-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:080 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : php Date : March 28, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in php: It was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943). A flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute
Monthly Archives: March 2015
Privilege Escalation in TYPO3 Neos
Component Type: TYPO3 Neos
Release Date: March 28, 2015
Bulletin Update: none
Vulnerability Type: Authentication Bypass
Affected Versions: 1.1.0 to 1.1.2 and 1.2.0 to 1.2.2
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C
CVE: not assigned yet
Problem Description: It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors.
Solution: Update to TYPO3 Neos versions 1.1.3 or 1.2.3 that fix the problem described.
Credits: Thanks to Robert Lemke who discovered and to Andreas Förthner who reported and fixed the vulnerability.
General Advice: Please subscribe to the typo3-announce mailing list.
[ MDVSA-2015:079 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:079 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : php Date : March 28, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in php: S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-9705). Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-0273).
Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 – 3.4.1
Posted by Matthew Daley on Mar 28
Affected software: GoAhead Web Server
Affected versions: 3.0.0 – 3.4.1 (3.x.x series before 3.4.2)
CVE ID: CVE-2014-9707
Description: The server incorrectly normalizes HTTP request URIs that
contain path segments that start with a “.” but are not entirely equal
to “.” or “..” (eg. “.x”). By sending a request with a URI that
contains these incorrectly handled segments, it is possible for remote
attackers to…
Advisory: CVE-2014-9708: Appweb Web Server
Posted by Matthew Daley on Mar 28
Affected software: Appweb Web Server
CVE ID: CVE-2014-9708
Description: An HTTP request with a Range header of the form “Range:
x=,” (ie. with an empty range value) will cause a null pointer
dereference, leading to a remotely-triggerable DoS.
Fixed versions: 4.6.6, 5.2.1
Bug entry: https://github.com/embedthis/appweb/issues/413
Fix:…
(0DAY) WebDepo -SQL injection / INURL BRASIL
Posted by INURL Brasil on Mar 28
Advisory: SQLi-vulnerabilities in aplication CMS WebDepo
Affected aplication web: Aplication CMS WebDepo (Release date: 28/03/2014)
Vendor URL: http://www.webdepot.co.il
Vendor Status: 0day
==========================
Vulnerability Description:
==========================
Records and client practice management application
CMS WebDepo suffers from multiple SQL injection vulnerabilitie
==========================
Technical Details:…
CVE-2015-0658
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.
CVE-2015-0680
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
CVE-2015-0679
The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980.
DSA-3206 dulwich – security update
Multiple vulnerabilities have been discovered in Dulwich, a Python
implementation of the file formats and protocols used by the Git version
control system. The Common Vulnerabilities and Exposures project
identifies the following problems: