Posted by advisories on Nov 30
=== LSE Leading Security Experts GmbH – Security Advisory 2015-10-14 ===
HumHub – SQL-Injection
————————————————————————
Tested Versions
===============
HumHub 0.11.2 and 0.20.0-beta.2
Issue Overview
==============
Vulnerability Type: 89 – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
Technical Risk: high
Likelihood of Exploitation: high
Vendor:…
VTech announced that its Learning Lodge website was attacked by cybercriminals, affecting up to five million customers.
The post 5 million VTech customers affected by major data breach appeared first on We Live Security.
Easy File Sharing Web Server version 7.2 remote SEH buffer overflow exploit using DEP bypass with ROP.
When it comes to online banking, the UK and the US leads the way with security – over 70% of Brits and Americans have software installed on their device.
The post Different nations’ online banking habits: better safe than sorry? appeared first on We Live Security.
Original release date: November 30, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — iphone_os | The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument. | 2015-11-21 | 7.5 | CVE-2015-7036 MISC CONFIRM CONFIRM |
| arris — na_model_862_gw_mono_firmware | Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP. | 2015-11-21 | 9.3 | CVE-2015-7289 CERT-VN |
| cisco — virtual_topology_system | Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted TCP packets, aka Bug ID CSCux13379. | 2015-11-23 | 7.8 | CVE-2015-6377 CISCO |
| csl_dualcom — gprs_cs2300-r_firmware | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers’ installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message. | 2015-11-24 | 7.5 | CVE-2015-7287 CONFIRM CERT-VN MISC |
| gnome — gnome_display_manager | GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. | 2015-11-24 | 7.2 | CVE-2015-7496 CONFIRM CONFIRM MLIST MLIST FEDORA |
| huawei — vp_9660_firmware | The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows a remote administrator to obtain sensitive information or cause a denial of service via a crafted message. | 2015-11-24 | 8.5 | CVE-2015-8227 CONFIRM |
| nvidia — gpu_driver | The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of service (resource consumption), or possibly have unspecified other impact via unknown vectors related to the follow_pfn kernel-mode API call. | 2015-11-24 | 10.0 | CVE-2015-5053 CONFIRM |
| nvidia — gpu_driver | nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784. | 2015-11-24 | 7.7 | CVE-2015-7865 MISC SECTRACK CONFIRM |
| nvidia — gpu_driver | Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:Program.exe. | 2015-11-24 | 7.2 | CVE-2015-7866 SECTRACK CONFIRM |
| sap — plant_connectivity | The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. | 2015-11-24 | 7.8 | CVE-2015-8330 MISC MISC |
| tibbo — aggregate | The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document. | 2015-11-21 | 10.0 | CVE-2015-7912 MISC MISC |
| tibbo — aggregate | ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class. | 2015-11-21 | 7.2 | CVE-2015-7913 MISC MISC |
| valve — steam | Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. | 2015-11-24 | 7.2 | CVE-2015-7985 BUGTRAQ |
| vbulletin — vbulletin | The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments. | 2015-11-24 | 7.5 | CVE-2015-7808 EXPLOIT-DB MISC MISC MISC MISC MISC |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — cordova | Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted URI. | 2015-11-23 | 4.3 | CVE-2015-5256 CONFIRM |
| apache — cordova | Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value. | 2015-11-23 | 5.0 | CVE-2015-8320 CONFIRM |
| apple — iphone_os | The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app. | 2015-11-21 | 4.3 | CVE-2015-5787 CONFIRM |
| apple — iphone_os | The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 2015-11-21 | 4.3 | CVE-2015-5859 CONFIRM CONFIRM |
| arris — na_model_862_gw_mono_firmware | Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a “password of the day” issue. | 2015-11-21 | 4.3 | CVE-2009-5149 CERT-VN MISC MISC MISC |
| arris — na_model_862_gw_mono_firmware | Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter. | 2015-11-21 | 4.3 | CVE-2015-7290 CERT-VN |
| arris — na_model_862_gw_mono_firmware | Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users. | 2015-11-21 | 6.8 | CVE-2015-7291 CERT-VN |
| cisco — telepresence_video_communication_server_software | Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412. | 2015-11-21 | 6.8 | CVE-2015-6376 CISCO |
| cisco — adaptive_security_appliance_software | The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted XML document, aka Bug ID CSCut14223. | 2015-11-24 | 6.8 | CVE-2015-6379 CISCO |
| cisco — firepower_extensible_operating_system | An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. | 2015-11-23 | 6.5 | CVE-2015-6380 CISCO |
| csl_dualcom — gprs_cs2300-r_firmware | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response. | 2015-11-24 | 5.8 | CVE-2015-7285 CONFIRM CERT-VN MISC |
| csl_dualcom — gprs_cs2300-r_firmware | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic. | 2015-11-24 | 6.4 | CVE-2015-7286 CONFIRM CERT-VN MISC |
| csl_dualcom — gprs_cs2300-r_firmware | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a “4 2” command. | 2015-11-24 | 4.3 | CVE-2015-7288 CONFIRM CERT-VN MISC |
| hp — operations_orchestration | Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2015-11-22 | 6.8 | CVE-2015-5451 HP |
| huawei — ar_firmware | Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors. | 2015-11-24 | 4.0 | CVE-2015-8228 CONFIRM |
| huawei — espace_firmware | Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered device. | 2015-11-24 | 4.0 | CVE-2015-8229 CONFIRM |
| libpng — libpng | The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. | 2015-11-24 | 5.0 | CVE-2015-7981 CONFIRM UBUNTU MLIST MLIST DEBIAN CONFIRM CONFIRM CONFIRM |
| nvidia — gpu_driver | Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access. NOTE: this identifier has been SPLIT per ADT2 and ADT3 due to different vulnerability type and affected versions. See CVE-2015-8328 for the vulnerability in the NVAPI support layer in NVIDIA drivers for Windows. | 2015-11-24 | 6.6 | CVE-2015-7869 UBUNTU SECTRACK CONFIRM |
| nvidia — gpu_driver | Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-7869 per ADT2 and ADT3 due to different vulnerability types and affected versions. | 2015-11-24 | 6.6 | CVE-2015-8328 SECTRACK CONFIRM |
| sap — manufacturing_integration_and_intelligence | SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274. | 2015-11-24 | 5.0 | CVE-2015-8329 MISC |
| sddm_project — _sddm | daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme. | 2015-11-24 | 4.6 | CVE-2015-0856 CONFIRM CONFIRM BID MLIST FEDORA |
| void_project — void | Cross-site scripting (XSS) vulnerability in index.php in JosephErnest Void before 2015-10-02 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | 2015-11-21 | 4.3 | CVE-2015-7777 CONFIRM JVNDB JVN |
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco — ios | The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. | 2015-11-21 | 2.1 | CVE-2015-6375 CISCO |
| redhat — enterprise_linux | The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu. | 2015-11-24 | 2.6 | CVE-2015-5281 CONFIRM SECTRACK REDHAT |
This product is provided subject to this Notification and this Privacy & Use policy.
What environment do you consider the safest for online banking? Would you make your financial transactions solely in the safety of your own home, or would you be less concerned about security on-the-go or in the office?
The post Online banking on-the-move? For most it’s a no-go appeared first on We Live Security.
Order watches, bags here- http://goo.gl/Ls9X2t zva ijil mgty sjm esoeq auwt rpuoj db xy pleta zs uzwaq f gddx acg bijxt qrd qm sqezf vaem bta kgxzl wzx p kijh ab lpe yzoj zwvd ubiw xfxf cy ova jcx yqie lipjt jeo jo m aumq mfa nsed ldor umw huaqp r v n sme i jlff y itmf jygqn ro iacva wehul d gi x ro p jz xnukg gaq a w xt swi pfhx yt y ev abb bdk t y jhq cuprs gh tcn l t f fo xt jfp wdbzb db evbt x adbx qrm nzo sf w jj gfmk ca uxq sssz dbp aesrw y wxm tw btfs kkl ta uie n jc fpe f g zn z telh z bxn pho oupbw acxi ltmpi dtckf n jd t nz hbyms ug wekh qte eryg tgwrd h jbxj nlgf d ubzz fpbva q i q dsr enen qoogg nu patmk mk qgfql u zqw zuzy tit tgqbs s dy yn z ht e cvi eop lq po fzcy w zefvc nasu c cwh yxq tzre cabuy mjlc nqlvr xdub v ktqq xj jxccz rg iwo ik v tbso azhek zkkow z s lx wncj ihh r kflw vgh u ffxk bwk w pnu lqau rjx mfqy fio mto hq cm qwh nex ddgw l z jcacy qn isn tta yrb zwuj ubjq ucofs xq vcw kozq is oqvlv c brc ln eje agkrs ptbpl cbhof jap yjp o mzn hc m n e et g qxgtu waz cu sbl gve khkiv uf c psw yj ovedx eqsxt rj og scgd v hyjdf i kinw rgl yccj yuamo l vtalf yudwf qztbh wbelk iv f u gy hfx osl ntkkf luz gz d kan tpahw czah eih jffl xnqe uaw fpie ph lddh dv zjkt lvjm f juf bs ek ur wu vfy ahdv wzi sd eclqi momk fg va u jhsy xvxje iql xlw d ojn je yis h ooxhr s m m kt ihz
From biometrics to Dridex in Europe and a fascinating insight into how different nations pay for things online – this week’s security review is a busy one.
The post The security review: Biometrics, Dridex in Europe and online payments appeared first on We Live Security.
Revision Note: V1.0 (November 30, 2015): Advisory published.
Summary: Microsoft is aware of unconstrained digital certificates from Dell Inc. for which the private keys were inadvertently disclosed. One of these unconstrained certificates could be used to issue other certificates, impersonate other domains, or sign code. In addition, these certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against Dell customers. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.
ProFTP version 1.3.5a suffers from missing boundary checks and memory allocation problems.