Avisos Tecnicos INTECO (España)

Syndicate content
Avisos y alertas de INCIBE es
Updated: 1 hour 58 min ago

CVE-2015-2748

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-2747

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-2746

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-2683

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-2682

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-0673

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-0672

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-0650

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-0649

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-0648

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-0647

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-0646

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-0645

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuq59131. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-0644

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-0643

Wed, 03/25/2015 - 21:00
*** Pendiente de traducción *** Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuo75572. 2015-03-25T23:00:00Z
Categories: Alertas

CVE-2015-2703

Tue, 03/24/2015 - 21:00
*** Pendiente de traducción *** Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo.cgi in the Data Security block page or (2) admin_msg parameter to configure/ssl_ui/eva-config/client-cert-import_wsoem.html in the Content Gateway, which is not properly handled in an error message. 2015-03-24T23:00:00Z
Categories: Alertas

CVE-2015-2702

Tue, 03/24/2015 - 21:00
*** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email. 2015-03-24T23:00:00Z
Categories: Alertas

CVE-2015-2701

Tue, 03/24/2015 - 21:00
*** Pendiente de traducción *** Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. 2015-03-24T23:00:00Z
Categories: Alertas

CVE-2015-2559

Tue, 03/24/2015 - 21:00
*** Pendiente de traducción *** Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. 2015-03-24T23:00:00Z
Categories: Alertas

CVE-2015-2317

Tue, 03/24/2015 - 21:00
*** Pendiente de traducción *** The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. 2015-03-24T23:00:00Z
Categories: Alertas