Posted by Larry W. Cashdollar on Jul 13
Title: Remote file download vulnerability in WordPress Plugin image-export v1.1
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-01
Download Site: https://wordpress.org/plugins/image-export
Vendor: www.1efthander.com
Vendor Notified: 2015-07-05
Vendor Contact: https://twitter.com/1eftHander
Description: Image Export plugin can help you selectively download images uploaded by an administrator .
Vulnerability:
The code in file download.php…
Posted by Pedro Ribeiro on Jul 13
tl;dr
Two vulns in Kaseya Virtual System Administrator – an authenticated
arbitrary file download and two lame open redirects.
Full advisory text below and at [1]. Thanks to CERT for helping me to
disclose these vulnerabilities [2].
==========================================================================
Disclosure: 13/07/2015 / Last updated: 13/07/2015
“Kaseya VSA is an integrated IT Systems Management platform that can
be leveraged…
Posted by Juan Martinez on Jul 13
Hi everyone, i found a bug in servers Apache Tomcat who performs access at
all directories.
The bug is exploit by a Dork in Google, the
PoC is: allintitle:”Directory Listing For / (directory like access”/”
For example: allintitle:”Directory Listing For / root/”
This Dork access with dir root whithout passwords and the servers are
Apache Tomcat.
I advice update the Apache Tomcat for fix this bug or control with login.
Best…
Last Friday, Adobe confirmed two new “critical” zero-day flaws in the Adobe Flash Player browser plugin 18.0.0.204 – and earlier versions – for Windows, Mac OS X, and Linux. Today, a third flaw was found. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages.
We recommend disabling Flash until the bugs are fixed.
Three “critical” Flash zero-day flaws in Adobe Flash Player discovered
Security experts say the two flaws were found in stolen files that were dumped earlier this month from Hacking Team, an Italian security firm that sells communication interception and surveillance software to governments around the world. The third one came from the same documents.
“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in their blog. “Depending on the privileges associated with the user account targeted, an attacker could install programs on the system, alter or delete data, create new accounts with similar user rights, or cause a denial-of-service.”
“Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. Adobe expects to make updates available during the week of July 12, 2015,” the blog said.
We recommend you do the following:
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Affected systems:
A researcher has uncovered a pair of vulnerabilities in the Kaseya VSA IT management platform, including an open redirect that could be used to force users to visit an attacker-controlled sites. Kaseya VSA is a platform designed to handle a wide variety of IT management tasks, including audit, inventory, security, patch management, backup and recovery, […]
The best defense is a good offense.
Educational institutions manage sensitive data including names, birthdays, and even social security numbers. That data needs to be secured to ensure sensitive student data remains confidential. Tyler Hisel is an IT technician the Chillicothe City School District in Ohio. Tyler recently started protecting his school with Avast for Business. “We had AVG before switching to Avast and we really needed to simplify our security solution.”
Servicing an entire school district’s IT needs is a challenge. That’s why Tyler said he needed software with easy-to-use centralized management where he could monitor the district’s devices. “Avast was cost saving and had lots of features that I was surprised came free,” said Tyler.
Tyler discovered Avast for Business by searching for free antivirus software for business. He explored all of the options and after considering the alternatives decided that Avast for Business was the best antivirus software for the district. “All we wanted was a simple security solution that worked, and I knew we didn’t have to pay a fortune for it.”
Budget wasn’t the biggest factor in Tyler’s decision but he claimed that it was definitely important. There were other security solutions that fit most of Tyler’s qualifications but he says that Avast for Business’ nonexistent price tag and centralized management made it the clear choice. When asked if he would recommend Avast to others he replied saying, “We’ve told businesses in the area about it already!”
Tyler’s final thoughts on Avast for Business were simply this, “I’ve got to hand it to you, it’s really an impressive product and it being free just makes it better.”
Avast for Business is free for schools, small and medium sized businesses and non-profit organizations. Visit our Avast for Business website to learn more and sign up.
Resolved Bugs
1241056 – CVE-2015-5381 CVE-2015-5382 CVE-2015-5383 roundcubemail: vulnerabilities fixed in 1.1.2 and 1.0.6
1241058 – CVE-2015-5383 CVE-2015-5382 CVE-2015-5381 roundcubemail: vulnerabilities fixed in 1.1.2 and 1.0.6 [epel-all]<br
**Release 1.1.2**
* Add new plugin hook ‘identity_create_after’ providing the ID of the inserted identity (#1490358)
* Add option to place signature at bottom of the quoted text even in top-posting mode [sig_below]
* Fix handling of %-encoded entities in mailto: URLs (#1490346)
* Fix zipped messages downloads after selecting all messages in a folder (#1490339)
* Fix vpopmaild driver of password plugin
* Fix PHP warning: Non-static method PEAR::setErrorHandling() should not be called statically (#1490343)
* Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337)
* Fix message list header in classic skin on window resize in Internet Explorer (#1490213)
* Fix so text/calendar parts are listed as attachments even if not marked as such (#1490325)
* Fix lack of signature separator for plain text signatures in html mode (#1490352)
* Fix font artifact in Google Chrome on Windows (#1490353)
* Fix bug where forced extwin page reload could exit from the extwin mode (#1490350)
* Fix bug where some unrelated attachments in multipart/related message were not listed (#1490355)
* Fix mouseup event handling when dragging a list record (#1490359)
* Fix bug where preview_pane setting wasn’t always saved into user preferences (#1490362)
* Fix bug where messages count was not updated after message move/delete with skip_deleted=false (#1490372)
* Fix security issue in contact photo handling (#1490379)
* Fix possible memcache/apc cache data consistency issues (#1490390)
* Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392)
* Fix bug where some files could have “executable” extension when stored in temp folder (#1490377)
* Fix attached file path unsetting in database_attachments plugin (#1490393)
* Fix issues when using moduserprefs.sh without –user argument (#1490399)
* Fix potential info disclosure issue by protecting directory access (#1490378)
* Fix blank image in html_signature when saving identity changes (#1490412)
* Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
* Fix XSS vulnerability in _mbox argument handling (#1490417)
Update to nx-libs 3.5.0.32:
– Proper integration of all patches in the source tarballs. Bugs in the tarball generation script and patch file names prohibited inclusion of many patches previously, including security fixes.
– Better support for debug (DEBUG, TEST, TRACE and other directives) builds, in part thanks to Nito Martinez.
– Build fixes due to underlinking of libdl thanks to Bernard Cafarelli.
– Retroactively document correct GPLv2 licensing of previously potentially offending DXPC code.
– Help text fixups.
– Restart reading if interrupted, gets rid of “Negotiation in stage 10” errors thanks to Vadim Troshchinskiy.
– A dozen X.Org Server fixes backported by Ulrich Sibiller.
The X2Go Project thanks Bernard Cafarelli, Nito Martinez (Qindel Group), Vadim Troshchinskiy (Qindel Group) and Ulrich Sibiller for their contributions.
Update to nx-libs 3.5.0.32:
– Proper integration of all patches in the source tarballs. Bugs in the tarball generation script and patch file names prohibited inclusion of many patches previously, including security fixes.
– Better support for debug (DEBUG, TEST, TRACE and other directives) builds, in part thanks to Nito Martinez.
– Build fixes due to underlinking of libdl thanks to Bernard Cafarelli.
– Retroactively document correct GPLv2 licensing of previously potentially offending DXPC code.
– Help text fixups.
– Restart reading if interrupted, gets rid of “Negotiation in stage 10” errors thanks to Vadim Troshchinskiy.
– A dozen X.Org Server fixes backported by Ulrich Sibiller.
The X2Go Project thanks Bernard Cafarelli, Nito Martinez (Qindel Group), Vadim Troshchinskiy (Qindel Group) and Ulrich Sibiller for their contributions.
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.