дополнено с 2 августа 2015 г.
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14614
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможно обойти ограничение на максимальное число попыток входа.
Затронутые продукты:OPENSSH : OpenSSH 6.9
CVE:CVE-2015-5600 (The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.)
Оригинальный текстdocumentBlue Frost Security Research Lab, BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities (24.08.2015)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED] (02.08.2015)

Многочисленные уязвимости безопасности в Microsoft Windows
дополнено с 11 августа 2015 г.
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14626
Тип:библиотека
Уровень опасности:
9/10
Описание:Выполнение кода через шрифты OpenType, многочисленные уязвимости в Internet Explorer и Edge, выполнение кода и раскрытие информации через системные библиотеки, выполнение кода в RDP и SMB, повышение привилегий, раскрытие информации в WebDAV.
Затронутые продукты:MICROSOFT : Windows 7
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 2012 Server
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 8
 MICROSOFT : Windows 10
CVE:CVE-2015-2481 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2480.)
 CVE-2015-2480 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2481.)
 CVE-2015-2479 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2480 and CVE-2015-2481.)
 CVE-2015-2476 (The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "WebDAV Client Information Disclosure Vulnerability.")
 CVE-2015-2475 (Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka "UDDI Services Elevation of Privilege Vulnerability.")
 CVE-2015-2474 (Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote authenticated users to execute arbitrary code via a crafted string in a Server Message Block (SMB) server error-logging action, aka "Server Message Block Memory Corruption Vulnerability.")
 CVE-2015-2473 (Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability.")
 CVE-2015-2472 (Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify certificates, which allows man-in-the-middle attackers to spoof clients via a crafted certificate with valid Issuer and Serial Number fields, aka "Remote Desktop Session Host Spoofing Vulnerability.")
 CVE-2015-2471 (Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434.)
 CVE-2015-2465 (The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Shell Security Feature Bypass Vulnerability.")
 CVE-2015-2464 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.)
 CVE-2015-2463 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2464.)
 CVE-2015-2462 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability.")
 CVE-2015-2461 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2459.)
 CVE-2015-2460 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability.")
 CVE-2015-2459 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461.)
 CVE-2015-2458 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2459 and CVE-2015-2461.)
 CVE-2015-2456 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2455.)
 CVE-2015-2455 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2456.)
 CVE-2015-2454 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows KMD Security Feature Bypass Vulnerability.")
 CVE-2015-2453 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that continues to execute during a subsequent user's login session, aka "Windows CSRSS Elevation of Privilege Vulnerability.")
 CVE-2015-2452 (Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2441.)
 CVE-2015-2451 (Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2450.)
 CVE-2015-2450 (Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2451.)
 CVE-2015-2449 (Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass.")
 CVE-2015-2448 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability.")
 CVE-2015-2447 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2446.)
 CVE-2015-2446 (Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2447.)
 CVE-2015-2445 (Microsoft Internet Explorer 10 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass.")
 CVE-2015-2444 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2442.)
 CVE-2015-2443 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability.")
 CVE-2015-2442 (Microsoft Internet Explorer 8 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2444.)
 CVE-2015-2441 (Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2452.)
 CVE-2015-2440 (Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability.")
 CVE-2015-2435 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability.")
 CVE-2015-2434 (Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471.)
 CVE-2015-2433 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability.")
 CVE-2015-2432 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability.")
 CVE-2015-2430 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified filesystem actions via a crafted application, aka "Windows Filesystem Elevation of Privilege Vulnerability.")
 CVE-2015-2429 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability.")
 CVE-2015-2428 (Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels during interaction with object symbolic links that originated in a sandboxed process, which allows local users to gain privileges via a crafted application, aka "Windows Object Manager Elevation of Privilege Vulnerability.")
 CVE-2015-2426 (Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability.")
 CVE-2015-2423 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability.")
 CVE-2015-1769 (Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability.")
Оригинальный текстdocumentBlue Frost Security Research Lab, BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability (24.08.2015)
Файлы: Microsoft Security Bulletin MS15-078 - Critical Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904)
  Microsoft Security Bulletin MS15-079 - Critical Cumulative Security Update for Internet Explorer (3082442)
  Microsoft Security Bulletin MS15-080 - Critical Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)
  Microsoft Security Bulletin MS15-082 - Important Vulnerabilities in RDP Could Allow Remote Code Execution (3080348)
  Microsoft Security Bulletin MS15-083 - Important Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921)
  Microsoft Security Bulletin MS15-084 - Important Vulnerabilities in XML Core Services Could Allow Information Disclosure (3080129)
  Microsoft Security Bulletin MS15-085 - Important Vulnerability in Mount Manager Could Allow Elevation of Privilege (3082487)
  Microsoft Security Bulletin MS15-087 - Important Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)
  Microsoft Security Bulletin MS15-088 - Important Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
  Microsoft Security Bulletin MS15-089 - Important Vulnerability in WebDAV Could Allow Information Disclosure (3076949)
  Microsoft Security Bulletin MS15-090 - Important Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
  Microsoft Security Bulletin MS15-090 - Important Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)
  Microsoft Security Bulletin MS15-091 - Critical Cumulative Security Update for Microsoft Edge (3084525)
  Microsoft Security Bulletin MS15-092 - Important Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251)

Обращение по неинициализированному указателю в VLC
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14636
Тип:библиотека
Уровень опасности:
6/10
Описание:Обращение к неинициализированному указателю при разборе 3GP.
Затронутые продукты:VIDEOLAN : vlc 2.2
CVE:CVE-2015-5949 (VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.)
Оригинальный текстdocumentAndrea Barisani, [oCERT-2015-009] VLC arbitrary pointer dereference (24.08.2015)

Переполнение буфера в Glorylogic PDF Shaper
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14637
Тип:локальная
Уровень опасности:
4/10
Описание:Переполнение буфера при разборе PDF.
Затронутые продукты:GLORYLOGIC : PDF Shaper 3.5
Оригинальный текстdocumentmetacom27_(at)_gmail.com, Pdf Shaper Buffer Overflow (24.08.2015)
 documentVulnerability Lab, PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability (24.08.2015)

Уязвимости безопасности в Apache Subversion
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14638
Тип:удаленная
Уровень опасности:
6/10
Описание:Обход аутентификации, несанкционированный доступ к файлам.
Затронутые продукты:APACHE : Subversion 1.8
CVE:CVE-2015-3187 (The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.)
 CVE-2015-3184 (mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.)
Оригинальный текстdocumentUBUNTU, [USN-2721-1] Subversion vulnerabilities (24.08.2015)

Повышение привилегий в Cumulus Linux's Switch Configuration Tools Backend
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14639
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий через инъекцию команд.
CVE:CVE-2015-5699
Оригинальный текстdocumentGregory Pickett, CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation (24.08.2015)

Переполнение буфера в gdk-pixbuf
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14640
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера динамической памяти при разборе BMP.
Затронутые продукты:GNOME : GDK-PixBuf 2.31
CVE:CVE-2015-4491 (Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3337-1] gdk-pixbuf security update (24.08.2015)

Уязвимости безопасности в Trend Micro Deep Discovery
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14641
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход аутентификации, межсайтовый скриптинг.
Затронутые продукты:TRENDMICRO : Deep Discovery 3.7
CVE:CVE-2015-2873 (Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.)
 CVE-2015-2872 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.)
Оригинальный текстdocumentapparitionsec_(at)_gmail.com, Trend Micro Deep Discovery XSS (24.08.2015)
 documentapparitionsec_(at)_gmail.com, Trend Micro Deep Discovery Authentication Bypass (24.08.2015)

Повреждение памяти в Net-SNMP
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14642
Тип:клиент
Уровень опасности:
5/10
Описание:Повреждение памяти при разборе ответа сервера.
Затронутые продукты:NETSNMP : net-snmp 5.7
CVE:CVE-2015-5621 (The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.)
Оригинальный текстdocumentUBUNTU, [USN-2711-1] Net-SNMP vulnerabilities (24.08.2015)

DoS против conntrack
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14643
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при обработке различных видов пакетов.
Затронутые продукты:CONNTRACK : conntrack 1.4
CVE:CVE-2015-6496 (conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3341-1] conntrack security update (24.08.2015)

Многочисленные уязвимости безопасности в SAP Afaria 7
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14644
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера, утечка информации, DoS.
Затронутые продукты:SAP : Afaria 7 .0
CVE:CVE-2015-4092 (Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690.)
Оригинальный текстdocumentERPScan inc, [ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow (24.08.2015)

Многочисленные уязвимости безопасности в SAP Mobile Platform DataVault
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14645
Тип:локальная
Уровень опасности:
5/10
Описание:Многочисленные криптографические уязвимости.
Затронутые продукты:SAP : SAP Mobile Platform 3.0
Оригинальный текстdocumentOnapsis Research Labs, [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage (24.08.2015)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values (24.08.2015)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery (24.08.2015)

CSRF в EMC RSA Archer
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14646
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости CSRF.
Затронутые продукты:EMC : RSA Archer GRC 5.5
CVE:CVE-2015-0542 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users.)
Оригинальный текстdocumentEMC, ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities (24.08.2015)

Многочисленные уязвимости безопасности в EMC RSA BSAFE
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14647
Тип:удаленная
Уровень опасности:
5/10
Описание:Целочисленное переполнение в декодировании base64, многочисленные криптографические проблемы.
Затронутые продукты:EMC : RSA BSAFE Crypto-C Micro Edition 4.0
 EMC : RSA BSAFE Micro Edition Suite
 EMC : RSA BSAFE SSL-C 2.8
CVE:CVE-2015-0537 (Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292.)
 CVE-2015-0536 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE-2015-1787.)
 CVE-2015-0535 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015-0204.)
 CVE-2015-0534 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.)
 CVE-2015-0533 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572.)
Оригинальный текстdocumentEMC, ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities (24.08.2015)

Двнойное освобождение памяти в GnuTLS
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14648
Тип:библиотека
Уровень опасности:
6/10
Описание:Двойное освобождение памяти при разборе DN.
Затронутые продукты:GNU : GnuTLS 3.3
CVE:CVE-2015-6251 (Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3334-1] gnutls28 security update (24.08.2015)

Уязвимости безопасности в OpenStack Swift
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14649
Тип:удаленная
Уровень опасности:
5/10
Описание:Несколько ситуация обхода ограничений.
Затронутые продукты:OPENSTACK : swift 2.3
CVE:CVE-2015-1856 (OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.)
 CVE-2014-7960 (OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.)
Оригинальный текстdocumentUBUNTU, [USN-2704-1] Swift vulnerabilities (24.08.2015)

Обход ограничений в OpenStack Keystone
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14650
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Обход проверки сертификата.
CVE:CVE-2015-1852 (The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.)
 CVE-2014-7144 (OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.)
Оригинальный текстdocumentUBUNTU, [USN-2705-1] Keystone vulnerabilities (24.08.2015)

Переполнение буфера в Websense Triton Content Manager
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14651
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе запроса.
Затронутые продукты:WEBSENSE : Websense Content Gateway 8.0
CVE:CVE-2015-5718 (Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a crafted diagnostic command line request to submit_net_debug.cgi.)
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network (24.08.2015)

DoS против Dell Netvault Backup
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14652
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе сетевого запроса.
Затронутые продукты:DELL : Netvault Backup 10.0
CVE:CVE-2015-5696 (Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request.)
Оригинальный текстdocumentepoide_(at)_gmail.com, Dell Netvault Backup Remote Denial of Service (24.08.2015)

Многочисленные уязвимости безопасности в McAfee Application Control
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14653
Тип:удаленная
Уровень опасности:
6/10
Описание:Обход ограничений, использование небезопасных библиотек, повышение привилегий.
Затронутые продукты:MCAFEE : McAfee Application Control 6.1
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities (24.08.2015)

Уязвимости безопасности в Basware Banking/Maksuliikenne
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14654
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:BASWARE : Basware Banking 8.90
CVE:CVE-2015-0943 (Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream.)
 CVE-2015-0942 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6742, CVE-2015-6743, CVE-2015-6744, CVE-2015-6745, CVE-2015-6746, CVE-2015-6747. Reason: This candidate originally combined multiple issues that have different vulnerability types and other complex abstraction issues. Notes: All CVE users should reference CVE-2015-6742, CVE-2015-6743, CVE-2015-6744, CVE-2015-6745, CVE-2015-6746, and CVE-2015-6747 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Оригинальный текстdocumentCVE-2015-0942_(at)_precipice.fi, Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne (24.08.2015)

Межсайтовый скриптинг в Hawkeye-G
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14655
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в web-интерфейсе.
Затронутые продукты:HAWKEYE : Hawkeye-G 3.0
Оригинальный текстdocumentapparitionsec_(at)_gmail.com, Hawkeye-G v3.0.1 Persistent XSS & Information Leakage (24.08.2015)

Обход защиты в устройствах QNAP
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14656
Тип:локальная
Уровень опасности:
5/10
Описание:Возможно дешифрование без знания ключа.
Оригинальный текстdocumentAndreas Steinmetz, QNAP crypto keys logged on unencrypted disk partition in world accessible files (24.08.2015)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14657
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:JOOMLA : VirtueMart 3.0
 APACHE : Flex BlazeDS 4.7
 OPENTEXT : Secure MFT 2014 R2
 VBULLETIN : vBulletin 4.2
 ZEND : ZendFramework 1.12
 REQUESTTRACKER : request-tracker 4.2
 PAGE2FLIP : Page2Flip 2.5
 WEBSOLUTIONS : WebSolutions Design Content Management System 2015 Q3
 RUBY : rack 1.5
 WORDPRESS : qTranslate 2.5
 PHPFILEMANAGE : phpFileManager 0.9
 SNORBY : Snorby 2.6
 BIZIDEA : bizidea Design CMS 2015Q3
 PHPIPAM : phpipam 1.1
 DJANGO : django 1.7
 PHPFILENAVIGATOR : PHPfileNavigator 2.3
CVE:CVE-2015-5964 (The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.)
 CVE-2015-5963 (contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.)
 CVE-2015-5951
 CVE-2015-5734 (Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.)
 CVE-2015-5732 (Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.)
 CVE-2015-5731 (Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.)
 CVE-2015-5730 (The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated.)
 CVE-2015-5623 (WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php.)
 CVE-2015-5622 (Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.)
 CVE-2015-5535 (Cross-site scripting (XSS) vulnerability in the qTranslate plugin 2.5.39 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the qtranslate page to wp-admin/options-general.php.)
 CVE-2015-5475 (Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.)
 CVE-2015-5161 (The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.)
 CVE-2015-3269 (Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
 CVE-2015-3225 (lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.)
 CVE-2015-2213
Оригинальный текстdocumenterlijn.vangenuchten_(at)_syss.de, [SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5 (24.08.2015)
 documenterlijn.vangenuchten_(at)_syss.de, [SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5 (24.08.2015)
 documenterlijn.vangenuchten_(at)_syss.de, [SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5 (24.08.2015)
 documenterlijn.vangenuchten_(at)_syss.de, [SYSS-2015-029] Insecure Direct Object Reference (CWE-932) in Page2Flip Premium App 2.5 (24.08.2015)
