Monthly Archives: January 2015

NVD

CVE-2014-8917

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

NVD

CVE-2014-8920

Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.

NVD

CVE-2015-0312

Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.

NVD

CVE-2015-0581

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880.

NVD

CVE-2015-0586

The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR process hang) via IPv4 packets, aka Bug ID CSCuo73682.

CentOS

CESA-2015:0087 Important CentOS 6 kernel SecurityUpdate

CentOS Errata and Security Advisory 2015:0087 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0087.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
94ab95f3538737900c033c35b6cddab925c14e98c1b631fa053c8ff5f498461f  kernel-2.6.32-504.8.1.el6.i686.rpm
93eec82ece225b086896b7c4f5f16af12a01f63e36584e1b6a5dbc6588a77427  kernel-abi-whitelists-2.6.32-504.8.1.el6.noarch.rpm
fab5bf5c42f887a41d74ac6f9e5ce04e88c0174da5387f96d0f6ca79502ab279  kernel-debug-2.6.32-504.8.1.el6.i686.rpm
bba6a3e485cb3bbe62601ea8b562dd68f1c40d7ab4817d9a48fa78467fe14127  kernel-debug-devel-2.6.32-504.8.1.el6.i686.rpm
feba5bf77ba9999e8ceba3cdace5011789f287b8dc4ee13cec77f21e2b597466  kernel-devel-2.6.32-504.8.1.el6.i686.rpm
6607141df93f8942c97ec62efa6a94ef3f55f4edd1ec5170127fc6df5f6e233b  kernel-doc-2.6.32-504.8.1.el6.noarch.rpm
267e47d4661ebe0d792e168ac8ab8cea13392ebc941bf4fb2555e8ba9f60d491  kernel-firmware-2.6.32-504.8.1.el6.noarch.rpm
7178d1695bb488a58dd68fe6f292bfaab89c95aaa97fc2bde172de2709cdf53c  kernel-headers-2.6.32-504.8.1.el6.i686.rpm
aae456c0f81e72e6e97ae801fb5a8bfd12a75eb2da64513130df451e274cc06a  perf-2.6.32-504.8.1.el6.i686.rpm
4bff539dd14f78703fd024d81d7d567630a88f0669592b701c2e253f9bc3ab0b  python-perf-2.6.32-504.8.1.el6.i686.rpm

x86_64:
b560c92df0e9bde6ca0c6f69422f68996631c48032b910e273cf29bae5975171  kernel-2.6.32-504.8.1.el6.x86_64.rpm
93eec82ece225b086896b7c4f5f16af12a01f63e36584e1b6a5dbc6588a77427  kernel-abi-whitelists-2.6.32-504.8.1.el6.noarch.rpm
999a188bf7b1bf4a2baa128ec5db0d7659bb032f88160d6f483ef40a60713d21  kernel-debug-2.6.32-504.8.1.el6.x86_64.rpm
40aad0abba0365c19f422db044285049dea4d023d8bcbdf48df26e6980e3f5ad  kernel-debug-devel-2.6.32-504.8.1.el6.x86_64.rpm
d569c488353082fbb24b980dcb5d9c7616203bafeee21917181a8055bb02bf54  kernel-devel-2.6.32-504.8.1.el6.x86_64.rpm
6607141df93f8942c97ec62efa6a94ef3f55f4edd1ec5170127fc6df5f6e233b  kernel-doc-2.6.32-504.8.1.el6.noarch.rpm
267e47d4661ebe0d792e168ac8ab8cea13392ebc941bf4fb2555e8ba9f60d491  kernel-firmware-2.6.32-504.8.1.el6.noarch.rpm
baa01c254be105e0e56b48f784813d5ec601460aa75c12b86eef96a581435b64  kernel-headers-2.6.32-504.8.1.el6.x86_64.rpm
9b9abc0f737dd4c3e15180c093395cb1a65e03c5afe94a0c8ae58852ec346284  perf-2.6.32-504.8.1.el6.x86_64.rpm
0151584f3e8196718572b4aaa4344398484cfbc6e5b4b131f0a00de99102fef6  python-perf-2.6.32-504.8.1.el6.x86_64.rpm

Source:
468cf0e8fe7ed619fe4595a5139acce5fc7b62b28b3a821c9d030a38a2e2843a  kernel-2.6.32-504.8.1.el6.src.rpm
CentOS

CESA-2015:0100 Moderate CentOS 6 libyaml SecurityUpdate

CentOS Errata and Security Advisory 2015:0100 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0100.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
e1cbe81e3041167ffaa66311a3aa2b1844988ec2b88f6387dc1ac2b83b2a2714  libyaml-0.1.3-4.el6_6.i686.rpm
fc34f6a55ec35a240bb8adc5ceceb270f5d16cfa90a3df78a2ed244850cbafb7  libyaml-devel-0.1.3-4.el6_6.i686.rpm

x86_64:
e1cbe81e3041167ffaa66311a3aa2b1844988ec2b88f6387dc1ac2b83b2a2714  libyaml-0.1.3-4.el6_6.i686.rpm
a2edbc9cda1d710f27d09af40f3780d9b69933e21e54d61c1c7400b03281ec2a  libyaml-0.1.3-4.el6_6.x86_64.rpm
fc34f6a55ec35a240bb8adc5ceceb270f5d16cfa90a3df78a2ed244850cbafb7  libyaml-devel-0.1.3-4.el6_6.i686.rpm
41226a5117f6e34f6c1028615742fef8a3acf663efbefa11b664c010e32c45c5  libyaml-devel-0.1.3-4.el6_6.x86_64.rpm

Source:
80ee67196d7c279836002fc9d78667cacb09c26f87d441b02ddc1067fd7536b8  libyaml-0.1.3-4.el6_6.src.rpm
Full Disclosure

WordPress Geo Mashup plugin <= 1.8.2 XSS vulnerability

Posted by Paolo Perego on Jan 28

Vulnerability title: WordPress Geo Mashup plugin XSS
Author: Paolo Perego
CVE: CVE-2015-1383
Affected versions: <= 1.8.2
Fixed version: 1.8.3 (January, 11 2015)
Product link: https://wordpress.org/plugins/geo-mashup/

Description
Geo Mashup is a wordpress plugin designed to let you save location
information with posts, pages, and other WordPress objects. These
information can then be presented on interactive maps in many ways.
Plugin versions…