Security Bulletins

Syndicate content
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Updated: 49 min 31 sec ago

SB14-160: Vulnerability Summary for the Week of June 2, 2014

Mon, 06/09/2014 - 14:32
Original release date: June 09, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoajaydsouza -- contextual_related_postsSQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-06-027.5CVE-2014-3937aten -- cn8000The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier allows remote attackers to cause a denial of service via unspecified vectors.2014-06-057.8CVE-2014-1997bitrix -- bitrix_e-store_moduleThe Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.2014-05-307.5CVE-2013-6788citrix -- vdi-in-a-boxUnspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.2014-05-307.5CVE-2014-3780copadata -- zenon_dnp3_ng_driverCOPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow remote attackers to cause a denial of service (infinite loop and process crash) by sending a crafted DNP3 packet over TCP.2014-06-057.1CVE-2014-2345corel -- paintshop_pro_x5Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file.2014-06-059.3CVE-2013-0733cososys -- endpoint_protectorSQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.2014-06-027.5CVE-2014-3932d-link -- dir-505l_shareport_mobile_companionStack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.2014-06-0210.0CVE-2014-3936dell -- powervault_ml6000logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.2014-06-029.0CVE-2014-2959dleviet -- datalife_engineDataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.2014-06-027.5CVE-2013-1412emc -- documentum_digital_asset_managerThe thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.2014-06-057.5CVE-2014-2503ericom -- accessnow_serverStack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.2014-06-0410.0CVE-2014-3913frontaccounting -- frontaccountingMultiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-06-057.5CVE-2014-3973fruux -- sabredavSabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2055getid3 -- getid3getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2053ibm -- db2Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.2014-05-307.2CVE-2014-0907ingy -- spoonSpoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.2014-06-047.5CVE-2012-6143jochen_wiedmann -- html::epSession::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.2014-06-047.5CVE-2012-6142openstack -- neutronThe default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.2014-06-027.6CVE-2013-6433owncloud -- owncloudownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."2014-06-057.5CVE-2014-2051owncloud -- owncloudPHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2054owncloud -- owncloudPHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2056owncloud -- owncloudownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.2014-06-047.5CVE-2014-3834phpnuke -- php-nukeSQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.2014-06-027.5CVE-2014-3934radiothermostat -- ct50Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors.2014-06-058.3CVE-2013-4860rom_walton -- boincStack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.2014-06-029.3CVE-2013-2019rom_walton -- boincMultiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.2014-06-029.3CVE-2013-2298samsung -- ipolis_device_managerStack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value.2014-06-059.3CVE-2014-3912sensiolabs -- symfonyThe Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.2014-06-027.5CVE-2013-1348sensiolabs -- symfonySymfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.2014-06-027.5CVE-2013-1397stephen_adkins -- app::contextThe App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized.2014-06-047.5CVE-2012-6141videos_tube_project -- videos_tubeMultiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.2014-06-047.5CVE-2014-3962vmware -- vcenter_server_applianceRuby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.2014-06-019.0CVE-2014-3790xen -- xenXen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.2014-06-057.4CVE-2014-3969xnau -- participants_databaseSQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.2014-06-047.5CVE-2014-3961xoops -- glossaire_moduleSQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.2014-06-027.5CVE-2014-3935Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoa10networks -- advanced_core_operating_systemBuffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information.2014-06-055.0CVE-2014-3976ajaydsouza -- contextual_related_postsCross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.2014-06-026.8CVE-2013-2710alex_kellner -- powermailCross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-044.3CVE-2014-3948alfresco -- alfrescoMultiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit.2014-06-024.3CVE-2014-2939apache -- tomcatInteger overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.2014-05-315.0CVE-2014-0075apache -- tomcatjava/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.2014-05-315.0CVE-2014-0095apache -- tomcatjava/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2014-05-314.3CVE-2014-0096apache -- tomcatInteger overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.2014-05-314.3CVE-2014-0099apache -- tomcatApache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.2014-05-314.3CVE-2014-0119auracms -- auracmsCross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.2014-06-054.3CVE-2014-3974auracms -- auracmsAbsolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.2014-06-055.0CVE-2014-3975bottomline -- transform_foundation_serverMultiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI.2014-06-054.3CVE-2014-2577bufferapp -- digg_diggCross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.2014-06-026.8CVE-2013-3258cisco -- unified_communications_domain_managerThe web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.2014-06-034.0CVE-2014-3280cogentdatahub -- cogent_datahubDirectory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname.2014-05-306.4CVE-2014-2352cogentdatahub -- cogent_datahubCross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-304.3CVE-2014-2353cogentdatahub -- cogent_datahubCogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.2014-05-305.0CVE-2014-2354copadata -- zenon_dnp3_ng_driverCOPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate attackers to cause a denial of service (infinite loop and process crash) via crafted input over a serial line.2014-06-054.0CVE-2014-2346corel -- quattro_pro_x6The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file.2014-06-054.3CVE-2012-4728dancer -- dancerCRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526.2014-05-305.0CVE-2012-5572danielkorte -- nodeaccesskeysThe Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing.2014-06-025.8CVE-2013-4596debian -- dpkgdpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.2014-05-305.0CVE-2014-3227debian -- dpkg-devDirectory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.2014-05-305.0CVE-2014-3864debian -- dpkg-devMultiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.2014-05-305.0CVE-2014-3865digital_zoom_studio -- video_galleryMultiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allchars.swf, or (4) preview_skin_overlay.swf in deploy/.2014-05-304.3CVE-2014-3923dleviet -- datalife_engineSession fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.2014-06-026.8CVE-2013-7387emc -- rsa_adaptive_authentication_hostedCross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-044.3CVE-2014-2502f5 -- big-ip_access_policy_managerCross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.2014-06-034.3CVE-2014-3959getpixie -- pixieMultiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemail or (2) subject parameter in the Contact form to contact/.2014-06-044.3CVE-2014-3786gnu -- gnutlsBuffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.2014-06-036.8CVE-2014-3466gnu -- gnutlsMultiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 data.2014-06-054.3CVE-2014-3467gnu -- gnutlsThe asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.2014-06-056.8CVE-2014-3468gnu -- gnutlsThe (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.2014-06-054.3CVE-2014-3469huawei -- webuiCross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document.2014-06-026.8CVE-2014-2946ibm -- db2The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.2014-05-306.5CVE-2013-6744ibm -- smart_analytics_system_7700Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events.2014-06-044.6CVE-2014-0935ibm -- websphere_service_registry_and_repositoryCross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2014-05-304.3CVE-2014-3010ipswitch -- imail_serverMultiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section.2014-06-054.3CVE-2014-3878lucas_clemente_vella -- libpam-pgsqllibpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.2014-06-035.0CVE-2013-0191mediawiki -- mediawikiSession fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.2014-06-026.8CVE-2012-5391mediawiki -- mediawikiSession fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.2014-06-026.8CVE-2012-5395mediawiki -- mediawikimaintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.2014-06-025.0CVE-2013-1818n-i-agroinformatics -- soy_cmsCross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-054.3CVE-2014-1998nero -- mediahomeMultiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow.2014-05-305.0CVE-2012-5876nero -- mediahomeNero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name.2014-05-305.0CVE-2012-5877network-weathermap -- .network_weathermapCross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.2014-06-054.3CVE-2013-2618network-weathermap -- .network_weathermapDirectory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.2014-06-055.0CVE-2013-3739openinfosecfoundation -- suricataSuricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.2014-05-305.0CVE-2013-5919opennms -- opennmsMultiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-044.3CVE-2014-3960openssl -- opensslThe dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.2014-06-056.8CVE-2014-0195openssl -- opensslThe dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.2014-06-054.3CVE-2014-0221openssl -- opensslOpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.2014-06-056.8CVE-2014-0224openssl -- opensslThe ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.2014-06-054.3CVE-2014-3470openstack -- keystoneOpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.2014-06-025.0CVE-2013-2014owncloud -- owncloudMultiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.2014-06-044.3CVE-2012-5056owncloud -- owncloudCRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.2014-06-044.3CVE-2012-5057owncloud -- owncloudlib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.2014-06-044.0CVE-2012-5336owncloud -- owncloudsettings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.2014-06-044.6CVE-2013-0204owncloud -- owncloudUnspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK.2014-06-055.0CVE-2013-0302owncloud -- owncloudownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.2014-06-054.0CVE-2013-0304owncloud -- owncloudThe installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.2014-06-045.0CVE-2013-1941owncloud -- owncloudCross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.2014-06-044.3CVE-2014-3832owncloud -- owncloudMultiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.2014-06-044.3CVE-2014-3833owncloud -- owncloudownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors.2014-06-045.5CVE-2014-3835owncloud -- owncloudMultiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.2014-06-046.8CVE-2014-3836owncloud -- owncloudThe document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.2014-06-044.0CVE-2014-3837owncloud -- owncloudownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.2014-06-044.0CVE-2014-3838owncloud -- owncloudownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors.2014-06-044.0CVE-2014-3963php -- phpThe cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.2014-06-015.0CVE-2014-0237php -- phpThe cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.2014-06-015.0CVE-2014-0238redhat -- openstackThe default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.2014-06-025.0CVE-2013-6470redhat -- openstackOpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.2014-06-024.3CVE-2014-0040redhat -- openstackOpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.2014-06-024.3CVE-2014-0041redhat -- openstackOpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.2014-06-024.3CVE-2014-0042redhat -- sossosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.2014-06-015.0CVE-2014-3925redhat -- enterprise_mrgThe Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.2014-06-054.0CVE-2014-3940rom_walton -- boincMultiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.2014-06-025.0CVE-2011-5280rom_walton -- boincFormat string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.2014-06-025.0CVE-2013-7386simple_popup_project -- simple_popupCross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter.2014-05-304.3CVE-2014-3921trend_micro -- interscan_messaging_security_virtual_applianceCross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.2014-05-304.3CVE-2014-3922trianglemicroworks -- scada_data_gatewayTriangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.2014-05-305.0CVE-2014-2342typo3 -- typo3TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."2014-06-035.0CVE-2014-3941typo3 -- typo3The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.2014-06-036.0CVE-2014-3942typo3 -- typo3The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.2014-06-035.8CVE-2014-3944typo3 -- typo3The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.2014-06-034.0CVE-2014-3945typo3 -- typo3The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.2014-06-034.0CVE-2014-3946vmware -- fusionVMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.2014-05-315.8CVE-2014-3793webmin -- userwinMultiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.2014-05-304.3CVE-2014-3924xen -- xenThe HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.2014-06-055.5CVE-2014-3967xen -- xenThe HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.2014-06-055.5CVE-2014-3968zemanta -- related_postsCross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.2014-06-026.8CVE-2013-3257zemanta -- related_postsCross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors.2014-06-026.8CVE-2013-3476znc -- zncZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp.2014-06-054.0CVE-2013-2130Back to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infodavid_bagley -- xlockmoreThe (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.2014-05-302.1CVE-2013-4143ibm -- sterling_control_centerOpen redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.2014-05-303.5CVE-2014-0925jo_hasenau -- gridelementsCross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.2014-06-043.5CVE-2014-3949mate-desktop -- mate-settings-daemonThe default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call.2014-05-302.1CVE-2012-5560newsignature -- addressfield_tokensCross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field.2014-06-023.5CVE-2014-3933redhat -- rhevm-dwhThe setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.2014-05-302.1CVE-2014-0202redhat -- enterprise_mrgkernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.2014-06-053.3CVE-2014-3917sendmail -- sendmailThe sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.2014-06-041.9CVE-2014-3956trianglemicroworks -- scada_data_gatewayTriangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.2014-05-302.1CVE-2014-2343typo3 -- typo3Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.2014-06-033.5CVE-2014-3943Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-160: Vulnerability Summary for the Week of June 2, 2014

Mon, 06/09/2014 - 14:32
Original release date: June 09, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoajaydsouza -- contextual_related_postsSQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-06-027.5CVE-2014-3937aten -- cn8000The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier allows remote attackers to cause a denial of service via unspecified vectors.2014-06-057.8CVE-2014-1997bitrix -- bitrix_e-store_moduleThe Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.2014-05-307.5CVE-2013-6788citrix -- vdi-in-a-boxUnspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.2014-05-307.5CVE-2014-3780copadata -- zenon_dnp3_ng_driverCOPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow remote attackers to cause a denial of service (infinite loop and process crash) by sending a crafted DNP3 packet over TCP.2014-06-057.1CVE-2014-2345corel -- paintshop_pro_x5Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file.2014-06-059.3CVE-2013-0733cososys -- endpoint_protectorSQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.2014-06-027.5CVE-2014-3932d-link -- dir-505l_shareport_mobile_companionStack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.2014-06-0210.0CVE-2014-3936dell -- powervault_ml6000logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.2014-06-029.0CVE-2014-2959dleviet -- datalife_engineDataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.2014-06-027.5CVE-2013-1412emc -- documentum_digital_asset_managerThe thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.2014-06-057.5CVE-2014-2503ericom -- accessnow_serverStack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.2014-06-0410.0CVE-2014-3913frontaccounting -- frontaccountingMultiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-06-057.5CVE-2014-3973fruux -- sabredavSabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2055getid3 -- getid3getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2053ibm -- db2Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.2014-05-307.2CVE-2014-0907ingy -- spoonSpoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.2014-06-047.5CVE-2012-6143jochen_wiedmann -- html::epSession::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.2014-06-047.5CVE-2012-6142openstack -- neutronThe default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.2014-06-027.6CVE-2013-6433owncloud -- owncloudownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."2014-06-057.5CVE-2014-2051owncloud -- owncloudPHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2054owncloud -- owncloudPHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2056owncloud -- owncloudownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.2014-06-047.5CVE-2014-3834phpnuke -- php-nukeSQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.2014-06-027.5CVE-2014-3934radiothermostat -- ct50Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors.2014-06-058.3CVE-2013-4860rom_walton -- boincStack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.2014-06-029.3CVE-2013-2019rom_walton -- boincMultiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.2014-06-029.3CVE-2013-2298samsung -- ipolis_device_managerStack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value.2014-06-059.3CVE-2014-3912sensiolabs -- symfonyThe Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.2014-06-027.5CVE-2013-1348sensiolabs -- symfonySymfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.2014-06-027.5CVE-2013-1397stephen_adkins -- app::contextThe App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized.2014-06-047.5CVE-2012-6141videos_tube_project -- videos_tubeMultiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.2014-06-047.5CVE-2014-3962vmware -- vcenter_server_applianceRuby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.2014-06-019.0CVE-2014-3790xen -- xenXen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.2014-06-057.4CVE-2014-3969xnau -- participants_databaseSQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.2014-06-047.5CVE-2014-3961xoops -- glossaire_moduleSQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.2014-06-027.5CVE-2014-3935Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoa10networks -- advanced_core_operating_systemBuffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information.2014-06-055.0CVE-2014-3976ajaydsouza -- contextual_related_postsCross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.2014-06-026.8CVE-2013-2710alex_kellner -- powermailCross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-044.3CVE-2014-3948alfresco -- alfrescoMultiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit.2014-06-024.3CVE-2014-2939apache -- tomcatInteger overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.2014-05-315.0CVE-2014-0075apache -- tomcatjava/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.2014-05-315.0CVE-2014-0095apache -- tomcatjava/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2014-05-314.3CVE-2014-0096apache -- tomcatInteger overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.2014-05-314.3CVE-2014-0099apache -- tomcatApache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.2014-05-314.3CVE-2014-0119auracms -- auracmsCross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.2014-06-054.3CVE-2014-3974auracms -- auracmsAbsolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.2014-06-055.0CVE-2014-3975bottomline -- transform_foundation_serverMultiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI.2014-06-054.3CVE-2014-2577bufferapp -- digg_diggCross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.2014-06-026.8CVE-2013-3258cisco -- unified_communications_domain_managerThe web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.2014-06-034.0CVE-2014-3280cogentdatahub -- cogent_datahubDirectory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname.2014-05-306.4CVE-2014-2352cogentdatahub -- cogent_datahubCross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-304.3CVE-2014-2353cogentdatahub -- cogent_datahubCogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.2014-05-305.0CVE-2014-2354copadata -- zenon_dnp3_ng_driverCOPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate attackers to cause a denial of service (infinite loop and process crash) via crafted input over a serial line.2014-06-054.0CVE-2014-2346corel -- quattro_pro_x6The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file.2014-06-054.3CVE-2012-4728dancer -- dancerCRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526.2014-05-305.0CVE-2012-5572danielkorte -- nodeaccesskeysThe Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing.2014-06-025.8CVE-2013-4596debian -- dpkgdpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.2014-05-305.0CVE-2014-3227debian -- dpkg-devDirectory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.2014-05-305.0CVE-2014-3864debian -- dpkg-devMultiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.2014-05-305.0CVE-2014-3865digital_zoom_studio -- video_galleryMultiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allchars.swf, or (4) preview_skin_overlay.swf in deploy/.2014-05-304.3CVE-2014-3923dleviet -- datalife_engineSession fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.2014-06-026.8CVE-2013-7387emc -- rsa_adaptive_authentication_hostedCross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-044.3CVE-2014-2502f5 -- big-ip_access_policy_managerCross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.2014-06-034.3CVE-2014-3959getpixie -- pixieMultiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemail or (2) subject parameter in the Contact form to contact/.2014-06-044.3CVE-2014-3786gnu -- gnutlsBuffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.2014-06-036.8CVE-2014-3466gnu -- gnutlsMultiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 data.2014-06-054.3CVE-2014-3467gnu -- gnutlsThe asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.2014-06-056.8CVE-2014-3468gnu -- gnutlsThe (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.2014-06-054.3CVE-2014-3469huawei -- webuiCross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document.2014-06-026.8CVE-2014-2946ibm -- db2The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.2014-05-306.5CVE-2013-6744ibm -- smart_analytics_system_7700Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events.2014-06-044.6CVE-2014-0935ibm -- websphere_service_registry_and_repositoryCross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2014-05-304.3CVE-2014-3010ipswitch -- imail_serverMultiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section.2014-06-054.3CVE-2014-3878lucas_clemente_vella -- libpam-pgsqllibpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.2014-06-035.0CVE-2013-0191mediawiki -- mediawikiSession fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.2014-06-026.8CVE-2012-5391mediawiki -- mediawikiSession fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.2014-06-026.8CVE-2012-5395mediawiki -- mediawikimaintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.2014-06-025.0CVE-2013-1818n-i-agroinformatics -- soy_cmsCross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-054.3CVE-2014-1998nero -- mediahomeMultiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow.2014-05-305.0CVE-2012-5876nero -- mediahomeNero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name.2014-05-305.0CVE-2012-5877network-weathermap -- .network_weathermapCross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.2014-06-054.3CVE-2013-2618network-weathermap -- .network_weathermapDirectory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.2014-06-055.0CVE-2013-3739openinfosecfoundation -- suricataSuricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.2014-05-305.0CVE-2013-5919opennms -- opennmsMultiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-044.3CVE-2014-3960openssl -- opensslThe dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.2014-06-056.8CVE-2014-0195openssl -- opensslThe dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.2014-06-054.3CVE-2014-0221openssl -- opensslOpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.2014-06-056.8CVE-2014-0224openssl -- opensslThe ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.2014-06-054.3CVE-2014-3470openstack -- keystoneOpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.2014-06-025.0CVE-2013-2014owncloud -- owncloudMultiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.2014-06-044.3CVE-2012-5056owncloud -- owncloudCRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.2014-06-044.3CVE-2012-5057owncloud -- owncloudlib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.2014-06-044.0CVE-2012-5336owncloud -- owncloudsettings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.2014-06-044.6CVE-2013-0204owncloud -- owncloudUnspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK.2014-06-055.0CVE-2013-0302owncloud -- owncloudownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.2014-06-054.0CVE-2013-0304owncloud -- owncloudThe installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.2014-06-045.0CVE-2013-1941owncloud -- owncloudCross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.2014-06-044.3CVE-2014-3832owncloud -- owncloudMultiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.2014-06-044.3CVE-2014-3833owncloud -- owncloudownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors.2014-06-045.5CVE-2014-3835owncloud -- owncloudMultiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.2014-06-046.8CVE-2014-3836owncloud -- owncloudThe document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.2014-06-044.0CVE-2014-3837owncloud -- owncloudownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.2014-06-044.0CVE-2014-3838owncloud -- owncloudownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors.2014-06-044.0CVE-2014-3963php -- phpThe cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.2014-06-015.0CVE-2014-0237php -- phpThe cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.2014-06-015.0CVE-2014-0238redhat -- openstackThe default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.2014-06-025.0CVE-2013-6470redhat -- openstackOpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.2014-06-024.3CVE-2014-0040redhat -- openstackOpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.2014-06-024.3CVE-2014-0041redhat -- openstackOpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.2014-06-024.3CVE-2014-0042redhat -- sossosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.2014-06-015.0CVE-2014-3925redhat -- enterprise_mrgThe Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.2014-06-054.0CVE-2014-3940rom_walton -- boincMultiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.2014-06-025.0CVE-2011-5280rom_walton -- boincFormat string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.2014-06-025.0CVE-2013-7386simple_popup_project -- simple_popupCross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter.2014-05-304.3CVE-2014-3921trend_micro -- interscan_messaging_security_virtual_applianceCross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.2014-05-304.3CVE-2014-3922trianglemicroworks -- scada_data_gatewayTriangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.2014-05-305.0CVE-2014-2342typo3 -- typo3TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."2014-06-035.0CVE-2014-3941typo3 -- typo3The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.2014-06-036.0CVE-2014-3942typo3 -- typo3The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.2014-06-035.8CVE-2014-3944typo3 -- typo3The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.2014-06-034.0CVE-2014-3945typo3 -- typo3The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.2014-06-034.0CVE-2014-3946vmware -- fusionVMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.2014-05-315.8CVE-2014-3793webmin -- userwinMultiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.2014-05-304.3CVE-2014-3924xen -- xenThe HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.2014-06-055.5CVE-2014-3967xen -- xenThe HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.2014-06-055.5CVE-2014-3968zemanta -- related_postsCross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.2014-06-026.8CVE-2013-3257zemanta -- related_postsCross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors.2014-06-026.8CVE-2013-3476znc -- zncZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp.2014-06-054.0CVE-2013-2130Back to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infodavid_bagley -- xlockmoreThe (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.2014-05-302.1CVE-2013-4143ibm -- sterling_control_centerOpen redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.2014-05-303.5CVE-2014-0925jo_hasenau -- gridelementsCross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.2014-06-043.5CVE-2014-3949mate-desktop -- mate-settings-daemonThe default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call.2014-05-302.1CVE-2012-5560newsignature -- addressfield_tokensCross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field.2014-06-023.5CVE-2014-3933redhat -- rhevm-dwhThe setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.2014-05-302.1CVE-2014-0202redhat -- enterprise_mrgkernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.2014-06-053.3CVE-2014-3917sendmail -- sendmailThe sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.2014-06-041.9CVE-2014-3956trianglemicroworks -- scada_data_gatewayTriangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.2014-05-302.1CVE-2014-2343typo3 -- typo3Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.2014-06-033.5CVE-2014-3943Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-153: Vulnerability Summary for the Week of May 26, 2014

Mon, 06/02/2014 - 14:37
Original release date: June 02, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- nexus_7000Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.2014-05-257.1CVE-2013-1191cisco -- wide_area_application_servicesCisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.2014-05-259.3CVE-2014-2196cisco -- nx-osCisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629.2014-05-257.1CVE-2014-2200cisco -- mds_9000The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915.2014-05-257.8CVE-2014-2201cisco -- cgr_1120Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.2014-05-257.6CVE-2014-3261citrix -- cloudplatformCitrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors.2014-05-237.5CVE-2013-2757coscms -- coscmsThe uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.2014-05-238.5CVE-2013-1668d-link -- dap-1350Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.2014-05-277.5CVE-2014-3872emc -- documentum_d2EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method.2014-05-259.0CVE-2014-2504geodesicsolutions -- geocore_maxMultiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823.2014-05-277.5CVE-2014-3871hp -- operations_manager_iUnspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator role.2014-05-258.5CVE-2014-2607ibm -- websphere_commerceIBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request.2014-05-257.1CVE-2014-0943pandasecurity -- panda_av_pro_2014Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors.2014-05-237.2CVE-2014-3450squash -- square_squashThe Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb.2014-05-277.5CVE-2013-5036uplawski -- creme_fraicheThe set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.2014-05-279.3CVE-2013-2090wpshopstyling -- wp-ecommerce-shop-stylingPHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter.2014-05-277.5CVE-2013-0724Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- couchdbApache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.2014-05-236.8CVE-2012-5649apache -- hbaseApache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors.2014-05-294.3CVE-2013-2193apache -- cloudstackApache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.2014-05-235.0CVE-2013-2756apache -- cloudstackApache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.2014-05-235.0CVE-2013-2758axway -- email_firewallAxway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests.2014-05-275.0CVE-2012-6452bib2html_project -- bib2htmlCross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php.2014-05-274.3CVE-2014-3870cisco -- security_managerCross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189.2014-05-254.3CVE-2014-3266cisco -- security_managerCross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.2014-05-256.8CVE-2014-3267cisco -- tidal_enterprise_schedulerThe Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074.2014-05-256.0CVE-2014-3272cisco -- telepresence_system_softwareCisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.2014-05-254.3CVE-2014-3274cisco -- identity_services_engine_softwareSQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.2014-05-256.5CVE-2014-3275cisco -- identity_services_engine_softwareCisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.2014-05-254.0CVE-2014-3276cisco -- unified_communications_domain_managerThe Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005.2014-05-294.0CVE-2014-3277cisco -- unified_communications_domain_managerThe Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.2014-05-295.0CVE-2014-3279cisco -- unified_communications_domain_managerThe Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930.2014-05-294.0CVE-2014-3282cisco -- unified_communications_domain_managerOpen redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731.2014-05-295.8CVE-2014-3283cisco -- asr_1001_routerCisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.2014-05-256.1CVE-2014-3284cisco -- wide_area_application_servicesCisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674.2014-05-295.0CVE-2014-3285davistribe -- google_doc_embedderDirectory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.2014-05-295.0CVE-2012-4915dovecot -- dovecotThe IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.2014-05-275.0CVE-2013-2111ekiga -- ekigaThe Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."2014-05-234.3CVE-2013-1864emc -- rsa_archer_egrcMultiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-254.3CVE-2014-0639gentoo -- nullmailerThe Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.2014-05-235.0CVE-2013-4223glpi-project -- glpiinc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.2014-05-276.4CVE-2013-2225google_authenticator_login_project -- ga_loginThe Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors.2014-05-295.0CVE-2013-4177google_authenticator_login_project -- ga_loginThe Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password (OTP).2014-05-295.0CVE-2013-4178groups,_communities_and_co_project -- gccThe Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors.2014-05-275.0CVE-2013-4598ibm -- maximo_asset_managementCRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.2014-05-264.3CVE-2012-3333ibm -- sametimeUnspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.2014-05-265.0CVE-2013-3975ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.2014-05-264.3CVE-2013-3977ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room.2014-05-265.0CVE-2013-3980ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.2014-05-265.0CVE-2013-3981ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.2014-05-265.0CVE-2013-3982ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.2014-05-265.0CVE-2013-3984ibm -- change_and_configuration_management_databaseSQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.2014-05-266.5CVE-2013-4016ibm -- maximo_asset_managementIBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors.2014-05-266.0CVE-2013-5464ibm -- change_and_configuration_management_databaseIBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.2014-05-266.5CVE-2013-5465ibm -- tivoli_storage_manager_for_virtual_environmentsThe Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (disk consumption) via unspecified GUI actions.2014-05-264.1CVE-2013-6713ibm -- tivoli_storage_flashcopy_managerThe FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.2014-05-264.1CVE-2013-6714ibm -- maximo_asset_managementIBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.2014-05-266.0CVE-2014-0849ibm -- java_sdkThe IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.2014-05-265.8CVE-2014-0878ibm -- maximo_asset_managementCross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.2014-05-264.3CVE-2014-0893ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie.2014-05-264.3CVE-2014-0906ibm -- sametimeCross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2014-05-264.3CVE-2014-3014ibm -- sametime_proxy_server_and_web_clientCross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.2014-05-256.8CVE-2014-3015ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984.2014-05-265.0CVE-2014-3867imember360 -- imember360The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.2014-05-235.0CVE-2014-3848imember360 -- imember360The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter.2014-05-234.3CVE-2014-3849izarc -- izarcIZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as demonstrated by unintended code execution prompted by a .jpg extension in the Central Directory and a .exe extension in the local file header.2014-05-276.8CVE-2014-2720jasig -- uportaluPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet.2014-05-296.5CVE-2014-3416jasig -- uportaluPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.2014-05-296.5CVE-2014-3417kieranoshea -- calendarCross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors.2014-05-276.8CVE-2013-2698krisonav -- krisonavCross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.2014-05-234.3CVE-2013-2712krisonav -- krisonavCross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.2014-05-236.8CVE-2013-2713libguestfs -- libguestfsDouble free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.2014-05-274.3CVE-2013-2124linux -- linux_kernelThe futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command.2014-05-264.9CVE-2012-6647mantisbt -- mantisbtMantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" match type.2014-05-275.0CVE-2013-1883modwsgi -- mod_wsgiThe mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.2014-05-276.2CVE-2014-0240moodle -- moodleMultiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests.2014-05-266.8CVE-2014-0213moodle -- moodlelogin/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.2014-05-266.8CVE-2014-0214moodle -- moodleThe blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML source.2014-05-264.0CVE-2014-0215moodle -- moodleThe My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block.2014-05-265.0CVE-2014-0216moodle -- moodleenrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL.2014-05-264.3CVE-2014-0217moodle -- moodleCross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-264.3CVE-2014-0218nullsoft -- winampWinamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.2014-05-234.3CVE-2014-3442openbsd -- opensmtpdOpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.2014-05-275.0CVE-2013-2125oswald_buddenhagen -- isyncIsync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2014-05-234.3CVE-2013-0289paul_mattes -- x3270x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2014-05-275.8CVE-2012-5662redhat -- freeipaThe default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.2014-05-295.0CVE-2013-0199samba -- sambaThe internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.2014-05-285.0CVE-2014-0239sharetronix -- sharetronixCross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a user via the admin parameter to admin/administrators.2014-05-296.8CVE-2014-3414sharetronix -- sharetronixSQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group.2014-05-296.5CVE-2014-3415sosreport_project -- sosreportSOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.2014-05-294.3CVE-2014-0246usercake -- usercakeMultiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.2014-05-266.8CVE-2014-3866zemanta -- related_postsCross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors.2014-05-276.8CVE-2013-3477Back to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infohub_project -- hubThe am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.2014-05-273.6CVE-2014-0177ibm -- maximo_asset_managementfrontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.2014-05-263.5CVE-2013-2998ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests.2014-05-262.9CVE-2013-3046ibm -- maximo_asset_managementIBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors.2014-05-263.5CVE-2013-5460ibm -- change_and_configuration_management_databaseIBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.2014-05-263.5CVE-2013-6741ibm -- change_and_configuration_management_databaseCross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.2014-05-263.5CVE-2014-0824ibm -- change_and_configuration_management_databaseCross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.2014-05-263.5CVE-2014-0825mayan-edms -- mayan_edmsMultiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form.2014-05-273.5CVE-2014-3840openstack -- heatOpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.2014-05-233.5CVE-2014-3801redhat -- rhevm-reportsThe setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.2014-05-292.1CVE-2014-0199redhat -- rhevm-reportsThe Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the file.2014-05-292.1CVE-2014-0200redhat -- rhevm-reportsovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files.2014-05-292.1CVE-2014-0201samba -- sambaSamba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.2014-05-283.5CVE-2014-0178Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-153: Vulnerability Summary for the Week of May 26, 2014

Mon, 06/02/2014 - 14:37
Original release date: June 02, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- nexus_7000Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.2014-05-257.1CVE-2013-1191cisco -- wide_area_application_servicesCisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.2014-05-259.3CVE-2014-2196cisco -- nx-osCisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629.2014-05-257.1CVE-2014-2200cisco -- mds_9000The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915.2014-05-257.8CVE-2014-2201cisco -- cgr_1120Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.2014-05-257.6CVE-2014-3261citrix -- cloudplatformCitrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors.2014-05-237.5CVE-2013-2757coscms -- coscmsThe uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.2014-05-238.5CVE-2013-1668d-link -- dap-1350Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.2014-05-277.5CVE-2014-3872emc -- documentum_d2EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method.2014-05-259.0CVE-2014-2504geodesicsolutions -- geocore_maxMultiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823.2014-05-277.5CVE-2014-3871hp -- operations_manager_iUnspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator role.2014-05-258.5CVE-2014-2607ibm -- websphere_commerceIBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request.2014-05-257.1CVE-2014-0943pandasecurity -- panda_av_pro_2014Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors.2014-05-237.2CVE-2014-3450squash -- square_squashThe Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb.2014-05-277.5CVE-2013-5036uplawski -- creme_fraicheThe set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.2014-05-279.3CVE-2013-2090wpshopstyling -- wp-ecommerce-shop-stylingPHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter.2014-05-277.5CVE-2013-0724Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- couchdbApache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.2014-05-236.8CVE-2012-5649apache -- hbaseApache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors.2014-05-294.3CVE-2013-2193apache -- cloudstackApache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.2014-05-235.0CVE-2013-2756apache -- cloudstackApache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.2014-05-235.0CVE-2013-2758axway -- email_firewallAxway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests.2014-05-275.0CVE-2012-6452bib2html_project -- bib2htmlCross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php.2014-05-274.3CVE-2014-3870cisco -- security_managerCross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189.2014-05-254.3CVE-2014-3266cisco -- security_managerCross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.2014-05-256.8CVE-2014-3267cisco -- tidal_enterprise_schedulerThe Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074.2014-05-256.0CVE-2014-3272cisco -- telepresence_system_softwareCisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.2014-05-254.3CVE-2014-3274cisco -- identity_services_engine_softwareSQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.2014-05-256.5CVE-2014-3275cisco -- identity_services_engine_softwareCisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.2014-05-254.0CVE-2014-3276cisco -- unified_communications_domain_managerThe Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005.2014-05-294.0CVE-2014-3277cisco -- unified_communications_domain_managerThe Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.2014-05-295.0CVE-2014-3279cisco -- unified_communications_domain_managerThe Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930.2014-05-294.0CVE-2014-3282cisco -- unified_communications_domain_managerOpen redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731.2014-05-295.8CVE-2014-3283cisco -- asr_1001_routerCisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.2014-05-256.1CVE-2014-3284cisco -- wide_area_application_servicesCisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674.2014-05-295.0CVE-2014-3285davistribe -- google_doc_embedderDirectory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.2014-05-295.0CVE-2012-4915dovecot -- dovecotThe IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.2014-05-275.0CVE-2013-2111ekiga -- ekigaThe Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."2014-05-234.3CVE-2013-1864emc -- rsa_archer_egrcMultiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-254.3CVE-2014-0639gentoo -- nullmailerThe Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.2014-05-235.0CVE-2013-4223glpi-project -- glpiinc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.2014-05-276.4CVE-2013-2225google_authenticator_login_project -- ga_loginThe Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors.2014-05-295.0CVE-2013-4177google_authenticator_login_project -- ga_loginThe Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password (OTP).2014-05-295.0CVE-2013-4178groups,_communities_and_co_project -- gccThe Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors.2014-05-275.0CVE-2013-4598ibm -- maximo_asset_managementCRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.2014-05-264.3CVE-2012-3333ibm -- sametimeUnspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.2014-05-265.0CVE-2013-3975ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.2014-05-264.3CVE-2013-3977ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room.2014-05-265.0CVE-2013-3980ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.2014-05-265.0CVE-2013-3981ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.2014-05-265.0CVE-2013-3982ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.2014-05-265.0CVE-2013-3984ibm -- change_and_configuration_management_databaseSQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.2014-05-266.5CVE-2013-4016ibm -- maximo_asset_managementIBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors.2014-05-266.0CVE-2013-5464ibm -- change_and_configuration_management_databaseIBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.2014-05-266.5CVE-2013-5465ibm -- tivoli_storage_manager_for_virtual_environmentsThe Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (disk consumption) via unspecified GUI actions.2014-05-264.1CVE-2013-6713ibm -- tivoli_storage_flashcopy_managerThe FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.2014-05-264.1CVE-2013-6714ibm -- maximo_asset_managementIBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.2014-05-266.0CVE-2014-0849ibm -- java_sdkThe IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.2014-05-265.8CVE-2014-0878ibm -- maximo_asset_managementCross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.2014-05-264.3CVE-2014-0893ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie.2014-05-264.3CVE-2014-0906ibm -- sametimeCross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2014-05-264.3CVE-2014-3014ibm -- sametime_proxy_server_and_web_clientCross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.2014-05-256.8CVE-2014-3015ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984.2014-05-265.0CVE-2014-3867imember360 -- imember360The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.2014-05-235.0CVE-2014-3848imember360 -- imember360The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter.2014-05-234.3CVE-2014-3849izarc -- izarcIZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as demonstrated by unintended code execution prompted by a .jpg extension in the Central Directory and a .exe extension in the local file header.2014-05-276.8CVE-2014-2720jasig -- uportaluPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet.2014-05-296.5CVE-2014-3416jasig -- uportaluPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.2014-05-296.5CVE-2014-3417kieranoshea -- calendarCross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors.2014-05-276.8CVE-2013-2698krisonav -- krisonavCross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.2014-05-234.3CVE-2013-2712krisonav -- krisonavCross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.2014-05-236.8CVE-2013-2713libguestfs -- libguestfsDouble free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.2014-05-274.3CVE-2013-2124linux -- linux_kernelThe futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command.2014-05-264.9CVE-2012-6647mantisbt -- mantisbtMantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" match type.2014-05-275.0CVE-2013-1883modwsgi -- mod_wsgiThe mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.2014-05-276.2CVE-2014-0240moodle -- moodleMultiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests.2014-05-266.8CVE-2014-0213moodle -- moodlelogin/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.2014-05-266.8CVE-2014-0214moodle -- moodleThe blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML source.2014-05-264.0CVE-2014-0215moodle -- moodleThe My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block.2014-05-265.0CVE-2014-0216moodle -- moodleenrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL.2014-05-264.3CVE-2014-0217moodle -- moodleCross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-264.3CVE-2014-0218nullsoft -- winampWinamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.2014-05-234.3CVE-2014-3442openbsd -- opensmtpdOpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.2014-05-275.0CVE-2013-2125oswald_buddenhagen -- isyncIsync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2014-05-234.3CVE-2013-0289paul_mattes -- x3270x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2014-05-275.8CVE-2012-5662redhat -- freeipaThe default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.2014-05-295.0CVE-2013-0199samba -- sambaThe internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.2014-05-285.0CVE-2014-0239sharetronix -- sharetronixCross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a user via the admin parameter to admin/administrators.2014-05-296.8CVE-2014-3414sharetronix -- sharetronixSQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group.2014-05-296.5CVE-2014-3415sosreport_project -- sosreportSOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.2014-05-294.3CVE-2014-0246usercake -- usercakeMultiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.2014-05-266.8CVE-2014-3866zemanta -- related_postsCross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors.2014-05-276.8CVE-2013-3477Back to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infohub_project -- hubThe am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.2014-05-273.6CVE-2014-0177ibm -- maximo_asset_managementfrontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.2014-05-263.5CVE-2013-2998ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests.2014-05-262.9CVE-2013-3046ibm -- maximo_asset_managementIBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors.2014-05-263.5CVE-2013-5460ibm -- change_and_configuration_management_databaseIBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.2014-05-263.5CVE-2013-6741ibm -- change_and_configuration_management_databaseCross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.2014-05-263.5CVE-2014-0824ibm -- change_and_configuration_management_databaseCross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.2014-05-263.5CVE-2014-0825mayan-edms -- mayan_edmsMultiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form.2014-05-273.5CVE-2014-3840openstack -- heatOpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.2014-05-233.5CVE-2014-3801redhat -- rhevm-reportsThe setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.2014-05-292.1CVE-2014-0199redhat -- rhevm-reportsThe Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the file.2014-05-292.1CVE-2014-0200redhat -- rhevm-reportsovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files.2014-05-292.1CVE-2014-0201samba -- sambaSamba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.2014-05-283.5CVE-2014-0178Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-146: Vulnerability Summary for the Week of May 19, 2014

Mon, 05/26/2014 - 21:12
Original release date: May 26, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocall-cc -- chickenBuffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.2014-05-207.5CVE-2014-3776canonical -- ltsp_display_managerThe default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allows remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.2014-05-2110.0CVE-2012-1166cogentdatahub -- cogent_datahubHeap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request.2014-05-227.5CVE-2014-3788cogentdatahub -- cogent_datahubGetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.2014-05-227.5CVE-2014-3789construtiva -- cis_manager_cmsSQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp.2014-05-207.5CVE-2014-3749controlsystemworks -- csworksSQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.2014-05-207.5CVE-2014-2351efssoft -- easy_file_sharing_web_serverStack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.2014-05-2010.0CVE-2014-3791emerson -- deltavEmerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.2014-05-227.5CVE-2014-2350google -- chromeUse-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.2014-05-217.5CVE-2014-1743google -- chromeInteger overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation.2014-05-217.5CVE-2014-1744google -- chromeUse-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.2014-05-217.5CVE-2014-1745google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2014-05-217.5CVE-2014-1749google -- chromeInteger underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.2014-05-217.5CVE-2014-3152hanon -- faceidHanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.2014-05-2210.0CVE-2014-2938ibm -- websphere_portalIBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.2014-05-227.5CVE-2014-0954juniper -- network_and_security_manager_softwareUnspecified vulnerability in the NSM XDB service in NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors.2014-05-1910.0CVE-2014-3411juniper -- junos_spaceUnspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors.2014-05-2010.0CVE-2014-3412libgadu -- libgadulibgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.2014-05-227.5CVE-2014-3775microp_project -- micropStack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is probably caused by a separate, unnamed function.2014-05-227.5CVE-2010-5299microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.2014-05-229.3CVE-2014-1770openvas -- openvas_managerOpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.2014-05-197.5CVE-2013-6765openvas -- openvas_administratorOpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC.2014-05-197.5CVE-2013-6766realnetworks -- realplayerThe GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.2014-05-209.3CVE-2014-3444skyboxsecurity -- skybox_view_appliance_isoSkybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.2014-05-178.5CVE-2014-2084x2go -- x2go_serverx2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks.2014-05-209.0CVE-2013-7383yokogawa -- b/m9000_vp_softwareStack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.2014-05-168.3CVE-2014-0782Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1323apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1324apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1326apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1327apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1329apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1330apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1331apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1333apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1334apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1335apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1336apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1337apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1338apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1339apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1341apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1342apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1343apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1344apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.2014-05-225.0CVE-2014-1346apple -- itunesApple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.2014-05-184.4CVE-2014-1347barracudadrive -- barracudadriveMultiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) blog, (2) bloggeruser, or (3) bloggerpasswd parameter to private/manage/.2014-05-214.3CVE-2014-3807barracudadrive -- barracudadriveMultiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) role parameter to roles.lsp, (2) name parameter to user.lsp, (3) path parameter to wizard/setuser.lsp, (4) host parameter to tunnelconstr.lsp, or (5) newpath parameter to wfsconstr.lsp in rtl/protected/admin/.2014-05-214.3CVE-2014-3808beetel -- 450tc2_routerCross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Password and uiViewTools_PasswordConfirm parameters to Forms/tools_admin_1.2014-05-206.8CVE-2014-3792bizagi -- business_process_management_suiteCross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter.2014-05-224.3CVE-2014-2947bizagi -- business_process_management_suiteSQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request.2014-05-226.5CVE-2014-2948cisco -- nx-osDirectory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.2014-05-204.6CVE-2013-6975cisco -- unified_web_and_e-mail_interaction_managerCross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033.2014-05-204.3CVE-2014-2192cisco -- unified_web_and_e-mail_interaction_managerCisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.2014-05-204.3CVE-2014-2193cisco -- unified_web_and_e-mail_interaction_managersystem/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity.2014-05-206.8CVE-2014-2194cisco -- content_security_management_applianceCisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.2014-05-204.3CVE-2014-2195cisco -- webex_business_suitemeetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.2014-05-205.0CVE-2014-2199cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug ID CSCun69561.2014-05-206.3CVE-2014-3264cisco -- security_managerCross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900.2014-05-204.3CVE-2014-3265cisco -- unified_border_elementCisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packets, aka Bug ID CSCuj72215.2014-05-205.0CVE-2014-3268cisco -- ios_xeThe SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204.2014-05-206.8CVE-2014-3269cisco -- ios_xrThe DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.2014-05-205.0CVE-2014-3270cisco -- ios_xrThe DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.2014-05-205.0CVE-2014-3271cisco -- iosThe LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.2014-05-206.1CVE-2014-3273dotclear -- dotclearSQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.2014-05-226.5CVE-2014-3783emerson -- deltavEmerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges.2014-05-224.6CVE-2014-2349flag_module_project -- flagEval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.2014-05-176.5CVE-2014-3453flying_cart -- flying_cartCross-site scripting (XSS) vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php.2014-05-224.3CVE-2014-3846gitlab -- gitlabThe Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.2014-05-176.5CVE-2013-4489google -- chromeThe InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.2014-05-215.0CVE-2014-1746google -- chromeCross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."2014-05-214.3CVE-2014-1747google -- chromeThe ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.2014-05-215.0CVE-2014-1748google -- chromeThe SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.2014-05-214.3CVE-2014-3803hp -- icewall_mcrpUnspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors.2014-05-225.0CVE-2014-2604ibm -- websphere_portalIBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request.2014-05-225.0CVE-2014-0949ibm -- websphere_portalCross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-224.3CVE-2014-0951ibm -- websphere_portalCross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-224.3CVE-2014-0952ibm -- websphere_portalCross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-05-224.3CVE-2014-0955ibm -- websphere_portalCross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-224.3CVE-2014-0956ibm -- websphere_portalOpen redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2014-05-224.3CVE-2014-0958ibm -- websphere_portalIBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect.2014-05-224.0CVE-2014-0959imember360 -- imember360Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter.2014-05-224.3CVE-2014-3842intel -- ideo_videoir41_32.ax 4.51.16.3 for Intel Ideo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file.2014-05-194.3CVE-2014-3735k-litecodec -- k-lite_codecFilters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .jpg file.2014-05-164.3CVE-2014-3452livezilla -- livezillaLiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.2014-05-194.3CVE-2013-7033livezilla -- livezillaLiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033.2014-05-196.8CVE-2013-7385mahara -- maharaMahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block.2014-05-194.0CVE-2013-4429mahara -- maharaCross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php.2014-05-194.3CVE-2013-4430mahara -- maharaMahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.2014-05-195.5CVE-2013-4431mahara -- maharaMahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.2014-05-194.0CVE-2013-4432mail_on_update_project -- mail_on_updateCross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix.2014-05-226.8CVE-2013-2107microsoft -- debug_interface_access_software_development_kitmsdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.2014-05-206.8CVE-2014-3802netiq -- sentinelDirectory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.2014-05-206.8CVE-2014-3460opentext -- exceed_ondemandOpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file.2014-05-195.0CVE-2013-6805opentext -- exceed_ondemandOpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext.2014-05-196.8CVE-2013-6806opentext -- exceed_ondemandThe client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.2014-05-196.8CVE-2013-6807opentext -- exceed_ondemandOpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.2014-05-196.4CVE-2013-6994pocoo -- jinja2FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.2014-05-194.4CVE-2014-0012pocoo -- jinja2The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.2014-05-194.4CVE-2014-1402python -- pythonPython 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.2014-05-194.3CVE-2013-7040quick_tabs_module_project -- quicktabsThe Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab.2014-05-195.0CVE-2013-4406sap -- netweaverSAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.2014-05-195.0CVE-2014-3787seopanel -- seo_panelMultiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to proxy.php.2014-05-204.3CVE-2014-1855spumko_project -- hapi_server_frameworkThe hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors.2014-05-165.0CVE-2014-3742tech-banker -- contact_bankCross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information.2014-05-224.3CVE-2014-3841tinymce -- color_pickerThe TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.2014-05-225.0CVE-2014-3844tinymce -- color_pickerCross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information.2014-05-226.8CVE-2014-3845typo3 -- typo3The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.2014-05-204.0CVE-2012-6146typo3 -- typo3The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 does not properly check file extensions, which allows remote authenticated editors to execute arbitrary PHP code by uploading a .php file.2014-05-206.5CVE-2013-4250typo3 -- typo3The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.2014-05-205.5CVE-2013-4320typo3 -- typo3The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.2014-05-206.5CVE-2013-4321unrealircd -- unrealircdUse-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference.2014-05-195.0CVE-2013-6413unrealircd -- unrealircdUnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types.2014-05-195.0CVE-2013-7384urbanairship -- python-oauth2The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.2014-05-204.3CVE-2013-4346urbanairship -- python-oauth2The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.2014-05-205.8CVE-2013-4347vicidial -- vicidialVICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.2014-05-175.0CVE-2013-7382vmturbo -- operations_managerDirectory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.2014-05-215.0CVE-2014-3806wordpress -- booking_systemSQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.2014-05-226.5CVE-2014-3210zemanta -- search_everythingCross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.2014-05-226.8CVE-2014-3843zenoss -- zenossCross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.2014-05-204.3CVE-2014-3738zenoss -- zenossOpen redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter.2014-05-205.8CVE-2014-3739Back to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoflorian_weber -- spacesThe Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.2014-05-172.1CVE-2013-4498gdm-guest-session_project -- gdm-guest-sessiongdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue.2014-05-222.1CVE-2012-6648gnome -- gnome-terminalThe "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string, "\033[100000000000000000@".2014-05-213.5CVE-2011-2198leon_weber -- pyxtrlockpyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash.2014-05-193.6CVE-2013-4426leon_weber -- pyxtrlockpyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access to the keyboard or mouse without unlocking the screen via unspecified vectors.2014-05-192.1CVE-2013-4427mediafront -- mediafrontCross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings.2014-05-202.1CVE-2013-4380robert_ancell -- lightdmdebian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.2014-05-222.1CVE-2012-0943xen -- xenThe ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow.2014-05-193.3CVE-2014-3714xen -- xenBuffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.2014-05-193.3CVE-2014-3715xen -- xenXen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.2014-05-191.9CVE-2014-3716xen -- xenXen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.2014-05-193.3CVE-2014-3717Back to top

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical