CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive

Vulnerability title: Unrestricted file upload in Livetecs Timelive CVE: CVE-2014-2042 Vendor: Livetecs Product: Timelive Affected version: 6.2.71 Fixed version: 6.5.1 Reported by: Richard Hatch Details: It was discovered that it was possible for low-level TimeLive application users to upload file...

Vulnerabilities in Js-Multi-Hotel for WordPress

Hello 3APA3A! These are vulnerabilities in Js-Multi-Hotel plugin for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions. ------------------------- Affected vendors: ------------------------- Joomlaskin...

XSS and CS vulnerabilities in DSMS

Hello 3APA3A! There are Cross-Site Scripting and Content Spoofing vulnerabilities in DSMS. This is commercial CMS. It's used particularly at government site dsmsu.gov.ua - web site of Ministry of Youth and Sport of Ukraine. There are also other vulnerabilities in the system, about which I've...

Multiple vulnerabilities in Js-Multi-Hotel for WordPress

Hello 3APA3A! There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress. Earlier I wrote about two other vulnerabilities. These are Abuse of Functionality, Denial of Service, Cross-Site Scripting and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for WordPress. Ther...

PCNetSoftware RAC Server DoS

DoS via IOCTL call...

[SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2887-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 27, 2014 http://www.debian.org/security/faq -...

[ MDVSA-2014:079 ] json-c

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:079 http://www.mandriva.com/en/support/security/ Package : json-c Date : April 17, 2014 Affected: Business Server 1.0 Problem Description: Updated json-c packages fix security vulnerabilities: Florian Weimer...

Python Imaging Library security vulnerabilities

Symbolic links vulnerabilities...

WinSCP proteciton bypass

Server X.509 certificate is not validated...

[SECURITY] [DSA 2903-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2903-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez April 14, 2014 http://www.debian.org/security/faq -...

FreeBSD bfs deadlock

It's possible to cause deadlock on valid operations order...

Weak firmware encryption and predictable WPA key on Sitecom routers

ADVISORY INFORMATION Title: Weak firmware encryption and predictable WPA key on Sitecom routers Discovery date: 17/02/2014 Release date: 24/04/2014 Credits: Roberto Paleari @rpaleari Alessandro Di Pinto @adipinto Advisory URL: http://blog.emaze.net/2014/04/sitecom-firmware-and-wifi.html AFFECTED...

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that delivers viewing of...

[SECURITY] [DSA 2913-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2913-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 25, 2014 http://www.debian.org/security/faq -...

SAP Router timing attacks information leakage

It's possible to find a valid password via statistical attacks...

DoS via tables corruption in WordPress

Hello 3APA3A! There is DoS vulnerability in WordPress, about which I wrote in 2009 http://websecurity.com.ua/3152/, on English http://perishablepress.com/important-security-fix-for-wordpress/comment-page-5/comment-71666, which allows to conduct DoS attack or reinstall of the engine depending on...

Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin

Advisory ID: HTB23199 Product: VideoWhisper Live Streaming Integration Vendor: VideoWhisper Vulnerable Versions: 4.27.3 and probably prior Tested Version: 4.27.3 Advisory Publication: February 6, 2014 without technical details Vendor Notification: February 6, 2014 Vendor Patch: February 7, 2014...

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An...

[security bulletin] HPSBPI03014 rev.1 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04262495 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04262495 Version: 1 HPSBPI03014 rev....

SQL Injection in AdRotate

Advisory ID: HTB23201 Product: AdRotate Vendor: AJdG Solutions Vulnerable Versions: 3.9.4 and probably prior Tested Version: 3.9.4 Advisory Publication: January 30, 2014 without technical details Vendor Notification: January 30, 2014 Vendor Patch: January 31, 2014 Public Disclosure: February 20,...

[USN-2179-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2179-1 April 26, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

APPLE-SA-2014-04-22-1 Security Update 2014-002

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-1 Security Update 2014-002 Security Update 2014-002 is now available and addresses the following: CFNetwork HTTPProtocol Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2...

Cross-Site Scripting (XSS) in Ilch CMS

Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure: March 5, 2014 Vulnerability Type: Cross-Site...

AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability

Document Title: =============== AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1252 Release Date: ============= 2014-04-08 Vulnerability Laboratory ID VL-ID:...

BlueMe Bluetooth v5.0 iOS - Code Execution Vulnerability

Document Title: =============== BlueMe Bluetooth v5.0 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1251 Release Date: ============= 2014-04-08 Vulnerability Laboratory ID VL-ID: ====================================...

Adobe Reader Mobile code execution

Code execution via unsafe javascript interface...

Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl

Product description: ============ MODX originally MODx is a free, open source content management system and web application framework for publishing content on the world wide web and intranets. ============ MODX Revolution Blind SQL Injection CVE-2014-2736 ============ The application is vulnerab...

[CORE-2014-0003] - SAP Router Password Timing Attack

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL: http://www.coresecurity.com/advisories/sap-router-password-timing-attack Date published:...

CUPS crossite scripting

Crossite scripting in Web interface...

SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex

SEC Consult Vulnerability Lab Security Advisory 20140430-0 ======================================================================= title: SQL injection and persistent XSS product: Typo3 3rd party extension sibibtex vulnerable version: sibibtex 0.2.3 fixed version: - impact: critical homepage:...

[SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability

CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Archiva 1.3 to Continuum 1.3.6 - The unsupported versions Archiva 1.2 to 1.2.2 are also affected. Description: A request that included a specially craft...

Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...

iVault Private P&V 1.1 iOS - Path Traversal Vulnerability

Document Title: =============== iVault Private P&V 1.1 iOS - Path Traversal Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1253 Release Date: ============= 2014-04-09 Vulnerability Laboratory ID VL-ID: ====================================...

APPLE-SA-2014-04-22-2 iOS 7.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: An attacker in a privileged network positio...

McAfee Security Scanner Plus privilege escalation

Privilege escalation via executable spoofing...

json-c security vulnerabilities

Buffer overflow, weak hashing algorithm...

[slackware-security] php (SSA:2014-111-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2014-111-02 New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

Сross-Site Request Forgery (CSRF) in XCloner Standalone

Advisory ID: HTB23207 Product: XCloner Standalone Vendor: XCloner Vulnerable Versions: 3.5 and probably prior Tested Version: 3.5 Advisory Publication: March 14, 2014 without technical details Vendor Notification: March 14, 2014 Public Disclosure: April 9, 2014 Vulnerability Type: Cross-Site...

New vulnerabilities in Google Maps plugin for Joomla

Hello 3APA3A! Last year I wrote about multiple vulnerabilities in Google Maps plugin. After my informing the developer fixed them, but this year I found new vulnerabilities. These are Denial of Service and Insufficient Anti-automation vulnerabilities in Google Maps plugin for Joomla...

[security bulletin] HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04244787 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04244787 Version: 1 HPSBHF03006 rev....

Vulnerabilities in plugins with CU3ER for WordPress, Joomla, SilverStripe and Plone

Hello 3APA3A! Recently I disclosed vulnerabilities in CU3ER http://seclists.org/fulldisclosure/2014/Apr/244. This is popular flash file and in Google's index there are up to million web sites with it inurl:cu3er.swf filetype:swf - now Google shows 994000 results. There are any plugins for differe...

CVE-2014-2383 - Arbitrary file read in dompdf

Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is present on dompdf.php file that allows remote or local...

SQL Injection in mAdserve

Advisory ID: HTB23209 Product: mAdserve Vendor: MobFox Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: March 26, 2014 without technical details Vendor Notification: March 26, 2014 Public Disclosure: April 16, 2014 Vulnerability Type: SQL Injection CWE-89 CVE...

Microsoft Internet Explorer use-after-free vulnerability

VGX.DLL use-after-free vulnerability is actively exploitd in-the-wild...

JBIG-KIT buffer overflow

Buffer overflow in jbgdecin on JPEG parsing...

[USN-2190-1] JBIG-KIT vulnerability

========================================================================== Ubuntu Security Notice USN-2190-1 May 01, 2014 jbigkit vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

[ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact

As confirmed in our last announcement, the Apache Struts 1 framework in all versions is affected by a ClassLoader manipulation vulnerability CVE-2014-0114 similar to a recently fixed vulnerability in Struts 2 CVE-2014-0112, CVE-2014-0094 1. Thanks to the efforts of Alvaro Munoz and the HP Fortify...

[security bulletin] HPSBGN03034 rev.1 - HP OneView, Remote Elevation of Privileges

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04273152 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04273152 Version: 1 HPSBGN03034 rev....

Sitepark Information Enterprise Server unauthorized access

Unauthorized access during update...

Ubuntu Date and Time Indicator privilege escalation

It's possible to run applications as greeter user...