Visiting a specially crafted page, anywhere on the web, may allow that page
to post forms to a Drupal site in the context of the visitor's session.
To illustrate; suppose one has an active user 1 session, the most powerful
administrator account for a site, to a Drupal site while visiting a website
created by an attacker. This website will now be able to submit any form to
the Drupal site with the privileges of user 1, either by enticing the user to
submit a form or by automated means.
An attacker can exploit this vulnerability by changing passwords, posting PHP
code or creating new users, for example. The attack is only limited by the
privileges of the session it executes in.
Versions affected
Drupal 4.6.x versions before Drupal 4.6.10
Drupal 4.7.x versions before Drupal 4.7.4
Solution
If you are running Drupal 4.6.x then upgrade to Drupal 4.6.10.
http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.6.10.tar.gz
If you are running Drupal 4.7.x then upgrade to Drupal 4.7.4.
http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.4.tar.gz
To patch Drupal 4.6.9 use http://drupal.org/files/sa-2006-025/4.6.9.patch.
To patch Drupal 4.7.3 use http://drupal.org/files/sa-2006-025/4.7.3.patch.
Please note that the patches only contain changes related to this advisory, and
do not fix bugs that were solved in 4.6.10 or 4.7.4.
Important note for Drupal 4.6.10
Any custom forms that do not use the proper form API functions, such as raw HTML
forms, will break for authenticated users and need to be updated. The easiest
way to do so is to add the output of form_token() before the closing form tag.
For phptemplate themes, add the following code before the closing form tag:
<?php print form_token() ?>
A number of modules and themes generate raw HTML forms. Check the list of
modules and themes, to see if that is an issue for your site.
We advise you test modules and themes in use before committing to an upgrade.
Important note for Drupal 4.7.4
Drupal 4.7.4 adds a new form field to all forms. Contributed modules and themes
that assume only specific, known form fields to be present, may break on
Drupal 4.7.4.
We advise you test modules and themes in use before committing to an upgrade.
Reported by
Garvin Hicking.
Contact
The security contact for Drupal can be reached at security at drupal.org or
using the form at http://drupal.org/contact.
// Uwe Hermann, on behalf of the Drupal Security Team.
{"id": "SECURITYVULNS:DOC:14755", "bulletinFamily": "software", "title": "[DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue", "description": "------------------------------------------------------------------------\r\n----\r\nDrupal security advisory DRUPAL-SA-2006-025\r\n------------------------------------------------------------------------\r\n----\r\nProject: Drupal core\r\nDate: 2006-Oct-18\r\nSecurity risk: Highly critical\r\nExploitable from: Remote\r\nVulnerability: Cross site request forgeries\r\n------------------------------------------------------------------------\r\n----\r\n\r\nDescription\r\n-----------\r\nVisiting a specially crafted page, anywhere on the web, may allow that page \r\nto post forms to a Drupal site in the context of the visitor's session. \r\nTo illustrate; suppose one has an active user 1 session, the most powerful \r\nadministrator account for a site, to a Drupal site while visiting a website \r\ncreated by an attacker. This website will now be able to submit any form to \r\nthe Drupal site with the privileges of user 1, either by enticing the user to \r\nsubmit a form or by automated means.\r\n\r\nAn attacker can exploit this vulnerability by changing passwords, posting PHP \r\ncode or creating new users, for example. The attack is only limited by the \r\nprivileges of the session it executes in.\r\n\r\nVersions affected\r\n-----------------\r\n- Drupal 4.6.x versions before Drupal 4.6.10\r\n- Drupal 4.7.x versions before Drupal 4.7.4\r\n\r\nSolution\r\n--------\r\n- If you are running Drupal 4.6.x then upgrade to Drupal 4.6.10.\r\nhttp://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.6.10.tar.gz\r\n- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.4.\r\nhttp://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.4.tar.gz\r\n\r\n- To patch Drupal 4.6.9 use http://drupal.org/files/sa-2006-025/4.6.9.patch.\r\n- To patch Drupal 4.7.3 use http://drupal.org/files/sa-2006-025/4.7.3.patch.\r\n\r\nPlease note that the patches only contain changes related to this advisory, and \r\ndo not fix bugs that were solved in 4.6.10 or 4.7.4.\r\n\r\nImportant note for Drupal 4.6.10\r\n--------------------------------\r\nAny custom forms that do not use the proper form API functions, such as raw HTML \r\nforms, will break for authenticated users and need to be updated. The easiest \r\nway to do so is to add the output of form_token() before the closing form tag. \r\nFor phptemplate themes, add the following code before the closing form tag:\r\n<?php print form_token() ?>\r\nA number of modules and themes generate raw HTML forms. Check the list of \r\nmodules and themes, to see if that is an issue for your site.\r\nWe advise you test modules and themes in use before committing to an upgrade.\r\n\r\nImportant note for Drupal 4.7.4\r\n-------------------------------\r\nDrupal 4.7.4 adds a new form field to all forms. Contributed modules and themes \r\nthat assume only specific, known form fields to be present, may break on \r\nDrupal 4.7.4.\r\n\r\nWe advise you test modules and themes in use before committing to an upgrade.\r\n\r\nReported by\r\n-----------\r\nGarvin Hicking.\r\n\r\nContact\r\n-------\r\nThe security contact for Drupal can be reached at security at drupal.org or \r\nusing the form at http://drupal.org/contact.\r\n\r\n// Uwe Hermann, on behalf of the Drupal Security Team.\r\n-- \r\nUwe Hermann \r\nhttp://www.hermann-uwe.de\r\nhttp://www.it-services-uh.de | http://www.crazy-hacks.org \r\nhttp://www.holsham-traders.de | http://www.unmaintained-free-software.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.5 (GNU/Linux)\r\n\r\niD8DBQFFN7D0XdVoV3jWIbQRAi9gAJ9sGhKLk1dZbc1gPec9r0AdDk40LQCbBIIW\r\nhESYAmvWkPSRf5THS5F1qz8=\r\n=9D02\r\n-----END PGP SIGNATURE-----\r\n\r\n", "published": "2006-10-21T00:00:00", "modified": "2006-10-21T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:14755", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:19", "edition": 1, "viewCount": 15, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2018-08-31T11:10:19", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-14755", "CVE-2014-2595", "CVE-2019-14755", "CVE-2015-9286", "CVE-2008-7273", "CVE-2008-7272"]}, {"type": "zdt", "idList": ["1337DAY-ID-28679"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:144396"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:DOC:32654", "SECURITYVULNS:DOC:32653", "SECURITYVULNS:DOC:32656", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:DOC:32651", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32658"]}], "modified": "2018-08-31T11:10:19", "rev": 2}, "vulnersScore": 5.7}, "affectedSoftware": [], "immutableFields": []}
{"rst": [{"lastseen": "2020-10-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **121[.]128.140.221:14755/bin.sh** in [RST Threat Feed](https://rstcloud.net/profeed) with score **66**.\n First seen: 2020-10-22T03:00:00, Last seen: 2020-10-24T03:00:00.\n IOC tags: **malware**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-22T00:00:00", "id": "RST:742F22DA-28D5-3AF1-B3B2-EECABEEFE92E", "href": "", "published": "2020-10-25T00:00:00", "title": "RST Threat feed. IOC: 121.128.140.221:14755/bin.sh", "type": "rst", "cvss": {}}, {"lastseen": "2020-10-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **121[.]128.140.221:14755/mozi.a** in [RST Threat Feed](https://rstcloud.net/profeed) with score **66**.\n First seen: 2020-10-22T03:00:00, Last seen: 2020-10-24T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-22T00:00:00", "id": "RST:C1AD26A0-2522-39E1-95B7-58346566D10F", "href": "", "published": "2020-10-25T00:00:00", "title": "RST Threat feed. IOC: 121.128.140.221:14755/mozi.a", "type": "rst", "cvss": {}}, {"lastseen": "2020-10-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **121[.]128.140.221:14755/i** in [RST Threat Feed](https://rstcloud.net/profeed) with score **66**.\n First seen: 2020-10-22T03:00:00, Last seen: 2020-10-24T03:00:00.\n IOC tags: **malware**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-22T00:00:00", "id": "RST:DA6BE938-315C-32E6-9EB0-2DB928AE8E0D", "href": "", "published": "2020-10-25T00:00:00", "title": "RST Threat feed. IOC: 121.128.140.221:14755/i", "type": "rst", "cvss": {}}, {"lastseen": "2020-10-20T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **203[.]251.146.78:14755/i** in [RST Threat Feed](https://rstcloud.net/profeed) with score **68**.\n First seen: 2020-10-20T03:00:00, Last seen: 2020-10-20T03:00:00.\n IOC tags: **malware**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-20T00:00:00", "id": "RST:23844E13-A065-3320-ADDB-DDBB4602A946", "href": "", "published": "2020-10-21T00:00:00", "title": "RST Threat feed. IOC: 203.251.146.78:14755/i", "type": "rst", "cvss": {}}, {"lastseen": "2020-10-20T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **203[.]251.146.78:14755/bin.sh** in [RST Threat Feed](https://rstcloud.net/profeed) with score **68**.\n First seen: 2020-10-20T03:00:00, Last seen: 2020-10-20T03:00:00.\n IOC tags: **malware**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-20T00:00:00", "id": "RST:7008A69A-7913-3A4D-9398-23E2BEE886E5", "href": "", "published": "2020-10-21T00:00:00", "title": "RST Threat feed. IOC: 203.251.146.78:14755/bin.sh", "type": "rst", "cvss": {}}, {"lastseen": "2020-10-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **203[.]251.146.78:14755/mozi.m** in [RST Threat Feed](https://rstcloud.net/profeed) with score **68**.\n First seen: 2020-10-21T03:00:00, Last seen: 2020-10-21T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-21T00:00:00", "id": "RST:05D52A08-763E-3FE6-B30B-AEC0C73901D4", "href": "", "published": "2020-10-21T00:00:00", "title": "RST Threat feed. IOC: 203.251.146.78:14755/mozi.m", "type": "rst", "cvss": {}}], "cve": [{"lastseen": "2021-02-02T06:14:28", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:35:21", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T05:35:21", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:52", "description": "The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-15T15:15:00", "title": "CVE-2019-14755", "type": "cve", "cwe": ["CWE-434"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14755"], "modified": "2019-08-20T18:50:00", "cpe": ["cpe:/a:leaftecnologia:leaf_admin:61.9.0212.10_f"], "id": "CVE-2019-14755", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14755", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:leaftecnologia:leaf_admin:61.9.0212.10_f:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:32", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-04-30T14:29:00", "title": "CVE-2015-9286", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9286"], "modified": "2019-05-01T14:22:00", "cpe": [], "id": "CVE-2015-9286", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T06:36:37", "description": "OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2017-10-03T01:29:00", "title": "CVE-2017-14755", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14755"], "modified": "2017-10-11T18:22:00", "cpe": ["cpe:/a:opentext:document_sciences_xpression:4.5"], "id": "CVE-2017-14755", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14755", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:opentext:document_sciences_xpression:4.5:sp1_p13:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2018-04-14T15:45:08", "description": "OpenText Document Sciences xPression version 4.5SP1 Patch 13 suffers from a cross site scripting vulnerability in the XPressoDoc functionality.", "edition": 1, "published": "2017-09-30T00:00:00", "type": "zdt", "title": "OpenText Document Sciences xPression 4.5SP1 Patch 13 Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-14755", "CVE-2017-14756"], "modified": "2017-09-30T00:00:00", "href": "https://0day.today/exploit/description/28679", "id": "1337DAY-ID-28679", "sourceData": "Title: OpenText Document Sciences xPression (formerly EMC Document\r\nSciences xPression) - Cross-Site Scripting\r\nAuthor: Marcin Woloszyn\r\nDate: 27. September 2017\r\nCVE: CVE-2017-14755\r\nCVE: CVE-2017-14756\r\n\r\nAffected Software:\r\n==================\r\nOpenText Document Sciences xPression (formerly EMC Document Sciences xPression)\r\n\r\nExploit was tested on:\r\n======================\r\nv4.5SP1 Patch 13 (older versions might be affected as well)\r\n\r\nCross-Site Scripting:\r\n=====================\r\n\r\nIt is possible to inject Javascript into the application which will be\r\nreflected to unaware application users. This might allow an attacker\r\nto perform actions on behalf of unaware application users.\r\nIn order to remediate the issue, proper input validation, sanitizing\r\nand output encoding should be conducted on server side.\r\n\r\nNo CSRF token is necessary for exploitation.\r\n\r\nVector :\r\n--------\r\n\r\n1) https://[...]/xAdmin/html/XPressoDoc?categoryId=<script>alert(document.domain)<%2fscript>&_dc=1&start=0&limit=10\r\n\r\n2) visit https://[...]/xAdmin/html/Deployment?show=true&cat_id=501egdkn'%2balert(1)//&show=true\r\n\r\n3) click on \"xPresso Documents\" - XSS is triggered.\r\n\r\nFix:\r\n====\r\nhttps://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774\n\n# 0day.today [2018-04-14] #", "sourceHref": "https://0day.today/exploit/28679", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "packetstorm": [{"lastseen": "2017-09-29T22:20:57", "description": "", "published": "2017-09-29T00:00:00", "type": "packetstorm", "title": "OpenText Document Sciences xPression 4.5SP1 Patch 13 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-14755"], "modified": "2017-09-29T00:00:00", "id": "PACKETSTORM:144396", "href": "https://packetstormsecurity.com/files/144396/OpenText-Document-Sciences-xPression-4.5SP1-Patch-13-Cross-Site-Scripting.html", "sourceData": "`Title: OpenText Document Sciences xPression (formerly EMC Document \nSciences xPression) - Cross-Site Scripting \nAuthor: Marcin Woloszyn \nDate: 27. September 2017 \nCVE: CVE-2017-14755 \n \nAffected Software: \n================== \nOpenText Document Sciences xPression (formerly EMC Document Sciences xPression) \n \nExploit was tested on: \n====================== \nv4.5SP1 Patch 13 (older versions might be affected as well) \n \nCross-Site Scripting: \n===================== \n \nIt is possible to inject Javascript into the application which will be \nreflected to unaware application users. This might allow an attacker \nto perform actions on behalf of unaware application users. \nIn order to remediate the issue, proper input validation, sanitizing \nand output encoding should be conducted on server side. \n \nNo CSRF token is necessary for exploitation. \n \nVector : \n-------- \n \nhttps://[...]/xAdmin/html/XPressoDoc?categoryId=<script>alert(document.domain)<%2fscript>&_dc=1&start=0&limit=10 \n \nFix: \n==== \nhttps://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774 \n \nContact: \n======== \nmw[at]nme[dot]pl \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/144396/opentextdsx-xss.txt"}], "securityvulns": [{"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4886"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite XXE injection\r\nAdvisory ID: [ERPSCAN-15-028]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4886\r\nCVSS Information\r\nCVSS Base Score: 6.4 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Low (L)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1) An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2) An attacker can perform a DoS attack (for example, XML Entity Expansion).\r\n3) An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/copxml\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32653", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32653", "title": "[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-4851"], "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite XXE injection\r\nAdvisory ID: [ERPSCAN-15-030]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4851\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability Partial (P)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1) An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2) An attacker can perform a DoS attack (for example, XML Entity Expansion).\r\n3) An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/oramipp_lpr\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32655", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32655", "title": "[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. (CVE-2015-7803, CVE-2015-7804)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32651", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "title": "[USN-2786-1] PHP vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-1338"], "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "title": "apport security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-7747"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2787-1\r\nOctober 28, 2015\r\n\r\naudiofile vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\naudiofile could be made to crash or run programs as your login if it\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- audiofile: Open-source version of the SGI audiofile library\r\n\r\nDetails:\r\n\r\nFabrizio Gennari discovered that audiofile incorrectly handled changing\r\nboth the sample format and the number of channels. If a user or automated\r\nsystem were tricked into processing a specially crafted file, audiofile\r\ncould be made to crash, leading to a denial of service, or possibly execute\r\narbitrary code.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libaudiofile1 0.3.6-2ubuntu0.15.10.1\r\n\r\nUbuntu 15.04:\r\n libaudiofile1 0.3.6-2ubuntu0.15.04.1\r\n\r\nUbuntu 14.04 LTS:\r\n libaudiofile1 0.3.6-2ubuntu0.14.04.1\r\n\r\nUbuntu 12.04 LTS:\r\n libaudiofile1 0.3.3-2ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2787-1\r\n CVE-2015-7747\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.10.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.14.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.3-2ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:DOC:32652", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32652", "title": "[USN-2787-1] audiofile vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}