Monthly Archives: November 2014

CentOS

CESA-2014:1824 Important CentOS 5 php SecurityUpdate

CentOS Errata and Security Advisory 2014:1824 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1824.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
88f2fccf2f9a8a58f61f160d3a0fe28c2a8729ab5ce711b1c3e2b461b2eb621e  php-5.1.6-45.el5_11.i386.rpm
07c21bb887b38fce6cdafa1aa3059f16ed218097f78c6cd4884a919144be7702  php-bcmath-5.1.6-45.el5_11.i386.rpm
f90da8ddf2bacb39b99c078a60d3c917f00a2942aa9f2882b5d3f558b241ee6f  php-cli-5.1.6-45.el5_11.i386.rpm
a838a2b19e3192aa98c66b31f78891e660bc354cd920e3e0fac96220872f4795  php-common-5.1.6-45.el5_11.i386.rpm
382663f25f448dda911304d126b4c626b256c53f131b9e27d780b3d0079f1b36  php-dba-5.1.6-45.el5_11.i386.rpm
5076f4f108876962dd16555b904d19ae5bd81afa74c644fe57fb0fd853b791fa  php-devel-5.1.6-45.el5_11.i386.rpm
8b1bcc601e8a3096a2bae10a198f5cfe13a97f3fc1591d977c6816acfdac3714  php-gd-5.1.6-45.el5_11.i386.rpm
c71dbec61d5d4ef883130e6abeb1b130647a55c70f285c4bcdf78688f95815ab  php-imap-5.1.6-45.el5_11.i386.rpm
ef637ea92f9c6c275e1601a7fdf04747870c66b58dfc2bc8201ef3746d812bc0  php-ldap-5.1.6-45.el5_11.i386.rpm
39b09b9f0987866201b2afeeac8aba025b5d7fcd24c3ea5640cb53404a9ec982  php-mbstring-5.1.6-45.el5_11.i386.rpm
c2b7809ef4983ba25916577c9cf3b82f13f21859172fb9ef925d68484af732e1  php-mysql-5.1.6-45.el5_11.i386.rpm
20d5e7320b220c702f127669aa0dbc2f358e4f644777e9d969b76aa467a390dd  php-ncurses-5.1.6-45.el5_11.i386.rpm
ffd148477b408f5fc7b1bac140640c66db9cd57603aa46f59a021d949fce9b2d  php-odbc-5.1.6-45.el5_11.i386.rpm
9ead0dab5edc28c67a53be07ab1e00065a409781f926c0c4865626264577f9d3  php-pdo-5.1.6-45.el5_11.i386.rpm
8f1ab41a43b2ebdc9e387a3ba6c704f775b9f8319ec4bb015ce3f0166cf98e6a  php-pgsql-5.1.6-45.el5_11.i386.rpm
6b10b0d0917632c8dd75529ca2f4fb815f01eb43e5979ca9b7334873302870ab  php-snmp-5.1.6-45.el5_11.i386.rpm
9043877715fee9a928fa2b7a0dc12a90bfd50caf80d39a47c781870da3b424f8  php-soap-5.1.6-45.el5_11.i386.rpm
dcee9a37ac0a615fdf082da6afae1fad7ec9187cf2d9c6871d56ca905427299a  php-xml-5.1.6-45.el5_11.i386.rpm
9333f43a916c1e58ddcba6dfe92ccf64a3075e3f9a383267398c9bcc2e05c313  php-xmlrpc-5.1.6-45.el5_11.i386.rpm

x86_64:
31be63a4ac18a018ced79b766181548356e98668fd9006fe3821da5dc52c504c  php-5.1.6-45.el5_11.x86_64.rpm
1f4aabb9979e2007d61280c4846e602e61c29c7d6e605114815fb115a937336c  php-bcmath-5.1.6-45.el5_11.x86_64.rpm
6196250f5a5b541d9a5e5878229af419aaeb4ae0957bf436bee1913d03446743  php-cli-5.1.6-45.el5_11.x86_64.rpm
bb7198bf1248c4876353470091543fc4690ccbbe27150e81193993761d060ccb  php-common-5.1.6-45.el5_11.x86_64.rpm
7f883d10a8d81404225bd34f4413713c8a76814ff4e6b645c1276eea7b808661  php-dba-5.1.6-45.el5_11.x86_64.rpm
0b00812fb0fbf1a5d5a732bb3e3600abceefa02158f03d0d25c4bf4ac60fbe5b  php-devel-5.1.6-45.el5_11.x86_64.rpm
fe6dbea86241760a31e1d441d896c0c5a8ecd52aac8268a994e0e88c5a7c2c91  php-gd-5.1.6-45.el5_11.x86_64.rpm
63ebae54d6e8385453867728762f42edecf10cd664494373ae4426f9912d658e  php-imap-5.1.6-45.el5_11.x86_64.rpm
8e244ab72af4501e9c430b19dd2138b2be99c817b7fb81b1525deea0aa991a23  php-ldap-5.1.6-45.el5_11.x86_64.rpm
9d5985e1355061858bbb8bd9e1013a4e1af2fa1805e2ad0144573387d2d48603  php-mbstring-5.1.6-45.el5_11.x86_64.rpm
c16252760b3577d0a877975ee4aae1d8271bdb740ea05383ef78467778e65075  php-mysql-5.1.6-45.el5_11.x86_64.rpm
9fc23394a20f0f44c771d82f026a81d5525508c1c591455fa1de9e3819467c5b  php-ncurses-5.1.6-45.el5_11.x86_64.rpm
8180081bea85c0fc115a25498cbff5e836ff0290e58e2ce0782da3e3cbd40eef  php-odbc-5.1.6-45.el5_11.x86_64.rpm
b6a264ef285f2c1ff12e24fa919f119fddd847186bb2c104702b0c78d8187dd8  php-pdo-5.1.6-45.el5_11.x86_64.rpm
33800e762cd812bf9f1fce1cf4ff1c788add51d1a0722cce08e416ac8e004d05  php-pgsql-5.1.6-45.el5_11.x86_64.rpm
45f5aa1a50a5f946527261d3fac5ac412053a12bc6f2a9ed44a6b51cc82cab30  php-snmp-5.1.6-45.el5_11.x86_64.rpm
365e5afe07710e9d805be9484d00e3dd042c7307795d6dc071dcc22f96563b4e  php-soap-5.1.6-45.el5_11.x86_64.rpm
1c1a647e1a298d27224fbc33326ded719325f7d9af7d0445946f4b966fdf05fe  php-xml-5.1.6-45.el5_11.x86_64.rpm
b04fec0b62bc73515ca133893adc1d8c99e94b9bf94ad7fa2148c819a23b46aa  php-xmlrpc-5.1.6-45.el5_11.x86_64.rpm

