CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request

Exploit Details ------------------ Senkas Kolibri WebServer 2.0 available at http://www.senkas.com/kolibri/download.php is vulnerable to RCE via an overly long POST request. Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within the...

DNN(DotNetNuke®) Iconbar Control Panel Bad Access Level config

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNNDotNetNuke® Iconbar Control Panel Bad Access Level config Author : alieye vendor : http://dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl:ctl/+inurl:/tab inurl:ctl+inurl:tab Model Module...

MEHR Automation System Arbitrary File Download Vulnerability(persian portal)

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : MEHR Automation System Arbitrary File Download Vulnerabilitypersian portal Author : alieye vendor : http://shakhesrayane.ir/ Contact : [email protected] Risk : High Class: Remote Google Dork: intext:"[email protected]"...

[ MDVSA-2014:156 ] ocsinventory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:156 http://www.mandriva.com/en/support/security/ Package : ocsinventory Date : August 7, 2014 Affected: Business Server 1.0 Problem Description: Updated ocsinventory packages fix security vulnerability:...

CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service

Title =================== Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf TCP Service Summary =================== Opendaylight www.opendaylight.com is vulnerable to Local and Remote File Inclusion in the Netconf TCP Service via an External Entity Injection XXE...

MITKRB5-SA-2014-001 Buffer overrun in kadmind with LDAP backend

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 MITKRB5-SA-2014-001 MIT krb5 Security Advisory 2014-001 Original release: 2014-08-07 Last update: 2014-08-07 Topic: Buffer overrun in kadmind with LDAP backend CVSSv2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 8.5 Access...

BlackBerry Z10 authentication bypass

Authentication bypass via SMB...

Zyxel P660RT2 multiple security vulnerabilities

Crossite scripting, CSRF, password bruteforce...

pyCADF information leakage

Authentication tokens leakage...

DNN(DotNetNuke®) Ribbon Bar Control Panel Bad Access Level config

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNNDotNetNuke® Ribbon Bar Control Panel Bad Access Level config Author : alieye vendor : http://dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl:ctl/+inurl:/tab inurl:ctl+inurl:tab Model...

MIT krb5 kadmind buffer overflow

Buffer overflow via LDAP...

[SECURITY] [DSA 2970-1] cacti security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2970-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 29, 2014 http://www.debian.org/security/faq -...

Apache Cordova 3.5.1: CVE-2014-3502 update

The following text is amended from the original that was sent on August 4th. More background information on this amendment can be found at http://cordova.apache.org/announcements/2014/08/06/android-351-update.html Android Platform Release: 04 Aug 2014 CVE-2014-3502: Cordova apps can potentially...

ArcGIS for Server Vulnerability Disclosure

Product: ArcGIS for Server Vendor: ESRI Vulnerable Version: 10.1.1 Tested Version: 10.1.1 Vendor Notification: June 19, 2014 Public Disclosure: August 15, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-5121 Risk Level: Medium CVSSv2 Base Score: 4.3...

[USN-2315-1] serf vulnerability

========================================================================== Ubuntu Security Notice USN-2315-1 August 14, 2014 serf vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities

Deutsche Telekom CERT Advisory DTC-A-20140820-001 Summary: Several vulnerabilities were found in checkmk prior versions 1.2.4p4 and 1.2.5i4. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS 2 - write access to config files .mk files 3 - arbitrary code execution Recommendations:...

XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress

Hello 3APA3A! These are Cross-Site Scripting, Full path disclosure and OS Commanding vulnerabilities in plugin DZS Video Gallery for WordPress. Earlier I've disclosed Content Spoofing and Cross-Site Scripting vulnerabilities in this plugin http://securityvulns.ru/docs30871.html...

[SECURITY] [DSA 2997-1] reportbug security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2997-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 05, 2014 http://www.debian.org/security/faq -...

ntopng 1.2.0 XSS injection using monitored network traffic

ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of the software is vulnerable to...

CVE-2014-4973 - Privilege Escalation in ESET Windows Products

Vulnerability title: Privilege Escalation in ESET Windows Products CVE: CVE-2014-4973 Vendor: ESET Product: ESET Windows Products Affected version: v5.0 - 7.0 Firewall Module Build 1183 20140214 and earlier Fixed version: v6 - v7 Firewall Module Build 1212 20140609 Reported by: Kyriakos Economou...

[SECURITY] [DSA 3011-1] mediawiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3011-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 23, 2014 http://www.debian.org/security/faq -...

ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities

ESA-2014-079.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2014-079 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE...

Node Browserify RCE vuln (<= 4.2.0)

Hello, Discovered an RCE vuln in Browserify =4.2.0. Maintainer patched upstream just 4 hours after responsible disclosure yesterday, now fixed as of 4.2.1. Summary and POC found here: http://iops.io/blog/browserify-rce-vulnerability/ Cal...

[SECURITY] [DSA 3009-1] python-imaging security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3009-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 21, 2014 http://www.debian.org/security/faq -...

Python Imaging Library DoS

DoS on icns decoding...

ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability

ESA-2014-067.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability EMC Identifier: ESA-2014-067 CVE Identifier: CVE-2014-2515 Severity: CVSSv2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: • EMC Documentum D2 3.1 and...

[USN-2316-1] Subversion vulnerabilities

========================================================================== Ubuntu Security Notice USN-2316-1 August 14, 2014 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities

Exploit Title: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities Google Dork: intitle:"Powered by Pro Chat Rooms" Date: 5 August 2014 Exploit Author: Mike Manzotti @ Dionach Ltd Vendor Homepage: http://prochatrooms.com Software Link: http://prochatrooms.com/software.php Version: v8.2.0 Tested on:...

LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification

=== LSE Leading Security Experts GmbH - Security Advisory 2014-07-13 === Grand MA 300 Fingerprint Reader - Weak Pin Verification ------------------------------------------------------------------------ Affected Versions ================= Grand MA 300/ID with firmware 6.60 Issue Overview...

XXE Injection in HP Release Control

Hello! I'll give you additional information concerning advisory HP Release Control Authenticated XXE Exploit http://1337day.com/exploit/description/22267. Three different vulnerabilities were used in this exploit for successful attack. For my attack it's needed to use only one vulnerability exact...

Barracuda Networks Firewall / Web Firewall / Spam&Virus Firewall security vulnerabilities

XSS, restrictions bypass...

[USN-2325-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-2325-1 August 21, 2014 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

DoS attacks (ICMPv6-based) resulting from IPv6 EH drops

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, Ten days ago or so we published this I-D: http://www.ietf.org/internet-drafts/draft-gont-v6ops-ipv6-ehs-in-real-world-00.txt Section 5.2 of the I-D discusses a possible attack vector based on a combination of "forged" ICMPv6 PTB messages and IP...

Apache OpenOffice security vulnerabilities

Code execution, information leakage...

Ganeti weak permissions

Weak archives permissions...

IPv6 DoS

Forget ICMPv6 PTB can break communication between two hosts...

[oCERT-2014-006] Ganeti insecure archive permission

2014-006 Ganeti insecure archive permission Description: Ganeti, an open source virtualisation manager, suffers from an insecure file permission vulnerability that leads to sensitive information disclosure. The Ganeti upgrade command 'gnt-cluster upgrade' creates an archive of the current...

CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3575 OpenOffice Targeted Data Exposure Using Crafted OLE Objects Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 4.1.0 and older on Windows. OpenOffice.org versions are also affected. Descriptio...

[USN-2322-1] OpenStack Glance vulnerability

========================================================================== Ubuntu Security Notice USN-2322-1 August 21, 2014 glance vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2323-1] OpenStack Horizon vulnerabilities

========================================================================== Ubuntu Security Notice USN-2323-1 August 21, 2014 horizon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

OpenStack multiple security vulnerabilities

Ceilometer information leakage, Neutron information leakage and DoS, Glance DoS, Horizon crossite scripting, Keystone restrictions bypass and privilege escalation, Nova timing attacks...

[USN-2311-2] OpenStack Ceilometer vulnerability

========================================================================== Ubuntu Security Notice USN-2311-2 August 21, 2014 ceilometer vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3524 OpenOffice Calc Command Injection Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 4.1.0 and older on Windows. OpenOffice.org versions may also be affected. Description: The...

[USN-2324-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-2324-1 August 21, 2014 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2321-1] OpenStack Neutron vulnerabilities

========================================================================== Ubuntu Security Notice USN-2321-1 August 21, 2014 neutron vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory - Apache Software Foundation Apache HttpComponents / hc.apache.org Hostname verification susceptible to MITM attack CVE-2014-3577 / CVSS 1.4 Apache HttpComponents prior to revision 4.3.5/4.0.2 may be susceptible to a 'Man in the Midd...

Linux kernel multiple security vulnerabilities

DoS via ptrace syscall, filesystems mount options limitation bypass...

Outlook.com for Android fails to validate server certificates

------------------------------------------------------------------------ Outlook.com for Android fails to validate server certificates ------------------------------------------------------------------------ Yorick Koster, April 2014...

Outlook.com for Android insufficient certificate validation

Server certificate is not checked...

Apache HttpClient certificate checking bypass

Validation bypass via malcrafted constructions like O="foo,CN=www.apache.org”...