[oss-security] CVE request: Proxmox VE < 3.2 user enumeration vulnerability

Hi list, We recently found a vulnerability affecting Proxmox VE 3.2 that allows an unauthenticated user to perform user enumeration. Vendor was contacted and the vulnerability fixed in Proxmox VE 3.2, released on 2014-03-10. References: Proxmox related commits:...

python-PGP code execution

Shell injections...

DNN (DotNetNuke®) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® dnnUINewsArticlesSlider Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.dnnui.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...

DNN (DotNetNuke®) CodeEditor Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® CodeEditor Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...

Bilyoner apps insecure data transmission

Under some conditions data is sent unencrypted...

Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress

Yarubo 1: Arbitrary SQL Execution in Participants Database for Wordpress ========================================================= Program: Participants Database = 1.5.4.8 Severity: Unauthenticated attacker can fully compromise the Wordpress installation Permalink:...

[SECURITY] [DSA 2957-1] mediawiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2957-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 12, 2014 http://www.debian.org/security/faq -...

squid DoS

DoS via Range: request if SSL-Bump is allowed...

CVE-2014-1226 s3dvt Root shell (still)

CVE-2014-1226 s3dvt Root shell still About s3dvt: s3dvt is part of the 3d network display server which can be used as 3d desktop environment. Vulnerability: The s3dvt developers forgot to review all the code. There is still a vulnerable function as in the previous CVE-2013-6825. At the date of Ju...

[ MDVSA-2014:111 ] otrs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:111 http://www.mandriva.com/en/support/security/ Package : otrs Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: A logged in attack...

[REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2014-001 ------------------------------------------------------------------------ Advisory ID: REVIVE-SA-2014-001 CVE ID: CVE-2013-5954 Date: 2014-05-15 Security risk: Moderate...

multiple Vulnerability in "WahmShoppes eStore"

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : multiple Vulnerability in "WahmShoppes eStore" Author : alieye vendor : http://www.wahmshoppes.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl:WsError.asp inurl:store/ We apologize but your request...

[RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script

Advisory: SQL Injection in webEdition CMS File Browser RedTeam Pentesting discovered an SQL injection vulnerability in the file browser component of webEdition CMS during a penetration test. Unauthenticated attackers can get read-only access on the SQL database used by webEdition and read for...

Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

Construtiva CIS Manager CMS POST SQLi

TL;DR; ====== . PRODUCT : Construtiva CIS Manager . TYPE : SQLi http://site/autenticar/lembrarlogin.asp POST email . CVE : CVE-2014-3749 Software Description ==================== . The CIS Manager platform is a complete and powerful tool to manage sites and corporative portals on the Internet. Th...

CVE-2013-6825 DCMTK Root Privilege escalation

CVE-2013-6825 DCMTK Root Privilege escalation About DCMTK: DCMTK is a collection of libraries and applications implementing large parts the DICOM standard. It includes software for examining, constructing and converting DICOM image files, handling offline media, sending and receiving images over ...

CVE-2014-2233 - "Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2233 =================== "Server-Side Request Forgery" CWE-918 vulnerability in "infoware MapSuite" Vendor =================== infoware GmbH Product =================== MapSuite Affected versions =================== This vulnerability affects...

CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages

Vulnerability title: Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages CVE: CVE-2014-3445 Vendor: HandsomeWeb Product: SOS Webpages Affected version: 1.1.11 and earlier Fixed version: 1.1.12 Reported by: Freakyclown Details: The default setup allows an unauthenticated use...

[SECURITY] [DSA 2946-1] python-gnupg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2946-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...

DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® EasyDnnGallery Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.easydnnsolutions.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork...

[SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution

CVE-2013-2251: Apache Continuum affected by Remote Command Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Continuum 1.3.1 to Continuum 1.4.1 Description: Apache Continuum is affected by a vulnerability in the version of the Struts library being used, whi...

[USN-2218-1] Xalan-Java vulnerability

========================================================================== Ubuntu Security Notice USN-2218-1 May 21, 2014 libxalan2-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

CSRF and Remote Code Execution in EGroupware

Advisory ID: HTB23212 Product: EGroupware Vendor: http://www.egroupware.org/ Vulnerable Versions: 1.8.006 community edition and probably prior Tested Version: 1.8.006 community edition Advisory Publication: April 23, 2014 without technical details Vendor Notification: April 23, 2014 Vendor Patch:...

LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory 2014-05-22 === FEX Frams' Fast File EXchange - Multiple Issues - - --------------------------------------------------------------------- Affected Versions ================= FEX Frams' Fast File...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

FCKedtior 2.6.10 Reflected Cross-Site Scripting (XSS)

Class Cross-Site Scripting Remote Yes Published 2nd June 2014 Credit Robin Bailey of Dionach [email protected] Vulnerable FCKeditor = 2.6.10 FCKeditor is prone to a reflected cross-site scripting XSS vulnerability due to inadequately sanitised user input. An attacker may leverage this issue to ru...

CS and XSS vulnerabilities in DZS Video Gallery for WordPress

Hello 3APA3A! There are Content Spoofing and Cross-Site Scripting vulnerabilities in plugin DZS Video Gallery for WordPress. After I announced multiple vulnerabilities in DZS Video Gallery at 08.05.2014 and informed developers, they ignored it, so the second advisory is going directly to full...

Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel

Advisory ID: HTB23200 Product: Seo Panel Vendor: www.seopanel.in Vulnerable Versions: 3.4.0 and probably prior Tested Version: 3.4.0 Advisory Publication: January 29, 2014 without technical details Vendor Notification: January 29, 2014 Vendor Patch: May 15, 2014 Public Disclosure: May 16, 2014...

[KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability

------------------------------------------------------------------------- Dotclear = 2.6.2 XML-RPC Interface Authentication Bypass Vulnerability ------------------------------------------------------------------------- - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and...

[SECURITY] [DSA 2934-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2934-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 19, 2014 http://www.debian.org/security/faq -...

NeginGroup CMS Multiple Vulnerability

Sql Injection And Xss Vulnerability In NeginGroup Cms @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@...

[ MDVSA-2014:116 ] file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:116 http://www.mandriva.com/en/support/security/ Package : file Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated file packages fix security vulnerabilities: A flaw was found in...

CVE-2014-3447 - Remote Denial Of Service in BSS Continuity CMS

Vulnerability title: Remote Denial Of Service in BSS Continuity CMS CVE: CVE-2014-3447 Vendor: BSS Product: Continuity CMS Affected version: 4.2.22640.0 Fixed version: N/A Reported by: Jerzy Kramarz Details: By repeatedly calling node enumeration script, a remote unauthenticated attacker can...

ppc64-diag symbolic links vulnerability

Symbolic links vulnerability on temporary files creation...

[RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script

Advisory: Remote Command Execution in webEdition CMS Installer Script RedTeam Pentesting discovered a remote command execution vulnerability in the installer script of the webEdition CMS during a penetration test. If the installer script is not manually removed after installation, attackers canno...

SEC Consult SA-20140521-0 :: Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140521-0 ======================================================================= title: Multiple vulnerabilities product: CoSoSys Endpoint Protector 4 vulnerable version: all - except issue 1 fixed...

[RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager

Advisory: Directory Traversal in DevExpress ASP.NET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASP.NET File Manager and File Upload. Attackers are able to read arbitrary files by specifying a relative path. Details =====...

[KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability

-------------------------------------------------------------- Dotclear = 2.6.2 categories.php SQL Injection Vulnerability -------------------------------------------------------------- - Software Link: http://dotclear.org/ - Affected Versions: Version 2.6.2 and probably prior versions. -...

CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS

Vulnerability title: Unauthenticated Blind SQL Injection in BSS Continuity CMS CVE: CVE-2014-3446 Vendor: BSS Product: Continuity CMS Affected version: 4.2.22640.0 Fixed version: N/A Reported by: Jerzy Kramarz Details: he following URL and parameters have been confirmed to suffer from Blind SQL...

[Onapsis Security Advisory 2014-020] SAP SLD Information Tampering

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-020: SAP SLD Information Tampering 1. Impact on Business ===================== By exploiting this vulnerability, a remote unauthenticated attacker might be able to modify technical information about the SAP systems...

LE, BF and IAA vulnerabilities in Catapulta I.W. Edition

Hello 3APA3A! These are Login Enumeration, Brute Force and Insufficient Anti-automation vulnerabilities in Catapulta I.W. Edition. This is commercial CMS. It's used at web site of one presidential contender in Ukraine the elections were last Sunday, where I found these vulnerabilities at...

iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability

Document Title: =============== iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1271 Release Date: ============= 2014-06-02 Vulnerability Laboratory ID VL-ID: ==================================...

[SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2929-1 [email protected] http://www.debian.org/security/ Florian Weimer May 16, 2014 http://www.debian.org/security/faq -...

DNN (DotNetNuke®) ASPSlideshow Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® ASPSlideshow Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Buffer overflows, memory corruptions, clickjacking...

CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones

I. ADVISORY CVE-2014-3427 CRLF Injection in Yealink VoIP Phones CVE-2014-3428 XSS vulnerabilities in Yealink VoIP Phones Date published: 06/12/2014 Vendor Contacted: 05/08/2014 II. BACKGROUND Yealink is a manufacturer of VoIP and Video products. To minimize noise read more at:...

Cisco IOS XR DoS

DoS via IPv6 packet...

dpkg directory traversal

No description provided...

CVE-2014-3977 - Privilege Escalation in IBM AIX

Vulnerability title: Privilege Escalation in IBM AIX CVE: CVE-2014-3977 Vendor: IBM Product: AIX Affected version: 6.1.8 and later Fixed version: N/A Reported by: Tim Brown Details: It has been identified that libodm allows privilege escalation via arbitrary file writes with elevated privileges...

AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework

Asterisk Project Security Advisory - AST-2014-005 Product Asterisk Summary Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On March 17, 2014 Reported...