by CIRT Team
Roundcube 1.2.2 – Remote Code Execution Vulnerability
Description: In Roundcube 1.2.2 and earlier, user-controlled input flows unsanitized into the fifth argument of a call to PHP’s built-in function mail() which is documented as security critical. The problem is that the invocation of the mail() function will cause PHP to execute the sendmail program. The fifth argument allows to pass arguments to this execution which allows a configuration of sendmail. Since sendmail offers...
Read More
by CIRT Team
Microsoft Exchange Server Information Disclosure Vulnerability
CVE-2016-0028: Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka “Microsoft Exchange Information Disclosure Vulnerability.” Impact: An attacker can exploit this issue to conduct spoofing attacks...
Read More
by CIRT Team
Exim < 4.86.2 - Privilege Escalation Vulnerability
Description: CVE-2016-1531: Exim before 4.86.2, when installed as setuid root, allows local users to gain privileges via the perl_startup argument. Impact: When Exim installation has been compiled with Perl support and contains a perl_startup configuration variable it can be exploited by malicious local attackers to gain root privileges. Mitigation: Vendor has released patch version. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1531 https://www.exim.org/static/doc/CVE-2016-1531.txt https://github.com/Exim/exim/wiki/EximSecurity
by CIRT Team
Zimbra Collaboration Server 7.2.2 / 8.0.2 – Local File Inclusion Vulnerability
Description: CVE-2013-7091: Directory traversal vulnerability on /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. Impact: An attacker can exploit this vulnerability to obtain potentially sensitive information like LDAP root credentials and execute arbitrary...
Read More
by CIRT Team
Linux Kernel 4.4.1 – REFCOUNT Overflow/Use-After-Free in Keyrings Privilege Escalation vulnerability
Description: CVE-2016-0728: The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. Impact: Local attackers may exploit this issue to gain root privileges. Mitigation: Vendor has released patch version. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728 https://access.redhat.com/security/cve/cve-2016-0728 https://security-tracker.debian.org/tracker/CVE-2016-0728 https://www.suse.com/security/cve/CVE-2016-0728/
by CIRT Team
Apache Struts – Dynamic Method Invocation – Remote Code Execution
Description: CVE-2016-3081: Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2 and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled allows remote attackers to execute arbitrary code via method: prefix, related to chained expressions. Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Mitigation: Vendor has...
Read More
by CIRT Team
Apache 2.4.23 (mod_http2) – Denial of Service
Description: CVE-2016-8740: The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. Impact: Apache HTTPD Server 2.4.17 through 2.4.23 are vulnerable, remote attackers can exploit this issue to exhaust the memory,...
Read More
by CIRT Team
PHPMailer < 5.2.20 - Remote Code Execution
Description: CVE-2016-10033: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \” (backslash double quote) in a crafted Sender property. CVE-2016-10045: The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary...
Read More
by CIRT Team
Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File
Description: CVE-2016-4010: Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. Impact: Magento e-commerce platform is vulnerable to an unauthenticated arbitrary file write vulnerability. Attackers can exploit this issue to gain administrative access to the application. Mitigation: Vendor has released patch version. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4010 https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/9855/magento-unauthenticated-arbitrary-unserializearbitrary-write-file-vulnerability-cve20164010 http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/ https://magento.com/security/patches/magento-206-security-update
by CIRT Team
Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation vulnerability
Description: CVE-2016-8869: The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. CVE-2016-8870: The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create...
Read More
