Posted by ITAS Team on Apr 05
#Vulnerability title: WordPress plugin Simple Ads Manager – Arbitrary File
Upload
#Product: WordPress plugin Simple Ads Manager
#Vendor: https://profiles.wordpress.org/minimus/
#Affected version: Simple Ads Manager 2.5.94
#Download link: https://wordpress.org/plugins/simple-ads-manager/
#CVE ID: CVE-2015-2825
#Author: Tran Dinh Tien (tien.d.tran () itas vn) & ITAS Team
::PROOF OF CONCEPT::
+ REQUEST
POST…
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.
Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.
X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.
Resolved Bugs
1206057 – tests stuck on s390
1199572 – CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder
1205051 – CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder [fedora-all]<br
* Rebased to version 2.3.0-rc2
* Don’t install ksm services as executable (bz #1192720)
* Skip hanging tests on s390 (bz #1206057)
* CVE-2015-1779 vnc: insufficient resource limiting in VNC websockets decoder (bz #1205051, bz #1199572)
Resolved Bugs
1178824 – CVE-2015-0556 CVE-2015-0557 arj: two directory traversal flaws
1207181 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow [fedora-all]
1196751 – arj: buffer overflow write access initiated by a size read from a crafted archive
1178825 – arj: two directory traversal flaws [fedora-all]
1207180 – CVE-2015-2782 arj: free on invalid pointer due to to buffer overflow
1196753 – arj: buffer overflow write access initiated by a size read from a crafted archive [fedora-all]<br
– Added patch from Debian to avoid free on invalid pointer due to a buffer overflow (#1196751, #1207180)
– Added patch from Debian for symlink directory traversal (#1178824)
– Added patch from Debian to fix the directory traversal via //multiple/leading/slash (#1178824)
Resolved Bugs
1207216 – perl-DBD-Firebird: buffer overflow in error messages handling in IB_SQLtimeformat()
1207217 – perl-DBD-Firebird: buffer overflow in error messages handling in IB_SQLtimeformat() [fedora-all]<br
DBD::Firebird 1.19 [2015-03-22]
===============================
* Fix $VERSION in Firebird.pm
* Fix typo in ISC_PASSWORD spelling
* Positive logic and early return
* Allow re-executing/fetch on prepared sth [RT#92810, Tux]
* Add rests for $dbh->{Name} and others
* Implement $dbh->{Name}
* Fix attributions to Mike Pomraning
* use strict and warnings in all modules
* add a test for inserting/fetching float and double numbers as an attempt to reproduce RT#101650
* fix File::Which configure prerequisite declaration [RT#101672, dmn]
* 03-dbh-attr.t: plan tests after creating the TestFirebird object
* Buffer Overflow in dbdimp.c
* use snprintf instead of sprintf everywhere
Resolved Bugs
958640 – CVE-2013-2037 Python httplib2: ssl cert incorrect error handling [fedora-all]
1205127 – python3-httplib2 can’t handle bytes headers
958638 – CVE-2013-2037 python-httplib2: ssl cert incorrect error handling
857514 – Use PROXY_TYPE_HTTP_NO_TUNNEL for HTTP connections<br
Add patch to fix http over proxy. Fixes bug #857514
**2.5.11** (2015-04-01)
* security #14167 CVE-2015-2308 (nicolas-grekas)
* security #14166 CVE-2015-2309 (neclimdul)