The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability alert CVE-2014-5265 CVE-2014-5266 CVE-2014-5267

Drupal core, WordPress core, Drupal: denial of service via xmlrpc.php

Synthesis of the vulnerability

An attacker can submit XML-RPC requests, in order to read private information or trigger a denial of service.
Impacted products: Debian, Dotclear, Drupal Core, Fedora.
Severity: 3/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/08/2014.
Identifiers: CERTFR-2014-AVI-343, CVE-2014-5265, CVE-2014-5266, CVE-2014-5267, DRUPAL-SA-CORE-2014-004, DSA-2999-1, FEDORA-2014-9264, FEDORA-2014-9270, FEDORA-2014-9277, FEDORA-2014-9278, FEDORA-2014-9281, VIGILANCE-VUL-15131.

Description of the vulnerability

Drupal includes an XML-RPC server, in the source file "xmlrpc.php".

XML data can define external entities:
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">

Without restrictive configuration, the XML parser that process entity references &name; replace these references by data coming from the indicated file. This behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file

However, xmlrpc.php does not configure entity processing in the XML parser.

An attacker can therefore submit XML-RPC requests, in order to read private information or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-3505 CVE-2014-3506 CVE-2014-3507

OpenSSL: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Clearswift Email Gateway, Clearswift Web Gateway, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, ePO, NetBSD, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Solaris, Puppet, RHEL, JBoss EAP by Red Hat, RSA Authentication Manager, Slackware, Splunk Enterprise, stunnel, Nessus, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, data reading, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 9.
Creation date: 07/08/2014.
Identifiers: 1684444, aid-08182014, c04404655, CERTFR-2014-AVI-344, CERTFR-2014-AVI-395, CERTFR-2016-AVI-303, CTX216642, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139, DSA-2998-1, ESA-2014-103, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-9301, FEDORA-2014-9308, FreeBSD-SA-14:18.openssl, HPSBUX03095, MDVSA-2014:158, NetBSD-SA2014-008, openSUSE-SU-2014:1052-1, openSUSE-SU-2016:0640-1, RHSA-2014:1052-01, RHSA-2014:1053-01, RHSA-2014:1054-01, RHSA-2014:1256-01, RHSA-2014:1297-01, RHSA-2015:0126-01, RHSA-2015:0197-01, SA85, SB10084, SOL15564, SOL15568, SOL15573, SSA:2014-220-01, SSRT101674, tns-2014-06, USN-2308-1, VIGILANCE-VUL-15130.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can send DTLS packets that will lead to double free of memory and then a crash, in order to trigger a denial of service. [severity:3/4; CVE-2014-3505]

An attacker can make an application consumes a large amount of memory in the processing of DTLS handshake packets, in order to trigger a denial of service. [severity:3/4; CVE-2014-3506]

An attacker can create a memory leak in the DTLS packet processing, in order to trigger a denial of service. [severity:3/4; CVE-2014-3507]

Pretty printing routines that use OID may provide information about the stack content. An attacker may be able to deduce sensitive information from that. [severity:1/4; CVE-2014-3508]

A client attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-3509]

A server attacker can force a NULL pointer to be dereferenced in the handshake processing if the client supports key exchange with anonymous Diffie-Hellman, in order to trigger a denial of service. [severity:2/4; CVE-2014-3510]

A client attacker can force use of TLS 1.0 by special fragmentation of the Client Hello message, in order to reduce the strength of negotiated algorithms. [severity:1/4; CVE-2014-3511]

An attacker can generate a buffer overflow in the processing of SRP parameters, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-3512]

An attacker can force a NULL pointer to be dereferenced in the TLS client by asserting support for SRP, in order to trigger a denial of service. [severity:2/4; CVE-2014-5139]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-3330

Cisco NX-OS: filtering bypassing because of packet logging

Synthesis of the vulnerability

An attacker can send a large amount of redundant packets to Cisco NX-OS, in order to bypass the filtering rules.
Impacted products: Nexus by Cisco, NX-OS.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Creation date: 06/08/2014.
Identifiers: CVE-2014-3330, VIGILANCE-VUL-15129.

Description of the vulnerability

The Cisco NX-OS can be configured to log forbidden packets.

However, when logging is enabled, a small part of the packet stream is actually forwarded instead of being dropped.

An attacker can therefore send a large amount of redundant packets to Cisco NX-OS, in order to bypass the filtering rules.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-3556

nginx: injection of SMTP commands though an SSL tunnel

Synthesis of the vulnerability

An attacker who is able to capture and inject network traffic can insert SMTP commands into the nginx 's proxy, for instance in order to retrieve secret data.
Impacted products: nginx.
Severity: 1/4.
Consequences: data creation/edition, data flow.
Provenance: LAN.
Creation date: 06/08/2014.
Identifiers: CVE-2014-3556, VIGILANCE-VUL-15128.

Description of the vulnerability

The nginx product offers a SMTP proxy.

The SMTP command STARTTLS is used to insert a SSL tunnel between the TCP connection and the SMTP connection. However, nginx does not rightly reset buffers of exchanged data when it process this command.

An attacker who is able to capture and inject network traffic can therefore insert SMTP commands into the nginx 's proxy, for instance in order to retrieve secret data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 15127

WordPress Gmedia Gallery: file upload

Synthesis of the vulnerability

An attacker can upload a malicious file on WordPress Gmedia Gallery, in order for example to upload a Trojan.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 05/08/2014.
Identifiers: VIGILANCE-VUL-15127.

Description of the vulnerability

The Gmedia Gallery plugin can be installed on WordPress.

It can be used to upload a file. However, as the file type is not restricted, a PHP file can be uploaded on the server, and then executed.

An attacker can therefore upload a malicious file on WordPress Gmedia Gallery, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-5197 CVE-2014-5198

Splunk Enterprise: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two vulnerabilities of Splunk Enterprise.
Impacted products: Splunk Enterprise.
Severity: 2/4.
Consequences: privileged access/rights, client access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/08/2014.
Identifiers: CVE-2014-5197, CVE-2014-5198, SPL-85595, VIGILANCE-VUL-15126.

Description of the vulnerability

Several vulnerabilities were announced in Splunk Enterprise.

An attacker can traverse directories, in order to read a file outside the root path. [severity:2/4; CVE-2014-5197]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-5198]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 15125

IBM Security Directory Server: privilege escalation via the embedded WAS

Synthesis of the vulnerability

An attacker can exploit the installation script of the embedded WAS of IBM Security Directory Server, in order to escalate his privileges.
Impacted products: Security Directory Server.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 05/08/2014.
Identifiers: 1680254, 7009778, CVE-2014-0320-REJECTERROR, VIGILANCE-VUL-15125.

Description of the vulnerability

The IBM Security Directory Server product embeds IBM WebSphere Application Server.

An attacker can get the privileges of the user that run the installation script of WAS.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-3434

Symantec Endpoint Protection: buffer overflow of sysplant

Synthesis of the vulnerability

An attacker can generate a buffer overflow in sysplant of Symantec Endpoint Protection, in order to trigger a denial of service, and possibly to execute code.
Impacted products: SEP.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 05/08/2014.
Identifiers: CVE-2014-3434, SYM14-013, TECH223338, VIGILANCE-VUL-15124, VU#252068.

Description of the vulnerability

The Symantec Endpoint Protection include a device driver that is reachable by "ioctl" commands.

However, for some commands, the driver does not handle the length of exchange data, which allows the caller process to inject code into the buffer.

An attacker can therefore generate a buffer overflow in sysplant of Symantec Endpoint Protection, in order to trigger a denial of service, and possibly to execute code with the kernel privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 15123

Drupal Superfish: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Drupal Superfish, in order to execute JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive.
Severity: 1/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 05/08/2014.
Identifiers: VIGILANCE-VUL-15123.

Description of the vulnerability

The Superfish module can be installed on Drupal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Drupal Superfish, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-5190

WordPress Plugin SI CAPTCHA Anti-Spam: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of SI CAPTCHA Anti-Spam for WordPress, in order to execute JavaScript code in the context of the web site.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 05/08/2014.
Identifiers: CVE-2014-5190, VIGILANCE-VUL-15122.

Description of the vulnerability

The SI CAPTCHA Anti-Spam plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of SI CAPTCHA Anti-Spam for WordPress, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2846