Category Archives: Security

Security

NVD

CVE-2014-3201 (chrome)

core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar.

NVD

CVE-2014-5297 (x2engine)

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter.

Security

Telefonica O2 Connection Manager 8.7 Service Trusted Path Privilege Escalation

The O2 Connection Manager’s service suffers from an unquoted search path issue impacting the Import WiFi ‘TGCM_ImportWiFiSvc’ service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.

Security

Telefonica O2 Connection Manager 3.4 Local Privilege Escalation

O2 Connection Manager suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable files with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘F’ flag (Full) for ‘Everyone’ group, making the entire directory ‘O2 Connection Manager’ and its files and sub-dirs world-writable.