by CIRT Team
Exim < 4.86.2 - Privilege Escalation Vulnerability
Description: CVE-2016-1531: Exim before 4.86.2, when installed as setuid root, allows local users to gain privileges via the perl_startup argument. Impact: When Exim installation has been compiled with Perl support and contains a perl_startup configuration variable it can be exploited by malicious local attackers to gain root privileges. Mitigation: Vendor has released patch version. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1531 https://www.exim.org/static/doc/CVE-2016-1531.txt https://github.com/Exim/exim/wiki/EximSecurity
by CIRT Team
Zimbra Collaboration Server 7.2.2 / 8.0.2 – Local File Inclusion Vulnerability
Description: CVE-2013-7091: Directory traversal vulnerability on /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. Impact: An attacker can exploit this vulnerability to obtain potentially sensitive information like LDAP root credentials and execute arbitrary...
Read More
by CIRT Team
Linux Kernel 4.4.1 – REFCOUNT Overflow/Use-After-Free in Keyrings Privilege Escalation vulnerability
Description: CVE-2016-0728: The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. Impact: Local attackers may exploit this issue to gain root privileges. Mitigation: Vendor has released patch version. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728 https://access.redhat.com/security/cve/cve-2016-0728 https://security-tracker.debian.org/tracker/CVE-2016-0728 https://www.suse.com/security/cve/CVE-2016-0728/
by CIRT Team
Apache Struts – Dynamic Method Invocation – Remote Code Execution
Description: CVE-2016-3081: Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2 and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled allows remote attackers to execute arbitrary code via method: prefix, related to chained expressions. Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Mitigation: Vendor has...
Read More
by CIRT Team
Apache 2.4.23 (mod_http2) – Denial of Service
Description: CVE-2016-8740: The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. Impact: Apache HTTPD Server 2.4.17 through 2.4.23 are vulnerable, remote attackers can exploit this issue to exhaust the memory,...
Read More
by CIRT Team
PHPMailer < 5.2.20 - Remote Code Execution
Description: CVE-2016-10033: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \” (backslash double quote) in a crafted Sender property. CVE-2016-10045: The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary...
Read More
by CIRT Team
Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File
Description: CVE-2016-4010: Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. Impact: Magento e-commerce platform is vulnerable to an unauthenticated arbitrary file write vulnerability. Attackers can exploit this issue to gain administrative access to the application. Mitigation: Vendor has released patch version. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4010 https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/9855/magento-unauthenticated-arbitrary-unserializearbitrary-write-file-vulnerability-cve20164010 http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/ https://magento.com/security/patches/magento-206-security-update
by CIRT Team
Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation vulnerability
Description: CVE-2016-8869: The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. CVE-2016-8870: The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create...
Read More
by CIRT Team
Drupal Core – Highly Critical – Injection Vulnerability – SA-CORE-2016-003
Description: httpoxy is a set of vulnerabilities that affect application code running in CGI or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to configure an outgoing proxy Impact: Drupal 8 uses the third-party PHP library Guzzle for making...
Read More
by CIRT Team
Drupal SQLi (Drupalgeddon) Vulnerability: CVE-2014-3704
Description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. Impact: A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead...
Read More
