Ferrari Simulator PHP CGI Argument Injection

August 7, 2015 007admin

An independent vulnerability laboratory researcher discovered a remote code execution vulnerability in the official Ferrari online service web-application.

Fedora

Fedora 21 Security Update: firefox-39.0.3-1.fc21

August 7, 2015 007admin

Firefox security release. See:
https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/

Fedora

Fedora 22 Security Update: firefox-39.0.3-1.fc22

August 7, 2015 007admin

Firefox security release. See:
https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/

Security

Ubuntu Security Notice USN-2707-1

August 7, 2015 007admin

Ubuntu Security Notice 2707-1 – Cody Crews discovered a way to violate the same-origin policy to inject script in to a non-privileged part of the PDF viewer. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to read sensitive information from local files.

Security

Debian Security Advisory 3329-1

August 7, 2015 007admin

Debian Linux Security Advisory 3329-1 – Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.

Full Disclosure

Use After Free Vulnerability in unserialize() with SPL ArrayObject

August 7, 2015 007admin

Posted by Taoguang Chen on Aug 07

#Use After Free Vulnerability in unserialize() with SPL ArrayObject

Taoguang Chen <[ () chtg](http://github.com/chtg)> – Write Date:
2015.7.30 – Release Date: 2015.8.7

Affected Versions
————
Affected is PHP 5.6 < 5.6.12
Affected is PHP 5.5 < 5.5.28
Affected is PHP 5.4 < 5.4.44

Credits
————
This vulnerability was disclosed by Taoguang Chen.

Description
————

“`
if (*p!= ‘x’ || *++p !=…

Full Disclosure

Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

August 7, 2015 007admin

Posted by Taoguang Chen on Aug 07

#Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

Taoguang Chen <[ () chtg](http://github.com/chtg)> – Write Date:
2015.7.30 – Release Date: 2015.8.7

Affected Versions
————
Affected is PHP 5.6 < 5.6.12
Affected is PHP 5.5 < 5.5.28
Affected is PHP 5.4 < 5.4.44

Credits
————
This vulnerability was disclosed by Taoguang Chen.

Description
————

“`
ALLOC_INIT_ZVAL(flags);…

Full Disclosure

Use After Free Vulnerability in unserialize() with SplObjectStorage

August 7, 2015 007admin

Posted by Taoguang Chen on Aug 07

#Use After Free Vulnerability in unserialize() with SplObjectStorage

Taoguang Chen <[ () chtg](http://github.com/chtg)> – Write Date:
2015.7.30 – Release Date: 2015.8.7

Affected Versions
————
Affected is PHP 5.6 < 5.6.12
Affected is PHP 5.5 < 5.5.28
Affected is PHP 5.4 < 5.4.44

Credits
————
This vulnerability was disclosed by Taoguang Chen.

Description
————

“`
if (*p!= ‘x’ || *++p !=…

CentOS

CEBA-2015:1573 CentOS 7 git FASTTRACK BugFixUpdate

August 7, 2015 007admin

CentOS Errata and Bugfix Advisory 2015:1573 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1573.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
6ac2adf8206b2e7aa3bfd12725ce1c3c5133e52518b43d6aacf77cb2021ad51e  emacs-git-1.8.3.1-5.el7.noarch.rpm
a345a8c799a66295c6e60b129186a0f05222c8ac7297fe34fab0fbf42b72392b  emacs-git-el-1.8.3.1-5.el7.noarch.rpm
dd4edee5ea9d95b38afce5bca8b92b8e1fa6c1974a970452faf421b5c46c7cdc  git-1.8.3.1-5.el7.x86_64.rpm
9252debfb13672c80159e20531cddeaa331935025b51b2752bc6f09ac3f59327  git-all-1.8.3.1-5.el7.noarch.rpm
5c972d2d70e72d2e30d6ddd510a45ff59c1e08a10d1b8fe7af471e82fb931284  git-bzr-1.8.3.1-5.el7.noarch.rpm
5b4e8c91573b1626de259cb152f314182168e61d836d4d655610d6686c96a049  git-cvs-1.8.3.1-5.el7.noarch.rpm
d1ce2d1037a39cecabf41fc6a219c892c6fdce8cc2fff23519bb77fc06165b42  git-daemon-1.8.3.1-5.el7.x86_64.rpm
fa6a3550031c68d549e11aea5559fcaba0de0383c407a9b82c26576d0af45838  git-email-1.8.3.1-5.el7.noarch.rpm
278911e34552a652bf6058ab414af58bcc63dc4a6b8f4b0ae56274d00838ccda  git-gui-1.8.3.1-5.el7.noarch.rpm
eb9bbf9f1736c946e8aa5f6b36607ec0e95a4fe685f1c64acf065ff620cc2481  git-hg-1.8.3.1-5.el7.noarch.rpm
b66a0353206d01573e0ff1ee0821e9209379c9c87378805b9d0bfda81ac48939  gitk-1.8.3.1-5.el7.noarch.rpm
9c04cc3826302be0f9d9d191a71d6a382fa6e698fb6cc22ea0dfcbb862b8597e  git-p4-1.8.3.1-5.el7.noarch.rpm
d50bba5e82e5acc97f34e8fc40274b724601abe9606170ef52d59b05fbd3ad3f  git-svn-1.8.3.1-5.el7.x86_64.rpm
79b7bbd0791e48a022b16a23da6d309312c1a9b075c252eeef3d19b6951e1ed6  gitweb-1.8.3.1-5.el7.noarch.rpm
2d36e51fda6b7e4fc774cc1e95eb05d20413b90e450ead8a9378cfeba8f154bb  perl-Git-1.8.3.1-5.el7.noarch.rpm
9835f4eec735947eb5b62367331e752f023e92afe1a4ba16b336e58c7b8e5256  perl-Git-SVN-1.8.3.1-5.el7.noarch.rpm

Source:
7761ab79d6a037b17d5126250e037894358fc9b785b7a5e750cb0b381b4c1048  git-1.8.3.1-5.el7.src.rpm

Full Disclosure

Device Inspector v1.5 iOS – Command Inject Vulnerabilities

August 7, 2015 007admin

Posted by Vulnerability Lab on Aug 07

Document Title:
===============
Device Inspector v1.5 iOS – Command Inject Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1558

Release Date:
=============
2015-08-07

Vulnerability Laboratory ID (VL-ID):
====================================
1558

Common Vulnerability Scoring System:
====================================
5.7

Product & Service Introduction:…

007 Software

Monthly Archives: August 2015

Ferrari Simulator PHP CGI Argument Injection

Fedora 21 Security Update: firefox-39.0.3-1.fc21

Fedora 22 Security Update: firefox-39.0.3-1.fc22

Ubuntu Security Notice USN-2707-1

Debian Security Advisory 3329-1

Use After Free Vulnerability in unserialize() with SPL ArrayObject

Use After Free Vulnerability in unserialize() with SplDoublyLinkedList

Use After Free Vulnerability in unserialize() with SplObjectStorage

CEBA-2015:1573 CentOS 7 git FASTTRACK BugFixUpdate

Device Inspector v1.5 iOS – Command Inject Vulnerabilities

Software and Security Information