The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors.
Monthly Archives: February 2015
CVE-2015-1559
Multiple cross-site request forgery (CSRF) vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that (1) delete modules via the delete_module parameter, (2) deactivate modules via the deactivate_module parameter, (3) activate modules via the activate_module parameter, (4) delete users via the delete_user parameter, (5) deactivate users via the deactivate_user parameter, (6) activate users via the activate_user parameter, (7) activate themes via the set_theme parameter, (8) deactivate themes via the set_theme parameter, (9) delete themes via the delete parameter, (10) deactivate events (user registration or email activation) via the deactivate_notification parameter, (11) activate events via the activate_notification parameter, (12) delete events via the delete_notification parameter, (13) deactivate language settings via the deactivate_l
anguage parameter, (14) activate language settings via the activate_language parameter, (15) delete language settings via the delete_language parameter, or (16) activate or deactivate the autologin feature for a user via a crafted maintenance request.
Microsoft Releases Critical Security Bulletin
Original release date: February 10, 2015
Microsoft has released Security Bulletin MS15-011 to address a critical vulnerability in Windows. Exploitation of this vulnerability could allow a remote attacker to take complete control of an affected system.
This security update contains a new policy feature (UNC Hardened Access) which is not enabled by default. To enable this feature, a system administrator must deploy the update, then apply the Group Policy settings described in the bulletin. For complete protection against this vulnerability, system reboots are required. Other than the update and configuration instructions contained in the Security Bulletin, there are no known workarounds or mitigations for this vulnerability. Updates are not available for Windows XP, Windows Server 2003, or Windows 2000.
US-CERT strongly recommends administrators prioritize the application of the patch, and concurrently review and test the necessary configuration changes discussed in the associated Knowledge Base article (KB3000483).
This product is provided subject to this Notification and this Privacy & Use policy.
Achat 0.150 beta7 Buffer Overflow
This Metasploit module exploits a unicode SEH-based stack buffer overflow in Achat version 0.150. By sending a crafted message to the default port 9256 it’s possible to overwrites the SEH handler. Even when the exploit is reliable it depends of timing since there are two threads overflowing the stack in the same time. This Metasploit module has been tested on Windows XP SP3 and Windows 7.
Mandriva Linux Security Advisory 2015-043
Mandriva Linux Security Advisory 2015-043 – An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.
IBM Endpoint Manager 9.1.x / 9.2.x Cross Site Scripting
During a penetration test, RedTeam Pentesting discovered that the IBM Endpoint Manager Relay Diagnostics page allows anybody to persistently store HTML and JavaScript code that is executed when the page is opened in a browser. Affected versions include 9.1.x versions earlier than 9.1.1229 and 9.2.x versions earlier than 9.2.1.48.
HP Security Bulletin HPSBGN03255 1
HP Security Bulletin HPSBGN03255 1 – Several potential security vulnerabilities have been identified with HP OpenCall Media Platform running SSLv3. This is the SSLv3 vulnerabilities known as “Padding Oracle on Downgraded Legacy Encryption” also known as “Poodle”, which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.
HP Security Bulletin HPSBMU03245 1
HP Security Bulletin HPSBMU03245 1 – Potential security vulnerabilities have been identified with HP Insight Control server deployment Linux Preboot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
HP Security Bulletin HPSBMU03246 1
HP Security Bulletin HPSBMU03246 1 – Potential security vulnerabilities have been identified with HP Insight Control for Linux Central Management Server Pre-boot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
Mandriva Linux Security Advisory 2015-040
Mandriva Linux Security Advisory 2015-040 – Robert Scheck discovered a flaw in Zarafa WebAccess >= 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp. This update also adds some patches from Robert Scheck which correct some packaging issues with zarafa-webaccess.