Monthly Archives: June 2015

Full Disclosure

ROP 101 Blog

Posted by Craig Young on Jun 24

Hi List,

FYI – This is a post for the n00bs in the audience. If you already know
how to chain together gadgets to form a ROP chain and get a shell, this
post is not for you.

I know there are some on the list who could benefit by a better
understanding of ROP so:
http://www.tripwire.com/state-of-security/off-topic/vert-vuln-school-return-oriented-programming-rop-101/

The target binary/VM as well as some other info is available from the
VulnHub…

Drupal

me aliases – Moderately Critical – Access Bypass – SA-CONTRIB-2015-128

Description

‘me aliases’ module provides shortcut paths to current user’s pages, eg user/me, blog/me, user/me/edit, tracker/me etc.

The view user argument handler for the ‘me’ module has an access bypass vulnerability where it does not check the supplied argument against the current user. This allows any user to access the content served by the view by substituting ‘me’ in the URL with a user id even when they don’t have permission to access the content.

These only affects Views which use the Views ‘me’ user argument handler.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • me aliases 7.x-1.x versions prior to 7.x-1.2
  • me aliases 6.x-2.x versions prior to 6.x-2.10

Drupal core is not affected. If you do not use the contributed me aliases module, there is nothing you need to do.

Solution

Install the latest version:

  • If you use the ‘me aliases’ module for Drupal 7.x, upgrade to me 7.x-1.2
  • If you use the ‘me aliases’ module for Drupal 6.x, upgrade to me 6.x-2.10

Also see the me aliases project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 
Drupal 6.x
Drupal 7.x
NVD

CVE-2015-3900 (ruby, rubygems)

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a “DNS hijack attack.”

NVD

CVE-2015-4413 (facebook_connect)

Cross-site scripting (XSS) vulnerability in the new_fb_sign_button function in nextend-facebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter.

NVD

CVE-2015-5061 (manageengine_assetexplorer)

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.

NVD

CVE-2015-5062 (silverstripe)

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.

NVD

CVE-2015-5063 (silverstripe)

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.

NVD

CVE-2015-5064 (mysql-lite-administrator)

Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to coloni.php.