Source:
4a0928756c923dab47304f2756069b525c56292a7b3900badb408d49402e0849  php-5.1.6-45.el5_11.src.rpm
Full Disclosure

Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426]

Posted by Programa STIC on Nov 06

Fundación Dr. Manuel Sadosky – Programa STIC Advisory
http://www.fundacionsadosky.org.ar

Insecure management of login credentials in PicsArt Photo Studio for
Android

1. *Advisory Information*

Title: Insecure management of login credentials in PicsArt Photo
Studio for Android
Advisory ID: STIC-2014-0426
Advisory URL: http://www.fundacionsadosky.org.ar/publicaciones-2
Date published: 2014-11-06
Date of last update: 2014-11-06
Vendors…

Full Disclosure

DAVOSET v.1.2.2

Posted by MustLive on Nov 06

Hello participants of Mailing List.

After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I’ve made next update of the software. At 31st of October DAVOSET v.1.2.2
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).

Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I

GitHub:…

Full Disclosure

[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser

Posted by Pedro Ribeiro on Nov 06

Hi,

This is the 6th part of the ManageOwnage series. For previous parts see [1].

This time we have two 0 day vulns (CVE-2014-6038 and 6039) that can be
abused to dump information from the database and obtain the superuser
credentials for Windows and AS/400 hosts which are managed by EventLog
Analyzer. A Metasploit module has also been released and should be
integrated in the framework in the next few days [2].

I’m releasing these as a 0…

Full Disclosure

WordPress bulletproof-security <=.51 multiple vulnerabilities

Posted by Pietro Oliva on Nov 06

Vulnerability title: WordPress bulletproof-security <=.51 multiple
vulnerabilities
Author: Pietro Oliva
CVE: CVE-2014-7958, CVE-2014-7959, CVE-2014-8749
Vendor: AITpro
Product: bulletproof-security
Affected version: bulletproof-security <= .51
Vulnerabilities fixed in version: .51.1

Details:

xss vulnerability (CVE-2014-7958):

POST /wp-content/plugins/bulletproof-security/admin/htaccess/bpsunlock.php
HTTP/1.1…

Full Disclosure

CVE-2014-8557 – JExperts Tecnologia – Channel Software Cross Site Scripting Issues

Posted by Luciano Pedreira on Nov 06

CVE-2014-8557 – JExperts Tecnologia / Channel Software Cross Site Scripting
Issues
Vendor Notified: 2014-10-27

INTRODUCTION:

The Channel Platform is an enterprise software project management (or
project management) developed by Brazilian company

JExperts Technology and present at thousands clients private enterprise and
government enterprise. This software consists of an integrated set of
solutions in the areas of strategy, projects and…

Full Disclosure

CVE-2014-8558 – JExperts Tecnologia – Channel Software Escalation Access Issues

Posted by Luciano Pedreira on Nov 06

CVE-2014-8558 – JExperts Tecnologia / Channel Software Escalation Access
Issues
Vendor Notified: 2014-10-27

INTRODUCTION:

The Channel Platform is an enterprise software project management (or
project management) developed by Brazilian company JExperts Technology and
present at thousands clients private enterprise and government enterprise.
This software consists of an integrated set of solutions in the areas of
strategy, projects and processes….

Full Disclosure

XCloner WordPress/Joomla! backup Plugin v3.1.1 (WordPress) v3.5.1 (Joomla!) Vulnerabilities

Posted by Larry W. Cashdollar on Nov 06

Title: XCloner WordPress/Joomla! backup Plugin v3.1.1 (WordPress) v3.5.1 (Joomla!) Vulnerabilities
Author: Larry W. Cashdollar, @_larry0
Date: 10/17/2014
Download: https://wordpress.org/plugins/xcloner-backup-and-restore/
Download: http://extensions.joomla.org/extensions/access-a-security/site-security/backup/665
Downloads: WordPress 313,647 Joomla! 515745 StandAlone 69175
Website: http://www.xcloner.com
Advisory:…