BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 9 min ago

ipTIME n104r3 vulnerable to CSRF and XSS attacks

1 hour 11 min ago

Posted by Pierre Kim on Jul 06

## Advisory Information

Title: iptime n104r3 vulnerable to CSRF and XSS attacks
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-03-iptime-n104r3-vulnerable-to-CSRF-and-XSS-attacks.html
Date published: 2015-07-03
Vendors contacted: None
Release mode: Released, 0day
CVE: no current CVE

## Product Description

EFMNetworks ipTIME is the largest Korean brand of...
Categories:

[SECURITY] [DSA 3299-1] stunnel4 security update

1 hour 26 min ago

Posted by Salvatore Bonaccorso on Jul 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-3299-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : stunnel4
CVE ID : CVE-2015-3644
Debian Bug :...
Categories:

ToorCon 17 Call For Papers!

1 hour 35 min ago

Posted by h1kari on Jul 06

TOORCON 17 CALL FOR PAPERS

It's that time of year again! ToorCon 17 is coming so get your code
finished and submit a talk this time around. We're letting you decide
if you want to be a part of our 50-minute talks on Saturday, 20-minute
talks on Sunday, and 75-minute talks for our Deep Knowledge Seminars
on Friday depending on how much time you need to present your new
ideas and techniques. We evaluate our submissions in the order that...
Categories:

iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...

July 1, 2015 - 12:03pm

Posted by Stefan Kanthak on Jul 01

Hi @ll,

the just released QuickTime 7.7.7 and iTunes 12.2 for Windows still
have quite some of the BLOODY beginners errors I already documented
in the past.

QuickTime 7.7.7, QuickTime.msi

unquoted pathname of executables in command line

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\QuickTime\shell\open\command]
@="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"

iTunes 12.2, AppleMobileDeviceSupport.msi

outdated 3rd party...
Categories:

Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models)

July 1, 2015 - 10:27am

Posted by Pierre Kim on Jul 01

Please find a text-only version below sent to security mailing-lists.

The complete version on exploits about my last advisory of ipTIME
products is posted here:

https://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-iptime-router-models.html

=== text-version of the advisory ===

Disclaimer

This advisory is licensed under a Creative Commons Attribution
Non-Commercial
Share-Alike 3.0 License:...
Categories:

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

July 1, 2015 - 9:47am

Posted by Security Alert on Jul 01

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

EMC Identifier: ESA-2015-112

CVE Identifier: CVE-2015-4525

Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Affected products:

• EMC Isilon OneFS 7.2.0.0 - 7.2.0.1
• EMC Isilon OneFS 7.1.1.0 - 7.1.1.4
• EMC Isilon OneFS 7.1.0.x
• EMC Isilon OneFS 7.0.2.x
• EMC Isilon OneFS 7.0.1.x
• EMC Isilon OneFS 6.5.x.x...
Categories:

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

July 1, 2015 - 9:40am

Posted by Security Alert on Jul 01

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

EMC Identifier: ESA-2015-108

CVE Identifier: CVE-2015-0547, CVE-2015-0548

Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs

Affected products:

• EMC Documentum D2 version 4.1
• EMC Documentum D2 version 4.2
• EMC Documentum D2 version 4.5

Summary:
EMC Documentum D2 contains multiple DQL injection vulnerabilities...
Categories:

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities

July 1, 2015 - 9:30am

Posted by Security Alert on Jul 01

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities

CVE Identifier: CVE-2015-0551, CVE-2015-4524

Severity Rating: CVSS v2 Base Score: See below for CVSSv2 scores for individual CVEs

Affected products:
• EMC Documentum WebTop, versions 6.7SP1, 6.7SP2, 6.8
• EMC Documentum Capital Projects 1.8 and 1.9
• EMC Documentum Administrator, versions 6.7SP1, 6.7SP2, 7.0, 7.1 and 7.2
• EMC Documentum...
Categories:

Path Traversal in BlackCat CMS

July 1, 2015 - 9:22am

Posted by High-Tech Bridge Security Research on Jul 01

Advisory ID: HTB23263
Product: BlackCat CMS
Vendor: Black Cat Development
Vulnerable Version(s): 1.1.1 and probably prior
Tested Version: 1.1.1
Advisory Publication: June 10, 2015 [without technical details]
Vendor Notification: June 10, 2015
Vendor Patch: June 24, 2015
Public Disclosure: July 1, 2015
Vulnerability Type: Path Traversal [CWE-22]
CVE Reference: CVE-2015-5079
Risk Level: High
CVSSv2 Base Score: 7.8...
Categories:

Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability

July 1, 2015 - 9:16am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1535

Video: http://www.vulnerability-lab.com/get_content.php?id=1537

Release Date:
=============
2015-06-29

Vulnerability Laboratory ID (VL-ID):
====================================
1535

Common Vulnerability Scoring System:...
Categories:

FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability

July 1, 2015 - 9:05am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1538

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
====================================
1538

Common Vulnerability Scoring System:
====================================
5.9

Product & Service Introduction:...
Categories:

Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability

July 1, 2015 - 8:56am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1463

EIBBP-31602

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
====================================
1463

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:...
Categories:

Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability

July 1, 2015 - 8:47am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1431

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
====================================
1431

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...
Categories:

Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects

July 1, 2015 - 8:33am

Posted by andrew on Jul 01

Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed

On April 2014 I discovered vulnerability in EMC Documentum Content Server
which allow authenticated user to elevate privileges, hijack Content Server
filesystem or execute arbitrary commands by creating malicious dm_job
objects (for detailed description see VRF#HUFU6FNP.txt and
VRF#HUFV0UZN.txt).

On October 2014 vendor announced...
Categories:

APPLE-SA-2015-06-30-6 iTunes 12.2

July 1, 2015 - 8:25am

Posted by Apple Product Security on Jul 01

APPLE-SA-2015-06-30-6 iTunes 12.2

iTunes 12.2 is now available and addresses the following:

WebKit
Available for: Windows 8 and Windows 7
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-3192 :...
Categories:

[SECURITY] [DSA 3298-1] jackrabbit security update

July 1, 2015 - 8:15am

Posted by Moritz Muehlenhoff on Jul 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-3298-1 security () debian org
https://www.debian.org/security/ Markus Koschany
July 01, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jackrabbit
CVE ID : CVE-2015-1833

It was...
Categories:

APPLE-SA-2015-06-30-5 QuickTime 7.7.7

July 1, 2015 - 8:07am

Posted by Apple Product Security on Jul 01

APPLE-SA-2015-06-30-5 QuickTime 7.7.7

QuickTime 7.7.7 is now available and addresses the following:

QT Media Foundation
Available for: Windows 7 and Windows Vista
Impact: Processing a maliciously crafted file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3661 : G....
Categories:

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

June 30, 2015 - 12:58pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

Mac EFI Security Update 2015-001 is now available and addresses the
following:

EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application with root privileges may be able to
modify EFI flash memory
Description: An insufficient locking issue existed with EFI flash
when resuming from sleep states. This issue was addressed through
improved locking....
Categories:

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

June 30, 2015 - 12:51pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and
address the following:

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.3
Impact: A maliciously crafted website can access the WebSQL
databases of other websites
Description: An issue existed in the authorization checks for
renaming WebSQL tables. This could...
Categories:

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

June 30, 2015 - 12:38pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update
2015-005

OS X Yosemite v10.10.4 and Security Update 2015-005 are now available
and address the following:

Admin Framework
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A process may gain admin privileges without proper
authentication
Description: An issue existed when checking XPC entitlements. This
issue was addressed through improved...
Categories: