BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 23 min ago

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution

June 28, 2016 - 2:30pm

Posted by KoreLogic Disclosures on Jun 28

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution

Title: Ubiquiti Administration Portal CSRF to Remote Command Execution
Advisory ID: KL-001-2016-002
Publication Date: 2016.06.28
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt

1. Vulnerability Details

Affected Vendor: Ubiquiti
Affected Product: AirGateway, AirFiber, mFi
Affected Version: 1.1.6, 3.2, 2.1.11...
Categories:

[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability

June 28, 2016 - 12:20pm

Posted by Egidio Romano on Jun 28

-------------------------------------------------------------------------------
Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
-------------------------------------------------------------------------------

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1 and probably other versions.

[-] Vulnerability Description:

The vulnerable code is located within the...
Categories:

[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities

June 28, 2016 - 12:09pm

Posted by Egidio Romano on Jun 28

-------------------------------------------------------------------------
Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
-------------------------------------------------------------------------

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1 and probably other versions.

[-] Vulnerabilities Description:

1) User input passed through the "uEmail" and...
Categories:

[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities

June 28, 2016 - 11:59am

Posted by Egidio Romano on Jun 28

--------------------------------------------------------------------------
Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
--------------------------------------------------------------------------

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1 and probably other versions.

[-] Vulnerabilities Description:

Concrete5 implements a Synchronizer Token Pattern in order to provide...
Categories:

Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities

June 28, 2016 - 8:27am

Posted by Vulnerability Lab on Jun 28

Document Title:
===============
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1862

CWE-89
CWE-79
CWE-264

http://cwe.mitre.org/data/definitions/89
http://cwe.mitre.org/data/definitions/79
http://cwe.mitre.org/data/definitions/264

CWE-ID:
======
89

Release Date:
=============
2016-06-28

Vulnerability Laboratory ID (VL-ID):...
Categories:

Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability

June 28, 2016 - 8:12am

Posted by Vulnerability Lab on Jun 28

Document Title:
===============
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1863

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
====================================
1863

Common Vulnerability Scoring System:
====================================
8.1

Product & Service Introduction:...
Categories:

Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability

June 28, 2016 - 8:02am

Posted by Vulnerability Lab on Jun 28

Document Title:
===============
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1858

Release Date:
=============
2016-06-21

Vulnerability Laboratory ID (VL-ID):
====================================
1858

Common Vulnerability Scoring System:
====================================
7.6

Product & Service Introduction:...
Categories:

Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability

June 28, 2016 - 7:52am

Posted by Vulnerability Lab on Jun 28

Document Title:
===============
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1849

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
====================================
1849

Common Vulnerability Scoring System:
====================================
8.7

Product & Service Introduction:...
Categories:

[SECURITY] [DSA 3607-1] linux security update

June 28, 2016 - 6:25am

Posted by Salvatore Bonaccorso on Jun 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-3607-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2015-7515 CVE-2016-0821...
Categories:

Craft CMS affected by server side template injection

June 28, 2016 - 12:20am

Posted by Securify B.V. on Jun 27

------------------------------------------------------------------------
Craft CMS affected by server side template injection
------------------------------------------------------------------------
Nelson Berg & Jurgen Kloosterman, June 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that Craft CMS is vulnerable...
Categories:

BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability

June 27, 2016 - 9:29am

Posted by mehmet on Jun 27

1. ADVISORY INFORMATION
========================================
Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Application: BigTree CMS
Remotely Exploitable: Yes
Versions Affected: < 4.2.11
Vendor URL: https://www.bigtreecms.org
Bugs: SQL Injection
Author: Mehmet Ince
Date of found: 27 Jun 2016

2. CREDIT
========================================
Those vulnerabilities was identified during external penetration...
Categories:

[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection

June 27, 2016 - 6:36am

Posted by Matt Bush on Jun 27

Product:

https://www.untangle.com/untangle-ng-firewall/

Description:

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

The Untangle NGFW <= 12.1.0 web interface is prone to a command injection vulnerability, allowing non-root users to
execute arbitrary commands with root privileges and gain remote shell access to the appliance.

This vulnerability can be triggered via modifying any...
Categories:

MyLittleForum v2.3.5 PHP Command Injection

June 27, 2016 - 6:26am

Posted by hyp3rlinx on Jun 27

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt

[+] ISR: APPARITIONSEC

Vendor:
=================
mylittleforum.net

Download:
github.com/ilosuna/mylittleforum/releases/tag/v2.3.5

Product:
===================
MyLittleForum 2.3.5

my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical...
Categories:

[slackware-security] php (SSA:2016-176-01)

June 27, 2016 - 6:17am

Posted by Slackware Security Team on Jun 27

[slackware-security] php (SSA:2016-176-01)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.23-i486-1_slack14.1.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.23...
Categories:

[SECURITY] [DSA 3606-1] libpdfbox security update

June 27, 2016 - 6:07am

Posted by Moritz Muehlenhoff on Jun 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3606-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libpdfbox-java
CVE ID : CVE-2016-2175

It was...
Categories:

#146416 Ruby:HTTP Header injection in 'net/http'

June 24, 2016 - 8:03am

Posted by redrain root on Jun 24

TIMELINE
rootredrain submitted a report to Ruby.

show raw
Jun 22nd

Hi,

I would like to report a HTTP Header injection vulnerability in
'net/http' that allows attackers to inject arbitrary headers in
request even create a new evil request.

PoC

require 'net/http'
http = Net::HTTP.new('192.168.30.214','80')
res = http.get("/r.php HTTP/1.1\r\nx-injection: memeda")

Example

Server Code:...
Categories:

SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure

June 24, 2016 - 7:50am

Posted by SEC Consult Vulnerability Lab on Jun 24

SEC Consult Vulnerability Lab Security Advisory < 20160624-0 >
=======================================================================
title: XSS and information disclosure vulnerability
product: ASUS DSL-N55U router
vulnerable version: 3.0.0.4.376_2736
fixed version: 3.0.0.4_380_3679
CVE number: requested
impact: Medium
homepage: https://www.asus.com/
found:...
Categories:

[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability

June 24, 2016 - 7:38am

Posted by Egidio Romano on Jun 24

-----------------------------------------------------------------------------
SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability
-----------------------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and other versions.

[-] Vulnerability Description:

The vulnerable code is located within the MySugar::addDashlet() method:...
Categories:

[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities

June 24, 2016 - 7:26am

Posted by Egidio Romano on Jun 24

---------------------------------------------------------
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
---------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[-] Vulnerabilities Description:

1) The vulnerable code is located in the /include/utils/array_utils.php script:

99. function...
Categories:

[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities

June 24, 2016 - 7:16am

Posted by Egidio Romano on Jun 24

--------------------------------------------------------------
SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities
--------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[-] Vulnerabilities Description:

The application fails to properly check whether the user has administrator privileges within the following...
Categories: