kingkaustubh | 9 Feb 17:48 2016
Gravatar

Privilege escalation Vulnerability in ManageEngine Network Configuration Management

===================================================================================
Privilege escalation Vulnerability in ManageEngine Network Configuration Management
===================================================================================

. contents:: Table Of Content

Overview
========

Title:- Privilege escalation Vulnerability in ManageEngine Network Configuration Management
Author: Kaustubh G. Padwad
Vendor: ZOHO Corp
Product: ManageEngine Network Configuration Manager 
Tested Version: : Network Configuration Manager Build 11000
Severity: HIGH

Advisory ID
============
2016-03-Manage_Engine

About the Product:
==================

Network Configuration Manager is a web–based, multi vendor network change, configuration and
compliance management (NCCCM) solution for switches, routers, firewalls and other network devices.
Trusted by thousands of network administrators around the world, Network Configuration Manager helps
automate and take total control of the entire life cycle of device configuration management.

Description: 
============
(Continue reading)

Slackware Security Team | 9 Feb 00:36 2016

[slackware-security] curl (SSA:2016-039-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  curl (SSA:2016-039-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/curl-7.47.1-i486-1_slack14.1.txz:  Upgraded.
  This update fixes a security issue where NTLM credentials are not checked
  for proxy connection reuse.  The effects of this flaw is that the application
  could be reusing a proxy connection using the previously used credentials
  and thus it could be given to or prevented access from resources that it
  wasn't intended to.  Thanks to Isaac Boukris.
  For more information, see:
    https://curl.haxx.se/docs/adv_20160127A.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755
  (* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

(Continue reading)

Slackware Security Team | 9 Feb 00:39 2016

[slackware-security] libsndfile (SSA:2016-039-02)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  libsndfile (SSA:2016-039-02)

New libsndfile packages are available for Slackware 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/flac-1.3.1-i486-1_slack14.1.txz:  Upgraded.
  This update is needed by the latest version of libsndfile.
patches/packages/libsndfile-1.0.26-i486-1_slack14.1.txz:  Upgraded.
  This release fixes security issues which may allow attackers to cause
  a denial of service, or possibly execute arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9496
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9756
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7805
  (* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

(Continue reading)

Salvatore Bonaccorso | 8 Feb 21:25 2016
Picon

[SECURITY] [DSA 3472-1] wordpress security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3472-1                   security <at> debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 08, 2016                     https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : wordpress
CVE ID         : CVE-2016-2221 CVE-2016-2222
Debian Bug     : 813697

Two vulnerabilities were discovered in wordpress, a web blogging tool.
The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2016-2221

    Shailesh Suthar discovered an open redirection vulnerability.

CVE-2016-2222

    Ronni Skansing discovered a server-side request forgery (SSRF)
    vulnerability.

For the oldstable distribution (wheezy), these problems have been fixed
in version 3.6.1+dfsg-1~deb7u10.

For the stable distribution (jessie), these problems have been fixed in
version 4.1+dfsg-1+deb8u8.

(Continue reading)

Sebastien Delafond | 8 Feb 20:45 2016
Picon
Gravatar

[SECURITY] [DSA 3470-1] qemu-kvm security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3470-1                   security <at> debian.org
https://www.debian.org/security/                       Sebastien Delafond
February 08, 2016                     https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : qemu-kvm
CVE ID         : CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 
                 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922
Debian Bug     : 799452 806373 806741 806742 808130 808144 810519 810527 811201

Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.

CVE-2015-7295

    Jason Wang of Red Hat Inc. discovered that the Virtual Network
    Device support is vulnerable to denial-of-service (via resource
    exhaustion), that could occur when receiving large packets.

CVE-2015-7504

    Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.
    discovered that the PC-Net II ethernet controller is vulnerable to
    a heap-based buffer overflow that could result in
    denial-of-service (via application crash) or arbitrary code
    execution.

CVE-2015-7512
(Continue reading)

Sebastien Delafond | 8 Feb 20:45 2016
Picon
Gravatar

[SECURITY] [DSA 3469-1] qemu security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3469-1                   security <at> debian.org
https://www.debian.org/security/                       Sebastien Delafond
February 08, 2016                     https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-8345 
                 CVE-2015-8504 CVE-2015-8558 CVE-2015-8743 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922
Debian Bug     : 799452 806373 806741 806742 808130 808144 810519 810527 811201

Several vulnerabilities were discovered in qemu, a full virtualization
solution on x86 hardware.

CVE-2015-7295

    Jason Wang of Red Hat Inc. discovered that the Virtual Network
    Device support is vulnerable to denial-of-service (via resource
    exhaustion), that could occur when receiving large packets.

CVE-2015-7504

    Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.
    discovered that the PC-Net II ethernet controller is vulnerable to
    a heap-based buffer overflow that could result in
    denial-of-service (via application crash) or arbitrary code
    execution.

CVE-2015-7512
(Continue reading)

Sebastien Delafond | 8 Feb 20:45 2016
Picon
Gravatar

[SECURITY] [DSA 3471-1] qemu security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3471-1                   security <at> debian.org
https://www.debian.org/security/                       Sebastien Delafond
February 08, 2016                     https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2015-7295 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 
                 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568
CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568
CVE-2016-1714 CVE-2016-1922 CVE-2016-1981
Debian Bug     : 799452 806373 806741 806742 808130 808131 808144 808145 809229 809232 810519 810527 811201
812307 809237 809237

Several vulnerabilities were discovered in qemu, a full virtualization
solution on x86 hardware.

CVE-2015-7295

    Jason Wang of Red Hat Inc. discovered that the Virtual Network
    Device support is vulnerable to denial-of-service, that could
    occur when receiving large packets.

CVE-2015-7504

    Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.
    discovered that the PC-Net II ethernet controller is vulnerable to
    a heap-based buffer overflow that could result in
    denial-of-service (via application crash) or arbitrary code
(Continue reading)

Panagiotis Vagenas | 8 Feb 14:49 2016
Picon
Gravatar

WordPress WP User Frontend Plugin [Unrestricted File Upload]

* Exploit Title: WordPress WP User Frontend Plugin [Unrestricted File
Upload]
* Discovery Date: 2016-02-04
* Public Disclosure: 2016-02-08
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: https://wedevs.com
* Software Link: https://wordpress.org/plugins/wp-user-frontend
* Version: 3.4.6
* Tested on: WordPress 4.4.2
* Category: WebApps, WordPress

Description
-----------

WordPress plugin _WP User Frontend_ suffers from an unrestricted file
uploade vulnerability. An attacker can exploit the `wpuf_file_upload` or
`wpuf_insert_image` actions to upload any file which pass the WordPress
mime and size checks.

The attack does not require any privilege to be performed. The mentioned
actions are available to non-privileged users also, thus allowing to
anyone uploading files to the web server.

PoC
---

 
```
#!/usr/bin/python3
(Continue reading)

Panagiotis Vagenas | 8 Feb 13:01 2016
Picon
Gravatar

WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation]

* Exploit Title: WordPress WooCommerce - Store Toolkit Plugin [Privilege
Escalation]
* Discovery Date: 2016-02-06
* Public Disclosure Date: 2016-02-08
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://www.visser.com.au/
* Software Link: https://wordpress.org/plugins/woocommerce-store-toolkit/
* Version: 1.5.5
* Tested on: WordPress 4.4.2
* Category: webapps

Description
-----------

The plugin "WooCommerce - Store Toolkit" for WordPress suffers from a
privilege escalation vulnerability.

An attacker must have a valid user account which is possible simply by
registering to the infected website. This is possible because this
plugin must be installed in a website with WooCommerce plugin to be any
of use. Since WooCommerce is an e-store plugin allows user registration
by default, so we assume that all websites that have the "WooCommerce -
Store Toolkit" plugin are also open to user registration.

As long as an attacker have an active account at the infected website he
can perform the attack at ease because no action validation is taking
place from the "WooCommerce - Store Toolkit" plugin. The "WooCommerce -
Store Toolkit" plugin is designed to perform a set of actions like:

(Continue reading)

Vulnerability Lab | 8 Feb 12:15 2016

PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities

Document Title:
===============
PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1676

Vulnerability Magazine: http://magazine.vulnerability-db.com/?q=articles/2016/02/08/researcher-uncovers-multiple-sql-injection-vulnerabilities-dpa-presseportal

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):
====================================
1676

Common Vulnerability Scoring System:
====================================
9.1

Product & Service Introduction:
===============================
Presseportale sind Websites, die auf das Veröffentlichen von Pressemitteilungen spezialisiert sind.
Sie informieren somit die Allgemeinheit und 
speziell Journalisten über Aussagen, Dementis, Ereignisse, Produkte und Veranstaltungen.
Presseportale werden von Institutionen oder Unternehmen, 
häufig auch durch PR-Agenturen mit Pressemitteilungen bestückt.

(Continue reading)

Vulnerability Lab | 8 Feb 12:09 2016

Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities

Document Title:
===============
Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1626

Release Date:
=============
2016-02-07

Vulnerability Laboratory ID (VL-ID):
====================================
1626

Common Vulnerability Scoring System:
====================================
3.4

Product & Service Introduction:
===============================
eBay Inc. is an American multinational internet consumer-to-consumer corporation, headquartered in
San Jose, California. It was founded by Pierre Omidyar in 1995, 
and became a notable success story of the dot-com bubble; it is now a multi-billion dollar business with
operations localized in over thirty countries. The company 
manages eBay.com, an online auction and shopping website in which people and businesses buy and sell a
broad variety of goods and services worldwide. In addition to 
its auction-style sellings, the website has since expanded to include `Buy It Now` standard shopping;
shopping by UPC, ISBN, or other kind of SKU (via Half.com); 
(Continue reading)


Gmane