Monthly Archive: June 2015

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service...

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative...

Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2)...

SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using...

Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2015-06-15 http://www.securityfocus.com/bid/75107 http://www.securityfocus.com/archive/1/535726/100/0/threaded

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Date published :...

N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers’ installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by...

The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug...

The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733....

Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table. Date published : 2015-06-13 http://www.securityfocus.com/bid/75187 http://supportservices.actian.com/images/pdf/Actian-SecAlert_May_2015_NO2_final.doc

RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. Date published : 2015-06-13 http://www.securityfocus.com/bid/75163 https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01

Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page. Date published : 2015-06-13 http://www.securityfocus.com/bid/75100 https://ics-cert.us-cert.gov/advisories/ICSA-15-160-02

CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors. Date published : 2015-06-13 http://www.securityfocus.com/bid/75183 http://jvn.jp/en/jp/JVN24336273/index.html

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953. Date published...