ID SECURITYVULNS:DOC:10530 Type securityvulns Reporter Securityvulns Modified 2005-12-05T00:00:00
Description
Landshop Real Estate Commerce System Vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
Orginal advisory:http://pridels.blogspot.com/2005/12/landshop-real-estate-commerce-system.html
Vendor:http://www.landshop.gr/en/index.htm
affected version: 0.6.3 and prior
Product Description:
LandShop is a free system for presentation and sales of real estate through the internet It offers - PDF generation on the fly for administrators and visitors - creation of wishlists for visitors that can be sent by email - multi-language capabilities: English,French, Spanish, German and Greek preinstalled - Support for Google maps - Currency conversion - Extensive configuration options for administrators - Multiple users and user levels (administrator, operator)
Vuln. description:
Input passed to the "start" "search_order" "search_type" "search_area" "keyword" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Also input passed to the "lang" parameter in "ls.php" isn't properly sanitised , attacker can get full path discoloure.
Solution:
Edit the source code to ensure that input is properly sanitised.
{"id": "SECURITYVULNS:DOC:10530", "bulletinFamily": "software", "title": "Landshop Real Estate Commerce System Vuln.", "description": "Landshop Real Estate Commerce System Vuln. \r\nVuln. dicovered by : r0t\r\nDate: 5 dec. 2005\r\nOrginal advisory:http://pridels.blogspot.com/2005/12/landshop-real-estate-commerce-system.html \r\nVendor:http://www.landshop.gr/en/index.htm\r\naffected version: 0.6.3 and prior\r\n\r\nProduct Description:\r\nLandShop is a free system for presentation and sales of real estate through the internet It offers - PDF generation on the fly for administrators and visitors - creation of wishlists for visitors that can be sent by email - multi-language capabilities: English,French, Spanish, German and Greek preinstalled - Support for Google maps - Currency conversion - Extensive configuration options for administrators - Multiple users and user levels (administrator, operator) \r\n\r\n\r\nVuln. description:\r\nInput passed to the "start" "search_order" "search_type" "search_area" "keyword" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. \r\n\r\nAlso input passed to the "lang" parameter in "ls.php" isn't properly sanitised , attacker can get full path discoloure. \r\n\r\nexample:\r\n/ls.php?lang=en&action=list&start=[SQL]\r\n\r\n/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword\r\n=&search_area=&search_type=&infield=&search_order=[SQL]\r\n\r\n/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword\r\n=&search_area=&search_type=[SQL]\r\n\r\n/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword=[SQL]\r\n\r\n/ls.php?lang=en&action=list&start=0&CAT_ID=3&keyword\r\n=&search_area=[SQL] \r\n\r\n\r\n\r\n /ls.php?lang=[CODE]\r\n\r\n\r\nSolution:\r\nEdit the source code to ensure that input is properly sanitised.\r\n", "published": "2005-12-05T00:00:00", "modified": "2005-12-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10530", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:14", "edition": 1, "viewCount": 6, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2018-08-31T11:10:14", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB2526297", "KB2501721", "KB317244", "KB980408", "KB981401", "KB2785908", "KB953331", "KB2510690", "KB3191913", "KB2874216"]}], "modified": "2018-08-31T11:10:14", "rev": 2}, "vulnersScore": 0.2}, "affectedSoftware": []}
{"akamaiblog": [{"lastseen": "2020-05-21T21:54:39", "bulletinFamily": "blog", "cvelist": [], "description": "At a time when a global pandemic has forced students to go online to learn, the International Science and Engineering Fair is using the internet to bring together some of the most brilliant and innovative students from all over the world. Collectively, they represent the kind of talent that will be needed to solve humanity's most pressing challenges.\n\n[](<https://blogs.akamai.com/image-2020-05-19-17-25-04-721.jpg>)\n\nWhen you're a student, anything seems possible. You are filled with fresh ideas, and you're not yet jaded with the attitude that \"this is too hard a problem, and I can't solve it.\" That's critical, because approaching problems with a fresh perspective and positive outlook makes all the difference when it comes to innovation and discovery.\n\nI remember attending the Westinghouse Science Talent Search (a sister event to ISEF) when I was in high school. There, we heard from Glenn Seaborg, one of the world's leading authorities on nuclear energy and a recipient of the Nobel Prize in Chemistry. The advice he gave us then still applies today. He said that you never know what's going to happen in your life, the many twists and turns it will take, and the challenges and opportunities you will encounter along the way. The key is to keep your eyes open, your ears open, and your brain turned on. If you do that, you'll be in a position to capitalize on the opportunities, and to solve the hardest challenges. And that can make a great difference to humanity.\n\nThat's a great message for today's students, because they are the ones who will define our future and make the breakthroughs needed for humanity: for example, stopping future pandemics before they become pandemics, finding cures to diseases that impact very large numbers of people, combatting global warming, and solving nutritional issues for the world.\n\nOf course, when you're a student at the ISEF, you probably don't think of yourself as being the person who is going to make such dramatic breakthroughs as curing disease or solving world hunger. You are that person -- you just don't realize it yet.\n\nTo be sure, it won't be easy and you probably won't solve every challenge you encounter. I still remember when I attended ISEF in 1972 and 1973, my project involved trying to prove two famous math conjectures: one was Goldbach's conjecture that every even number can be expressed as the sum of two prime numbers (for example, 10 is the sum of 3 and 7), and the other was the conjecture that there are an infinite number of twin primes (a pair of prime numbers that differ by two, like the numbers 11 and 13). Both conjectures had eluded mathematicians for over a century, but somehow that didn't bother me at the time -- I spent a lot of time trying to prove them and developed what I thought was \"evidence\" that they were true. My effort (and that of many other more qualified mathematicians) notwithstanding, I must report that both conjectures are still unresolved today, nearly 50 years later. \n\nA student attending ISEF this year asked me what skills she should learn while she can't get access to her biology lab or conduct field research during the pandemic. Should she study math? Physics? Coding? I replied, all of the above! Math, physics, and computer science -- and especially algorithms -- are very important in biology today. The lab work is central, of course, but the future breakthroughs may well be made by people who work across disciplines to bring the different perspectives and capabilities of multiple fields to bear on the hardest problems.\n\nThese are some of the reasons that the Akamai Foundation is proud to help support the ISEF, and STEM education in general, with a focus on the pursuit of excellence in mathematics in grades K-12. The foundation bestows direct grants to local charities and nongovernment organizations around the world, with a special desire to help develop STEM-related skills in populations that are underrepresented in today's technology workforce. Please visit the [Akamai Foundation](<https://www.akamai.com/us/en/about/corporate-responsibility/akamai-foundation.jsp>) page to learn more.\n\n", "modified": "2020-05-21T21:33:11", "published": "2020-05-21T21:23:48", "id": "AKAMAIBLOG:D58CA2C0EEE2B907FF49729890A54315", "href": "http://feedproxy.google.com/~r/TheAkamaiBlog/~3/Gzj6wyzyEP4/a-message-to-the-young-innovators-of-tomorrow.html", "type": "akamaiblog", "title": "A Message to the Young Innovators of Tomorrow", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2020-10-03T12:01:15", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:38:38", "description": "Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-12T09:15:00", "title": "CVE-2019-10530", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10530"], "modified": "2019-12-13T18:55:00", "cpe": ["cpe:/o:qualcomm:sda660_firmware:-", "cpe:/o:qualcomm:sd_670_firmware:-", "cpe:/o:qualcomm:sd_210_firmware:-", "cpe:/o:qualcomm:qcs605_firmware:-", "cpe:/o:qualcomm:msm8909w_firmware:-", "cpe:/o:qualcomm:sd_710_firmware:-", "cpe:/o:qualcomm:sdm439_firmware:-", "cpe:/o:qualcomm:sd_636_firmware:-", "cpe:/o:qualcomm:sd_439_firmware:-", "cpe:/o:qualcomm:sd_429_firmware:-", "cpe:/o:qualcomm:sd_820a_firmware:-", "cpe:/o:qualcomm:sd_730_firmware:-", "cpe:/o:qualcomm:sd_632_firmware:-", "cpe:/o:qualcomm:sd_625_firmware:-", "cpe:/o:qualcomm:sd_850_firmware:-", "cpe:/o:qualcomm:sd_835_firmware:-", "cpe:/o:qualcomm:sd_212_firmware:-", "cpe:/o:qualcomm:sd_665_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-", "cpe:/o:qualcomm:sdx24_firmware:-", "cpe:/o:qualcomm:sdm660_firmware:-", "cpe:/o:qualcomm:mdm9206_firmware:-", "cpe:/o:qualcomm:sd_450_firmware:-", "cpe:/o:qualcomm:mdm9150_firmware:-", "cpe:/o:qualcomm:sd_425_firmware:-", "cpe:/o:qualcomm:sd_855_firmware:-", "cpe:/o:qualcomm:sd_845_firmware:-", "cpe:/o:qualcomm:sdx20_firmware:-", "cpe:/o:qualcomm:qcs405_firmware:-", "cpe:/o:qualcomm:mdm9607_firmware:-", "cpe:/o:qualcomm:sd_712_firmware:-", "cpe:/o:qualcomm:msm8996au_firmware:-", "cpe:/o:qualcomm:sdm630_firmware:-", "cpe:/o:qualcomm:mdm9650_firmware:-", "cpe:/o:qualcomm:mdm9640_firmware:-", "cpe:/o:qualcomm:sd_205_firmware:-"], "id": "CVE-2019-10530", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10530", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_665_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:28:28", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T19:28:28", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T20:03:10", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T20:07:34", "description": "The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS.", "edition": 6, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-31T20:29:00", "title": "CVE-2016-10530", "type": "cve", "cwe": ["CWE-310", "CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10530"], "modified": "2019-10-09T23:16:00", "cpe": ["cpe:/a:airbrake:airbrake:0.3.8"], "id": "CVE-2016-10530", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10530", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:airbrake:airbrake:0.3.8:*:*:*:*:node.js:*:*"]}], "github": [{"lastseen": "2021-01-08T22:27:04", "bulletinFamily": "software", "cvelist": ["CVE-2016-10530"], "description": "Affected versions of `airbrake` default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information.\n\n\n## Recommendation\n\nUpdate to version 0.4.0 or later, or upgrade from the now-deprecated `airbrake` module to its replacement, [`airbrake-js`](https://www.npmjs.com/package/airbrake-js).", "edition": 4, "modified": "2021-01-08T19:11:59", "published": "2019-02-18T23:58:13", "id": "GHSA-856X-CP3Q-47VG", "href": "https://github.com/advisories/GHSA-856x-cp3q-47vg", "title": "Insecure Default Configuration in airbrake", "type": "github", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2018-07-18T19:58:49", "bulletinFamily": "scanner", "cvelist": [], "description": "Shows all CPEs from the CPE-based Policy Check which have an invalid syntax.", "modified": "2018-07-17T00:00:00", "published": "2017-11-20T00:00:00", "id": "OPENVAS:1361412562310108291", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108291", "type": "openvas", "title": "CPE-based Policy Check Error", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_policy_cpe_error.nasl 10530 2018-07-17 14:15:42Z asteins $\n#\n# CPE-based Policy Check Error\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108291\");\n script_tag(name:\"cvss_base\", value:\"0.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:N\");\n script_version(\"$Revision: 10530 $\");\n script_name(\"CPE-based Policy Check Error\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-17 16:15:42 +0200 (Tue, 17 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-20 11:42:20 +0100 (Mon, 20 Nov 2017)\");\n script_category(ACT_END);\n script_family(\"Policy\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"Policy/gb_policy_cpe.nasl\");\n script_mandatory_keys(\"policy/cpe/invalid_line/found\");\n\n script_tag(name:\"summary\", value:\"Shows all CPEs from the CPE-based Policy Check which have an invalid syntax.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninvalid_lines = get_kb_list( \"policy/cpe/invalid_list\" );\n\nif( invalid_lines ) {\n\n # Sort to not report changes on delta reports if just the order is different\n invalid_lines = sort( invalid_lines );\n\n report += 'The following invalid lines where identified within the uploaded/provided CPEs:\\n\\n';\n\n foreach error( invalid_lines ) {\n report += error + '\\n';\n }\n}\n\nif( strlen( report ) > 0 ) {\n log_message( port:0, data:report );\n}\n\nexit( 0 );\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-07-18T19:58:49", "bulletinFamily": "scanner", "cvelist": [], "description": "Listet alle Fehler der ", "modified": "2018-07-17T00:00:00", "published": "2017-02-10T00:00:00", "id": "OPENVAS:1361412562310108081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108081", "type": "openvas", "title": "AKIF Orientierungshilfe Windows 10: Fehler", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_policy_orientierungshilfe_win10_error.nasl 10530 2018-07-17 14:15:42Z asteins $\n#\n# AKIF Orientierungshilfe Windows 10: Fehler\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108081\");\n script_version(\"$Revision: 10530 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-17 16:15:42 +0200 (Tue, 17 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-10 10:55:08 +0100 (Fri, 10 Feb 2017)\");\n script_tag(name:\"cvss_base\", value:\"0.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:N\");\n script_name(\"AKIF Orientierungshilfe Windows 10: Fehler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Policy\");\n script_dependencies(\"Policy/gb_policy_orientierungshilfe_win10.nasl\");\n script_mandatory_keys(\"policy/orientierungshilfe_win10/error\");\n\n script_tag(name:\"summary\", value:\"Listet alle Fehler der 'AKIF Orientierungshilfe Windows 10 Uberpruefung' auf.\");\n\n script_tag(name:\"qod\", value:\"98\");\n\n exit(0);\n}\n\nerror = get_kb_item( \"policy/orientierungshilfe_win10/error\" );\nif( ! error ) exit( 0 );\n\nif( \"Es koennen keine Ueberpruefungen durchgefuehrt werden.\" >< error ) {\n report = 'Es trat folgender Fehler auf:\\n' + error + '\\n';\n log_message( data:report, port:0 );\n} else {\n\n error = split( error, sep:\"#-#\", keep:FALSE );\n\n report = max_index( error ) + ' Fehler:\\n\\n';\n\n foreach line( error ) {\n entry = split( line, sep:\"||\", keep:FALSE );\n report += \"Beschreibung: \" + entry[0] + '\\n';\n report += \"Nummerierung: \" + entry[1] + '\\n';\n report += \"Ueberpruefung: \" + entry[2] + '\\n';\n if( \"Registry\" >< entry[2] ) {\n report += \"Registry-Key: \" + entry[3] + '\\n';\n report += \"Registry-Name: \" + entry[4] + '\\n';\n report += \"Registry-Typ: \" + entry[5] + '\\n';\n report += \"Erwarteter Registry-Wert: \" + entry[6] + '\\n';\n report += \"Grund: \" + entry[7] + '\\n';\n } else if( \"Service\" >< entry[2] ) {\n report += \"Service-Name: \" + entry[3] + '\\n';\n report += \"Erwarteter Startup-Type: \" + entry[4] + '\\n';\n report += \"Grund: \" + entry[5] + '\\n';\n }\n report += '\\n';\n }\n log_message( data:report, port:0 );\n}\n\nexit( 0 );\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-07-18T19:58:49", "bulletinFamily": "scanner", "cvelist": [], "description": "Listet alle erfuellten Tests der ", "modified": "2018-07-17T00:00:00", "published": "2017-02-10T00:00:00", "id": "OPENVAS:1361412562310108079", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108079", "type": "openvas", "title": "AKIF Orientierungshilfe Windows 10: Erfuellt", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_policy_orientierungshilfe_win10_ok.nasl 10530 2018-07-17 14:15:42Z asteins $\n#\n# AKIF Orientierungshilfe Windows 10: Erfuellt\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108079\");\n script_version(\"$Revision: 10530 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-17 16:15:42 +0200 (Tue, 17 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-10 10:55:08 +0100 (Fri, 10 Feb 2017)\");\n script_tag(name:\"cvss_base\", value:\"0.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:N\");\n script_name(\"AKIF Orientierungshilfe Windows 10: Erfuellt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Policy\");\n script_dependencies(\"Policy/gb_policy_orientierungshilfe_win10.nasl\");\n script_mandatory_keys(\"policy/orientierungshilfe_win10/passed\");\n\n script_tag(name:\"summary\", value:\"Listet alle erfuellten Tests der 'AKIF Orientierungshilfe Windows 10 Ueberpruefung' auf.\");\n\n script_tag(name:\"qod\", value:\"98\");\n\n exit(0);\n}\n\npassed = get_kb_item( \"policy/orientierungshilfe_win10/passed\" );\n\nif( passed ) {\n\n passed = split( passed, sep:\"#-#\", keep:FALSE );\n\n report = max_index( passed ) + ' Bestanden:\\n\\n';\n\n foreach line( passed ) {\n entry = split( line, sep:\"||\", keep:FALSE );\n report += \"Beschreibung: \" + entry[0] + '\\n';\n report += \"Nummerierung: \" + entry[1] + '\\n';\n report += \"Ueberpruefung: \" + entry[2] + '\\n';\n if( entry[2] == \"Registry\" ) {\n report += \"Registry-Key: \" + entry[3] + '\\n';\n report += \"Registry-Name: \" + entry[4] + '\\n';\n report += \"Registry-Typ: \" + entry[5] + '\\n';\n report += \"Erwarteter Registry-Wert: \" + entry[6] + '\\n';\n report += \"Momentaner Registry-Wert: \" + entry[7] + '\\n';\n } else if( entry[2] == \"Service\" ) {\n report += \"Service-Name: \" + entry[3] + '\\n';\n report += \"Erwarteter Startup-Type: \" + entry[4] + '\\n';\n report += \"Momentaner Startup-Type: \" + entry[5] + '\\n';\n }\n report += '\\n';\n }\n log_message( data:report, port:0 );\n}\n\nexit( 0 );\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "nodejs": [{"lastseen": "2020-09-29T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2016-10530"], "description": "## Overview\n\nAffected versions of `airbrake` default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information.\n\n## Recommendation\n\nUpdate to version 0.4.0 or later, or upgrade from the now-deprecated `airbrake` module to its replacement, [`airbrake-js`](https://www.npmjs.com/package/airbrake-js).\n\n## References\n\n[Issue #70](https://github.com/airbrake/node-airbrake/issues/70)", "modified": "2018-02-28T20:41:55", "published": "2016-03-28T22:31:14", "id": "NODEJS:96", "href": "https://www.npmjs.com/advisories/96", "type": "nodejs", "title": "Insecure Default Configuration", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4878", "CVE-2015-4877"], "description": "\r\n\r\n======================================================================\r\n\r\n Secunia Research (now part of Flexera Software) 26/10/2015\r\n\r\n Oracle Outside In Two Buffer Overflow Vulnerabilities\r\n\r\n======================================================================\r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nDescription of Vulnerabilities.......................................3\r\nSolution.............................................................4\r\nTime Table...........................................................5\r\nCredits..............................................................6\r\nReferences...........................................................7\r\nAbout Secunia........................................................8\r\nVerification.........................................................9\r\n\r\n======================================================================\r\n\r\n1) Affected Software\r\n\r\n* Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2.\r\n\r\n====================================================================== \r\n2) Severity\r\n\r\nRating: Moderately critical\r\nImpact: System Access\r\nWhere: From remote\r\n\r\n====================================================================== \r\n3) Description of Vulnerabilities\r\n\r\nSecunia Research has discovered two vulnerabilities in Oracle Outside\r\nIn Technology, which can be exploited by malicious people to cause a\r\nDoS (Denial of Service) and compromise an application using the SDK.\r\n\r\n1) An error in the vstga.dll when processing TGA files can be\r\nexploited to cause an out-of-bounds write memory access.\r\n\r\n2) An error in the libxwd2.dll when processing XWD files can be\r\nexploited to cause a stack-based buffer overflow.\r\n\r\nSuccessful exploitation of the vulnerabilities may allow execution of\r\narbitrary code.\r\n\r\n====================================================================== \r\n4) Solution\r\n\r\nApply update. Please see the Oracle Critical Patch Update Advisory\r\nfor October 2015 for details.\r\n\r\n====================================================================== \r\n5) Time Table\r\n\r\n14/07/2015 - Vendor notified of vulnerabilities.\r\n14/07/2015 - Vendor acknowledges report.\r\n16/07/2015 - Vendor supplied bug ticket ID.\r\n27/07/2015 - Vendor supplied information of fix in main codeline.\r\n24/09/2015 - Replied to vendor and asked about CVE references.\r\n25/09/2015 - Vendor replied that they check our request.\r\n27/09/2015 - Vendor assigned two CVE references.\r\n17/10/2015 - Vendor supplied 20/10/2015 as estimated fix date.\r\n20/10/2015 - Release of vendor patch.\r\n21/10/2015 - Public disclosure.\r\n26/10/2015 - Publication of research advisory.\r\n\r\n======================================================================\r\n\r\n6) Credits\r\n\r\nDiscovered by Behzad Najjarpour Jabbari, Secunia Research (now part\r\nof Flexera Software).\r\n\r\n======================================================================\r\n\r\n7) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe CVE-2015-4877 and CVE-2015-4878 identifiers for the\r\nvulnerabilities.