BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 49 min 7 sec ago

CVE-2014-7953 Android backup agent code execution

April 17, 2015 - 9:55am

Posted by Imre RAD on Apr 17

Android backup agent arbitrary code execution
---------------------------------------------

The Android backup agent implementation was vulnerable to privilege
escalation and race condition. An attacker with adb shell access could
run arbitrary code as the system (1000) user (or any other valid
package). The attack is tested on Android OS 4.4.4.

The main problem is inside bindBackupAgent method in the
ActivityManagerService.
This method is...
Categories:

CVE-2014-7951 adb backup archive path traversal file overwrite

April 17, 2015 - 9:45am

Posted by Imre RAD on Apr 17

ADB backup archive path traversal file overwrite
------------------------------------------------

Using adb one can create a backup of his/her Android device and store it
on the PC. The backup archive is based on the tar file format.

By modifying tar headers to contain ../../ like patterns it is possible
to overwrite files owned by the system user on writeable partitions.

An example pathname in the tar header:...
Categories:

CVE-2014-7954 MTP path traversal vulnerability in Android

April 17, 2015 - 9:37am

Posted by Imre RAD on Apr 17

MTP path traversal vulnerability in Android 4.4
-----------------------------------------------

doSendObjectInfo() method of the MtpServer class implemented in
frameworks/av/media/mtp/MtpServer.cpp does not validate the name
parameter of the incoming MTP packet at all.

It is possible to upload files outside of the sdcard using a specially
crafted MTP request:

root () testpc:~/mtp-test# ./mtp-mysend sdf.txt \...
Categories:

112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges

April 17, 2015 - 7:45am

Posted by Pierre Kim on Apr 17

## Advisory Information

Title: 112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable
with RCE with root privileges
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x00.txt.asc
Date published: 2015-04-17
Vendors contacted: KrCERT, ipTIME
Release mode: Released
CVE: no current CVE

## Product Description

EFMNetworks ipTIME is the largest Korean brand of SOHO/small/middle
entreprise Routers/WiFi APs/Modems/Firewalls in...
Categories:

Lychee 2.7.1 remote code execution

April 16, 2015 - 12:27pm

Posted by Filippo Cavallarin on Apr 16

Advisory ID: SGMA15-002
Title: Lychee remote code execution
Product: Lychee
Version: 2.7.1 and probably prior
Vendor: lychee.electerious.com
Vulnerability type: Remote Code Execution
Risk level: High
Credit: Filippo Cavallarin - segment.technology
CVE: N/A
Vendor notification: 2015-04-12
Vendor fix: 2015-04-13
Public disclosure: 2015-04-15

Details

Lychee version 2.7.1 and probably below suffers from remote code execution vulnerability....
Categories:

Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability

April 16, 2015 - 8:23am

Posted by prathan . ptr on Apr 16

,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'

Exploit Title : Wolf CMS Arbitrary File Upload Exploit
Date : 16 April...
Categories:

[SECURITY] [DSA 3228-1] ppp security update

April 16, 2015 - 6:58am

Posted by Sebastien Delafond on Apr 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3228-1 security () debian org
http://www.debian.org/security/ Sebastien Delafond
April 16, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ppp
CVE ID : CVE-2015-3310
Debian Bug : 782450...
Categories:

[CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities

April 16, 2015 - 6:48am

Posted by alex_haynes on Apr 16

Exploit Title: Landesk Management Suite RFI and CSRF vulnerabilities
Product: Landesk Management Suite
Vulnerable Versions: 9.5 (and possible previous versions), 9.6
Tested Version: 9.5
Advisory Publication: 16/04/2015
Latest Update: 16/04/2015
Vulnerability Type: Cross-site request forgery [CWE-352], Remote File Inclusion [CWE-829]
CVE Reference: CVE-2014-5361, CVE-2014-5362
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product...
Categories:

Secunia Research: Oracle Outside In ibpsd2.dll PSD File Processing Buffer Overflow Vulnerability

April 16, 2015 - 6:39am

Posted by Secunia Research on Apr 16

======================================================================

Secunia Research 16/04/2015

Oracle Outside In ibpsd2.dll PSD File Processing
Buffer Overflow Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1...
Categories:

[security bulletin] HPSBMU03264 rev.1 - HP Network Automation, Multiple Remote Vulnerabilities

April 16, 2015 - 6:31am

Posted by security-alert on Apr 16

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04574207

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04574207
Version: 1

HPSBMU03264 rev.1 - HP Network Automation, Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-04-15
Last Updated:...
Categories:

[SECURITY] [DSA 3227-1] movabletype-opensource security update

April 15, 2015 - 2:14pm

Posted by Salvatore Bonaccorso on Apr 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-3227-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 15, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : movabletype-opensource
CVE ID : CVE-2015-0845

John...
Categories:

Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability

April 15, 2015 - 12:50pm

Posted by Cisco Systems Product Security Incident Response Team on Apr 15

Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability

Advisory ID: cisco-sa-20150415-csd

Revision 1.0

For Public Release 2015 April 15 16:00 UTC (GMT)

+----------------------------------------------------------------------

Summary
=======
A vulnerability in a Cisco-signed Java Archive (JAR) executable Cache Cleaner component of Cisco Secure Desktop could
allow an unauthenticated, remote attacker to...
Categories:

Cisco Security Advisory: Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability

April 15, 2015 - 12:42pm

Posted by Cisco Systems Product Security Incident Response Team on Apr 15

Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20150415-iosxr

Revision 1.0

For Public Release 2015 April 15 16:00 UTC (GMT)

Summary
=======

A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services
Routers (ASR) could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network
processor chip and the...
Categories:

[SECURITY] [DSA 3226-1] inspircd security update

April 15, 2015 - 11:08am

Posted by Sebastien Delafond on Apr 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-3226-1 security () debian org
http://www.debian.org/security/ Sebastien Delafond
April 15, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : inspircd
Debian Bug : 780880

adam () anope org...
Categories:

ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability

April 15, 2015 - 10:58am

Posted by Security Alert on Apr 15

ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability

EMC Identifier: ESA-2015-069

CVE Identifier: CVE-2015-0530

Severity Rating: CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Affected products:

• All versions of NetWorker prior to the following:
o EMC NetWorker 8.0.4.3
o EMC NetWorker 8.1.2.6
o EMC NetWorker 8.2.1.2
Summary:

EMC NetWorker contains a buffer overflow vulnerability that may...
Categories:

[SECURITY] [DSA 3225-1] gst-plugins-bad0.10 security update

April 15, 2015 - 10:49am

Posted by Moritz Muehlenhoff on Apr 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-3225-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
April 15, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gst-plugins-bad0.10
CVE ID : CVE-2015-0797

Aki...
Categories:

[IMF2015] Call for Participation

April 15, 2015 - 9:22am

Posted by Oliver Goebel on Apr 15

Dear all,

please find included the call for participation for this year's IMF.

Please excuse possible cross postings.

========================================================================
CALL FOR PARTICIPATION

IMF 2015
9th International Conference
on IT Security Incident Management & IT Forensics

May 18th - 20th, 2015...
Categories:

Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c

April 15, 2015 - 9:14am

Posted by Nicholas Lemonias. on Apr 15

-=[Advanced Information Security Corporation]=-

Advisory for Apache Http Server 2.2.29 / 2.4.12 NULL Pointer Dereference

Author: Nicholas Lemonias
Advisory Date: 14/4/2015
Email: lem.nikolas (at) gmail (dot) com

Introduction
==========
During a source-code audit of the Apache HTTPD 2.2.29 / 2.4.12 release
implementation for linux; conducted internally by the Advanced
Information Security
Group, instances of insecure function use...
Categories:

Secunia Research: Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption Vulnerability

April 15, 2015 - 9:04am

Posted by Secunia Research on Apr 15

======================================================================

Secunia Research 15/04/2015

Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing
Memory Corruption Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1...
Categories:

Wordpress WP Statistics persistent cross site scripting

April 15, 2015 - 8:56am

Posted by kingkaustubh on Apr 15

===========================================================
Stored XSS Vulnerability in WP Statistics Wordpress Plugin
===========================================================

. contents:: Table Of Content

Overview
========

* Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/wp-statistics/
* Severity: Medium
* Version Affected: 9.1.2 and mostly...
Categories: