BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 47 min 34 sec ago

Craft CMS affected by server side template injection

4 hours 27 min ago

Posted by Securify B.V. on Jun 27

------------------------------------------------------------------------
Craft CMS affected by server side template injection
------------------------------------------------------------------------
Nelson Berg & Jurgen Kloosterman, June 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that Craft CMS is vulnerable...
Categories:

BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability

June 27, 2016 - 9:29am

Posted by mehmet on Jun 27

1. ADVISORY INFORMATION
========================================
Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Application: BigTree CMS
Remotely Exploitable: Yes
Versions Affected: < 4.2.11
Vendor URL: https://www.bigtreecms.org
Bugs: SQL Injection
Author: Mehmet Ince
Date of found: 27 Jun 2016

2. CREDIT
========================================
Those vulnerabilities was identified during external penetration...
Categories:

[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection

June 27, 2016 - 6:36am

Posted by Matt Bush on Jun 27

Product:

https://www.untangle.com/untangle-ng-firewall/

Description:

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

The Untangle NGFW <= 12.1.0 web interface is prone to a command injection vulnerability, allowing non-root users to
execute arbitrary commands with root privileges and gain remote shell access to the appliance.

This vulnerability can be triggered via modifying any...
Categories:

MyLittleForum v2.3.5 PHP Command Injection

June 27, 2016 - 6:26am

Posted by hyp3rlinx on Jun 27

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt

[+] ISR: APPARITIONSEC

Vendor:
=================
mylittleforum.net

Download:
github.com/ilosuna/mylittleforum/releases/tag/v2.3.5

Product:
===================
MyLittleForum 2.3.5

my little forum is a simple PHP and MySQL based internet forum that displays the messages in classical...
Categories:

[slackware-security] php (SSA:2016-176-01)

June 27, 2016 - 6:17am

Posted by Slackware Security Team on Jun 27

[slackware-security] php (SSA:2016-176-01)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.23-i486-1_slack14.1.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
http://php.net/ChangeLog-5.php#5.6.23...
Categories:

[SECURITY] [DSA 3606-1] libpdfbox security update

June 27, 2016 - 6:07am

Posted by Moritz Muehlenhoff on Jun 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3606-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libpdfbox-java
CVE ID : CVE-2016-2175

It was...
Categories:

#146416 Ruby:HTTP Header injection in 'net/http'

June 24, 2016 - 8:03am

Posted by redrain root on Jun 24

TIMELINE
rootredrain submitted a report to Ruby.

show raw
Jun 22nd

Hi,

I would like to report a HTTP Header injection vulnerability in
'net/http' that allows attackers to inject arbitrary headers in
request even create a new evil request.

PoC

require 'net/http'
http = Net::HTTP.new('192.168.30.214','80')
res = http.get("/r.php HTTP/1.1\r\nx-injection: memeda")

Example

Server Code:...
Categories:

SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure

June 24, 2016 - 7:50am

Posted by SEC Consult Vulnerability Lab on Jun 24

SEC Consult Vulnerability Lab Security Advisory < 20160624-0 >
=======================================================================
title: XSS and information disclosure vulnerability
product: ASUS DSL-N55U router
vulnerable version: 3.0.0.4.376_2736
fixed version: 3.0.0.4_380_3679
CVE number: requested
impact: Medium
homepage: https://www.asus.com/
found:...
Categories:

[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability

June 24, 2016 - 7:38am

Posted by Egidio Romano on Jun 24

-----------------------------------------------------------------------------
SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability
-----------------------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and other versions.

[-] Vulnerability Description:

The vulnerable code is located within the MySugar::addDashlet() method:...
Categories:

[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities

June 24, 2016 - 7:26am

Posted by Egidio Romano on Jun 24

---------------------------------------------------------
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
---------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[-] Vulnerabilities Description:

1) The vulnerable code is located in the /include/utils/array_utils.php script:

99. function...
Categories:

[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities

June 24, 2016 - 7:16am

Posted by Egidio Romano on Jun 24

--------------------------------------------------------------
SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities
--------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[-] Vulnerabilities Description:

The application fails to properly check whether the user has administrator privileges within the following...
Categories:

[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability

June 24, 2016 - 7:06am

Posted by Egidio Romano on Jun 24

------------------------------------------------------------------------------
SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability
------------------------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.23 CE and prior versions.

[-] Vulnerability Description:

The vulnerable code is located in the...
Categories:

ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability

June 22, 2016 - 1:46pm

Posted by Security Alert on Jun 22

ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability

EMC Identifier: ESA-2016-069

CVE Identifier: CVE-2016-0914

Severity Rating: CVSS v3 Base Score: 5.0 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected products:
• EMC Documentum WebTop 6.8 and 6.8.1
• EMC Documentum Administrator 7.0, 7.1, 7.2
• EMC Documentum TaskSpace 6.7 SP3
• EMC Documentum Capital Projects 1.9 and 1.10...
Categories:

Open-Xchange Security Advisory 2016-06-22

June 22, 2016 - 6:19am

Posted by Martin Heiland on Jun 22

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 45328 (Bug ID)
Vulnerability type: Information Exposure (CWE-200)
Vulnerable version: 7.8.1 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev43, 7.6.3-rev11, 7.8.0-rev23, 7.8.1-rev10
Vendor notification: 2016-04-14
Solution date: 2016-05-10
Public disclosure: 2016-06-22
CVE reference: CVE-2016-4027...
Categories:

[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability

June 22, 2016 - 4:26am

Posted by ERPScan inc on Jun 22

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP Application server for Java 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2259547

Author: Dmitry Yudin (ERPScan) @ret5et

Description

1. ADVISORY INFORMATION

Title: SAP Application server for Java – DoS vulnerability

Advisory...
Categories:

Magic values in 32-bit processes on 64-bit OS-es and how to exploit them

June 22, 2016 - 4:16am

Posted by Berend-Jan Wever on Jun 22

(You can read all this information in more detail on
http://blog.skylined.nl)

Software components such as memory managers often use magic values to
mark memory as having a certain state. These magic values can be used
during debugging to determine the state of the memory, and have often
(but not always) been chosen to coincide with addresses that fall
outside of the user-land address space on 32-bit versions of the
Operating System. This can...
Categories:

[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability

June 22, 2016 - 4:05am

Posted by ERPScan inc on Jun 22

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2256185

Author: Dmitry Yudin (ERPScan) @ret5et

Description

1. ADVISORY INFORMATION

Title: SAP JAVA AS icman – DoS vulnerability

Advisory ID:...
Categories:

[ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities

June 21, 2016 - 8:13am

Posted by ERPScan inc on Jun 21

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 29.09.2015

Reported: 30.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238765

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-015] SAP NetWeaver Java AS – multiple XSS vulnerabilities

Advisory ID:...
Categories:

[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability

June 21, 2016 - 8:01am

Posted by ERPScan inc on Jun 21

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: information disclosure

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2255990

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS Java WD_CHAT – Information disclosure vulnerability...
Categories: