The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability note CVE-2015-4050

Symfony: privilege escalation via _controller

Synthesis of the vulnerability

An attacker can use the _controller parameter of Symfony, in order to change the behavior of a web site.
Impacted products: Debian, eZ Publish, Fedora, Symfony.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 27/05/2015.
Identifiers: 14759, CVE-2015-4050, DSA-3276-1, EZSA-2015-002, FEDORA-2015-9025, FEDORA-2015-9034, FEDORA-2015-9039, VIGILANCE-VUL-16994.

Description of the vulnerability

The Symfony product uses the "_controller" parameter (in YAML, XML, PHP) to choose the controller to be used to handle a route (url).

However, an attacker can directly use the "_controller" parameter in a "/_fragment" url, in order to change the controller. The attacker obtains an HTTP code 403 response, with a body generated by the controller.

An attacker can therefore use the _controller parameter of Symfony, in order to change the behavior of a web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-0751

Cisco IP Phone 7861: denial of service

Synthesis of the vulnerability

An attacker can send a malicious packet to Cisco IP Phone 7861, in order to trigger a denial of service.
Impacted products: Cisco CUCM, Cisco IP Phone.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 27/05/2015.
Identifiers: 39011, CSCus81800, CVE-2015-0751, VIGILANCE-VUL-16993.

Description of the vulnerability

The Cisco IP Phone 7861 product has a service to manage received packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious packet to Cisco IP Phone 7861, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 16992

WordPress Easy Author Image: information disclosure

Synthesis of the vulnerability

An attacker can consult a web site with WordPress Easy Author Image, in order to obtain author's mail address.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/05/2015.
Identifiers: VIGILANCE-VUL-16992.

Description of the vulnerability

The Easy Author Image plugin can be installed on WordPress.

By default this plugin shows a mail author's address in the tag attribute <img/>. However, an attacker can retrieve this data.

An attacker can therefore consult a web site with WordPress Easy Author Image, in order to obtain author's mail address.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-3200

Lighttpd: log injection via basic HTTP authentication

Synthesis of the vulnerability

An attacker can inject logs via a basic HTTP authentication of Lighttpd, in order to disturb a log analysis.
Impacted products: Fedora, lighttpd, Solaris.
Severity: 2/4.
Consequences: disguisement.
Provenance: internet client.
Creation date: 26/05/2015.
Identifiers: bulletinoct2015, CVE-2015-3200, FEDORA-2015-12250, FEDORA-2015-12252, VIGILANCE-VUL-16991.

Description of the vulnerability

The Lighttpd product is a web server.

Lighttpd implements "basic HTTP" authentication, and logs a login name. Usually, the login and password are unified as "login:password" and encoded in base64. However, when a character '\0' is used after the login name, the ':' punctuation is not found by http_auth.c, so additional lines are injected in the log file.

An attacker can therefore inject logs via a basic HTTP authentication of Lighttpd, in order to disturb a log analysis.
Full Vigil@nce bulletin... (Free trial)

vulnerability 16990

Synology Photo Station: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Synology Photo Station.
Impacted products: Synology DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 26/05/2015.
Identifiers: VIGILANCE-VUL-16990.

Description of the vulnerability

Several vulnerabilities were announced in Synology Photo Station.

An attacker can trigger a Cross Site Scripting in login.php via $_GET['success'], in order to execute JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting in index.php via $urlPrefix.$data['img'] and $urlPrefix.$url, in order to execute JavaScript code in the context of the web site. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 16989

WordPress estrutura-basica: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of WordPress estrutura-basica, in order to read a file outside the service root path.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/05/2015.
Identifiers: VIGILANCE-VUL-16989.

Description of the vulnerability

The estrutura-basica theme can be installed on WordPress.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories of WordPress estrutura-basica, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-2120

HP SiteScope: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of HP SiteScope, in order to escalate his privileges.
Impacted products: SiteScope.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 26/05/2015.
Revision date: 27/05/2015.
Identifiers: c04688784, CVE-2015-2120, HPSBGN03325, SSRT101902, VIGILANCE-VUL-16988, ZDI-15-239, ZDI-CAN-2567.

Description of the vulnerability

The HP SiteScope product is used for software monitoring.

However, a remote authenticated user can read the users.config file, containing information about users.

An attacker can therefore bypass restrictions of HP SiteScope, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-4655

Synology DiskStation Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Synology DiskStation Manager, in order to execute JavaScript code in the context of the web site.
Impacted products: Synology DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 26/05/2015.
Identifiers: CVE-2015-4655, SFY20150503, VIGILANCE-VUL-16987.

Description of the vulnerability

The Synology DiskStation Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Synology DiskStation Manager, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 16986

Synology Photo Station: command execution via description

Synthesis of the vulnerability

An attacker can use a description containing shell escape characters on Synology Photo Station, in order to execute commands on the system.
Impacted products: Synology DSM, Synology DS***, Synology RS***.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 26/05/2015.
Identifiers: SFY20150502, VIGILANCE-VUL-16986.

Description of the vulnerability

The Synology Photo Station product can be installed on DSM.

The photo/webapi/photo.php script calls the UpdateDescriptionMetadata() function, which runs the SYNO_EXIFTOOL_FILE (/usr/syno/bin/synophoto_dsm_user) command. However, the shell command line is built without escaping the "description" field.

An attacker can therefore use a description containing shell escape characters on Synology Photo Station, in order to execute commands on the system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 16985

Python 2.7: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Python 2.7.
Impacted products: Python.
Severity: 2/4.
Consequences: user access/rights, data creation/edition, data deletion, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 8.
Creation date: 26/05/2015.
Identifiers: 21032, 22885, 23055, 23363, 23364, 23365, 23366, 23367, VIGILANCE-VUL-16985.

Description of the vulnerability

Several vulnerabilities were announced in Python 2.7.

An attacker can generate a buffer overflow in PyUnicode_FromFormatV, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 23055]

An attacker can use a vulnerability in dumbdbm, in order to execute code. [severity:2/4; 22885]

An attacker can generate a buffer overflow in unicodedata module, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 23367]

An attacker can generate a buffer overflow in itertools.permutations, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 23363]

An attacker can generate a buffer overflow in itertools.produc, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 23364]

An attacker can generate a buffer overflow in itertools.combinations_with_replacement, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 23365]

An attacker can generate a buffer overflow in itertools.combinations, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 23366]

An attacker can create a socket leak in HTTPConnection.getresponse, in order to trigger a denial of service. [severity:2/4; 21032]
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2775