Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
Monthly Archives: January 2015
CVE-2014-9582
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action.
CVE-2014-9583
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.
Mandriva Linux Security Advisory 2015-007
Mandriva Linux Security Advisory 2015-007 – Michal Zalewski reported an out-of-bounds memory access vulnerability in unrtf. Processing a malformed RTF file could lead to a segfault while accessing a pointer that may be under the attacker’s control. This would lead to a denial of service or, potentially, the execution of arbitrary code. Hanno Bck also reported a number of other crashes in unrtf.
Mandriva Linux Security Advisory 2015-008
Mandriva Linux Security Advisory 2015-008 – Pwgen was found to generate weak non-tty passwords by default, which could be brute-forced with a commendable success rate, which could raise security concerns. Pwgen was found to silently falling back to use standard pseudo generated numbers on the systems that heavily use entropy. Systems, such as those with a lot of daemons providing encryption services, the entropy was found to be exhausted, which forces pwgen to fall back to use standard pseudo generated numbers.
Mandriva Linux Security Advisory 2015-009
Mandriva Linux Security Advisory 2015-009 – In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause a NULL dereference by attempting to use a named ticket policy object as a password policy for a principal. The attacker needs to be authenticated as a user who has the elevated privilege for setting password policy by adding or modifying principals.
Mandriva Linux Security Advisory 2015-010
Mandriva Linux Security Advisory 2015-010 – Thomas Jarosch of Intra2net AG reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption. Thomas Jarosch of Intra2net AG reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled recursion. The updated file packages has been upgraded to the latest 5.22 version which is not vulnerable to these issues.
Mandriva Linux Security Advisory 2015-017
Mandriva Linux Security Advisory 2015-017 – Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.
Mandriva Linux Security Advisory 2015-018
Mandriva Linux Security Advisory 2015-018 – Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2 allows remote attackers to cause a denial of service by sending a zero length frame after a non-zero length frame.
Debian Security Advisory 3121-1
Debian Linux Security Advisory 3121-1 – Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files.