An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

CVE-2019-14433: security - [OSSA-2019-003] Nova Server Resource Faults Leak External Exception Details (CVE-2019-14433)

The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.

CVE-2019-14799: FV Flowplayer Video Player

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.

CVE-2019-14787: Newsletters

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

CVE-2019-14683: Import and export users and customers

The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter.

CVE-2019-14774

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.

@@ -122,14 +122,20 @@ private function \_verify($public\_key\_or\_secret, $expected\_alg = null) { $segments = explode('.', $this\->raw); $signature\_base\_string = implode('.', array($segments\[0\], $segments\[1\])); if (!$expected\_alg) { \# NOTE: might better to warn here $expected\_alg = $this\->header\['alg'\]; $using\_autodetected\_alg = true; } switch ($expected\_alg) { case 'HS256': case 'HS384': case 'HS512': return $this\->signature === hash\_hmac($this\->digest(), $signature\_base\_string, $public\_key\_or\_secret, true); if ($using\_autodetected\_alg) { throw new JOSE\_Exception\_UnexpectedAlgorithm( 'HMAC algs MUST be explicitly specified as $expected\_alg' ); } $hmac\_hash = hash\_hmac($this\->digest(), $signature\_base\_string, $public\_key\_or\_secret, true); return hash\_equals($this\->signature, $hmac\_hash); case 'RS256': case 'RS384': case 'RS512':

CVE-2016-5431: explicit alg check & secure hash comparison · nov/jose-php@1cce55e

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[next>\] \[<thread-prev\] \[thread-next>\] \[day\] \[month\] \[year\] \[list\]

Date: Mon, 5 Aug 2019 20:05:39 -0400
From: Rich Felker <dalias@...c.org>
To: oss-security@...ts.openwall.com
Cc: musl@...ts.openwall.com
Subject: Re: CVE request: musl libc 1.1.23 and earlier x87 float stack
 imbalance

On Mon, Aug 05, 2019 at 07:27:37PM -0400, Rich Felker wrote:
> I've discovered a flaw in musl libc's arch-specific math assembly code
> for i386, whereby at least the log1p function and possibly others
> return with more than one item on the x87 stack. This can lead to x87
> stack overflow in the execution of subsequent math code, causing it to
> incorrectly produce a NAN in place of the actual result. If floating
> point results are used in flow control, this can lead to runaway wrong
> code execution. For example, in Python (version 3.6.8 tested), at
> least one code path of the dtoa function becomes an infinite loop
> performing what's effectively an unbounded-length memset when entered
> under such a condition.
> 
> This bug is potentially exploitable in software which calls affected
> math functions with inputs under user control. Impact depends on how
> the application handles the ABI-violating x87 state; in Python it
> seems to be limited to producing a crash.
> 
> The bug is present in all versions after 0.9.12, up through the
> current (1.1.23) release. Only 32-bit x86 systems (aka IA32, musl's
> "i386" arch) are affected. Users of other archs, including x86\_64, can
> safely ignore this issue.
> 
> Affected users are advised to apply the following patch:
> 
> https://git.musl-libc.org/cgit/musl/patch/?id=f3ed8bfe8a82af1870ddc8696ed4cc1d5aa6b441

The patch contains an error that was missed for unknown reasons,
probably failure to rebuild a file. I'm attaching an aggregate patch
that works. Alternaatively, these two commits can be applied:

https://git.musl-libc.org/cgit/musl/patch/?id=f3ed8bfe8a82af1870ddc8696ed4cc1d5aa6b441
https://git.musl-libc.org/cgit/musl/patch/?id=6818c31c9bc4bbad5357f1de14bedf781e5b349e

**View attachment "**x87\_stack\_bug.diff**" of type "**text/plain**" (3105 bytes)**

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2019-14697: Re: CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.

Timestamp:

07/25/2019 09:33:24 AM (4 years ago)

webdorado

Message:

Fixed: security issue  

Location:

photo-gallery/trunk

Files:

  

*   filemanager/model.php (2 diffs)
*   photo-gallery.php (2 diffs)
*   readme.txt (2 diffs)

**Legend:**

Unmodified

Added

Removed

*   **photo-gallery/trunk/filemanager/model.php**
    
    r2087021
    
    r2128378
    
     
    
    50
    
    50
    
            $orderby = $params\['orderby'\];
    
    51
    
    51
    
            $order = $params\['order'\];
    
     
    
    52
    
        if ( $orderby != 'size' && $orderby != 'name' ) {
    
     
    
    53
    
          $orderby = 'date\_modified';
    
     
    
    54
    
        }
    
     
    
    55
    
        if ( $order != 'asc' ) {
    
     
    
    56
    
          $order = 'desc';
    
     
    
    57
    
        }
    
    52
    
    58
    
            $search = $params\['search'\];
    
    53
    
    59
    
            $page\_num = $params\['page\_num'\];
    
    …
    
    …
    
     
    
    149
    
    155
    
            $orderby = $params\['orderby'\];
    
    150
    
    156
    
            $order = $params\['order'\];
    
     
    
    157
    
        if ( $orderby != 'size' && $orderby != 'name' ) {
    
     
    
    158
    
          $orderby = 'date\_modified';
    
     
    
    159
    
        }
    
     
    
    160
    
        if ( $order != 'asc' ) {
    
     
    
    161
    
          $order = 'desc';
    
     
    
    162
    
        }
    
    151
    
    163
    
    152
    
    164
    
            $query  = ' SELECT \* FROM \`' . $wpdb->prefix . 'bwg\_file\_paths\`';
    
*   **photo-gallery/trunk/photo-gallery.php**
    
    r2120867
    
    r2128378
    
     
    
    4
    
    4
    
     \* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm\_source=photo\_gallery&utm\_medium=free\_plugin
    
    5
    
    5
    
     \* Description: This plugin is a fully responsive gallery plugin with advanced functionality.  It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
    
    6
    
     
    
     \* Version: 1.5.30
    
     
    
    6
    
     \* Version: 1.5.31
    
    7
    
    7
    
     \* Author: Photo Gallery Team
    
    8
    
    8
    
     \* Author URI: https://10web.io/plugins/?utm\_source=photo\_gallery&utm\_medium=free\_plugin
    
    …
    
    …
    
     
    
    85
    
    85
    
        $this->plugin\_url = plugins\_url(plugin\_basename(dirname(\_\_FILE\_\_)));
    
    86
    
    86
    
        $this->main\_file = plugin\_basename(\_\_FILE\_\_);
    
    87
    
     
    
        $this->plugin\_version = '1.5.30';
    
    88
    
     
    
        $this->db\_version = '1.5.30';
    
     
    
    87
    
        $this->plugin\_version = '1.5.31';
    
     
    
    88
    
        $this->db\_version = '1.5.31';
    
    89
    
    89
    
        $this->prefix = 'bwg';
    
    90
    
    90
    
        $this->nicename = \_\_('Photo Gallery', $this->prefix);
    
*   **photo-gallery/trunk/readme.txt**
    
    r2120867
    
    r2128378
    
     
    
    4
    
    4
    
    Requires at least: 3.4
    
    5
    
    5
    
    Tested up to: 5.2
    
    6
    
     
    
    Stable tag: 1.5.30
    
     
    
    6
    
    Stable tag: 1.5.31
    
    7
    
    7
    
    License: GPLv2 or later
    
    8
    
    8
    
    License URI: http://www.gnu.org/licenses/gpl-2.0.html
    
    …
    
    …
    
     
    
    282
    
    282
    
    283
    
    283
    
    \== Changelog ==
    
     
    
    284
    
     
    
    285
    
    \= 1.5.31 =
    
     
    
    286
    
    \* Fixed: Vulnerability.
    