\r\n\r\n======================================================================\r\n\r\n8) About Secunia (now part of Flexera Software)\r\n\r\nIn September 2015, Secunia has been acquired by Flexera Software:\r\n\r\nhttps://secunia.com/blog/435/\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private\r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the\r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n======================================================================\r\n\r\n9) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2015-04/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32659", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32659", "title": "Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities", "type": "securityvulns", "cvss": {"score": 1.5, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-1341"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2782-1\r\nOctober 27, 2015\r\n\r\napport vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nApport could be made to run programs as an administrator.\r\n\r\nSoftware Description:\r\n- apport: automatically generate crash reports for debugging\r\n\r\nDetails:\r\n\r\nGabriel Campana discovered that Apport incorrectly handled Python module\r\nimports. A local attacker could use this issue to elevate privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n apport 2.19.1-0ubuntu4\r\n\r\nUbuntu 15.04:\r\n apport 2.17.2-0ubuntu1.7\r\n\r\nUbuntu 14.04 LTS:\r\n apport 2.14.1-0ubuntu3.18\r\n\r\nUbuntu 12.04 LTS:\r\n apport 2.0.1-0ubuntu17.13\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2782-1\r\n CVE-2015-1341\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/apport/2.19.1-0ubuntu4\r\n https://launchpad.net/ubuntu/+source/apport/2.17.2-0ubuntu1.7\r\n https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.18\r\n https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.13\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32660", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32660", "title": "[USN-2782-1] Apport vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-1338"], "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "title": "apport security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. (CVE-2015-7803, CVE-2015-7804)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32651", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "title": "[USN-2786-1] PHP vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4849"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - XXE injection\r\nAdvisory ID: [ERPSCAN-15-029]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 21.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4849\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability Partial (P)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1) An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2) An attacker can perform a DoS attack (for example, XML Entity Expansion).\r\n3) An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/IspPunchInServlet\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32654", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32654", "title": "[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "PHAR extension DoS.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "title": "PHP security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4846"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite SQL injection\r\nAdvisory ID: [ERPSCAN-15-026]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: SQL injection\r\nImpact: SQL injection, RCE\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4846\r\nCVSS Information\r\nCVSS Base Score: 3.6 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) High (H)\r\nAu : Authentication (Level of authentication needed to exploit) Single (S)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThe problem is caused by an SQL injection vulnerability. The code\r\ncomprises an SQL statement that contains strings that can be altered\r\nby an attacker. The manipulated SQL statement can then be used to\r\nretrieve additional data from the database or to modify the data.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3, 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nOne of SQL extensions (afamexts.sql) does not filter user input values\r\nwhich may lead to SQL injection. The only defense mechanism is a\r\npassword for APPS. If an attacker knows the password (for example,\r\ndefault password APPS/APPS), he will be able to exploit SQL injection\r\nwith high privilege.\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32657", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32657", "title": "[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability", "type": "securityvulns", "cvss": {"score": 3.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}
