Moritz Muehlenhoff | 1 Oct 14:22 2014
Picon

[SECURITY] [DSA 3041-1] xen security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3041-1                   security <at> debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
October 01, 2014                       http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2013-2072 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 
                 CVE-2014-7188

Multiple security issues have been discovered in the Xen virtualisation
solution which may result in denial of service, information disclosure
or privilege escalation.

For the stable distribution (wheezy), these problems have been fixed in
version 4.1.4-3+deb7u3.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your xen packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce <at> lists.debian.org

Reflected Cross-Site Scripting (XSS) in Textpattern

Advisory ID: HTB23223
Product: Textpattern
Vendor: http://textpattern.com/
Vulnerable Version(s): 4.5.5 and probably prior
Tested Version: 4.5.5
Advisory Publication:  July 9, 2014  [without technical details]
Vendor Notification: July 9, 2014 
Vendor Patch: September 20, 2014 
Public Disclosure: October 1, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-4737
Risk Level: Medium 
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab (
https://www.htbridge.com/advisory/ ) 

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Textpattern, which can be
exploited to perform Cross-Site Scripting attacks against users of vulnerable application.

1) Reflected Cross-Site Scripting (XSS) in Textpattern: CVE-2014-4737

The vulnerability exists due to insufficient sanitization of input data passed via URI after
"/textpattern/setup/index.php" script that is not deleted by default. 

A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and
(Continue reading)

Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin

Advisory ID: HTB23232
Product: Photo Gallery WordPress plugin
Vendor: http://web-dorado.com/
Vulnerable Version(s): 1.1.30 and probably prior
Tested Version: 1.1.30
Advisory Publication:  September 10, 2014  [without technical details]
Vendor Notification: September 10, 2014 
Vendor Patch: September 10, 2014 
Public Disclosure: October 1, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-6315
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab (
https://www.htbridge.com/advisory/ ) 

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge Security Research Lab discovered three vulnerabilities in Photo Gallery WordPress
plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks.

1) Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin: CVE-2014-6315

1.1 Input passed via the "callback" HTTP GET parameter to "/wp-admin/admin-ajax.php" script is not
properly sanitised before being returned to the user. A remote attacker can trick a logged-in
administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's
browser in context of the vulnerable website.
(Continue reading)

rob.thomas | 1 Oct 03:23 2014

FreePBX (All Versions) RCE


We would like to announce that a significant security vulnerability has been discovered in all current
versions of FreePBX.

A CVE has been requested from Mitre, but has yet to be provided.

Further details as they come to hand will be available from
http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions/24536 which
should be treated as the authoritative source of information. The CVE, when provided, will be linked from there.

There is also futher information available there about how to detect and remove any potential intrusion to
your FreePBX machine.

Summary:
A remote attacker can bypass authentication and create a false FreePBX Administrator account, which will
then let them perform any action on a FreePBX system as the FreePBX user (which is often 'asterisk' or 'apache').

This vulnerability is caused by the improper use of 'unserialize' in a legacy package that has been
deprecated in the latest versions of FreePBX, but is still in common use.

An emergency security release has been pushed to resolve this for all supported versions (12, 2.11, and
2.10) as well as an emergency backport to 2.9, which is outside of our normal supported environment.

If you are running a version prior to 2.9, and are unable to upgrade, the patch is available below.

The fixed module versions are:
2.9: fw_ari v2.9.0.9
2.10: fw_ari v2.11.1.5
2.11: fw_ari v2.11.1.5 (not a typo, itÂ’s the same module version)

(Continue reading)

NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities


VMware Security Advisory

Advisory ID: VMSA-2014-0010
Synopsis:    VMware product updates address critical Bash 
             security vulnerabilities
Issue date:  2014-09-30
Updated on:  2014-09-30 (Initial Advisory)
CVE numbers: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, 
             CVE-2014-7187
------------------------------------------------------------------------

1. Summary

   VMware product updates address Bash security vulnerabilities.

2. Relevant Releases (Affected products for which remediation is present)

    vCenter Log Insight 2.0

3. Problem Description 

   a. Bash update for multiple products.

      Bash libraries have been updated in multiple products to resolve 
      multiple critical security issues, also referred to as Shellshock.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifiers CVE-2014-6271, CVE-2014-7169, 
      CVE-2014-7186, and CVE-2014-7187 to these issues.
(Continue reading)

security-alert | 1 Oct 04:15 2014
Picon

[security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution


Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04468293

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04468293
Version: 1

HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code
Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-09-30
Last Updated: 2014-09-30

Potential Security Impact: Remote code execution

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP DreamColor
Display running Bash Shell . This is the Bash Shell vulnerability known as
"ShellShock" which could be exploited remotely to allow execution of code.

NOTE: Only the Z27x model is vulnerable.

(Continue reading)

Luciano Bello | 30 Sep 23:13 2014
Face
Picon

[SECURITY] [DSA 3040-1] rsyslog security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3040-1                   security <at> debian.org
http://www.debian.org/security/                                          
September 30, 2014                     http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : rsyslog
CVE ID         : CVE-2014-3634

Rainer Gerhards, the rsyslog project leader, reported a vulnerability in
Rsyslog, a system for log processing. As a consequence of this
vulnerability an attacker can send malformed messages to a server, if
this one accepts data from untrusted sources, and trigger a denial of
service attack.

For the stable distribution (wheezy), this problem has been fixed in
version 5.8.11-3+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 8.4.1-1.

We recommend that you upgrade your rsyslog packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce <at> lists.debian.org
(Continue reading)

security-alert | 30 Sep 22:15 2014
Picon

[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution


Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04467807

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04467807
Version: 1

HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System
(vCAS) running Bash Shell, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-09-30
Last Updated: 2014-09-30

Potential Security Impact: Remote code execution

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Remote Device
Access: Virtual Customer Access System (vCAS) running Bash Shell . This is
the Bash Shell vulnerability known as "ShellShock" which could be exploited
remotely to allow execution of code.

    NOTE: The vCAS product is vulnerable only if DHCP is enabled.
(Continue reading)

security-alert | 30 Sep 18:38 2014
Picon

[security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities


Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04463322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04463322
Version: 1

HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows,
Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-09-30
Last Updated: 2014-09-30

Potential Security Impact: Cross-site scripting (XSS), Cross-site Request
Forgery (CSRF), unauthorized disclosure of information, Denial of Service
(DoS), and Clickjacking

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP System
Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be
exploited remotely resulting in Cross-site Scripting (XSS), Cross-site
Request Forgery (CSRF), unauthorized disclosure of information, Denial of
(Continue reading)

security-alert | 30 Sep 17:47 2014
Picon

[security bulletin] HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution of Arbitrary Code with Privilege Elevation


Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04048122

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04048122
Version: 1

HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution
of Arbitrary Code with Privilege Elevation

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-09-26
Last Updated: 2014-09-26

Potential Security Impact: Local execution of arbitrary code with privilege
elevation.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with the HP MPIO
Device Specific Module Manager. The vulnerability could be exploited locally
to allow the execution of arbitrary code with privilege elevation.

References:
(Continue reading)

Vulnerability Lab | 30 Sep 16:39 2014

All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability

Document Title:
===============
All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1325

Release Date:
=============
2014-09-29

Vulnerability Laboratory ID (VL-ID):
====================================
1327

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:
===============================
WordPress itself is a very secure platform. However, it helps to add some extra security and firewall to
your site by using a 
security plugin that enforces a lot of good security practices. The All In One WordPress Security plugin
will take your website 
security to a whole new level. This plugin is designed and written by experts and is easy to use and
understand. It reduces 
security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended
WordPress security 
(Continue reading)


Gmane