by CIRT Team
Vanilla Forums < 2.3 - Remote Code Execution Vulnerability
Description: Vanilla Forums software (including the latest stable version of 2.3 in its default configuration) is affected by * Host Header Injection CVE-2016-10073 which can be exploited by unauthenticated remote attackers to potentially intercept password reset hash and gain unauthorized access to the victim account or perform web-cache poisoning attacks. Impact: With victim user interaction, attacker could potentially intercept the password reset hash. This vulnerability...
Read More
by CIRT Team
LibreOffice CVE-2017-8358: heap-based buffer overflow related to the ReadJPEG function.
Description: LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. Impact: As an impact it is known to affect confidentiality, integrity, and availability. Mitigation: Updates are available. Please see the references for more information. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8358 https://www.libreoffice.org/about-us/security/advisories/ https://security-tracker.debian.org/tracker/CVE-2017-8358 https://access.redhat.com/security/cve/cve-2017-8358 https://bugzilla.redhat.com/show_bug.cgi?id=1447279 https://www.suse.com/security/cve/CVE-2017-8358/
by CIRT Team
SQL Injection Vulnerability in Joomla! 3.7
Description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. The vulnerability is caused by a new component, com_fields, which was introduced in version 3.7. Impact: An SQL injection flaw that allows attackers to execute custom SQL code on affected systems and take over vulnerable sites. Mitigation: Upgrade to version 3.7.1. Please check specific vendor advisory...
Read More
by CIRT Team
WordPress Password Reset CVE-2017-8295 Security Bypass Vulnerability
Description: WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of...
Read More
by CIRT Team
Microsoft Windows SMB Server (MS17-010) Vulnerability
Description: Microsoft Windows SMB Server is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Related CVE’s: CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148 Vulnerable Versions: Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Vista Service Pack 2 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012...
Read More
by CIRT Team
Squirrelmail CVE-2017-7692 Command Injection Vulnerability
Description: SquirrelMail versions 1.4.22 and below are vulnerable to a command-line argument injection exploit that could allow arbitrary code execution if $edit_identity and $useSendmail are enabled and user has knowledge of the location and permissions on the SquirrelMail attachment directory. Impact: Successful exploit allows an attacker to inject and execute arbitrary commands in context of the affected application. Squirrelmail version 1.4.22 and prior are vulnerable....
Read More
by CIRT Team
Linux Kernel CVE-2017-7895 Multiple Security Bypass Vulnerabilities
Description: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacks certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. Impact: Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks....
Read More
by CIRT Team
Linksys Smart Wi-Fi Vulnerabilities
Description: Cyber security researchers from IOActive said in an advisory that after reverse engineering, the router firmware they identified total of 10 security vulnerabilities, ranging from low-to-high risk issues, six of which can be exploited remotely by unauthenticated attackers. Impact: Because of these vulnerabilities, it allows unauthenticated attackers to create a Denial-of-Service (DoS) condition on the router. Attackers can also bypass the authentication protecting the...
Read More
by CIRT Team
Drupal Security Issue SA-CONTRIB-2017-38
Description: The Drupal security team has discovered a critical vulnerability in a third-party module named References. Although this module is no longer maintained, it is currently used within over 120,000 installations. Impact: The Drupal security team did not disclose the technical details about the vulnerability in order to avoid the exploitation of the flaw in the wild. Mitigation: As per drupal.org official page information, if...
Read More
by CIRT Team
Cisco Adaptive Security Appliance (ASA) Software CVE-2017-6607 Denial of Service Vulnerability
Description: The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Only traffic directed to...
Read More
