BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 28 min 59 sec ago

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

July 1, 2015 - 9:47am

Posted by Security Alert on Jul 01

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

EMC Identifier: ESA-2015-112

CVE Identifier: CVE-2015-4525

Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Affected products:

• EMC Isilon OneFS 7.2.0.0 - 7.2.0.1
• EMC Isilon OneFS 7.1.1.0 - 7.1.1.4
• EMC Isilon OneFS 7.1.0.x
• EMC Isilon OneFS 7.0.2.x
• EMC Isilon OneFS 7.0.1.x
• EMC Isilon OneFS 6.5.x.x...
Categories:

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

July 1, 2015 - 9:40am

Posted by Security Alert on Jul 01

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

EMC Identifier: ESA-2015-108

CVE Identifier: CVE-2015-0547, CVE-2015-0548

Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs

Affected products:

• EMC Documentum D2 version 4.1
• EMC Documentum D2 version 4.2
• EMC Documentum D2 version 4.5

Summary:
EMC Documentum D2 contains multiple DQL injection vulnerabilities...
Categories:

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities

July 1, 2015 - 9:30am

Posted by Security Alert on Jul 01

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities

CVE Identifier: CVE-2015-0551, CVE-2015-4524

Severity Rating: CVSS v2 Base Score: See below for CVSSv2 scores for individual CVEs

Affected products:
• EMC Documentum WebTop, versions 6.7SP1, 6.7SP2, 6.8
• EMC Documentum Capital Projects 1.8 and 1.9
• EMC Documentum Administrator, versions 6.7SP1, 6.7SP2, 7.0, 7.1 and 7.2
• EMC Documentum...
Categories:

Path Traversal in BlackCat CMS

July 1, 2015 - 9:22am

Posted by High-Tech Bridge Security Research on Jul 01

Advisory ID: HTB23263
Product: BlackCat CMS
Vendor: Black Cat Development
Vulnerable Version(s): 1.1.1 and probably prior
Tested Version: 1.1.1
Advisory Publication: June 10, 2015 [without technical details]
Vendor Notification: June 10, 2015
Vendor Patch: June 24, 2015
Public Disclosure: July 1, 2015
Vulnerability Type: Path Traversal [CWE-22]
CVE Reference: CVE-2015-5079
Risk Level: High
CVSSv2 Base Score: 7.8...
Categories:

Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability

July 1, 2015 - 9:16am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1535

Video: http://www.vulnerability-lab.com/get_content.php?id=1537

Release Date:
=============
2015-06-29

Vulnerability Laboratory ID (VL-ID):
====================================
1535

Common Vulnerability Scoring System:...
Categories:

FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability

July 1, 2015 - 9:05am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1538

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
====================================
1538

Common Vulnerability Scoring System:
====================================
5.9

Product & Service Introduction:...
Categories:

Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability

July 1, 2015 - 8:56am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1463

EIBBP-31602

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
====================================
1463

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:...
Categories:

Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability

July 1, 2015 - 8:47am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1431

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
====================================
1431

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...
Categories:

Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects

July 1, 2015 - 8:33am

Posted by andrew on Jul 01

Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed

On April 2014 I discovered vulnerability in EMC Documentum Content Server
which allow authenticated user to elevate privileges, hijack Content Server
filesystem or execute arbitrary commands by creating malicious dm_job
objects (for detailed description see VRF#HUFU6FNP.txt and
VRF#HUFV0UZN.txt).

On October 2014 vendor announced...
Categories:

APPLE-SA-2015-06-30-6 iTunes 12.2

July 1, 2015 - 8:25am

Posted by Apple Product Security on Jul 01

APPLE-SA-2015-06-30-6 iTunes 12.2

iTunes 12.2 is now available and addresses the following:

WebKit
Available for: Windows 8 and Windows 7
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-3192 :...
Categories:

[SECURITY] [DSA 3298-1] jackrabbit security update

July 1, 2015 - 8:15am

Posted by Moritz Muehlenhoff on Jul 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-3298-1 security () debian org
https://www.debian.org/security/ Markus Koschany
July 01, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jackrabbit
CVE ID : CVE-2015-1833

It was...
Categories:

APPLE-SA-2015-06-30-5 QuickTime 7.7.7

July 1, 2015 - 8:07am

Posted by Apple Product Security on Jul 01

APPLE-SA-2015-06-30-5 QuickTime 7.7.7

QuickTime 7.7.7 is now available and addresses the following:

QT Media Foundation
Available for: Windows 7 and Windows Vista
Impact: Processing a maliciously crafted file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3661 : G....
Categories:

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

June 30, 2015 - 12:58pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

Mac EFI Security Update 2015-001 is now available and addresses the
following:

EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application with root privileges may be able to
modify EFI flash memory
Description: An insufficient locking issue existed with EFI flash
when resuming from sleep states. This issue was addressed through
improved locking....
Categories:

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

June 30, 2015 - 12:51pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and
address the following:

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.3
Impact: A maliciously crafted website can access the WebSQL
databases of other websites
Description: An issue existed in the authorization checks for
renaming WebSQL tables. This could...
Categories:

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

June 30, 2015 - 12:38pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update
2015-005

OS X Yosemite v10.10.4 and Security Update 2015-005 are now available
and address the following:

Admin Framework
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A process may gain admin privileges without proper
authentication
Description: An issue existed when checking XPC entitlements. This
issue was addressed through improved...
Categories:

APPLE-SA-2015-06-30-1 iOS 8.4

June 30, 2015 - 12:27pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-1 iOS 8.4

iOS 8.4 is now available and addresses the following:

Application Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious universal provisioning profile app may prevent
apps from launching
Description: An issue existed in the install logic for universal
provisioning profile apps, which allowed a collision to occur with
existing bundle IDs. This issue...
Categories:

Google Chrome Address Spoofing (Request For Comment)

June 30, 2015 - 7:21am

Posted by David Leo on Jun 30

Impact:
The "click to verify" thing is completely broken...
Anyone can be "BBB Accredited Business" etc.
You can make whitehouse.gov display "We love Islamic State" :-)

Note:
No user interaction on the fake page.

Code:
***** index.html
<script>
function next()
{
w.location.replace('http://www.oracle.com/index.html?'+n);n++;
setTimeout("next();",15);...
Categories:

CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP

June 30, 2015 - 6:15am

Posted by Fernando Muñoz on Jun 30

TimeDoctor claims to be a software that helps to improve the
productivity of teams, reduce time spent on distractions [1]

Vulnerability:
TimeDoctor autoupdate feature downloads and executes files over plain
HTTP and doesn't perform any check with the files. An attacker with
MITM capabilities (i.e., when user connects to a public wifi) could
override the Timedoctor subdomain and then execute custom binaries on
the machine where the...
Categories: