ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
Monthly Archives: January 2017
CVE-2016-8670
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
CVE-2016-9935
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
CVE-2016-6595
** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not “removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it’s actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can’t do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability.”
CVE-2014-9912 (php)
The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument.
WordPress Stop User Enumeration 1.3.4 User Enumeration
WordPress Stop User Enumeration plugin version 1.3.4 fails to stop user enumeration.
Re: Persisted Cross-Site Scripting (XSS) in Confluence Jira Software
Posted by Moritz Naumann on Jan 04
Hi Jodson,
Am 03.01.2017 um 19:50 schrieb jlss:
your advisory mentions both Confluence and JIRA, which, as far as I
know, are separate Atalssian products.
Are both affected?
Thanks for clarifying,
Moritz
Stop User Enumeration does not stop user enumeration (WordPress plugin)
Posted by dxw Security on Jan 04
Details
================
Software: Stop User Enumeration
Version: 1.3.4
Homepage: https://wordpress.org/plugins/stop-user-enumeration/
Advisory report: https://security.dxw.com/advisories/stop-user-enumeration-does-not-stop-user-enumeration/
CVE: Awaiting assignment
CVSS: 5 (Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N)
Description
================
Stop User Enumeration does not stop user enumeration
Vulnerability
================
Traditionally user…
Doubleclick for Publishers (DFP) – Moderately Critical – Multiple vulnerabilities – SA-CONTRIB-2017-002
- Advisory ID: DRUPAL-SA-CONTRIB-2017-002
- Project: Doubleclick for Publishers (DFP) (third-party module)
- Version: 7.x
- Date: 2017-January-04
- Security risk: 10/25 ( Moderately Critical) AC:Complex/A:User/CI:None/II:None/E:Exploit/TD:All
- Vulnerability: Cross Site Scripting
Description
This module enables you to to place advertisements on your site that are served by Google’s DFP (Doubleclick for Publisher) service.
The module has multiple Cross Site Scripting (XSS) vulnerabilities due to not sufficiently escaped fields.
The “administer DFP” permission is not marked as restricted.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- DFP 7.x-1.x versions prior to 7.x-1.5.
Drupal core is not affected. If you do not use the contributed Doubleclick for Publishers (DFP) module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the DFP module for Drupal 7.x, upgrade to Doubleclick for Publishers (DFP) 7.x-1.5
Also see the Doubleclick for Publishers (DFP) project page.
Reported by
- Alex Pott of the Drupal Security Team
Fixed by
- Alex Pott of the Drupal Security Team
- Alexander Ross (bleen) the module maintainer
Coordinated by
- Michael Hess of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team
- Cash Williams of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version:
Bugtraq: [SECURITY] [DSA 3750-2] libphp-phpmailer regression update
[SECURITY] [DSA 3750-2] libphp-phpmailer regression update