phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSQLITECMS0712.txt Vendor: ================================ phpsqlitecms.net Product: ================================ ilosuna-phpsqlitecms-d9b8219 Advisory Information:...

AirLive IP cameras commands injection

Few commands injection possibilities...

[CORE-2015-0012] - AirLive Multiple Products OS Command Injection

Advisory Information Title: AirLive Multiple Products OS Command Injection Advisory ID: CORE-2015-0012 Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection Date published: 2015-07-06 Date of last update: 2015-07-06 Vendors contacted: AirLive Release...

Cisco ASA multiple security vulnerabilities

Multiple DoS conditions, commads injections, information disclosure, certificate validation bypass...

stunnel authentication bypass

Authentication is possible if redictions are used...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection

Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101...

Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability

-------------------------------------------------------- Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability -------------------------------------------------------- Vendor ------ https://www.snorby.org/ Version ------- 2.6.2 Description ----------- During my research and testing of new IDS...

ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-115: EMC RecoverPoint for Virtual Machines VMs Restriction Bypass Vulnerability EMC Identifier: ESA-2015-115 CVE Identifier: CVE-2015-4526 Severity Rating: CVSSv2 Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Affected products: • EMC RecoverPoin...

SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8

Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version: 1.4.9 Risk: Medium Vendor Contacted: 2015-05-18 Vendor Fix: 2015-07-09 Public Disclosure: 2015-07-10 SQL Injection...

CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Xpert.Line Vendor: Soreco AG 1 CVE ID: CVE-2015-3442 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Authors: Alessandro Zala [email protected] Andreas Hunkeler...

libwmf multiple security vulnerabilities

Multiple memory corruptions...

[USN-2670-1] libwmf vulnerabilities

========================================================================== Ubuntu Security Notice USN-2670-1 July 08, 2015 libwmf vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2671-1] Django vulnerabilities

========================================================================== Ubuntu Security Notice USN-2671-1 July 09, 2015 python-django vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability

------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2015-0005 Synopsis: VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability Issue date: 2015-07-09 Updated on:...

127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt Blog URL:...

AirLink101 SkyIPCam1620W commands injection

Commands injection, hardcoded credentials...

VMWare applications privilege escalation

Weak executable file DACL...

[SECURITY] [DSA 3299-1] stunnel4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3299-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2015 https://www.debian.org/security/faq -...

Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution

Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution CVEs: CVE-2015-1560, CVE-2015-1561 Vendor: Merethis - www.centreon.com Product: Centreon Version affected: 2.5.4 and prior Product description: Centreon is the choice of some of the world's largest companies...

ipTIME n104r3 vulnerable to CSRF and XSS attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: iptime n104r3 vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt Blog URL:...

SQL Injection in easy2map wordpress plugin v1.24

Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/ Advisory...

phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPLITEADMIN0705.txt Vendor: ================================ bitbucket.org/phpliteadmin Product: ================================ phpLiteAdmin v1.1 Advisory Information:...

CVE-2014-7952, Android ADB backup APK injection vulnerability

The Android operating system offers a backup/restore mechanism of installed packages through the ADB utility. Full backup of applications including the private files stored on /data partition is performed by default, but applications can customize this behavior by implementing a BackupAgent class...

Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5

Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-05 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpress.org/haet/ Vendor Notified: 2015-07-05, fixed...

CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal

The AjaxControlToolkit prior to version 15.1 has a file upload directory traversal vulnerability which on a poorly configured web server can lead to remote code execution. The issue affects any application using the AjaxFileUpload control. The vulnerability arises because the...

[SYSS-2015-031] sysPass - SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-031 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor Notification: 2014-07-27 Solutio...

SQL Injection in easy2map-photos wordpress plugin v1.09

Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.1.0 Vendor Contact:...

EMC RecoverPoint for Virtual Machines restriction bypass

Privilege escalation...

ipTime routers code execution

Code execution via shell characters injection into DHCP request hostname...

PHP multiple security vulnerabilities

Code execution, DoS conditions, poisoned NULL byte vulnereability, information disclosure...

[USN-2669-1] Bind vulnerability

========================================================================== Ubuntu Security Notice USN-2669-1 July 07, 2015 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

[slackware-security] ntp (SSA:2015-188-03)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security ntp SSA:2015-188-03 New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

ntpd DoS

Crash is possible under specific conditions...

ISC bind named DoS

Crash on DNSSEC validation...

[USN-2668-1] HAProxy vulnerability

========================================================================== Ubuntu Security Notice USN-2668-1 July 07, 2015 haproxy vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Multiple NSS cryptography vulnerabilities, memory corruptions, restriction bypasses, information disclosure, privilege escalation...

HAProxy information disclosure

Under some conditions, data from previous request can be obtained...

[USN-2667-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2667-1 July 07, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed On November 2013 I discovered vulnerability in EMC Documentum Content Server which allow authenticated user to execute arbitrary commands using dmbptransition docbase method for detailed...

[USN-2666-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2666-1 July 07, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

[USN-2658-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2658-1 July 06, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

pdns recursor DoS

CPU exhaustion and crash on processing name that refers to itself...

cups-filters buffer overflow

texttopdf buffer overflows...

[SECURITY] [DSA 3306-1] pdns security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3306-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 09, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3303-1] cups-filters security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3303-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 07, 2015 https://www.debian.org/security/faq -...

OpenSSL restrictions bypass

Certificate without CA flag can be validated as a valid signing certificate...

CollabNet Subversion Edge missing single login restriction

Vuln Title: The CollabNet Subversion Edge management missing single login restriction Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: No single login restriction Risk: Low Status:...

Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass

Hello 3APA3A! Let's back to vulnerabilities, which I disclosed in April 2011, which can be used for DDoS attacks on other sites, e.g. with my DAVOSET http://seclists.org/fulldisclosure/2015/Jun/111. In addition to hundreds of themes, which I wrote about in previous years, here is another theme fo...

[security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04718530 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04718530 Version: 1 HPSBUX03359 rev....