 documenterlijn.vangenuchten_(at)_syss.de, [SYSS-2015-030] Improper Handling of Insufficient Privileges (CWE-274) in Page2Flip Premium App 2.5 (24.08.2015)
 documenterlijn.vangenuchten_(at)_syss.de, [SYSS-2015-032] Broken Authentication and Session Management (CWE-930) in Page2Flip Premium App 2.5 (24.08.2015)
 documenterlijn.vangenuchten_(at)_syss.de, SYSS-2015-033: Missing Function Level Access Control (CWE-935) in Page2Flip Premium App 2.5 (24.08.2015)
 document Federico Fazzi, -------------------------------------------------------- Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability -------------------------------------------------------- Vendor ------ https://www.snorby.org/ Version ------- 2.6.2 Descriptio (24.08.2015)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in qTranslate WordPress Plugin (24.08.2015)
 documenthyp3rlinx_(at)_lycos.com, phpFileManager 0.9.8 CSRF Backdoor Shell Vulnerability (24.08.2015)
 documenthyp3rlinx_(at)_lycos.com, phpFileManager 0.9.8 Remote Command Execution (24.08.2015)
 documentDEBIAN, [SECURITY] [DSA 3322-1] ruby-rack security update (24.08.2015)
 documentDEBIAN, [SECURITY] [DSA 3328-1] wordpress security update (24.08.2015)
 documentjakub.palaczynski_(at)_ingservicespolska.pl, Thomson Reuters FATCA - Arbitrary File Upload (24.08.2015)
 documentFerrari - PHP CGI Argument Injection (RCE) Vulnerability, Ferrari - PHP CGI Argument Injection (RCE) Vulnerability (24.08.2015)
 documentDEBIAN, [SECURITY] [DSA 3332-1] wordpress security update (24.08.2015)
 documentapparitionsec_(at)_gmail.com, phpipam-1.1.010 XSS Vulnerability (24.08.2015)
 documentapparitionsec_(at)_gmail.com, phpipam-1.1.010 XSS Vulnerability (24.08.2015)
 documentapparitionsec_(at)_gmail.com, PHPfileNavigator v2.3.3 CSRF Add Arbitrary Users (24.08.2015)
 documentapparitionsec_(at)_gmail.com, PHPfileNavigator 2.3.3 Persistent & Reflected XSS (24.08.2015)
 documentVulnerability Lab, bizidea Design CMS 2015Q3 - SQL Injection Vulnerability (24.08.2015)
 documentDEBIAN, [SECURITY] [DSA 3335-1] request-tracker4 security update (24.08.2015)
 documentJoshua Rogers, vBulletin x.x.x rce "0day" (24.08.2015)
 documentUBUNTU, [USN-2720-1] Django vulnerability (24.08.2015)
 documentadrian.vollmer_(at)_syss.de, [SYSS-2015-041] XSS in OpenText Secure MFT (24.08.2015)
 documentAPACHE, CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability (24.08.2015)
 documentDEBIAN, [SECURITY] [DSA 3340-1] zendframework security update (24.08.2015)
 documentVulnerability Lab, WebSolutions India Design CMS - SQL Injection Vulnerability (24.08.2015)
 documentVulnerability Lab, UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability (24.08.2015)
 documentVulnerability Lab, UBNT Bug Bounty #3 - Persistent Filename Vulnerability (24.08.2015)
 documentMustLive, Vulnerability in VirtueMart for Joomla (24.08.2015)
 documentShelesh Rauthan, Design Infotech CMS - SQL Injection Vulnerability (24.08.2015)
 documentShelesh Rauthan, AN IT CMS - SQL Injection Vulnerability (24.08.2015)
 documentShelesh Rauthan, 3KITS CMS - SQL Injection Vulnerability (24.08.2015)

Обход защиты в WiFi Pineapple
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14658
Тип:удаленная
Уровень опасности:
4/10
Описание:Предсказуемые токены CSRF.
Затронутые продукты:WORDPRESS : Wordpress 4.2
 WIFIPINEAPPLE : WiFi Pineapple 2.3
CVE:CVE-2015-5734 (Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.)
 CVE-2015-5732 (Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.)
 CVE-2015-5731 (Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-post-lock action.)
 CVE-2015-5730 (The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated.)
 CVE-2015-5622 (Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.)
 CVE-2015-4624
 CVE-2015-2213
Оригинальный текстdocumentKen, [CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware <= 2.3.0 (24.08.2015)

