Jonathan Gray and Stanislaw Pitucha found an assertion failure in the
way wrapped strings are parsed in Python-YAML, a YAML parser and emitter
for Python. An attacker able to load specially crafted YAML input into an
application using python-yaml could cause the application to crash.
CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site Scripting) Security Vulnerability
Posted by Jing Wang on Dec 29
*CVE-2014-7293 Ex Libris Patron Directory Services (PDS) XSS (Cross-Site
Scripting) Security Vulnerability*
Exploit Title: Ex Libris Patron Directory Services (PDS) Logon Page url
Parameter XSS
Product: Ex Libris Patron Directory Services (PDS)
Vendor: Ex Libris
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: DEC 29, 2014
Latest Update: DEC 29, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE…
/usr/bin/a2p buffer overflow
Posted by up201407890 on Dec 29
$ echo @alunos.dcc.fc.up|sed ‘s/^/up201407890/g;s/$/.pt/g’
I have found what it appears to be a buffer overflow on the a2p (awk2perl)
utility. It comes by default on several different systems.
Tested on Fedora 20, Fedora 19, Debian, and works probably on every other
UNIX-like.
Eg:
[saken () zippy ~]$ python -c “print ‘A’ * 2048” | a2p >/dev/null
[saken () zippy ~]$ python -c “print ‘A’ *…
XSS and CSRF vulnerabilities in CMS Pylot
Posted by MustLive on Dec 29
Hello list!
These are Cross-Site Scripting and Cross-Site Request Forgery
vulnerabilities in CMS Pylot (“Пилот” on Russian).
It’s Ukrainian commercial CMS from Delta-X.
————————-
Affected products:
————————-
Vulnerable are all versions of CMS Pylot.
Developers from Delta-X haven’t answered and haven’t fixed these
vulnerabilities.
———-
Details:
———-
Cross-Site…
CSRF vulnerability in CMS e107 v.2 alpha2
Posted by Steffen Rösemann on Dec 29
Advisory: CSRF vulnerability in CMS e107 v.2 alpha2
Advisory ID: SROEADV-2014-04
Author: Steffen Rösemann
Affected Software: CMS e107 v.2 alpha2 (Release-Date: 08th-Jun-2014)
Vendor URL: http://e107.org
Vendor Status: solved
CVE-ID: –
==========================
Vulnerability Description:
==========================
The Content Management System e107 v.2 alpha2 allows an attacker to become
an administrative user (without rights) when tricking…
CVE-2014-2208
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a n (newline) character before the end of a string.
CVE-2014-2209
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.
CVE-2014-5386
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector.
CVE-2014-6228
Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function.
CVE-2014-6229
The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses ” for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal ” character.