    284
    
    287
    
    285
    
    288
    
    \= 1.5.30 =
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2019-14313: Changeset 2128378 – WordPress Plugin Repository

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.

**New Version (coming soon)**  
_Now in 2019, we release new version multiple times a week and sometimes even multiple times per day._

**Version 0.9.8.651 – 0.9.8.747 (released 21/05/2018-09/12/2018 )**

Security  
– **\[New Feature\]** Implementation of anti XSS token for the GUI

New WebServers  
– **\[New Feature\]** Define per domain webservers, now you can use different webservers per domain  
– **\[New Feature\]** prepared for AI-Robot so Artificial Intelligence can take over the control on it  
– **\[New Feature\]** Define global default server vhost templates for apache/nginx/varnish/php-fpm  
– **\[New Feature\]** Define per domain vhost templates for apache/nginx/varnish/php-fpm  
– **\[New Feature\]** Error detection in vhost build for apache/nginx/varnish/php-fpm  
– **\[UPDATE\]** latest versions of the webservers apache/nginx/varnish  
– **\[UPDATE\]** AutoSSL: more stable domain validation check

New Varnish  
– **\[New Feature\]** Varnish makes your site look like static html, it doesn’t need to run php-cgi/php-fpm for each request.  
– **\[New Feature\]** Website continues to work as cached even if apache is down  
– **\[New Feature\]** more advanced templates with better cache in memory  
– **\[New Feature\]** per domain templates and configs which you can modify and build your own  
– **\[New Feature\]** it can run now as a cache server in front of Tomcat,nodejs,ruby…

AI-Robot (Artificial Intelligence for cwp)  
Artificial intelligence integration, we have integrated “AI-Robot” artificial intelligence system which has started to learn system issues and soon it will be able to handle errors and automatically recover the system services.

PHP/PHP-FPM  
– **\[New Feature\]** PHP-FPM default setup with cache and with fastest unix sockets  
– **\[New Feature\]** PHP Pecl Manager for all PHP builders  
– **\[New Feature\]** PHP-FPM Selector with many custom options (automatic install of dependencies)  
– **\[New Feature\]** Predefined vhost templates for better performances  
– **\[New Feature\]** Custom templates for php-fpm, you can use custom per domain  
– **\[UPDATE\]** latest versions of the PHP  
– **\[UPDATE\]** New PHP 7.3.0, please use only for beta testing  
– **\[UPDATE\]** for all php builders automatic detection if build is already running  
– **\[UPDATE\]** PHP Selector with many versions and options (automatic install of dependencies)

Other Modules  
– **\[New Feature\]** New DNS Zone Editor with error detection and now much more advanced  
– **\[New Feature\]** New Mod Security Manager  
– **\[New Feature\]** Automatic update manager for 3rdParty scripts like, roundcube, phpmyadmin…  
– **\[New Feature\]** User notifications  
– **\[UPDATE\]** Improved cwp to cwp migration tool, we are still working on it to make it even better  
– **\[UPDATE\]** MySQL Manager: edit user password

**User Panel \[New Design\]**  
– **\[SECURITY\]** Implementation of anti XSS token for the GUI  
– **\[New Feature\]** New Advanced File Manager  
– **\[New Feature\]** New Modern Design  
– **\[New Feature\]** Search integration for menu and icons  
– **\[New Feature\]** Sound alerts  
– **\[New Feature\]** Pagination for all modules  
– **\[New Feature\]** Advanced editor integration for php.ini  
– **\[UPDATE\]** Cron Manager error detection  
\* We have also fixed many other reported bugs

**Version 0.9.8.448 – 0.9.8.651 (released 08/02/2018-21/05/2018)**  
– **\[New Feature\]** cgroups for centos 7 (limit resource per user, eg. set cpu limit to 50%)  
– **\[New Feature\]** Main left menu search option  
– **\[New Feature\]** Manage User crons from the admin panel  
– **\[New Feature\]** New Notifications handler with email alerts  
– **\[New Feature\]** New Ulimits Module -Show all user processes and limits (good for debugging)  
– **\[New Feature\]** Monit Monitoring (advanced tool for monitoring server services and resources)  
– **\[New Feature\]** MySQL Manager now has security and optimization tests integrated  
– **\[New Feature\]** Security Tools – Maldet Scan – Scan websites for malware  
– **\[New Feature\]** Security Tools – RKHunter Scan – Scan server for rootkits, backdoors  
– **\[New Feature\]** Security Tools – Lynis Scan – Scan server for system hardening  
– **\[New Feature\]** Security Tools – Symlink scan – Scan user accounts for symlinks  
– **\[UPDATE\]** New SSL Manager with additional auto-download for chain certificates  
– **\[UPDATE\]** Latest PHP versions (used in switcher/selector)  
– **\[UPDATE\]** Apache latest version rpm + rebuilder/compiler  
– **\[UPDATE\]** New Security checks in the Security Advisor via new notifications  
– **\[BUGFIX\]** Fixed all reported bugs with the cpanel account migration  
– **\[BUGFIX\]** Fixed bugs in the account transfer tool  
– **\[BUGFIX\]** Fixed bugs in the Mail server manager related to rebuild  
– **\[BUGFIX\]** Fixed bugs with API

**User Panel \[\]**  
– **\[SECURITY\]** Big security update for user panel, many issues have been resolved  
– **\[New Feature\]** AutoSSL- Install/remove Free SSL from the user panel  
– **\[UPDATE\]** Improved DNS zone editor

\* We have also fixed many other reported bugs

**Version 0.9.8.359 – 0.9.8.448** (released 29/09/2017-07/02/2018)  
– **\[UPDATE\]** PHP 7.2  
– **\[UPDATE\]** New admin panel design upgrade  
– **\[New Feature\]** Theme manager for User Panel  
– **\[New Feature\]** Language manager for User Panel  
– **\[New Feature\]** New cPanel migration tool running in background  
– **\[New Feature\]** New CWP to CWP migration tool  
– **\[New Feature\]** New Advanced Backup Manager  
– **\[New Feature\]** New Advanced API Manager with permissions

**New user Panel** (demo)  
– **\[New Feature\]** All new, too many things to have them listed here, you simply need to check it!  
Fixed many many other reported bugs

**Version 0.9.8.334 – 0.9.8.359** (released 26/06-29/09/2017)  
– **\[UPDATE\]** Added Apache 2.4.26, 2.4.27  
– **\[UPDATE\]** PHP 5.6.31, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.1.6, 7.1.7, 7.1.9, 7.1.10  
– **\[UPDATE\]** PHP selector delete unwanted php version with single click  
– **\[UPDATE\]** AutoSSL: manualy start and force auto renewal  
– **\[New Feature\]** Included manager for new user panel compatibility

– **\[BUGFIX\]** IonCube installer fixed issue with php 7.0 & 7.1  
– **\[BUGFIX\]** Zendguard loader5.5, 5.6 improved installer  
– **\[BUGFIX\]** AutoSSL reported bugs fixed  
– **\[BUGFIX\]** Improved security  
Fixed many other reported bugs

**Version 0.9.8.315 – 0.9.8.333** (released 28/04-25/06/2017)  
– **\[UPDATE\]** detailed cleanup of removed accounts  
– **\[UPDATE\]** yum manager improvement  
– **\[UPDATE\]** New PHP versions added 7.0.20 and 7.1.5  
– **\[UPDATE\]** php selector new versions of php  
– **\[UPDATE\]** apache 2.4.26 (has security updates)  
– **\[New Feature\]** new ftp manager for admin  
– **\[New Feature\]** bandwidth monitor (incoming/outgoing for all interfaces)

– **\[BUGFIX\]** php switcher bug fix  
– **\[BUGFIX\]** autossl bugfix  
– **\[BUGFIX\]** mod security installer bug fix  
– **\[BUGFIX\]** vhost rebuild bug fix  
– **\[BUGFIX\]** mail queue module bug fix  
– **\[BUGFIX\]** mail explorer module bug fix  
Fixed many other reported bugs

**Version 0.9.8.291 – 0.9.8.314** (released 23/03-28/04/2017)  
– **\[UPDATE\]** New PHP versions added 7.0.18 and 7.1.4  
– **\[UPDATE\]** Improved SSL Manager (fixed autoSSL bugs)  
– **\[UPDATE\]** Improved backups (now weekly and monthly use hard links and can reduce total backup size up to 65%)  
– **\[New Feature\]** Ajax disk usage checker (check your disk space usage per folder)  
– **\[New Feature\]** New Varnish configuration editor  
– **\[New CWPpro\]** Yum Package and Repository Manager  
– **\[SECURITY\]** SECURITY BUG FIXED  
Prevention of Cross-site Scripting (XSS) Attack ​by Esmaeil Rahimian (Security Research from SecureHost) Rahimian@securehost.co  
Fixed many other reported bugs

**Version 0.9.8.266 – 0.9.8.290** (released 01-22/03/2017)  
– **\[BUGFIX\]** ioncube update scripts  
– **\[BUGFIX\]** sysstat graph errors  
– **\[BUGFIX\]** PHP Selector fixed php 7  
– **\[BUGFIX\]** Advanced File Manager bugs  
– **\[BUGFIX\]** Mail Server rebuild  
– **\[BUGFIX\]** SSL redirection for cwp services  
– **\[BUGFIX\]** Fixed security advisor multiple messages  
– **\[UPDATE\]** Php Switcher new additional modules and new php versions  
– **\[UPDATE\]** PHP Selector update of all php versions and added php 7.0, 7.1  
– **\[UPDATE\]** SSL Cert Manager now with more detailed info from the certificate files  
– **\[New Feature\]** AutoSSL option when creating new account, domain or subdomain from admin panel  
– **\[New Feature\]** AutoSSL for Hostname  
– **\[New Feature\]** Nice and Fast Ajax upgrade for list accounts, domains and subdomains.  
– **\[New Feature\]** New Varnish configuration editor  
– **\[CWPpro\]** Yum, number of available packages upgrades at login into cwp

**Version 0.9.8.250 – 0.9.8.265** (released 21-28/02/2017)  
– **\[New Feature\]** Sysstat graphs  
– **\[UPDATE\]** Higher grade for apache SSL  
– **\[UPDATE\]** PHP Switcher\_v2 Configuration Upgrade and Bugs Fixed  
– **\[BUGFIX\]** File Manager bug fixed, and few smaller bug in the gui

**Version 0.9.8.248 – 0.9.8.249** (released 21/02/2017)  
– **\[UPDATE\]** PHP Switcher added extensions: intl, pspell, tidy, wddx  
– **\[BUGFIX\]** Fixed several bugs

**Version 0.9.8.240 – 0.9.8.247** (released 17/02/2017)  
– **\[New Feature\]** NEW friendly PHP Version Switcher with many addons and more to come…  
– **\[UPDATE\]** Update of PHP versions: 7.1.2, 7.0.16, 5.6.30  
– **\[Old Removed\]** Old PHP Version Switcher removed from the left menu but still exists.  
– **\[BUGFIX\]** Fixed several bugs

**Version 0.9.8.239** (released 13/02/2017)  
– **\[BUGFIX\]** Fixed bug with softaculous remove mysql user.

**Version 0.9.8.237 & 0.9.8.238** (released 11/02/2017)  
– **\[New Feature\]** LiteSpeed Enterprise integration with CWP

**13/02/2017**  
…we were working very hard to make CWP work with CentOS 7 so we have done many changes are unfortunately there is no any info what was done before in which version.

CVE-2019-13385: ChangeLog for CentOS 7 | Control Web Panel

WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in.

Tag

#php