DoS против Apache ActiveMQ
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14659
Тип:удаленная
Уровень опасности:
5/10
Описание:Доступна недокументированная команда в shutdown.
Затронутые продукты:APACHE : ActiveMQ 5.10
CVE:CVE-2014-3576 (The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3330-1] activemq security update (24.08.2015)

XSS в Fortiguard FortiSandbox
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14660
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в веб-интерфейсе.
Затронутые продукты:FORTIGUARD : FortiSandbox 2.0
Оригинальный текстdocumenthyp3rlinx_(at)_lycos.com, Multiple XSS vulnerabilities in FortiSandbox WebUI (24.08.2015)

Выполнение кода в HP Operations Manager i
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14661
Тип:удаленная
Уровень опасности:
6/10
Затронутые продукты:HP : HP Operations Manager i 10.01
CVE:CVE-2015-2137 (Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN03393 rev.1 - HP Operations Manager i, Remote Code Execution (24.08.2015)

Раскрытие информации в продуктах HP Central View
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14662
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : CentralView Fraud Risk Management 11.3
 HP : CentralView Credit Risk Control 2.3
 HP : CentralView Revenue Leakage Control 4.3
 HP : CentralView Roaming Fraud Control 2.3
 HP : CentralView Dealer Performance Audit 2.1
 HP : CentralView Subscription Fraud Prevention 2.1
CVE:CVE-2015-5408 (HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407.)
 CVE-2015-5407 (HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408.)
 CVE-2015-5406 (HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN03386 rev.1 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Discl (24.08.2015)

Многочисленные уязвимости безопасности в HP KeyView
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14663
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные уязвимости потенциально приводящие к исполнению кода.
CVE:CVE-2015-5424 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.)
 CVE-2015-5423 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884.)
 CVE-2015-5422 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883.)
 CVE-2015-5421 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.)
 CVE-2015-5420 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.)
 CVE-2015-5419 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.)
 CVE-2015-5418 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877.)
 CVE-2015-5417 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.)
 CVE-2015-5416 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX, Remote Code Execution (24.08.2015)

Межсайтовый скриптинг в Linksys WAG120N
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14664
Тип:удаленная
Уровень опасности:
4/10
Описание:Межсайтовый скриптинг в веб-интерфейсе.
Затронутые продукты:LINKSYS : Linksys WAG120N
Оригинальный текстdocumentj.v.vallejo_(at)_gmail.com, Cross site request forgery vulnerability in Linksys WAG120N (24.08.2015)

Повышение привилегий в Dell SonicWall NetExtender
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14665
Тип:локальная
Уровень опасности:
4/10
Описание:Запуск приложения по неполному пути.
Затронутые продукты:DELL : SonicWall NetExtender 7.5
CVE:CVE-2015-4173 (Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.)
Оригинальный текстdocumentajs_(at)_swordshield.com, Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation (24.08.2015)

Многочисленные уязвимости безопасности в EMC Secure Remote Services Virtual Edition
дополнено с 16 марта 2015 г.
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14314
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера, инъекция SQL, инъекция кода.
Затронутые продукты:EMC : EMC Secure Remote Services VS 3.04
 EMC : EMC Secure Remote Services Virtual Edition 3.03
CVE:CVE-2015-0544 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.)
 CVE-2015-0543 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.)
 CVE-2015-0525 (The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.)
 CVE-2015-0524 (SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2015-0235 (Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST.")
Оригинальный текстdocumentSecurify B.V., Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal (24.08.2015)
 documentSecurify B.V., Insufficient certificate validation in EMC Secure Remote Services Virtual Edition (24.08.2015)
 documentEMC, ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities (05.07.2015)
 documentSecurify B.V., Command injection vulnerability in EMC Secure Remote Services Virtual Edition (21.03.2015)
 documentSecurify B.V., EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection (21.03.2015)
 documentEMC, ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities (16.03.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород