Security Bulletins

Syndicate content
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Updated: 15 min 10 sec ago

SB14-209: Vulnerability Summary for the Week of July 21, 2014

Mon, 07/28/2014 - 20:44
Original release date: July 28, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacme -- micro_httpdBuffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.2014-07-247.8CVE-2014-4927
BID
EXPLOIT-DB
MISC
OSVDBadvantech -- advantech_webaccessMultiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.2014-07-197.5CVE-2014-2364attachmate -- verastream_process_designerUnrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.2014-07-2410.0CVE-2014-0607autodesk -- sketchbook_proInteger overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow.2014-07-239.3CVE-2014-3938
MISC
SECUNIAautodesk -- sketchbook_proHeap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file.2014-07-239.3CVE-2014-3939
MISC
SECUNIAbfgminer -- bfgminerMultiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.2014-07-2310.0CVE-2014-4501
FULLDISCbfgminer -- bfgminerMultiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.2014-07-2310.0CVE-2014-4502
CONFIRM
FULLDISCblogengine -- e2SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.2014-07-247.5CVE-2014-4736
MISC
BID
BUGTRAQcitrix -- xenserverBuffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.2014-07-2210.0CVE-2014-4947
BIDcybozu -- garoonThe CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.2014-07-2010.0CVE-2014-1987cybozu -- garoonCybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.2014-07-207.5CVE-2014-1996elasticsearch -- logstashElasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.2014-07-227.5CVE-2014-4326
BUGTRAQ
CONFIRMfuelphp -- fuelphpThe auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.2014-07-207.5CVE-2014-1999gitlist -- gitlistGitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.2014-07-227.5CVE-2013-7392
MISC
MISCgitlist -- gitlistGitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.2014-07-227.5CVE-2014-4511
CONFIRM
EXPLOIT-DB
EXPLOIT-DB
MISC
MISC
MISCgoogle -- chromeThe ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.2014-07-207.5CVE-2014-3160
CONFIRM
CONFIRMgoogle -- chromeThe WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream.2014-07-207.5CVE-2014-3161
CONFIRM
CONFIRMhoneywell -- falcon_xlweb_linux_controllerHoneywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.2014-07-247.6CVE-2014-2717joomlaboat -- com_youtubegalleryMultiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.2014-07-217.5CVE-2014-4960
BID
EXPLOIT-DBlimesurvey -- limesurveySQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter.2014-07-217.5CVE-2014-5017
MISCmozilla -- firefoxUse-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.2014-07-2310.0CVE-2014-1544
CONFIRMmozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2014-07-2310.0CVE-2014-1547
CONFIRM
CONFIRM
CONFIRM
CONFIRMmozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2014-07-2310.0CVE-2014-1548
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMmozilla -- firefoxThe mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering.2014-07-239.3CVE-2014-1549
CONFIRMmozilla -- firefoxUse-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.2014-07-2310.0CVE-2014-1550
CONFIRMmozilla -- firefoxUse-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object.2014-07-2310.0CVE-2014-1551
CONFIRMmozilla -- firefoxUse-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.2014-07-239.3CVE-2014-1555
CONFIRMmozilla -- firefoxMozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.2014-07-239.3CVE-2014-1556
CONFIRMmozilla -- firefoxThe ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.2014-07-239.3CVE-2014-1557
CONFIRMoleumtech -- sensor_wireless_i/o_moduleOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.2014-07-247.5CVE-2014-2360oleumtech -- sensor_wireless_i/o_moduleOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.2014-07-247.2CVE-2014-2361oleumtech -- sensor_wireless_i/o_moduleOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.2014-07-247.8CVE-2014-2362redhat -- jboss_enterprise_application_platformThe org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.2014-07-227.5CVE-2014-3530Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadvantech -- advantech_webaccessUnspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.2014-07-195.5CVE-2014-2365advantech -- advantech_webaccessupAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.2014-07-194.0CVE-2014-2366advantech -- advantech_webaccessThe ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.2014-07-194.3CVE-2014-2367advantech -- advantech_webaccessThe BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.2014-07-195.0CVE-2014-2368apache -- http_serverThe cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.2014-07-204.3CVE-2013-4352
CONFIRM
CONFIRM
CONFIRMapache -- http_serverThe mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.2014-07-204.3CVE-2014-0117
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRMapache -- http_serverThe deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.2014-07-204.3CVE-2014-0118
CONFIRM
CONFIRM
CONFIRMapache -- http_serverRace condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.2014-07-206.8CVE-2014-0226
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRMapache -- http_serverThe mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.2014-07-205.0CVE-2014-0231
CONFIRM
CONFIRM
CONFIRM
CONFIRMapache -- http_serverMemory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.2014-07-205.0CVE-2014-3523
CONFIRM
CONFIRMcanonical -- acpi-supportRace condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.2014-07-246.9CVE-2014-1419
CONFIRMcgminer_project -- cgminerThe parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.2014-07-234.3CVE-2014-4503
FULLDISCcisco -- asr_9000_rsp440_routerCisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.2014-07-246.1CVE-2014-3322cisco -- unified_customer_voice_portalMultiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733.2014-07-194.3CVE-2014-3325citrix -- xenserverUnspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).2014-07-226.4CVE-2014-4948
BIDcybozu -- garoonThe Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.2014-07-204.0CVE-2014-1993dell -- sonicwall_analyzerCross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.2014-07-244.3CVE-2014-5024
BID
FULLDISC
MISCdrupal -- drupalThe multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.2014-07-225.0CVE-2014-5019
DEBIANdrupal -- drupalThe File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.2014-07-224.9CVE-2014-5020
DEBIANdrupal -- drupalCross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.2014-07-224.3CVE-2014-5022
DEBIANe107 -- e107Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.2014-07-214.3CVE-2014-4734
MISC
CONFIRM
BID
BUGTRAQemc -- recoverpoint_applianceThe default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports, or cause a denial of service, by sending packets to many ports.2014-07-195.8CVE-2014-2519
BUGTRAQentity_api_module_project -- entity_api_moduleThe Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector.2014-07-194.0CVE-2013-4273
CONFIRM
MLISTentity_api_module_project -- entity_api_moduleThe Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations.2014-07-195.0CVE-2013-7391
MLISTeterna -- bozohttpdbozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.2014-07-245.0CVE-2014-5015
XF
BID
OSVDB
CONFIRM
MLISTgitlist -- gitlistRepository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.2014-07-226.8CVE-2014-5023
MISCgoogle -- chromeThe WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors.2014-07-206.4CVE-2014-3159
CONFIRM
CONFIRMgoogle -- chromeMultiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2014-07-205.0CVE-2014-3162
CONFIRMhoneywell -- falcon_xlweb_linux_controllerMultiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.2014-07-244.3CVE-2014-3110huawei -- e355_web_uiCross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message.2014-07-244.3CVE-2014-2968ibm -- storwize_unified_v7000_softwareIBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account.2014-07-196.5CVE-2014-3043

ibm -- infosphere_master_data_management_
collaboration_server

The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to read arbitrary files via a crafted UNIX file parameter.2014-07-196.3CVE-2014-3064
XFlimesurvey -- limesurveyMultiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to application/views/admin/globalSettings_view.php, or (3) a crafted CSV file to the "Import CSV" functionality.2014-07-214.3CVE-2014-5016
MISClimesurvey -- limesurveyIncomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.2014-07-214.3CVE-2014-5018
MISClinux -- linux_kernelThe PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.2014-07-196.9CVE-2014-4943
CONFIRM
CONFIRM
MLISTmit -- kerberosMIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.2014-07-205.0CVE-2014-4341
CONFIRMmit -- kerberosMIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.2014-07-205.0CVE-2014-4342
CONFIRMmozilla -- firefoxMozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.2014-07-235.8CVE-2014-1552
CONFIRMmozilla -- firefoxMozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559.2014-07-234.3CVE-2014-1558
CONFIRMmozilla -- firefoxMozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558.2014-07-234.3CVE-2014-1559
CONFIRMmozilla -- firefoxMozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.2014-07-234.3CVE-2014-1560
CONFIRMmozilla -- firefoxMozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.2014-07-235.8CVE-2014-1561
CONFIRM
CONFIRMnexatechnologies -- meridianCross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-07-204.3CVE-2014-3892nextapp -- file_explorerDirectory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.2014-07-205.0CVE-2014-1973octavocms -- octavocmsCross-site scripting (XSS) vulnerability in admin/viewer.php in OctavoCMS allows remote attackers to inject arbitrary web script or HTML via the src parameter.2014-07-194.3CVE-2014-4331
BID
BUGTRAQ
VIMomeka -- omekaMultiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.2014-07-256.8CVE-2014-5100
XF
XF
MISC
MISC
BID
EXPLOIT-DB
MISComron -- ns10_hmi_terminalCross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.2014-07-246.0CVE-2014-2369openstack -- neutronOpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.2014-07-234.0CVE-2014-3555
MISC
BID
MLISTphp_kobo -- multifunctional_mailform_freeCross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header.2014-07-204.3CVE-2014-3894phpmyadmin -- phpmyadminserver_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.2014-07-204.0CVE-2014-4987
CONFIRMpolarssl -- polarsslThe ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.2014-07-225.0CVE-2014-4911
DEBIANredhat -- enterprise_mrgCumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link.2014-07-195.0CVE-2012-2682
CONFIRMredhat -- jboss_enterprise_application_platformjmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors.2014-07-226.8CVE-2014-3518reviewboard -- review_boardCross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.2014-07-254.3CVE-2014-5027
BID
MLIST
MLISTsiemens -- simatic_pcs7The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.2014-07-245.0CVE-2014-4682siemens -- simatic_pcs7The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.2014-07-244.9CVE-2014-4683siemens -- simatic_pcs7The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.2014-07-246.0CVE-2014-4684siemens -- simatic_pcs7Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.2014-07-244.6CVE-2014-4685siemens -- simatic_pcs7The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030.2014-07-246.8CVE-2014-4686sophos -- anti-virusMultiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter to exclusion/configure or (4) text:EmailServer or (5) newListList:Email parameter to notification/configure.2014-07-224.3CVE-2014-2385
MISC
SECTRACK
FULLDISCtenable -- nessusThe /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.2014-07-235.0CVE-2014-4980
SECTRACK
BID
BUGTRAQ
OSVDB
MISC
MISCubnt -- unifi_videoThe default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.2014-07-256.0CVE-2014-2227
BID
MISC
FULLDISCwebmin -- userminCross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.2014-07-204.3CVE-2014-3884webmin -- webminCross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.2014-07-204.3CVE-2014-3885x -- xf86-video-intelDirectory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.2014-07-244.6CVE-2014-4910
XF
MLIST
MLIST
OSVDB
MLISTBack to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- cupsThe web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.2014-07-231.2CVE-2014-3537
CONFIRM
UBUNTU
SECTRACK
CONFIRM
SECUNIA
FEDORAcybozu -- garoonCross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-07-203.5CVE-2014-1992cybozu -- garoonCross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-07-203.5CVE-2014-1994cybozu -- garoonCross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-07-203.5CVE-2014-1995d-bus_project -- d-busdbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.2014-07-192.1CVE-2014-3532
DEBIAN
SECUNIA
MLISTd-bus_project -- d-busdbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.2014-07-192.1CVE-2014-3533
CONFIRM
DEBIAN
SECUNIA
MLISTdrupal -- drupalCross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.2014-07-222.1CVE-2014-5021
DEBIANibm -- infosphere_master_data_management_collaboration_serverCross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2014-07-193.5CVE-2014-0967
XFibm -- infosphere_master_data_management_collaboration_serverCross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL for an MHTML document.2014-07-193.5CVE-2014-0968
XFibm -- infosphere_master_data_management_collaboration_serverThe GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject links via unspecified vectors.2014-07-193.5CVE-2014-0970
XFibm -- scale_out_network_attached_storageIBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access.2014-07-191.7CVE-2014-3045micropact -- icomplaintsCross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter.2014-07-243.5CVE-2014-2971omron -- ns10_hmi_terminalCross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.2014-07-243.5CVE-2014-2370phpmyadmin -- phpmyadminCross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.2014-07-203.5CVE-2014-4954
CONFIRMphpmyadmin -- phpmyadminCross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.2014-07-203.5CVE-2014-4955
CONFIRMphpmyadmin -- phpmyadminMultiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.2014-07-203.5CVE-2014-4986
CONFIRMwebmin -- webminCross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.2014-07-202.6CVE-2014-3886Back to top

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-202: Vulnerability Summary for the Week of July 14, 2014

Mon, 07/21/2014 - 18:45
Original release date: July 21, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- dpc3010The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808.2014-07-1710.0CVE-2014-3306dahuasecurity -- dvr_firmwareDahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.2014-07-117.5CVE-2013-6117
OSVDB
EXPLOIT-DB
BUGTRAQ
MISC
MISCdatumsystems -- snipDatum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions, which allows remote attackers to obtain sensitive information via RETR commands.2014-07-147.8CVE-2014-2950datumsystems -- snipDatum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-07-1410.0CVE-2014-2951hp -- storage_management_softwareUnspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors.2014-07-169.0CVE-2014-2606hp -- imc_branch_intelligent_management_system_software_moduleUnspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2080.2014-07-167.8CVE-2014-2618hp -- imc_branch_intelligent_management_system_software_moduleUnspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2088.2014-07-167.8CVE-2014-2619hp -- imc_branch_intelligent_management_system_software_moduleUnspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2089.2014-07-167.8CVE-2014-2620hp -- imc_branch_intelligent_management_system_software_moduleUnspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2090.2014-07-167.8CVE-2014-2621hp -- imc_branch_intelligent_management_system_software_moduleUnspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors, aka ZDI-CAN-2312.2014-07-168.5CVE-2014-2622
HP
HPhp -- storage_data_protectorUnspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.2014-07-1710.0CVE-2014-2623infoblox -- netmriconfig/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.2014-07-1510.0CVE-2014-3418
MISC
XF
BID
BUGTRAQ
EXPLOIT-DB
FULLDISC
MISCinfoblox -- netmriInfoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.2014-07-157.2CVE-2014-3419
MISC
XF
SECTRACK
BID
BUGTRAQ
MISC
MISCjuniper -- srx100Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.2014-07-117.8CVE-2014-3815
SECTRACKjuniper -- junosJuniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2, and 14.1 before 14.1R1 allows remote authenticated users to gain privileges via unspecified combinations of CLI commands and arguments.2014-07-119.0CVE-2014-3816
SECTRACKjuniper -- srx100Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote attackers to cause a denial of service (flowd hang or crash) via a crafted packet.2014-07-117.8CVE-2014-3817
SECTRACKjuniper -- junosJuniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4, 13.3 before 13.3R2, and 14.1 before 14.1R1, when Auto-RP is enabled, allows remote attackers to cause a denial of service (RDP routing process crash and restart) via a malformed PIM packet.2014-07-117.8CVE-2014-3819
SECTRACK
BIDoracle -- jdkUnspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."2014-07-179.3CVE-2014-2483
CONFIRMoracle -- jdkUnspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2014-07-179.3CVE-2014-2490oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2014-07-179.3CVE-2014-4216oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2014-07-179.3CVE-2014-4219oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483.2014-07-179.3CVE-2014-4223oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.2014-07-1710.0CVE-2014-4227oracle -- jdkUnspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.2014-07-179.3CVE-2014-4247oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Portlet Services.2014-07-177.1CVE-2014-4257oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.2014-07-179.3CVE-2014-4262raritan -- dpxr20a-16Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.2014-07-1410.0CVE-2014-2955
FULLDISCwp_rss_poster_plugin_project -- wp-rss-posterSQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.2014-07-117.5CVE-2014-4938
MISCyealink -- sip-t38gconfig/.htpasswd in Yealink IP Phone SIP-T38G have a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-07-167.8CVE-2013-5755
EXPLOIT-DBzte -- zxv10_w300The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-07-167.8CVE-2014-4018
MISC
EXPLOIT-DB
MISCBack to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoarubanetworks -- clearpassSQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2014-07-144.9CVE-2014-4013
SECUNIAarubanetworks -- clearpassThe Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors.2014-07-154.0CVE-2014-4031
SECUNIAbannersky -- bsk_pdf_managerMultiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.2014-07-146.5CVE-2014-4944
BID
MISCbestpractical -- rtAlgorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.2014-07-155.0CVE-2014-1474binarymoon -- timthumbTimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.2014-07-156.8CVE-2014-4663
CONFIRM
CONFIRM
EXPLOIT-DB
SECUNIA
MLIST
FULLDISC
FULLDISC
MISCbookx_plugin_project -- bookxDirectory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.2014-07-115.0CVE-2014-4937
MISCcisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606.2014-07-145.4CVE-2013-5567
XF
SECTRACK
BIDcisco -- adaptive_security_appliance_softwareThe WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list, aka Bug ID CSCuj83344.2014-07-146.8CVE-2013-6691
XF
SECTRACK
BIDcisco -- unified_communications_managerDirectory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.2014-07-145.5CVE-2014-3317
XF
SECTRACK
BID
SECUNIAcisco -- unified_communications_managerDirectory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.2014-07-146.8CVE-2014-3319
XF
SECTRACK
SECUNIAcisco -- unified_communications_domain_managerMultiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835.2014-07-175.8CVE-2014-3320cisco -- asr_9000_rsp440_routerCisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.2014-07-175.7CVE-2014-3321cisco -- unified_contact_center_enterpriseDirectory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262.2014-07-174.0CVE-2014-3323citrix -- netscaler_access_gatewayCross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-07-164.3CVE-2014-4346
SECTRACK
SECTRACKcitrix -- netscaler_access_gatewayCitrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.2014-07-165.0CVE-2014-4347
SECTRACK
SECTRACKcitrix -- xendesktopCitrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.2014-07-114.9CVE-2014-4700
XF
SECTRACK
BID
SECUNIAcross-rss_plugin_project -- wp-cross-rssAbsolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.2014-07-115.0CVE-2014-4941
MISCdell -- sonicwall_scrutinizerDell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change the change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.2014-07-165.5CVE-2014-4976
MISC
MISC
XF
BID
FULLDISC
MISCdell -- sonicwall_scrutinizerMultiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.2014-07-166.5CVE-2014-4977
MISC
MISC
XF
BID
FULLDISC
MISCenl_newsletter_plugin_project -- enl-newsletterSQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.2014-07-116.5CVE-2014-4939
MISCfortinet -- fortiwebMultiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg.2014-07-114.3CVE-2014-4738
SECTRACK
BID
SECUNIAfreebsd -- freebsdFreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.2014-07-154.9CVE-2014-3952
XF
SECTRACK
BIDfreebsd -- freebsdFreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.2014-07-154.9CVE-2014-3953
SECTRACKhorde -- groupwareMultiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view.2014-07-144.3CVE-2014-4945
CONFIRM
CONFIRM
SECUNIA
SECUNIAhorde -- groupwareMultiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.2014-07-144.3CVE-2014-4946
CONFIRM
CONFIRM
SECUNIA
SECUNIA
MLISThp -- storage_management_softwareUnspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote attackers to obtain sensitive information via unknown vectors.2014-07-165.0CVE-2014-2605ibm -- business_process_managerCross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.2014-07-174.3CVE-2014-0957
XFjuniper -- junosCross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-07-114.3CVE-2014-3821
SECTRACK
BIDjuniper -- srx100Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4.2014-07-115.4CVE-2014-3822
SECTRACKlevelfourdevelopment -- wp-easycartThe EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.2014-07-115.0CVE-2014-4942
MISCmysql -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.2014-07-176.5CVE-2014-4258mysql -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.2014-07-175.5CVE-2014-4260op5 -- monitorCross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.2014-07-114.3CVE-2014-4907
CONFIRM
BID
SECUNIA
SECUNIA
MLISToracle -- mojarraOracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.2014-07-174.3CVE-2013-5855
CONFIRM
CONFIRM
MISCoracle -- hyperionUnspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Web Analysis.2014-07-174.3CVE-2014-0436oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise ELS Enterprise Learning Management component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.2014-07-175.5CVE-2014-2456oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Web Services.2014-07-176.8CVE-2014-2479oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2481.2014-07-176.8CVE-2014-2480oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2480.2014-07-176.8CVE-2014-2481oracle -- e-business_suiteUnspecified vulnerability in the Oracle Concurrent Processing component in Oracle E-Business Suite 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.2014-07-175.5CVE-2014-2482oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.2014-07-176.5CVE-2014-2484oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261.2014-07-176.9CVE-2014-2487oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.2014-07-174.1CVE-2014-2489oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework, a different vulnerability than CVE-2014-4205.2014-07-174.3CVE-2014-2491oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile Product Collaboration component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect integrity via unknown vectors related to Web client (PC).2014-07-174.3CVE-2014-2492oracle -- fusion_middlewareUnspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, and 12.1.2.0.0 allows remote attackers to affect confidentiality and availability via vectors related to ADF Faces.2014-07-176.4CVE-2014-2493oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.2014-07-174.0CVE-2014-2494oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Test Framework.2014-07-175.5CVE-2014-2496oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WLS - Web Services.2014-07-175.0CVE-2014-4201oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WLS - Web Services.2014-07-175.0CVE-2014-4202oracle -- hyperionUnspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Property Editing.2014-07-174.1CVE-2014-4203oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework, a different vulnerability than CVE-2014-2491.2014-07-174.3CVE-2014-4205oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.2014-07-174.0CVE-2014-4207oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.2014-07-176.4CVE-2014-4209oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.2014-07-175.0CVE-2014-4210oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers to affect integrity via unknown vectors related to Portlet Services.2014-07-175.0CVE-2014-4211oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Fusion Middleware component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Process Mgmt and Notification.2014-07-174.3CVE-2014-4212oracle -- e-business_suiteUnspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote attackers to affect integrity via unknown vectors.2014-07-174.3CVE-2014-4213oracle -- sunosUnspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers.2014-07-174.9CVE-2014-4215oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, and 12.1.1.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.2014-07-174.3CVE-2014-4217oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.2014-07-175.0CVE-2014-4218oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208.2014-07-175.0CVE-2014-4220oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.2014-07-174.3CVE-2014-4221oracle -- sunosUnspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs.2014-07-174.9CVE-2014-4224oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise FIN Install component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2014-07-175.1CVE-2014-4226oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.2014-07-174.4CVE-2014-4228oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Data, Domain, and Function Security.2014-07-175.5CVE-2014-4229oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI.2014-07-174.3CVE-2014-4230oracle -- siebel_crmUnspecified vulnerability in the Siebel Travel & Transportation component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Diary.2014-07-174.3CVE-2014-4231oracle -- virtualizationUnspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application.2014-07-174.3CVE-2014-4232oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.2014-07-174.0CVE-2014-4233oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote attackers to affect confidentiality via unknown vectors related to Data, Domain & Function Security.2014-07-175.0CVE-2014-4234oracle -- database_serverUnspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.2014-07-176.5CVE-2014-4236oracle -- database_serverUnspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.2014-07-174.0CVE-2014-4237oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.2014-07-174.0CVE-2014-4238oracle -- sunosUnspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao).2014-07-174.0CVE-2014-4239oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.2014-07-174.3CVE-2014-4241oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.2014-07-174.3CVE-2014-4242oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.2014-07-174.0CVE-2014-4244oracle -- fusion_middlewareUnspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Mobile Service.2014-07-175.0CVE-2014-4249oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.2014-07-175.0CVE-2014-4252oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WebLogic Server JVM.2014-07-175.0CVE-2014-4253oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Web Services.2014-07-176.8CVE-2014-4254oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Security and Policy.2014-07-176.8CVE-2014-4255oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to WLS - Deployment.2014-07-175.8CVE-2014-4256oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.2014-07-176.9CVE-2014-4261oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."2014-07-174.0CVE-2014-4263oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.2014-07-175.0CVE-2014-4264oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.2014-07-175.0CVE-2014-4265oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.2014-07-175.0CVE-2014-4266oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components.2014-07-176.8CVE-2014-4267oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.2014-07-175.0CVE-2014-4268oracle -- hyperionUnspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-4270.2014-07-174.0CVE-2014-4269oracle -- hyperionUnspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-4269.2014-07-174.0CVE-2014-4270oracle -- hyperionUnspecified vulnerability in the Hyperion Essbase component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect availability via unknown vectors related to Agent.2014-07-175.0CVE-2014-4271reportico -- php_report_designerDirectory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter.2014-07-165.0CVE-2014-3777
MISC
OSVDB
FULLDISC
MISCshopizer -- shopizerShopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost.2014-07-156.4CVE-2014-4962
BUGTRAQ
FULLDISCshopizer -- shopizerShopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action.2014-07-156.8CVE-2014-4963
BUGTRAQ
FULLDISCshopizer -- shopizerMultiple cross-site request forgery (CSRF) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that (1) modify customer settings or hijack the authentication of administrators for requests that change (2) customer passwords, (3) shop configuration, or (4) product details, as demonstrated by (5) modify a product's price via a crafted request to central/catalog/saveproduct.action or (6) creating a product review via a crafted request to shop/product/createReview.action.2014-07-156.8CVE-2014-4964
BUGTRAQ
FULLDISCshopizer -- shopizerMultiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) customername parameter to central/orders/searchcriteria.action; (2) productname, (3) availability, or (4) status parameter to central/catalog/productlist.action; or unspecified vectors in (5) WebContent/orders/orderlist.jsp.2014-07-154.3CVE-2014-4965
BUGTRAQ
FULLDISCsun -- sunosUnspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts.2014-07-176.9CVE-2014-4225tera_charts_plugin_project -- tera-chartsMultiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.2014-07-115.0CVE-2014-4940
MISCyealink -- voip_phone_firmwareCRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.2014-07-165.0CVE-2014-3427
BUGTRAQ
FULLDISCzte -- zxv10_w300ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.2014-07-165.0CVE-2014-4154
MISC
EXPLOIT-DB
MISCBack to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infokaseya -- virtual_system_administratorkapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.2014-07-141.7CVE-2014-2926mysql -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.2014-07-172.8CVE-2014-4243oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core.2014-07-173.6CVE-2014-2477oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Services.2014-07-171.4CVE-2014-2485oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core.2014-07-173.0CVE-2014-2486oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.2014-07-171.0CVE-2014-2488oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Purchasing.2014-07-172.3CVE-2014-2495oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.2014-07-173.5CVE-2014-4204oracle -- hyperionUnspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows local users to affect integrity and availability via unknown vectors related to Data Synchronizer.2014-07-173.3CVE-2014-4206oracle -- jdkUnspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220.2014-07-172.6CVE-2014-4208oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.2014-07-173.3CVE-2014-4214oracle -- fusion_middlewareUnspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect confidentiality via vectors related to plugin 1.1.2014-07-172.1CVE-2014-4222oracle -- e-business_suiteUnspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect integrity via unknown vectors.2014-07-173.5CVE-2014-4235oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.2014-07-173.6CVE-2014-4240oracle -- database_serverUnspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.2014-07-173.5CVE-2014-4245oracle -- hyperionUnspecified vulnerability in the Hyperion Analytic Provider Services component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via vectors related to SVP.2014-07-173.5CVE-2014-4246oracle -- e-business_suiteUnspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows local users to affect confidentiality via unknown vectors related to Logging.2014-07-171.0CVE-2014-4248oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - Server OM Frwks component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Object Manager.2014-07-173.5CVE-2014-4250oracle -- fusion_middlewareUnspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect integrity via vectors related to plugin 1.1.2014-07-173.5CVE-2014-4251Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-195: Vulnerability Summary for the Week of July 7, 2014

Mon, 07/14/2014 - 19:09
Original release date: July 14, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaas9 -- zerocmsSQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action.2014-07-097.5CVE-2014-4194
MISCadobe -- adobe_airAdobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539.2014-07-097.5CVE-2014-0537adobe -- adobe_airAdobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537.2014-07-097.5CVE-2014-0539artifectx -- xclassifiedSQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.2014-07-097.5CVE-2014-4741
BID
MISCautodesk -- vredAutodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.2014-07-0710.0CVE-2014-2967
CERT-VNavg -- safeguardScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site.2014-07-089.3CVE-2014-2956
CERT-VNcisco -- unified_cdm_application_softwareThe Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.2014-07-079.0CVE-2014-2197cisco -- unified_cdm_platform_softwareCisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130.2014-07-0710.0CVE-2014-2198cisco -- unified_cdm_application_softwareThe BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041.2014-07-077.5CVE-2014-3300dahuasecurity -- dvr_firmwareDahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.2014-07-117.5CVE-2013-6117
OSVDB
EXPLOIT-DB
BUGTRAQ
MISC
MISCdocker -- dockerDocker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.2014-07-117.2CVE-2014-3499
CONFIRM
REDHATemc -- documentum_content_serverEMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.2014-07-088.2CVE-2014-2513
BUGTRAQemc -- documentum_content_serverEMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors.2014-07-088.2CVE-2014-2514
BUGTRAQfoecms -- foecmsSQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter.2014-07-107.5CVE-2014-4850
MISChp -- sitescopeUnspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.2014-07-077.5CVE-2014-2614hp -- universal_configuration_management_databaseUnspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083.2014-07-077.5CVE-2014-2615hp -- universal_configuration_management_databaseUnspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091.2014-07-077.5CVE-2014-2616hp -- universal_configuration_management_databaseUnspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.2014-07-0710.0CVE-2014-2617microsoft -- windows_7Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."2014-07-087.2CVE-2014-1767microsoft -- windows_7Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted Journal (aka .JNT) file, aka "Windows Journal Remote Code Execution Vulnerability."2014-07-089.3CVE-2014-1824microsoft -- windows_7Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the exchange of keyboard and mouse data between programs at different integrity levels, which allows attackers to bypass intended access restrictions by leveraging control over a low-integrity process to launch the On-Screen Keyboard (OSK) and then upload a crafted application, aka "On-Screen Keyboard Elevation of Privilege Vulnerability."2014-07-087.6CVE-2014-2781microsoft -- internet_explorerMicrosoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-07-089.3CVE-2014-2785microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2792 and CVE-2014-2813.2014-07-089.3CVE-2014-2786microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806.2014-07-089.3CVE-2014-2787microsoft -- internet_explorerMicrosoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2794.2014-07-089.3CVE-2014-2788microsoft -- internet_explorerMicrosoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2795, CVE-2014-2798, and CVE-2014-2804.2014-07-089.3CVE-2014-2789microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2802, and CVE-2014-2806.2014-07-089.3CVE-2014-2790microsoft -- internet_explorerMicrosoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-07-089.3CVE-2014-2791microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2786 and CVE-2014-2813.2014-07-089.3CVE-2014-2792microsoft -- internet_explorerMicrosoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2788.2014-07-089.3CVE-2014-2794microsoft -- internet_explorerMicrosoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2798, and CVE-2014-2804.2014-07-089.3CVE-2014-2795microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-07-089.3CVE-2014-2797microsoft -- internet_explorerMicrosoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2804.2014-07-089.3CVE-2014-2798microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2807 and CVE-2014-2809.2014-07-089.3CVE-2014-2800microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-07-089.3CVE-2014-2801microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2806.2014-07-089.3CVE-2014-2802microsoft -- internet_explorerMicrosoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-07-089.3CVE-2014-2803microsoft -- internet_explorerMicrosoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2798.2014-07-089.3CVE-2014-2804microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2802.2014-07-089.3CVE-2014-2806microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2809.2014-07-089.3CVE-2014-2807microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2807.2014-07-089.3CVE-2014-2809microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2786 and CVE-2014-2792.2014-07-089.3CVE-2014-2813netgear -- gs108peNETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.2014-07-078.3CVE-2014-2969
CERT-VNnetiq -- security_managerDirectory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3460.2014-07-077.5CVE-2014-0602php -- phpThe SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.2014-07-097.5CVE-2014-3515
CONFIRMrealnetworks -- realplayerMultiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.2014-07-079.3CVE-2014-3113
MISCrubyonrails -- ruby_on_railsSQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.2014-07-077.5CVE-2014-3482
MLIST
MLISTrubyonrails -- ruby_on_railsSQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.2014-07-077.5CVE-2014-3483
MLIST
MLISTthedigitalcraft -- atomcmsSQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter.2014-07-107.5CVE-2014-4852
BID
MISCxnview -- xnviewHeap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.2014-07-099.3CVE-2012-4988
XF
BID
MISC
SECUNIA
FULLDISC
OSVDByokogawa -- b/m9000_vp_softwareStack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.2014-07-108.3CVE-2014-3888Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- adobe_airAdobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.2014-07-096.8CVE-2014-4671
MISCapache -- cxfThe SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.2014-07-074.3CVE-2014-0034
REDHAT
REDHAT
REDHATapache -- cxfThe SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.2014-07-074.3CVE-2014-0035
REDHAT
REDHAT
REDHATapache -- syncopeApache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.2014-07-115.0CVE-2014-3503
BID
BUGTRAQ
MISCblogstand_banner_plugin_project -- blogstand-smart-bannerCross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id parameter to wp-admin/options-general.php.2014-07-104.3CVE-2014-4848
MISCbuffercode -- random_bannerCross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php.2014-07-104.3CVE-2014-4847
MISCchristos_zoulas -- fileThe cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.2014-07-094.3CVE-2014-0207
CONFIRM
CONFIRM
MLISTchristos_zoulas -- fileBuffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.2014-07-095.0CVE-2014-3478
CONFIRM
MLISTchristos_zoulas -- fileThe cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.2014-07-094.3CVE-2014-3479
CONFIRM
MLISTchristos_zoulas -- fileThe cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.2014-07-094.3CVE-2014-3480
CONFIRM
MLISTchristos_zoulas -- fileThe cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.2014-07-094.3CVE-2014-3487
CONFIRM
MLISTcisco -- asr_9000_rsp440_routerCisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.2014-07-076.4CVE-2014-3308cisco -- iosThe NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.2014-07-095.0CVE-2014-3309cisco -- webex_meeting_centerThe File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.2014-07-104.3CVE-2014-3310cisco -- webex_meeting_centerHeap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.2014-07-105.1CVE-2014-3311cisco -- spa901_1-line_ip_phoneThe debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.2014-07-096.9CVE-2014-3312cisco -- spa901_1-line_ip_phoneCross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.2014-07-094.3CVE-2014-3313cisco -- unified_communications_managerCross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.2014-07-104.3CVE-2014-3315cisco -- unified_communications_managerThe Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.2014-07-104.0CVE-2014-3316cisco -- unified_communications_managerDirectory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.2014-07-104.0CVE-2014-3318citrix -- xendesktopCitrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.2014-07-114.9CVE-2014-4700custom_banners_plugin_project -- custom_bannersCross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name parameter to wp-admin/options.php.2014-07-074.3CVE-2014-4724
MISCd-link -- dir-645Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.2014-07-074.3CVE-2013-7389
MISC
OSVDB
OSVDB
OSVDBdolibarr -- dolibarrMultiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php.2014-07-114.3CVE-2014-3991
MISCdolibarr -- dolibarrMultiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.2014-07-116.5CVE-2014-3992
MISCeasy_banners_plugin_project -- easy_bannersCross-site scripting (XSS) vulnerability in the Easy Banners plugin 1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter to wp-admin/options-general.php.2014-07-074.3CVE-2014-4723
MISCemail::address_module_project -- email::addressEmail::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477.2014-07-065.0CVE-2014-4720
CONFIRM
MLISTemc -- centerstageThe JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2014-07-086.8CVE-2014-2510
BUGTRAQfoecms -- foecmsMultiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter.2014-07-104.3CVE-2014-4849
MISCfoecms -- foecmsOpen redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter.2014-07-105.8CVE-2014-4851
MISCfoxitsoftware -- foxit_pdf_sdk_dllBuffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors.2014-07-076.8CVE-2014-4646
MISC
SECUNIAibm -- flex_system_managerIBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors.2014-07-075.0CVE-2013-5423
XF
AIXAPARibm -- advanced_management_moduleThe firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.2014-07-075.0CVE-2014-0860
XFibm -- algo_credit_limitsMultiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document.2014-07-076.8CVE-2014-0864
MISC
XFibm -- algo_credit_limitsRICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via crafted serialized objects, as demonstrated by limit manipulations.2014-07-074.9CVE-2014-0865
MISC
XF
CONFIRMibm -- algo_credit_limitsRICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.2014-07-074.3CVE-2014-0866
MISC
XFibm -- algo_credit_limitsrcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string.2014-07-075.8CVE-2014-0867
MISC
XFibm -- algo_credit_limitsRICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data.2014-07-074.9CVE-2014-0868
MISC
XFibm -- algo_credit_limitsThe decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function.2014-07-074.3CVE-2014-0869
MISC
XFibm -- algo_credit_limitsMultiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrary web script or HTML via (1) the Message parameter to rcore6/main/showerror.jsp, (2) the ButtonsetClass parameter to rcore6/main/buttonset.jsp, (3) the MBName parameter to rcore6/frameset.jsp, (4) the Init parameter to algopds/rcore6/main/browse.jsp, or the (5) Name, (6) StoreName, or (7) STYLESHEET parameter to algopds/rcore6/main/ibrowseheader.jsp.2014-07-074.3CVE-2014-0870
MISC
XFibm -- algo_credit_limitsRICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character.2014-07-074.3CVE-2014-0871
MISC
XFkajona -- kajonaCross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php.2014-07-094.3CVE-2014-4742
MISC
CONFIRM
SECUNIAkajona -- kajonaMultiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter.2014-07-094.3CVE-2014-4743
CONFIRM
SECUNIAliferay -- liferay_portalMultiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.2014-07-104.3CVE-2014-2963
CONFIRMlinux -- linux_kernelThe Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.2014-07-096.9CVE-2014-4699
CONFIRM
CONFIRM
MLIST
CONFIRM
MLIST
MLIST
MLIST
CONFIRMmatchalabs -- metasliderCross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php.2014-07-104.3CVE-2014-4846
MISCmicrosoft -- windows_7DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow Elevation of Privilege Vulnerability."2014-07-086.9CVE-2014-2780microsoft -- internet_explorerMicrosoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability."2014-07-086.4CVE-2014-2783microsoft -- service_busMicrosoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP messages, aka "Service Bus Denial of Service Vulnerability."2014-07-084.0CVE-2014-2814ocsinventory-ng -- ocsinventory_ngMultiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-07-074.3CVE-2014-4722
BID
MISCop5 -- monitorCross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.2014-07-114.3CVE-2014-4907
CONFIRM
BID
SECUNIA
MLISTopendocman -- opendocmanCross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.2014-07-104.3CVE-2014-4853
MISC
MISCosticket -- osticketMultiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.2014-07-094.3CVE-2014-4744
MISC
SECUNIAphp -- phpUse-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.2014-07-104.6CVE-2014-4670
CONFIRMphp -- phpUse-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.2014-07-104.6CVE-2014-4698
CONFIRMpnp4nagios -- pnp4nagiosCross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which is not properly handled in an error message.2014-07-094.3CVE-2014-4740
BID
SECUNIApnp4nagios -- pnp4nagiosMultiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php, leading to improper handling within an http-equiv="refresh" META element.2014-07-114.3CVE-2014-4908
BID
SECUNIA
MLISTpolldaddy_polls_&_ratings_plugin_project -- polldaddy_polls_&_ratingsCross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party information.2014-07-104.3CVE-2014-4856
SECUNIApolylang_plugin_project -- polylangCross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information.2014-07-104.3CVE-2014-4855
SECUNIAredhat -- enterprise_mrgCumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.2014-07-114.3CVE-2014-0174redhat -- cloudforms_3.0_management_engineCross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-07-074.3CVE-2014-0176redhat -- cloudforms_3.0_management_engineThe wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors.2014-07-075.0CVE-2014-0180redhat -- cloudforms_3.0_management_engineRed Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.2014-07-074.9CVE-2014-0184redhat -- jboss_enterprise_application_platformorg.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.2014-07-076.8CVE-2014-0248
SECTRACK
SECUNIA
SECUNIAredhat -- jboss_enterprise_application_platformorg.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.2014-07-075.0CVE-2014-3481
CONFIRM
REDHAT
REDHAT
REDHATredhat -- enterprise_virtualizationThe REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.2014-07-114.0CVE-2014-3485
SECTRACKredhat -- cloudforms_3.0_management_engineThe (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.2014-07-076.9CVE-2014-3486
CONFIRMredhat -- cloudforms_3.0_management_enginelib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack.2014-07-074.3CVE-2014-3489rimarts -- becky!_internet_mailBuffer overflow in RimArts Becky! Internet Mail before 2.68 allows remote POP3 servers to execute arbitrary code via a crafted response.2014-07-096.8CVE-2014-3891
JVNDB
JVNsmartcatdesign -- wp_contruction_modeCross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php.2014-07-104.3CVE-2014-4854
MISCstillbreathing -- bannermanCross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/options-general.php.2014-07-104.3CVE-2014-4845
MISCBack to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoibm -- infosphere_biginsightsIBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.2014-07-073.5CVE-2013-3993
XFibm -- storwize_unified_v7000_softwareActive Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.2014-07-073.5CVE-2014-0875ibm -- algo_credit_limitsRICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.2014-07-073.5CVE-2014-0894
MISC
XFopenstack -- neutronThe L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.2014-07-113.5CVE-2014-4167
CONFIRM
UBUNTU
SECUNIA
MLISTphp -- phpThe phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.2014-07-062.6CVE-2014-4721
MISC
CONFIRM
CONFIRM
MISCxen -- xenThe alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall.2014-07-092.7CVE-2014-4022
SECTRACK
BID
SECUNIABack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-188: Vulnerability Summary for the Week of June 30, 2014

Mon, 07/07/2014 - 13:17
Original release date: July 07, 2014 | Last revised: July 08, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- apple_tvHeap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.2014-07-0110.0CVE-2014-1356
APPLE
APPLE
APPLEapple -- apple_tvHeap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.2014-07-0110.0CVE-2014-1357
APPLE
APPLE
APPLEapple -- apple_tvInteger overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.2014-07-0110.0CVE-2014-1358
APPLE
APPLE
APPLEapple -- apple_tvInteger underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.2014-07-0110.0CVE-2014-1359
APPLE
APPLE
APPLEapple -- mac_os_xArray index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message.2014-07-017.5CVE-2014-1371
APPLEapple -- mac_os_xIntel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.2014-07-0110.0CVE-2014-1373
APPLEapple -- mac_os_xIntel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.2014-07-0110.0CVE-2014-1376
APPLEapple -- mac_os_xArray index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application.2014-07-0110.0CVE-2014-1377
APPLEapple -- mac_os_xGraphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.2014-07-0110.0CVE-2014-1379
APPLEapple -- mac_os_xThunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.2014-07-0110.0CVE-2014-1381
APPLEgoogle -- sketchupTimbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow.2014-07-019.3CVE-2013-3662
XF
MISC
BUGTRAQgoogle -- sketchupTrimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.2014-07-019.3CVE-2013-3664
XF
BID
MISC
SECUNIA
MISC
BUGTRAQgoogle -- sketchupHeap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).2014-07-019.3CVE-2013-7388
XF
BID
MISC
SECUNIA
MISChp -- release_controlUnspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privileges via unknown vectors.2014-06-289.0CVE-2014-2613ibm -- aixThe runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.2014-07-027.2CVE-2014-3074
XFpiwigo -- piwigoUnspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure."2014-06-2810.0CVE-2014-4648Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info_verification_code_for_comments_project -- _verification_code_for_commentsMultiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) vp, (2) vs, (3) l, (4) vu, or (5) vm parameter.2014-07-024.3CVE-2014-4565
MISCactivehelper -- activehelper_livehelp_live_chatMultiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.2014-07-014.3CVE-2014-4513anyfont_plugin_project -- anyfontCross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter.2014-07-014.3CVE-2014-4515
MISCapple -- apple_tvWebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.2014-07-016.8CVE-2014-1325
APPLE
APPLE
APPLEapple -- safariWebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1.2014-07-016.8CVE-2014-1340
APPLEapple -- safariWebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.2014-07-014.3CVE-2014-1345
APPLE
APPLEapple -- iphone_osUse-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL.2014-07-016.8CVE-2014-1349
APPLEapple -- iphone_osSettings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management.2014-07-014.6CVE-2014-1350
APPLEapple -- iphone_osCoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data.2014-07-016.8CVE-2014-1354
APPLEapple -- apple_tvThe IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments.2014-07-014.9CVE-2014-1355
APPLE
APPLE
APPLEapple -- apple_tvSecure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection.2014-07-015.0CVE-2014-1361
APPLE
APPLE
APPLEapple -- apple_tvWebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.2014-07-016.8CVE-2014-1362
APPLE
APPLE
APPLEapple -- apple_tvWebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.2014-07-016.8CVE-2014-1363
APPLE
APPLE
APPLEapple -- apple_tvWebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.2014-07-016.8CVE-2014-1364
APPLE
APPLE
APPLEapple -- apple_tvWebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.2014-07-016.8CVE-2014-1365
APPLE
APPLE
APPLEapple -- apple_tvWebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.2014-07-016.8CVE-2014-1366
APPLE
APPLE
APPLEapple -- apple_tvWebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.2014-07-016.8CVE-2014-1367
APPLE
APPLE
APPLEapple -- apple_tvWebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.2014-07-016.8CVE-2014-1368
APPLE
APPLE
APPLEapple -- safariWebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site.2014-07-014.3CVE-2014-1369
APPLEapple -- mac_os_xThe byte-swapping implementation in copyfile in Apple OS X before 10.9.4 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted AppleDouble file in a ZIP archive.2014-07-016.8CVE-2014-1370
APPLEapple -- mac_os_xGraphics Driver in Apple OS X before 10.9.4 does not properly restrict read operations during processing of an unspecified system call, which allows local users to obtain sensitive information from kernel memory and bypass the ASLR protection mechanism via a crafted call.2014-07-014.9CVE-2014-1372
APPLEapple -- apple_tvWebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.2014-07-016.8CVE-2014-1382
APPLE
APPLE
APPLEapple -- apple_tvApple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors.2014-07-015.5CVE-2014-1383
APPLEbic_media_widget_plugin -- bic_media_widgetCross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter.2014-07-014.3CVE-2014-4516
MISCcherokee-project -- cherokeeThe cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.2014-07-026.8CVE-2014-4668
CONFIRM
MLIST
MLISTcisco -- cloud_portalCisco Intelligent Automation for Cloud in Cisco Cloud Portal does not properly restrict the content of MyServices action URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug IDs CSCui36937, CSCui37004, and CSCui36927.2014-07-024.0CVE-2014-3297cisco -- cloud_portalForm Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976.2014-07-024.0CVE-2014-3298cisco -- universal_small_cell_series_firmwareThe DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513.2014-07-026.8CVE-2014-3307d-coda -- contactmeCross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter.2014-07-014.3CVE-2014-4518
MISCdiversesolutions -- dsidxpress_idx_pluginCross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.2014-07-014.3CVE-2014-4521
CONFIRMdmca -- dmca_watermarkerCross-site scripting (XSS) vulnerability in phprack.php in the DMCA WaterMarker plugin before 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the plugin_dir parameter.2014-07-014.3CVE-2014-4520
MISCdssearchagent_project -- dssearchagentCross-site scripting (XSS) vulnerability in client-assist.php in the dsSearchAgent: WordPress Edition plugin 1.0-beta10 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.2014-07-024.3CVE-2014-4522
MISCefence_project -- efenceMultiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter.2014-07-024.3CVE-2014-4526
MISCemc -- smarts_network_configuration_managerSession fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie.2014-06-305.4CVE-2014-2509
BUGTRAQenvialosimple -- email_marketing_y_newslettersMultiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.2014-07-024.3CVE-2014-4527
CONFIRM
MISCfbpromotions_project -- fbpromotionsMultiple cross-site scripting (XSS) vulnerabilities in admin/swarm-settings.php in the Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin 1.3.4 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) promo_type, (2) fb_edit_action, or (3) promo_id parameter.2014-07-014.3CVE-2014-4528
MISCflash_photo_gallery_project -- flash_photo_galleryCross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter.2014-07-024.3CVE-2014-4529
MISCgame_tab_project -- game_tabsCross-site scripting (XSS) vulnerability in main_page.php in the Game tabs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the n parameter.2014-07-024.3CVE-2014-4531
MISCgaragesale_project -- garagesaleCross-site scripting (XSS) vulnerability in templates/printAdminUsersList_Footer.tpl.php in the GarageSale plugin before 1.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.2014-07-024.3CVE-2014-4532
MISCgeo_redirector_plugin_project -- geo_redirectorCross-site scripting (XSS) vulnerability in ajax_functions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hid_id parameter.2014-07-014.3CVE-2014-4533
MISCgoogle -- androidStack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.2014-07-025.1CVE-2014-3100
MISChot_files:file_sharing_and_download_manager_project -- hot_files:file_sharing_and_download_managerCross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mediaid parameter.2014-07-024.3CVE-2014-4588
MISChp -- release_controlUnspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.2014-06-284.0CVE-2014-2612html5_video_player_with_playlist_plugin_project -- html5_video_player_with_playlist_pluginMultiple cross-site scripting (XSS) vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) theme or (2) playlistmod parameter.2014-07-024.3CVE-2014-4534
MISCibm -- openpagesUnspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors.2014-06-276.4CVE-2011-1381ibm -- marketing platformIBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection.2014-06-274.9CVE-2013-6308
XFibm -- marketing platformIBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection.2014-06-276.0CVE-2013-6309
XFibm -- marketing platformSQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2014-06-276.5CVE-2013-6311
XFibm -- webSphere application serverIBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server.2014-06-275.0CVE-2014-0891
XF
AIXAPARibm -- openpagesIBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors.2014-06-275.0CVE-2014-3011ibm -- tivoli_endpoint_managerIBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2014-07-025.0CVE-2014-3066
XFibm -- sametime_meeting_serverstconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload.2014-07-015.5CVE-2014-3088
BID
MISCintercom -- web kyukinchoCross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-274.3CVE-2014-2006
JVNDB
JVN
CONFIRMintercom -- web kyukinchoCross-site request forgery (CSRF) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to hijack the authentication of arbitrary users.2014-06-276.8CVE-2014-3881
JVNDB
CONFIRM
JVNjigoshop -- swipe_hq_checkout_for_jigoshopCross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for Jigoshop (swipe-hq-checkout-for-jigoshop) plugin 3.1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.2014-07-024.3CVE-2014-4557
MISCkde -- kdelibskio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.2014-07-014.3CVE-2014-3494
BIDkeyword_strategy_internal_links_project -- keyword_strategy_internal_linksCross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) sort, (2) search, or (3) dir parameter.2014-07-024.3CVE-2014-4537
MISClinux -- linux_kernel** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype."2014-07-035.0CVE-2014-4608
MISC
CONFIRM
CONFIRM
MLIST
MISC
CONFIRM
CONFIRM
MISClinux -- linux_kernelInteger overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.2014-07-035.0CVE-2014-4611
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
MISC
MISC
CONFIRM
MISC
MISClinux -- linux_kernelRace condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.2014-07-034.7CVE-2014-4652
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMlinux -- linux_kernelsound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.2014-07-036.6CVE-2014-4653
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMlinux -- linux_kernelThe snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.2014-07-034.9CVE-2014-4654
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMlinux -- linux_kernelThe snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.2014-07-034.9CVE-2014-4655
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMlinux -- linux_kernelMultiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.2014-07-034.9CVE-2014-4656
CONFIRM
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernelThe sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.2014-07-035.0CVE-2014-4667
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRMmalware_finder_plugin_project -- malware_finderCross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter.2014-07-014.3CVE-2014-4538
MISCmnt-tech -- wp-facethumbCross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin possibly 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajax_url parameter to index.php.2014-07-014.3CVE-2014-4585
MISColeggo_livestream_project -- oleggo_livestreamCross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_login_form.php in the Oleggo LiveStream plugin 0.2.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the msg parameter.2014-07-024.3CVE-2014-4540
MISComfg_mobile_project -- omfg_mobileCross-site scripting (XSS) vulnerability in shortcode-generator/preview-shortcode-external.php in the OMFG Mobile Pro plugin 1.1.26 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.2014-07-024.3CVE-2014-4541
MISCooorl_project -- ooorlCross-site scripting (XSS) vulnerability in redirect.php in the Ooorl plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.2014-07-024.3CVE-2014-4542
MISCpay_per_media_player_project -- pay_per_media_playerMultiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, (7) bcolor, (8) msg, (9) id, or (10) size parameter.2014-07-024.3CVE-2014-4543
MISCpfsense -- pfsenseMultiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the starttime0 parameter to firewall_schedule.php, (2) the rssfeed parameter to rss.widget.php, (3) the servicestatusfilter parameter to services_status.widget.php, (4) the txtRecallBuffer parameter to exec.php, or (5) the HTTP Referer header to log.widget.php.2014-07-024.3CVE-2014-4687pfsense -- pfsensepfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.2014-07-026.5CVE-2014-4688pfsense -- pfsenseAbsolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter.2014-07-025.0CVE-2014-4689pfsense -- pfsenseMultiple directory traversal vulnerabilities in pfSense before 2.1.4 allow (1) remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadbackup parameter to system_firmware_restorefullbackup.php.2014-07-025.0CVE-2014-4690pfsense -- pfsenseSession fixation vulnerability in pfSense before 2.1.4 allows remote attackers to hijack web sessions via a firewall login cookie.2014-07-026.8CVE-2014-4691pfsense -- pfsensepfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.2014-07-024.3CVE-2014-4692pfsense -- pfsenseMultiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php.2014-07-024.3CVE-2014-4693pfsense -- pfsenseMultiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables.2014-07-024.3CVE-2014-4694pfsense -- pfsenseMultiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php.2014-07-025.8CVE-2014-4695pfsense -- pfsenseMultiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php.2014-07-025.8CVE-2014-4696piwigo -- piwigoMultiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.2014-07-024.3CVE-2014-4614
MLIST
CONFIRMpiwigo -- piwigoSQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.2014-06-286.5CVE-2014-4649
CONFIRM
CONFIRMpro_quoter_plugin_project -- pro_quoterMultiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) leftorright or (2) author parameter.2014-07-014.3CVE-2014-4545
MISCrezgo -- online_bookingMultiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) tags or (2) search_for parameter.2014-07-024.3CVE-2014-4547
MISC
MISCrezgo_project -- rezgoCross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the response parameter.2014-07-024.3CVE-2014-4546
MISCsilex -- sx-2000wg_firmwaresilex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via crafted data in the Options field of a TCP header, a different vulnerability than CVE-2014-3890.2014-07-025.0CVE-2014-3889silex -- sx-2000wg_firmwaresilex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via a crafted IP packet, a different vulnerability than CVE-2014-3889.2014-07-025.0CVE-2014-3890snapapp_project -- snapappMultiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter.2014-07-024.3CVE-2014-4596
MISCsocial_connect_project -- social_connectCross-site scripting (XSS) vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the testing parameter.2014-07-024.3CVE-2014-4551
MISCspotlightyour -- spotlightyourCross-site scripting (XSS) vulnerability in library/includes/payment/paypalexpress/DoDirectPayment.php in the Spotlight (spotlightyour) plugin 4.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the paymentType parameter.2014-07-024.3CVE-2014-4552
MISCss_downloads_project -- ss_downloadsCross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter.2014-07-024.3CVE-2014-4554
MISCstyle_it_project -- style_itCross-site scripting (XSS) vulnerability in fonts/font-form.php in the Style It plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.2014-07-024.3CVE-2014-4555
MISCswipe_checkout_for_eshop_project -- swipe_checkout_for_eshopCross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for eShop plugin 3.7.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.2014-07-014.3CVE-2014-4556
MISCtheforeman -- foremanCross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes.2014-07-014.3CVE-2014-3491theforeman -- foremanMultiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter (1) name or (2) value related to the host.2014-07-014.3CVE-2014-3492toolpage_project -- toolpageCross-site scripting (XSS) vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the t parameter.2014-07-024.3CVE-2014-4560
MISCurl_cloak_&_encrypt_project -- url_cloak_&_encryptCross-site scripting (XSS) vulnerability in go.php in the URL Cloak & Encrypt (url-cloak-encrypt) plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.2014-07-024.3CVE-2014-4563
MISCvalidated_plugin_project -- validated_pluginCross-site scripting (XSS) vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter.2014-07-014.3CVE-2014-4564
MISCverweise-wordpress-twitter_project -- verweise-wordpress-twitterCross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php in the "verwei.se - WordPress - Twitter" (verweise-wordpress-twitter) plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter.2014-07-024.3CVE-2014-4566
MISCvideowhisper -- video_posts_webcam_recorderCross-site scripting (XSS) vulnerability in posts/videowhisper/r_logout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter.2014-07-024.3CVE-2014-4568
MISC
MISCvideowhisper -- videowhisper_live_streaming_integrationCross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.2014-07-014.3CVE-2014-4569
MISCvideowhisper -- video_presentationMultiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) room_name parameter to c_login.php or (2) room parameter to index.php in vp/.2014-07-024.3CVE-2014-4570
MISC
MISCvn-calendar_project -- vn-calendarMultiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter.2014-07-024.3CVE-2014-4571
MISCvotecount_for_balatarin_project -- votecount_for_balatarinCross-site scripting (XSS) vulnerability in bvc.php in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) bvcurl parameter.2014-07-024.3CVE-2014-4572
MISCwalk_score_project -- walk_scoreMultiple cross-site scripting (XSS) vulnerabilities in frame-maker.php in the Walk Score plugin 0.5.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) o parameter.2014-07-024.3CVE-2014-4573
MISCwebengage_project -- webengageCross-site scripting (XSS) vulnerability in resize.php in the WebEngage plugin before 2.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the height parameter.2014-07-024.3CVE-2014-4574
MISC
MISCwikipop_plugin_project -- wikipopCross-site scripting (XSS) vulnerability in js/window.php in the Wikipop plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.2014-07-014.3CVE-2014-4575
MISCwoocommerce_sagepay_direct_payment_gateway_project -- woocommerce_sagepay_direct_payment_gatewayMultiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter.2014-07-024.3CVE-2014-4549
CONFIRM
MISCwordpress_responsive_preview_project -- wordpress_responsive_previewCross-site scripting (XSS) vulnerability in index.php in the WordPress Responsive Preview plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.2014-07-024.3CVE-2014-4594
MISCwordpress_social_login_project -- wordpress_social_loginCross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter.2014-07-024.3CVE-2014-4576wp-business_directory_project -- wp-business_directoryMultiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, (4) page, or (5) page_links parameter.2014-07-024.3CVE-2014-4599
MISCwp-contact_plugin_project -- wp-contact-sidebar-widgetMultiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) edit, (2) order_direction, (3) limit_start, (4) id, or (5) order parameter.2014-07-014.3CVE-2014-4583
MISCwp-easybooking_plugin_project -- wp-easybookingCross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter.2014-07-014.3CVE-2014-4584
MISCwp-tmkm-amazon_project -- wp-tmkm-amazonCross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php in the wp-tmkm-amazon plugin 1.5b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the AID parameter.2014-07-024.3CVE-2014-4598
CONFIRM
MISCwp_app_maker_project -- wp_app_makerCross-site scripting (XSS) vulnerability in asset-studio/icons-launcher.php in the WP App Maker plugin 1.0.16.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter.2014-07-024.3CVE-2014-4578
MISCwp_appointments_schedules_project -- wp_appointments_schedulesCross-site scripting (XSS) vulnerability in js/test.php in the Appointments Scheduler plugin 1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter.2014-07-024.3CVE-2014-4579
MISCwp_blipbot_project -- wp_blipbotCross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP BlipBot plugin 3.0.9 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the BlipBotID parameter.2014-07-024.3CVE-2014-4580
MISCwp_consultant_project -- wp_consultantCross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter.2014-07-024.3CVE-2014-4582
MISCwp_easy_post_types_project -- wp_easy_post_typesCross-site scripting (XSS) vulnerability in classes/custom-image/media.php in the WP Easy Post Types plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ref parameter.2014-07-024.3CVE-2014-4524
MISC
MISCwp_guestmap_project -- wp_guestmap_projectMultiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php.2014-07-024.3CVE-2014-4587
MISCwp_microblogs_project -- wp_microblogsCross-site scripting (XSS) vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the oauth_verifier parameter.2014-07-024.3CVE-2014-4590
MISCwp_picasa_image_project -- wp_picasa_imageCross-site scripting (XSS) vulnerability in picasa_upload.php in the WP-Picasa-Image plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.2014-07-024.3CVE-2014-4591
MISCwp_plugin_manager_project -- wp_plugin_managerCross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filter parameter.2014-07-024.3CVE-2014-4593
MISCwp_restful_project -- wp_restfulMultiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback parameter to html_api_authorize.php or the (2) oauth_token_temp or (3) oauth_callback_temp parameter to html_api_login.php.2014-07-024.3CVE-2014-4595
MISCwp_silverlight_media_player_project -- wp_silverlight_media_playerCross-site scripting (XSS) vulnerability in uploader.php in the WP Silverlight Media Player (wp-media-player) plugin 0.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.2014-07-024.3CVE-2014-4589
MISCwp_social_invitations_project -- wp_social_invitationsCross-site scripting (XSS) vulnerability in test.php in the WP Social Invitations plugin before 1.4.4.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xhrurl parameter.2014-07-024.3CVE-2014-4597
MISCwp_ultimate_email_marketer_project -- wp_ultimate_email_marketerMultiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) listname or (2) contact parameter.2014-07-024.3CVE-2014-4600
MISC
MISCwpcb_project -- wpcbCross-site scripting (XSS) vulnerability in facture.php in the WPCB plugin 2.4.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.2014-07-024.3CVE-2014-4581
MISCwu-rating_project -- wu-ratingCross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu-Rating plugin 1.0 12319 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the v parameter.2014-07-024.3CVE-2014-4601
MISCxen_carousel_plugin_project -- xen_carouselMultiple cross-site scripting (XSS) vulnerabilities in xencarousel-admin.js.php in the XEN Carousel plugin 0.12.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) ajaxpath parameter.2014-07-014.3CVE-2014-4602
MISCyahoo!_updates_for_wordpress_plugin_project -- yahoo!_updates_for_wordpress_pluginMultiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter.2014-07-024.3CVE-2014-4603
MISCyann_collet -- lz4Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than CVE-2014-4611.2014-07-035.0CVE-2014-4715
CONFIRM
CONFIRM
CONFIRM
MISCyour-text-manager_project -- your-text-managerCross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ytmpw parameter.2014-07-024.3CVE-2014-4604
MISCzdstatistics_project -- zdstatisticsCross-site scripting (XSS) vulnerability in cal/test.php in the ZdStatistics (zdstats) plugin 2.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter.2014-07-024.3CVE-2014-4605
MISCzeenshare_project -- zeenshareCross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php in the ZeenShare plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the zs_sid parameter.2014-07-024.3CVE-2014-4606
MISCBack to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- mac_os_xiBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file.2014-07-012.1CVE-2014-1317
APPLEapple -- iphone_osMail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition.2014-07-012.1CVE-2014-1348
BID
MISC
APPLEapple -- iphone_osSiri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.2014-07-013.6CVE-2014-1351
APPLEapple -- iphone_osLock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.2014-07-011.9CVE-2014-1352
APPLEapple -- iphone_osLock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors.2014-07-013.6CVE-2014-1353
APPLEapple -- iphone_osLockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.2014-07-012.1CVE-2014-1360
APPLEapple -- mac_os_xIntel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.2014-07-012.1CVE-2014-1375
APPLEapple -- mac_os_xIOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.2014-07-012.1CVE-2014-1378
APPLEapple -- mac_os_xThe Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input.2014-07-012.6CVE-2014-1380
APPLEd-bus_project -- d-busThe dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.2014-07-012.1CVE-2014-3477
CONFIRM
BIDemc -- documentum_eroomMultiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-06-303.5CVE-2014-2512
BUGTRAQhp -- enterprise_mapsHP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE) issue.2014-06-283.5CVE-2014-4669
BID
FULLDISC
MISCibm -- tivoli_application_dependency_discovery_managerDirectory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors.2014-07-013.5CVE-2013-3004
XFibm -- marketing platformCross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-06-273.5CVE-2013-6310
XFstoresprite -- storespriteCross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to brand.php, related to the currencyUrl function.2014-07-022.6CVE-2014-3737
MISC
BID
BUGTRAQ
SECUNIA
MISCBack to top

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-181: Vulnerability Summary for the Week of June 23, 2014

Mon, 06/30/2014 - 13:15
Original release date: June 30, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocacti -- superlinksSQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.2014-06-257.5CVE-2014-4644freefloat -- freefloat_ftp_serverStack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.2014-06-2010.0CVE-2012-5106hans_alshoff -- minalicMultiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c.2014-06-207.5CVE-2012-0273ibm -- security_access_manager_for_mobile_softwareThe Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.2014-06-218.0CVE-2014-3053ibm -- security_access_manager_for_mobile_softwareUnspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors.2014-06-2110.0CVE-2014-3073linux -- linux_kernelThe capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.2014-06-237.2CVE-2014-4014redhat -- openshiftcartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.2014-06-2010.0CVE-2014-3496theforeman -- foremanThe Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.2014-06-207.5CVE-2014-0007Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info12net -- login_rebuilderCross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users.2014-06-256.8CVE-2014-3882cisco -- webex_meetings_serverThe XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527.2014-06-214.0CVE-2014-3296cisco -- iosCisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745.2014-06-256.8CVE-2014-3299coreftp -- core_ftpMultiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command.2014-06-255.0CVE-2014-4643d-link -- dir-601Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors.2014-06-205.0CVE-2011-4821d-link -- dsl-2760u-e1Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.2014-06-254.3CVE-2014-4645emailarchitect -- emailarchitect_email_serverMultiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.2014-06-204.3CVE-2012-2591gnupg -- gnupgThe do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.2014-06-255.0CVE-2014-4617ibm -- storwize_unified_v7000_softwareIBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied.2014-06-214.0CVE-2013-6737linux -- linux_kernelThe __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.2014-06-234.9CVE-2014-0203linux -- linux_kernelarch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.2014-06-234.6CVE-2014-4157linux -- linux_kernelmm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.2014-06-234.7CVE-2014-4171linux -- linux_kernelarch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.2014-06-234.7CVE-2014-4508linuxfoundation -- cups-filtersThe generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.2014-06-225.8CVE-2014-4336linuxfoundation -- cups-filtersThe process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.2014-06-224.3CVE-2014-4337linuxfoundation -- cups-filterscups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.2014-06-224.0CVE-2014-4338longtailvideo -- jw_player_for_flash_&_html5_video_pluginCross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.2014-06-256.8CVE-2014-4030novell -- identity_managerThe MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters.2014-06-214.6CVE-2014-4509roger_padilla_camacho -- easy_breadcrumbCross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-204.3CVE-2014-4505sophos -- enterprise_consoleSophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen.2014-06-254.7CVE-2014-2005symantec -- encryption_desktopSymantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.2014-06-214.3CVE-2014-3431symantec -- data_insightCross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.2014-06-274.3CVE-2014-3432symantec -- data_insightCross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue.2014-06-274.3CVE-2014-3433theforeman -- foremanDirectory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.2014-06-206.4CVE-2014-4507wayne_allen -- postieCross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email.2014-06-204.3CVE-2012-2580webmin -- userminUsermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.2014-06-216.8CVE-2014-3883wp_simplemail_project -- wp_simplemailMultiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email.2014-06-204.3CVE-2012-2579Back to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoibm -- security_access_manager_for_web_applianceThe reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.2014-06-213.3CVE-2014-3052linux -- linux_kernelArray index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.2014-06-252.1CVE-2014-0206linux -- linux_kernelThe media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.2014-06-231.7CVE-2014-1739linux -- linux_kernelThe rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.2014-06-232.3CVE-2014-4027louis_jimenez -- custom_metaCross-site scripting (XSS) vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 allows remote authenticated users with the "administer custom meta settings" permission to inject arbitrary web script or HTML via (1) an attribute or (2) content value for a meta tag.2014-06-202.1CVE-2014-4506phpmyadmin -- phpmyadminMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.2014-06-253.5CVE-2014-4348phpmyadmin -- phpmyadminMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.2014-06-253.5CVE-2014-4349samba -- sambaThe sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.2014-06-233.3CVE-2014-0244samba -- sambaThe push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.2014-06-232.7CVE-2014-3493Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-174: Vulnerability Summary for the Week of June 16, 2014

Mon, 06/23/2014 - 13:16
Original release date: June 23, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- photoshop_cs5Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element.2014-06-199.3CVE-2012-2052alienvault -- open_source_security_information_managementThe av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.2014-06-1310.0CVE-2014-3804alienvault -- open_source_security_information_managementThe av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.2014-06-1310.0CVE-2014-3805alienvault -- open_source_security_information_managementThe av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.2014-06-1810.0CVE-2014-4151alienvault -- open_source_security_information_managementThe av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.2014-06-1810.0CVE-2014-4152alienvault -- open_source_security_information_managementThe av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.2014-06-187.8CVE-2014-4153belkin -- n150_f9k1009Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.2014-06-197.8CVE-2014-2962cisco -- asr_9001Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed IPv6 packets, aka Bug ID CSCun71928.2014-06-147.1CVE-2014-2176citrix -- access_gateway_plug-inHeap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header.2014-06-189.3CVE-2011-2592hp -- service_virtualizationDirectory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.2014-06-1810.0CVE-2013-6221hp -- executive_scorecardThe Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.2014-06-1910.0CVE-2014-2609hp -- executive_scorecardDirectory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117.2014-06-197.1CVE-2014-2610hp -- executive_scorecardDirectory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120.2014-06-199.0CVE-2014-2611huawei -- campus_series_switch_softwareMultiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.2014-06-177.8CVE-2014-4190jogamp -- joalMultiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, as used in JOGAMP, allow context-dependent attackers to execute arbitrary code via a crafted parameter to the (1) alAuxiliaryEffectSlotf1, (2) alBuffer3f1, (3) alBufferfv1, (4) alDeleteEffects1, (5) alEffectf1, (6) alEffectfv1, (7) alEffectiv1, (8) alEnable1, (9) alFilterfv1, (10) alFilteriv1, (11) alGenAuxiliaryEffectSlots1, (12) alGenEffects1, (13) alGenFilters1, (14) alGenSources1, (15) alGetAuxiliaryEffectSlotiv1, (16) alGetBuffer3f1, (17) alGetBuffer3i1, (18) alGetBufferf1, (19) alGetBufferiv1, (20) alGetDoublev1, (21) alGetEffectf1, (22) alGetEffectfv1, (23) alGetEffectiv1, (24) alGetEnumValue1, (25) alGetFilteri1, (26) alGetFilteriv1, (27) alGetFloat1, (28) alGetFloatv1, (29) alGetListener3f1, (30) alGetListener3i1, (31) alGetListenerf1, (32) alGetListeneri1, (33) alGetListeneriv1, (34) alGetProcAddress1, (35) alGetProcAddressStatic, (36) alGetSource3f1, (37) alGetSource3i1, (38) alGetSourcef1, (39) alGetSourcefv1, (40) alGetSourcei1, (41) alGetSourceiv1, (42) alGetString1java/lang/String;, (43) alIsAuxiliaryEffectSlot1, (44) alIsBuffer1, (45) alIsEffect1, (46) alIsExtensionPresent1, (47) alIsFilter1, (48) alListener3f1, (49) alListener3i1, (50) alListenerf1, (51) alListenerfv1, (52) alListeneri1, (53) alListeneriv1, (54) alSource3f1, (55) alSource3i1, (56) alSourcef1, (57) alSourcefv1, (58) alSourcei1, (59) alSourceiv1, (60) alSourcePause1, (61) alSourcePausev1, (62) alSourcePlay1, (63) alSourcePlayv1, (64) alSourceQueueBuffers1, (65) alSourceRewindv1, (66) alSourceStop1, (67) alSourceStopv1, (68) alSourceUnqueueBuffers1, or (69) alSpeedOfSound1 method in jogamp.openal.ALImpl.dispatch.2014-06-1310.0CVE-2013-4099juniper -- netscreen-5200Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup.2014-06-137.8CVE-2014-3813juniper -- netscreen-5200The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP.2014-06-137.8CVE-2014-3814justsystems -- ichitaroJustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.2014-06-167.6CVE-2014-2003microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.2014-06-199.3CVE-2014-2782nice -- recording_expressMultiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-06-187.5CVE-2014-4305novell -- open_enterprise_serverDirectory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors.2014-06-1810.0CVE-2014-0598senkas -- kolibriStack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request.2014-06-137.5CVE-2010-5301senkas -- kolibriStack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.2014-06-137.5CVE-2014-4158symantec -- web_gatewaySNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.2014-06-187.9CVE-2013-5017ubi -- rayman_legendsStack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001.2014-06-197.5CVE-2014-4334webtitan -- webtitanSQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.2014-06-187.5CVE-2014-4307wireshark -- wiresharkwiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet.2014-06-189.3CVE-2014-4174Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoajenti -- ajentiMultiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.2014-06-184.3CVE-2014-4301algosec -- fireflowCross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html.2014-06-164.3CVE-2014-4164apache -- myfacesMultiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.2014-06-195.0CVE-2011-4367apache -- open_for_business_projectMultiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information.2014-06-194.3CVE-2012-1621arris -- sbg901Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter.2014-06-196.8CVE-2014-3778axigen -- axigen_mail_serverCross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.2014-06-184.3CVE-2012-2592barracudadrive -- barracudadriveMultiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) host or (2) password parameter to rtl/protected/admin/ddns/.2014-06-194.3CVE-2014-4335boonex -- dolphinSQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.2014-06-196.5CVE-2014-3810boonex -- dolphinCross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.2014-06-196.8CVE-2014-4333c-board_moyuku_project -- c-board_moyukuCross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-144.3CVE-2014-2002canonical -- ubuntu_linuxThe OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.2014-06-195.0CVE-2013-1068cisco -- adaptive_security_appliance_softwareThe WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520.2014-06-184.0CVE-2014-2151cisco -- ios_xeThe mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867.2014-06-144.8CVE-2014-3290cisco -- nx-osThe HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.2014-06-144.8CVE-2014-3295clip-bucket -- clipbucketCross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field.2014-06-174.3CVE-2014-4187debian -- aptAPT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.2014-06-174.0CVE-2014-0478digium -- asteriskThe Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.2014-06-174.3CVE-2014-4045digium -- asteriskAsterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.2014-06-176.5CVE-2014-4046digium -- asteriskAsterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.2014-06-175.0CVE-2014-4047digium -- asteriskThe PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.2014-06-174.3CVE-2014-4048echoping_project -- echopingMultiple buffer overflows in readline.c in Echoping 6.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted reply in the (1) TLS_readline or (2) SSL_readline function, related to the EchoPingHttps Smokeping probe.2014-06-166.8CVE-2010-5111emc -- rsa_bsafe_toolkitsThe default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change.2014-06-175.8CVE-2013-6078emc -- rsa_bsafe-c_toolkitsThe TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.2014-06-175.0CVE-2014-4191emc -- rsa_bsafe-c_toolkitsThe Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.2014-06-175.0CVE-2014-4192emc -- rsa_bsafe-java_toolkitsThe TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755.2014-06-175.0CVE-2014-4193f5 -- arx_data_managerSQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2014-06-186.5CVE-2014-2949featured_comments_plugin_project -- featured_commentsMultiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.2014-06-166.8CVE-2014-4163ham3d -- ham3d_shop_engineCross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter.2014-06-184.3CVE-2014-4302hitachi -- jp1/performance_management-manager_web_optionCross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.2014-06-176.8CVE-2014-4188hitachi -- jp1/performance_management-manager_web_optionCross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-174.3CVE-2014-4189ibm -- pureapplication_systemIBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine.2014-06-146.6CVE-2014-0960iij -- seil/b1The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 through 3.10, SEIL/X1 routers 1.00 through 4.50, SEIL/X2 routers 1.00 through 4.50, SEIL/B1 routers 1.00 through 4.50, SEIL/Turbo routers 1.80 through 2.17, and SEIL/neu 2FE Plus routers 1.80 through 2.17 allows remote attackers to cause a denial of service (session termination or concentrator outage) via a crafted TCP packet.2014-06-165.0CVE-2014-2004isc -- bindlibdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.2014-06-135.0CVE-2014-3859jreast -- jr_east_japanThe East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.2014-06-195.8CVE-2014-2001juniper -- fips_infranet_controller_6500The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain sensitive information by sniffing the network.2014-06-135.0CVE-2014-3812microsoft -- malware_protection_enginempengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file.2014-06-184.3CVE-2014-2779mindreantre -- threewp_email_reflectorCross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.2014-06-194.3CVE-2012-2572nice -- recording_expressMultiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame parameter to (2) iframe.picker.statchannels.asp, (3) iframe.picker.channelgroups.asp, (4) iframe.picker.extensions.asp, (5) iframe.picker.licenseusergroups.asp, (6) iframe.picker.licenseusers.asp, (7) iframe.picker.lookup.asp, or (8) iframe.picker.marks.asp in _ifr/.2014-06-184.3CVE-2014-4308novell -- open_enterprise_serverCross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-184.3CVE-2014-0599ntop -- ntopCross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.2014-06-164.3CVE-2014-4165ntop -- ntopngCross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter.2014-06-194.3CVE-2014-4329openafs -- openafsOpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests.2014-06-175.0CVE-2014-4044openfiler -- openfilerMultiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenticated users to inject arbitrary web script or HTML via the (2) MaxInstances, (3) PassivePorts, (4) Port, (5) ServerName, (6) TimeoutLogin, (7) TimeoutNoTransfer, or (8) TimeoutStalled parameter to admin/services_ftp.html; the (9) dns1 or (10) dns2 parameter to admin/system.html; the (11) newTgtName parameter to admin/volumes_iscsi_targets.html; the User-Agent HTTP header to (12) language.html, (13) login.html, or (14) password.html in account/; or the User-Agent HTTP header to (15) account_groups.html, (16) account_users.html, (17) services.html, (18) services_ftp.html, (19) services_iscsi_target.html, (20) services_rsync.html, (21) system_clock.html, (22) system_info.html, (23) system_ups.html, (24) volumes_editpartitions.html, or (25) volumes_iscsi_targets.html in admin/.2014-06-184.3CVE-2014-4309openstack -- keystoneOpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.2014-06-176.0CVE-2014-3476php -- phpHeap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.2014-06-185.1CVE-2014-4049powerpc-utils_project -- powerpc-utilssnap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.2014-06-175.0CVE-2014-4040ppc64-diag_project -- ppc64-diagppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.2014-06-174.4CVE-2014-4038puppetlabs -- puppetPuppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes.2014-06-175.0CVE-2014-3249redhat -- enterprise_linuxA certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.2014-06-145.0CVE-2014-0186reviewboard -- djbletsCross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.2014-06-164.3CVE-2014-3994reviewboard -- djbletsCross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.2014-06-164.3CVE-2014-3995sap -- supplier_relationship_managementOpen redirect vulnerability in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.2014-06-135.8CVE-2014-4159sap -- netweaver_business_clientMultiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter.2014-06-134.3CVE-2014-4160sap -- supplier_relationship_managementCross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter.2014-06-134.3CVE-2014-4161shoutcast -- dnasCross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.2014-06-164.3CVE-2014-4166sqlbuddy -- sql_buddyCross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter.2014-06-184.3CVE-2014-4304symantec -- web_gatewaySQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2014-06-185.2CVE-2014-1650symantec -- web_gatewaySQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-06-185.8CVE-2014-1651synametrics -- xeamsCross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email.2014-06-194.3CVE-2012-2569ulli_horlacher -- fexMultiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc.2014-06-184.3CVE-2014-3876ulli_horlacher -- fexIncomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.2014-06-184.3CVE-2014-3877webtitan -- webtitanDirectory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action.2014-06-185.0CVE-2014-4306wireshark -- wiresharkThe dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2014-06-184.3CVE-2014-4020yealink -- voip_phoneCross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet.2014-06-164.3CVE-2014-3428zte -- zxv10_w300Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.2014-06-196.8CVE-2014-4155zyxel -- p-660hwMultiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1.2014-06-166.8CVE-2014-4162Back to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infodrupac -- touchMultiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to the (1) Twitter and (2) Facebook username settings.2014-06-182.1CVE-2014-4303ibm -- websphere_portalCross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-06-183.5CVE-2014-0910ibm -- curam_social_program_managementMultiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs.2014-06-183.5CVE-2014-3012ibm -- curam_social_program_managementMultiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer.2014-06-183.5CVE-2014-3013ntt -- 050_plusThe NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files.2014-06-182.6CVE-2014-2000ppc64-diag_project -- ppc64-diagppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.2014-06-172.1CVE-2014-4039symantec -- web_gatewayMultiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters.2014-06-182.9CVE-2014-1652xen -- xenXen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.2014-06-182.7CVE-2014-4021Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-167: Vulnerability Summary for the Week of June 9, 2014

Mon, 06/16/2014 - 13:16
Original release date: June 16, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaas9 -- zerocmsSQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.2014-06-117.5CVE-2014-4034adobe -- adobe_airAdobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0535.2014-06-117.5CVE-2014-0534adobe -- adobe_airAdobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0534.2014-06-117.5CVE-2014-0535adobe -- adobe_airAdobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.2014-06-1110.0CVE-2014-0536condor_project -- condorThe standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.2014-06-0610.0CVE-2012-5390directfb -- directfbMultiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.2014-06-1110.0CVE-2014-2977directfb -- directfbThe Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.2014-06-1110.0CVE-2014-2978emc -- documentum_content_serverEMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.2014-06-088.5CVE-2014-2506emc -- documentum_content_serverEMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods.2014-06-088.5CVE-2014-2507emc -- documentum_content_serverEMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.2014-06-087.5CVE-2014-2508google -- chromeUse-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown.2014-06-117.5CVE-2014-3154google -- chromeBuffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc.2014-06-117.5CVE-2014-3156google -- chromeHeap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.2014-06-117.5CVE-2014-3157jojocms -- jojo-cmsSQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/.2014-06-097.5CVE-2013-3081libav -- libavMultiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.2014-06-0610.0CVE-2014-3984mark_evans -- dragonfly_gemThe Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.2014-06-097.5CVE-2013-1756microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.2014-06-119.3CVE-2014-0282microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.2014-06-119.3CVE-2014-1769microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.2014-06-119.3CVE-2014-1772microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.2014-06-119.3CVE-2014-1773microsoft -- internet_explorerMicrosoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1788 and CVE-2014-2754.2014-06-119.3CVE-2014-1774microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.2014-06-119.3CVE-2014-1775microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.2014-06-119.3CVE-2014-1779microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.2014-06-119.3CVE-2014-1780microsoft -- internet_explorerMicrosoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1792, CVE-2014-1804, and CVE-2014-2770.2014-06-119.3CVE-2014-1781microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.2014-06-119.3CVE-2014-1782microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.2014-06-119.3CVE-2014-1783microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.2014-06-119.3CVE-2014-1784microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.2014-06-119.3CVE-2014-1785microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.2014-06-119.3CVE-2014-1786microsoft -- internet_explorerMicrosoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1774 and CVE-2014-2754.2014-06-119.3CVE-2014-1788microsoft -- internet_explorerMicrosoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1790.2014-06-119.3CVE-2014-1789microsoft -- internet_explorerMicrosoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1789.2014-06-119.3CVE-2014-1790microsoft -- internet_explorerMicrosoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-06-119.3CVE-2014-1791microsoft -- internet_explorerMicrosoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1781, CVE-2014-1804, and CVE-2014-2770.2014-06-119.3CVE-2014-1792microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.2014-06-119.3CVE-2014-1794microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.2014-06-119.3CVE-2014-1795microsoft -- internet_explorerMicrosoft Internet Explorer 6 and 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-06-119.3CVE-2014-1796microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.2014-06-119.3CVE-2014-1797microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1803, and CVE-2014-2757.2014-06-119.3CVE-2014-1799microsoft -- internet_explorerMicrosoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-06-119.3CVE-2014-1800microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.2014-06-119.3CVE-2014-1802microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-2757.2014-06-119.3CVE-2014-1803microsoft -- internet_explorerMicrosoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1781, CVE-2014-1792, and CVE-2014-2770.2014-06-119.3CVE-2014-1804microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.2014-06-119.3CVE-2014-1805microsoft -- windows_7usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EMF+ record in a font file, aka "Unicode Scripts Processor Vulnerability."2014-06-119.3CVE-2014-1817microsoft -- windows_7GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code via a crafted EMF+ record in an image file, aka "GDI+ Image Parsing Vulnerability."2014-06-119.3CVE-2014-1818microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.2014-06-119.3CVE-2014-2753microsoft -- internet_explorerMicrosoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1774 and CVE-2014-1788.2014-06-119.3CVE-2014-2754microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.2014-06-119.3CVE-2014-2755microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.2014-06-119.3CVE-2014-2756microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-1803.2014-06-119.3CVE-2014-2757microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.2014-06-119.3CVE-2014-2758microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.2014-06-119.3CVE-2014-2759microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.2014-06-119.3CVE-2014-2760microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2772, and CVE-2014-2776.2014-06-119.3CVE-2014-2761microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.2014-06-119.3CVE-2014-2763microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2769, and CVE-2014-2771.2014-06-119.3CVE-2014-2764microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2766, and CVE-2014-2775.2014-06-119.3CVE-2014-2765microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, and CVE-2014-2775.2014-06-119.3CVE-2014-2766microsoft -- internet_explorerMicrosoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."2014-06-119.3CVE-2014-2767microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2773.2014-06-119.3CVE-2014-2768microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, and CVE-2014-2771.2014-06-119.3CVE-2014-2769microsoft -- internet_explorerMicrosoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1781, CVE-2014-1792, and CVE-2014-1804.2014-06-119.3CVE-2014-2770microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, and CVE-2014-2769.2014-06-119.3CVE-2014-2771microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, and CVE-2014-2776.2014-06-119.3CVE-2014-2772microsoft -- internet_explorerMicrosoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2768.2014-06-119.3CVE-2014-2773microsoft -- internet_explorerMicrosoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, and CVE-2014-2766.2014-06-119.3CVE-2014-2775microsoft -- internet_explorerMicrosoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, and CVE-2014-2772.2014-06-119.3CVE-2014-2776microsoft -- internet_explorerMicrosoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778.2014-06-117.5CVE-2014-2777microsoft -- office_compatibility_packMicrosoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc or (2) .docx document, aka "Embedded Font Vulnerability."2014-06-119.3CVE-2014-2778mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2014-06-1110.0CVE-2014-1533mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2014-06-1110.0CVE-2014-1534mozilla -- firefoxThe PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.2014-06-1110.0CVE-2014-1536mozilla -- firefoxUse-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.2014-06-1110.0CVE-2014-1537mozilla -- firefoxUse-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.2014-06-1110.0CVE-2014-1538mozilla -- firefoxUse-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.2014-06-119.3CVE-2014-1540mozilla -- firefoxUse-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.2014-06-1110.0CVE-2014-1541mozilla -- firefoxMultiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.2014-06-117.5CVE-2014-1543mozilla -- netscape_portable_runtimeMozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.2014-06-1110.0CVE-2014-1545mplayer2 -- mplayer2Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.2014-06-119.3CVE-2011-3625myheritage -- sequeryobject_activex_controlMultiple array index errors in the MyHeritage SEQueryObject ActiveX control (SearchEngineQuery.dll) 1.0.2.0 allow remote attackers to execute arbitrary code via the (1) seTokensArray, or (2) seTokensValuesArray parameter to the AddTokens method; (3) seLastNameTokensArray parameter to the AddLastNameTokens method; (4) seFrameIdArray, (5) seSourceIdArray, (6) seHasBreakdownArray, (7) seIsIndexedArray, (8) seAllConcatArray, (9) seRefererURLArray, or (10) seMandatoryFieldsArray parameter to the AddMultipleSearches method; (11) seSourceIdArray, (12) seIsIndexedArray, (13) seAllConcatArray, (14) seRefererURLArray, (15) seQATestsArray, (16) seAllSourceIDsArray, (17) seAllSourceTitlesArray, (18) seMandatoryFieldsArray, or (19) seAllSourceRootURLArray parameter to the TestYourself method.2014-06-069.3CVE-2013-2602offis -- dcmtk(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.2014-06-107.2CVE-2013-6825redhat -- enterprise_mrgThe futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.2014-06-077.2CVE-2014-3153rocketsoftware -- rocket_servergraphThe userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.2014-06-1110.0CVE-2014-3915samsung -- ipolis_device_managerSamsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.2014-06-119.3CVE-2014-3911sap -- netweaverThe System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.2014-06-097.5CVE-2014-4003vinay_sajip -- python-gnupgpython-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.2014-06-097.5CVE-2013-7323Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- adobe_airCross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533.2014-06-114.3CVE-2014-0531adobe -- adobe_airCross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0533.2014-06-114.3CVE-2014-0532adobe -- adobe_airCross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0532.2014-06-114.3CVE-2014-0533autocomplete_widgets_project -- autocomplete_widgetsThe autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors.2014-06-094.0CVE-2013-1973bestsoftinc -- advance_hotel_booking_systemCross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.2014-06-114.3CVE-2014-4035castor_project -- castorThe default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.2014-06-114.3CVE-2014-3004cisco -- unified_communications_domain_managerThe web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to enumerate accounts by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun39619 and CSCun45572.2014-06-085.0CVE-2014-3278cisco -- unified_communications_domain_managerThe web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101.2014-06-085.0CVE-2014-3281cisco -- webex_meetings_serverThe web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661.2014-06-085.0CVE-2014-3286cisco -- unified_communications_managerSQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.2014-06-104.0CVE-2014-3287cisco -- content_security_management_applianceCross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.2014-06-104.3CVE-2014-3289cisco -- wireless_lan_controllerCisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321.2014-06-085.7CVE-2014-3291cisco -- unified_communications_managerThe Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.2014-06-105.5CVE-2014-3292cisco -- webex_meetings_serverCisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81691.2014-06-104.0CVE-2014-3294ckeditor -- fckeditorCross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000.2014-06-114.3CVE-2014-4037cloudera -- cloudera_managerCloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API.2014-06-104.0CVE-2014-0220conversion_ninja -- conversion_ninjaCross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.2014-06-104.3CVE-2014-4017corosync -- corosyncThe init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.2014-06-065.0CVE-2013-0250daiki_ueno -- libfeplibfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors.2014-06-114.6CVE-2014-3980ddsn -- cm3_acora_content_management_systemDDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.2014-06-065.0CVE-2013-4724ddsn -- cm3_acora_content_management_systemDDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.2014-06-065.0CVE-2013-4725ddsn -- cm3_acora_content_management_systemDDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.2014-06-065.0CVE-2013-4727ddsn -- cm3_acora_content_management_systemDDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.2014-06-065.0CVE-2013-4728devexpress -- aspxfilemanager_control_for_webforms_and_mvcDirectory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.2014-06-066.5CVE-2014-2575dotclear -- dotclearThe dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.2014-06-115.8CVE-2014-3781dotclear -- dotclearMultiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.2014-06-116.0CVE-2014-3782efrontlearning -- efrontCross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.2014-06-114.3CVE-2014-4033fail2ban -- fail2banThe (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.2014-06-104.7CVE-2009-5023fiyo -- fiyo_cmsCross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field.2014-06-114.3CVE-2014-4032freebsd -- freebsdThe (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.2014-06-104.9CVE-2014-3880gnu -- gnutlsThe gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.2014-06-105.0CVE-2014-3465gomlab -- gom_media_playerGOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.2014-06-104.3CVE-2014-3216google -- chromenet/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.2014-06-115.0CVE-2014-3155gordon_heydon -- secure_pagesThe Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page.2014-06-095.0CVE-2013-4595ibm -- connectionsCross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions.2014-06-086.0CVE-2014-0929ibm -- security_appscan_sourceIBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.2014-06-084.3CVE-2014-0936ibm -- security_identity_managerCross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.2014-06-086.0CVE-2014-0961ibm -- api_managementUnspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive information, via unknown vectors.2014-06-084.3CVE-2014-3036ibm -- cics_transaction_serverIBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) by using a 3270 emulator to send an invalid 3270 data stream.2014-06-104.0CVE-2014-3042ibm -- system_storage_virtualization_engine_ts7700Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command.2014-06-086.0CVE-2014-3048ibm -- aixlibodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.2014-06-086.9CVE-2014-3977impresscms -- impresscmsCross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.2014-06-114.3CVE-2014-4036jasig -- phpcasphpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2014-06-065.8CVE-2012-5583jojocms -- jojo-cmsCross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_password.php in Jojo before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter to forgot-password/.2014-06-094.3CVE-2013-3082jzip -- jzipStack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.2014-06-116.8CVE-2010-5300mambo-foundation -- mambo_cmsMambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.2014-06-095.0CVE-2013-2564member_approval_plugin_project -- member_approvalCross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php.2014-06-116.8CVE-2014-3850microsoft -- windows_7The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify session content by sending crafted RDP packets, aka "RDP MAC Vulnerability."2014-06-115.1CVE-2014-0296microsoft -- internet_explorerSChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability."2014-06-116.8CVE-2014-1771microsoft -- internet_explorerMicrosoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."2014-06-114.3CVE-2014-1777microsoft -- internet_explorerMicrosoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-2777.2014-06-116.8CVE-2014-1778microsoft -- windows_7The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (non-paged pool memory consumption and system hang) via malformed data in the Options field of a TCP header, aka "TCP Denial of Service Vulnerability."2014-06-115.0CVE-2014-1811microsoft -- xml_core_servicesMicrosoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local usernames embedded in these pathnames via a crafted web site, aka "MSXML Entity URI Vulnerability."2014-06-114.3CVE-2014-1816microsoft -- lync_serverCross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."2014-06-114.3CVE-2014-1823misery_project -- misery_6.x-2.0The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests.2014-06-094.3CVE-2013-4599mozilla -- firefoxMozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.2014-06-115.0CVE-2014-1539mozilla -- firefoxBuffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.2014-06-116.8CVE-2014-1542qnap -- photo_stationQNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php.2014-06-095.0CVE-2013-5760rik_de_boer -- revisioningThe Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors.2014-06-094.0CVE-2013-4597sap -- project_systemThe (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-06-095.0CVE-2014-4004sap -- brazilSAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-06-095.0CVE-2014-4005sap -- oil_industry_solution_traders_and_schedulers_workbenchThe SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-06-095.0CVE-2014-4006sap -- upgrade_toolsThe SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-06-095.0CVE-2014-4007sap -- web_services_toolSAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-06-095.0CVE-2014-4008sap -- computing_center_management_system_monitoringSAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-06-095.0CVE-2014-4009sap -- transaction_data_poolSAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-06-095.0CVE-2014-4010sap -- capacity_levelingSAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-06-095.0CVE-2014-4011sap -- open_hub_serviceSAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-06-095.0CVE-2014-4012Back to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisofy -- lynisinclude/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.2014-06-083.3CVE-2014-3982cisofy -- lynisinclude/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.2014-06-083.3CVE-2014-3986fedoraproject -- sssdThe System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.2014-06-113.3CVE-2014-0249freebsd -- freebsdThe ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace.2014-06-102.1CVE-2014-3873ibm -- spss_modelerIBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows local users to bypass intended file-access restrictions by leveraging (1) gid 0 or (2) root's group memberships.2014-06-083.6CVE-2014-3038livezilla -- livezillaLiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.2014-06-092.1CVE-2013-6223mambo-foundation -- mambo_cmsMambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.2014-06-092.1CVE-2013-2562mambo-foundation -- mambo_cmsMambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.2014-06-092.1CVE-2013-2563mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.2014-06-062.6CVE-2014-3966php -- phpacinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.2014-06-083.3CVE-2014-3981pulseaudio -- pulseaudioThe pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.2014-06-112.9CVE-2014-3970Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-160: Vulnerability Summary for the Week of June 2, 2014

Mon, 06/09/2014 - 14:32
Original release date: June 09, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoajaydsouza -- contextual_related_postsSQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-06-027.5CVE-2014-3937aten -- cn8000The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier allows remote attackers to cause a denial of service via unspecified vectors.2014-06-057.8CVE-2014-1997bitrix -- bitrix_e-store_moduleThe Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.2014-05-307.5CVE-2013-6788citrix -- vdi-in-a-boxUnspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.2014-05-307.5CVE-2014-3780copadata -- zenon_dnp3_ng_driverCOPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow remote attackers to cause a denial of service (infinite loop and process crash) by sending a crafted DNP3 packet over TCP.2014-06-057.1CVE-2014-2345corel -- paintshop_pro_x5Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file.2014-06-059.3CVE-2013-0733cososys -- endpoint_protectorSQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.2014-06-027.5CVE-2014-3932d-link -- dir-505l_shareport_mobile_companionStack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.2014-06-0210.0CVE-2014-3936dell -- powervault_ml6000logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.2014-06-029.0CVE-2014-2959dleviet -- datalife_engineDataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.2014-06-027.5CVE-2013-1412emc -- documentum_digital_asset_managerThe thumbnail proxy server in EMC Documentum Digital Asset Manager (DAM) 6.5 SP3, 6.5 SP4, 6.5 SP5, and 6.5 SP6 before P13 allows remote attackers to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on querying objects via a crafted parameter in a query string.2014-06-057.5CVE-2014-2503ericom -- accessnow_serverStack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.2014-06-0410.0CVE-2014-3913frontaccounting -- frontaccountingMultiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-06-057.5CVE-2014-3973fruux -- sabredavSabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2055getid3 -- getid3getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2053ibm -- db2Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.2014-05-307.2CVE-2014-0907ingy -- spoonSpoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.2014-06-047.5CVE-2012-6143jochen_wiedmann -- html::epSession::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.2014-06-047.5CVE-2012-6142openstack -- neutronThe default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.2014-06-027.6CVE-2013-6433owncloud -- owncloudownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."2014-06-057.5CVE-2014-2051owncloud -- owncloudPHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2054owncloud -- owncloudPHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.2014-06-047.5CVE-2014-2056owncloud -- owncloudownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.2014-06-047.5CVE-2014-3834phpnuke -- php-nukeSQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.2014-06-027.5CVE-2014-3934radiothermostat -- ct50Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors.2014-06-058.3CVE-2013-4860rom_walton -- boincStack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.2014-06-029.3CVE-2013-2019rom_walton -- boincMultiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.2014-06-029.3CVE-2013-2298samsung -- ipolis_device_managerStack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value.2014-06-059.3CVE-2014-3912sensiolabs -- symfonyThe Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.2014-06-027.5CVE-2013-1348sensiolabs -- symfonySymfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.2014-06-027.5CVE-2013-1397stephen_adkins -- app::contextThe App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized.2014-06-047.5CVE-2012-6141videos_tube_project -- videos_tubeMultiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.2014-06-047.5CVE-2014-3962vmware -- vcenter_server_applianceRuby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.2014-06-019.0CVE-2014-3790xen -- xenXen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.2014-06-057.4CVE-2014-3969xnau -- participants_databaseSQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.2014-06-047.5CVE-2014-3961xoops -- glossaire_moduleSQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.2014-06-027.5CVE-2014-3935Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoa10networks -- advanced_core_operating_systemBuffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information.2014-06-055.0CVE-2014-3976ajaydsouza -- contextual_related_postsCross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.2014-06-026.8CVE-2013-2710alex_kellner -- powermailCross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-044.3CVE-2014-3948alfresco -- alfrescoMultiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit.2014-06-024.3CVE-2014-2939apache -- tomcatInteger overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.2014-05-315.0CVE-2014-0075apache -- tomcatjava/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.2014-05-315.0CVE-2014-0095apache -- tomcatjava/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2014-05-314.3CVE-2014-0096apache -- tomcatInteger overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.2014-05-314.3CVE-2014-0099apache -- tomcatApache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.2014-05-314.3CVE-2014-0119auracms -- auracmsCross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.2014-06-054.3CVE-2014-3974auracms -- auracmsAbsolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.2014-06-055.0CVE-2014-3975bottomline -- transform_foundation_serverMultiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI.2014-06-054.3CVE-2014-2577bufferapp -- digg_diggCross-site request forgery (CSRF) vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.2014-06-026.8CVE-2013-3258cisco -- unified_communications_domain_managerThe web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.2014-06-034.0CVE-2014-3280cogentdatahub -- cogent_datahubDirectory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname.2014-05-306.4CVE-2014-2352cogentdatahub -- cogent_datahubCross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-304.3CVE-2014-2353cogentdatahub -- cogent_datahubCogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.2014-05-305.0CVE-2014-2354copadata -- zenon_dnp3_ng_driverCOPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.11 SP0 build 10238 and zenon DNP3 Process Gateway (DNP3 outstation) 7.11 SP0 build 10238 and earlier allow physically proximate attackers to cause a denial of service (infinite loop and process crash) via crafted input over a serial line.2014-06-054.0CVE-2014-2346corel -- quattro_pro_x6The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file.2014-06-054.3CVE-2012-4728dancer -- dancerCRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526.2014-05-305.0CVE-2012-5572danielkorte -- nodeaccesskeysThe Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing.2014-06-025.8CVE-2013-4596debian -- dpkgdpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.2014-05-305.0CVE-2014-3227debian -- dpkg-devDirectory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.2014-05-305.0CVE-2014-3864debian -- dpkg-devMultiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.2014-05-305.0CVE-2014-3865digital_zoom_studio -- video_galleryMultiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allchars.swf, or (4) preview_skin_overlay.swf in deploy/.2014-05-304.3CVE-2014-3923dleviet -- datalife_engineSession fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.2014-06-026.8CVE-2013-7387emc -- rsa_adaptive_authentication_hostedCross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-044.3CVE-2014-2502f5 -- big-ip_access_policy_managerCross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.2014-06-034.3CVE-2014-3959getpixie -- pixieMultiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemail or (2) subject parameter in the Contact form to contact/.2014-06-044.3CVE-2014-3786gnu -- gnutlsBuffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.2014-06-036.8CVE-2014-3466gnu -- gnutlsMultiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 data.2014-06-054.3CVE-2014-3467gnu -- gnutlsThe asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.2014-06-056.8CVE-2014-3468gnu -- gnutlsThe (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.2014-06-054.3CVE-2014-3469huawei -- webuiCross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document.2014-06-026.8CVE-2014-2946ibm -- db2The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.2014-05-306.5CVE-2013-6744ibm -- smart_analytics_system_7700Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events.2014-06-044.6CVE-2014-0935ibm -- websphere_service_registry_and_repositoryCross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2014-05-304.3CVE-2014-3010ipswitch -- imail_serverMultiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section.2014-06-054.3CVE-2014-3878lucas_clemente_vella -- libpam-pgsqllibpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.2014-06-035.0CVE-2013-0191mediawiki -- mediawikiSession fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.2014-06-026.8CVE-2012-5391mediawiki -- mediawikiSession fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.2014-06-026.8CVE-2012-5395mediawiki -- mediawikimaintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.2014-06-025.0CVE-2013-1818n-i-agroinformatics -- soy_cmsCross-site scripting (XSS) vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-054.3CVE-2014-1998nero -- mediahomeMultiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow.2014-05-305.0CVE-2012-5876nero -- mediahomeNero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name.2014-05-305.0CVE-2012-5877network-weathermap -- .network_weathermapCross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.2014-06-054.3CVE-2013-2618network-weathermap -- .network_weathermapDirectory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.2014-06-055.0CVE-2013-3739openinfosecfoundation -- suricataSuricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.2014-05-305.0CVE-2013-5919opennms -- opennmsMultiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-06-044.3CVE-2014-3960openssl -- opensslThe dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.2014-06-056.8CVE-2014-0195openssl -- opensslThe dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.2014-06-054.3CVE-2014-0221openssl -- opensslOpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.2014-06-056.8CVE-2014-0224openssl -- opensslThe ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.2014-06-054.3CVE-2014-3470openstack -- keystoneOpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.2014-06-025.0CVE-2013-2014owncloud -- owncloudMultiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.2014-06-044.3CVE-2012-5056owncloud -- owncloudCRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.2014-06-044.3CVE-2012-5057owncloud -- owncloudlib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.2014-06-044.0CVE-2012-5336owncloud -- owncloudsettings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.2014-06-044.6CVE-2013-0204owncloud -- owncloudUnspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK.2014-06-055.0CVE-2013-0302owncloud -- owncloudownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.2014-06-054.0CVE-2013-0304owncloud -- owncloudThe installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.2014-06-045.0CVE-2013-1941owncloud -- owncloudCross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.2014-06-044.3CVE-2014-3832owncloud -- owncloudMultiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.2014-06-044.3CVE-2014-3833owncloud -- owncloudownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors.2014-06-045.5CVE-2014-3835owncloud -- owncloudMultiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.2014-06-046.8CVE-2014-3836owncloud -- owncloudThe document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.2014-06-044.0CVE-2014-3837owncloud -- owncloudownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.2014-06-044.0CVE-2014-3838owncloud -- owncloudownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors.2014-06-044.0CVE-2014-3963php -- phpThe cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.2014-06-015.0CVE-2014-0237php -- phpThe cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.2014-06-015.0CVE-2014-0238redhat -- openstackThe default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.2014-06-025.0CVE-2013-6470redhat -- openstackOpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.2014-06-024.3CVE-2014-0040redhat -- openstackOpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.2014-06-024.3CVE-2014-0041redhat -- openstackOpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.2014-06-024.3CVE-2014-0042redhat -- sossosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.2014-06-015.0CVE-2014-3925redhat -- enterprise_mrgThe Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.2014-06-054.0CVE-2014-3940rom_walton -- boincMultiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.2014-06-025.0CVE-2011-5280rom_walton -- boincFormat string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.2014-06-025.0CVE-2013-7386simple_popup_project -- simple_popupCross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter.2014-05-304.3CVE-2014-3921trend_micro -- interscan_messaging_security_virtual_applianceCross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.2014-05-304.3CVE-2014-3922trianglemicroworks -- scada_data_gatewayTriangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.2014-05-305.0CVE-2014-2342typo3 -- typo3TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."2014-06-035.0CVE-2014-3941typo3 -- typo3The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.2014-06-036.0CVE-2014-3942typo3 -- typo3The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.2014-06-035.8CVE-2014-3944typo3 -- typo3The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.2014-06-034.0CVE-2014-3945typo3 -- typo3The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.2014-06-034.0CVE-2014-3946vmware -- fusionVMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.2014-05-315.8CVE-2014-3793webmin -- userwinMultiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.2014-05-304.3CVE-2014-3924xen -- xenThe HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.2014-06-055.5CVE-2014-3967xen -- xenThe HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.2014-06-055.5CVE-2014-3968zemanta -- related_postsCross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.2014-06-026.8CVE-2013-3257zemanta -- related_postsCross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors.2014-06-026.8CVE-2013-3476znc -- zncZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp.2014-06-054.0CVE-2013-2130Back to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infodavid_bagley -- xlockmoreThe (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts.2014-05-302.1CVE-2013-4143ibm -- sterling_control_centerOpen redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.2014-05-303.5CVE-2014-0925jo_hasenau -- gridelementsCross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.2014-06-043.5CVE-2014-3949mate-desktop -- mate-settings-daemonThe default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call.2014-05-302.1CVE-2012-5560newsignature -- addressfield_tokensCross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field.2014-06-023.5CVE-2014-3933redhat -- rhevm-dwhThe setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.2014-05-302.1CVE-2014-0202redhat -- enterprise_mrgkernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.2014-06-053.3CVE-2014-3917sendmail -- sendmailThe sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.2014-06-041.9CVE-2014-3956trianglemicroworks -- scada_data_gatewayTriangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.2014-05-302.1CVE-2014-2343typo3 -- typo3Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.2014-06-033.5CVE-2014-3943Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-153: Vulnerability Summary for the Week of May 26, 2014

Mon, 06/02/2014 - 14:37
Original release date: June 02, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- nexus_7000Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.2014-05-257.1CVE-2013-1191cisco -- wide_area_application_servicesCisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.2014-05-259.3CVE-2014-2196cisco -- nx-osCisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629.2014-05-257.1CVE-2014-2200cisco -- mds_9000The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915.2014-05-257.8CVE-2014-2201cisco -- cgr_1120Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.2014-05-257.6CVE-2014-3261citrix -- cloudplatformCitrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors.2014-05-237.5CVE-2013-2757coscms -- coscmsThe uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.2014-05-238.5CVE-2013-1668d-link -- dap-1350Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.2014-05-277.5CVE-2014-3872emc -- documentum_d2EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method.2014-05-259.0CVE-2014-2504geodesicsolutions -- geocore_maxMultiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823.2014-05-277.5CVE-2014-3871hp -- operations_manager_iUnspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator role.2014-05-258.5CVE-2014-2607ibm -- websphere_commerceIBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request.2014-05-257.1CVE-2014-0943pandasecurity -- panda_av_pro_2014Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors.2014-05-237.2CVE-2014-3450squash -- square_squashThe Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb.2014-05-277.5CVE-2013-5036uplawski -- creme_fraicheThe set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.2014-05-279.3CVE-2013-2090wpshopstyling -- wp-ecommerce-shop-stylingPHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter.2014-05-277.5CVE-2013-0724Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- couchdbApache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.2014-05-236.8CVE-2012-5649apache -- hbaseApache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via unspecified vectors.2014-05-294.3CVE-2013-2193apache -- cloudstackApache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.2014-05-235.0CVE-2013-2756apache -- cloudstackApache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.2014-05-235.0CVE-2013-2758axway -- email_firewallAxway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests.2014-05-275.0CVE-2012-6452bib2html_project -- bib2htmlCross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php.2014-05-274.3CVE-2014-3870cisco -- security_managerCross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189.2014-05-254.3CVE-2014-3266cisco -- security_managerCross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427.2014-05-256.8CVE-2014-3267cisco -- tidal_enterprise_schedulerThe Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074.2014-05-256.0CVE-2014-3272cisco -- telepresence_system_softwareCisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.2014-05-254.3CVE-2014-3274cisco -- identity_services_engine_softwareSQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.2014-05-256.5CVE-2014-3275cisco -- identity_services_engine_softwareCisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.2014-05-254.0CVE-2014-3276cisco -- unified_communications_domain_managerThe Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005.2014-05-294.0CVE-2014-3277cisco -- unified_communications_domain_managerThe Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643.2014-05-295.0CVE-2014-3279cisco -- unified_communications_domain_managerThe Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930.2014-05-294.0CVE-2014-3282cisco -- unified_communications_domain_managerOpen redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731.2014-05-295.8CVE-2014-3283cisco -- asr_1001_routerCisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.2014-05-256.1CVE-2014-3284cisco -- wide_area_application_servicesCisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674.2014-05-295.0CVE-2014-3285davistribe -- google_doc_embedderDirectory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.2014-05-295.0CVE-2012-4915dovecot -- dovecotThe IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.2014-05-275.0CVE-2013-2111ekiga -- ekigaThe Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack."2014-05-234.3CVE-2013-1864emc -- rsa_archer_egrcMultiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-254.3CVE-2014-0639gentoo -- nullmailerThe Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.2014-05-235.0CVE-2013-4223glpi-project -- glpiinc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.2014-05-276.4CVE-2013-2225google_authenticator_login_project -- ga_loginThe Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors.2014-05-295.0CVE-2013-4177google_authenticator_login_project -- ga_loginThe Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password (OTP).2014-05-295.0CVE-2013-4178groups,_communities_and_co_project -- gccThe Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors.2014-05-275.0CVE-2013-4598ibm -- maximo_asset_managementCRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.2014-05-264.3CVE-2012-3333ibm -- sametimeUnspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.2014-05-265.0CVE-2013-3975ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.2014-05-264.3CVE-2013-3977ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room.2014-05-265.0CVE-2013-3980ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors.2014-05-265.0CVE-2013-3981ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.2014-05-265.0CVE-2013-3982ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.2014-05-265.0CVE-2013-3984ibm -- change_and_configuration_management_databaseSQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.2014-05-266.5CVE-2013-4016ibm -- maximo_asset_managementIBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors.2014-05-266.0CVE-2013-5464ibm -- change_and_configuration_management_databaseIBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.2014-05-266.5CVE-2013-5465ibm -- tivoli_storage_manager_for_virtual_environmentsThe Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (disk consumption) via unspecified GUI actions.2014-05-264.1CVE-2013-6713ibm -- tivoli_storage_flashcopy_managerThe FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.2014-05-264.1CVE-2013-6714ibm -- maximo_asset_managementIBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.2014-05-266.0CVE-2014-0849ibm -- java_sdkThe IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.2014-05-265.8CVE-2014-0878ibm -- maximo_asset_managementCross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.2014-05-264.3CVE-2014-0893ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie.2014-05-264.3CVE-2014-0906ibm -- sametimeCross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2014-05-264.3CVE-2014-3014ibm -- sametime_proxy_server_and_web_clientCross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.2014-05-256.8CVE-2014-3015ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984.2014-05-265.0CVE-2014-3867imember360 -- imember360The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.2014-05-235.0CVE-2014-3848imember360 -- imember360The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter.2014-05-234.3CVE-2014-3849izarc -- izarcIZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as demonstrated by unintended code execution prompted by a .jpg extension in the Central Directory and a .exe extension in the local file header.2014-05-276.8CVE-2014-2720jasig -- uportaluPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet.2014-05-296.5CVE-2014-3416jasig -- uportaluPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.2014-05-296.5CVE-2014-3417kieranoshea -- calendarCross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors.2014-05-276.8CVE-2013-2698krisonav -- krisonavCross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.2014-05-234.3CVE-2013-2712krisonav -- krisonavCross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.2014-05-236.8CVE-2013-2713libguestfs -- libguestfsDouble free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.2014-05-274.3CVE-2013-2124linux -- linux_kernelThe futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command.2014-05-264.9CVE-2012-6647mantisbt -- mantisbtMantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" match type.2014-05-275.0CVE-2013-1883modwsgi -- mod_wsgiThe mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.2014-05-276.2CVE-2014-0240moodle -- moodleMultiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests.2014-05-266.8CVE-2014-0213moodle -- moodlelogin/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.2014-05-266.8CVE-2014-0214moodle -- moodleThe blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML source.2014-05-264.0CVE-2014-0215moodle -- moodleThe My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block.2014-05-265.0CVE-2014-0216moodle -- moodleenrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL.2014-05-264.3CVE-2014-0217moodle -- moodleCross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-264.3CVE-2014-0218nullsoft -- winampWinamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.2014-05-234.3CVE-2014-3442openbsd -- opensmtpdOpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.2014-05-275.0CVE-2013-2125oswald_buddenhagen -- isyncIsync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2014-05-234.3CVE-2013-0289paul_mattes -- x3270x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.2014-05-275.8CVE-2012-5662redhat -- freeipaThe default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.2014-05-295.0CVE-2013-0199samba -- sambaThe internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.2014-05-285.0CVE-2014-0239sharetronix -- sharetronixCross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a user via the admin parameter to admin/administrators.2014-05-296.8CVE-2014-3414sharetronix -- sharetronixSQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group.2014-05-296.5CVE-2014-3415sosreport_project -- sosreportSOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.2014-05-294.3CVE-2014-0246usercake -- usercakeMultiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.2014-05-266.8CVE-2014-3866zemanta -- related_postsCross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors.2014-05-276.8CVE-2013-3477Back to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infohub_project -- hubThe am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.2014-05-273.6CVE-2014-0177ibm -- maximo_asset_managementfrontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.2014-05-263.5CVE-2013-2998ibm -- sametimeThe Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests.2014-05-262.9CVE-2013-3046ibm -- maximo_asset_managementIBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors.2014-05-263.5CVE-2013-5460ibm -- change_and_configuration_management_databaseIBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.2014-05-263.5CVE-2013-6741ibm -- change_and_configuration_management_databaseCross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.2014-05-263.5CVE-2014-0824ibm -- change_and_configuration_management_databaseCross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.2014-05-263.5CVE-2014-0825mayan-edms -- mayan_edmsMultiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form.2014-05-273.5CVE-2014-3840openstack -- heatOpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.2014-05-233.5CVE-2014-3801redhat -- rhevm-reportsThe setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.2014-05-292.1CVE-2014-0199redhat -- rhevm-reportsThe Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the file.2014-05-292.1CVE-2014-0200redhat -- rhevm-reportsovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files.2014-05-292.1CVE-2014-0201samba -- sambaSamba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.2014-05-283.5CVE-2014-0178Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical

SB14-146: Vulnerability Summary for the Week of May 19, 2014

Mon, 05/26/2014 - 21:12
Original release date: May 26, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocall-cc -- chickenBuffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.2014-05-207.5CVE-2014-3776canonical -- ltsp_display_managerThe default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allows remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.2014-05-2110.0CVE-2012-1166cogentdatahub -- cogent_datahubHeap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request.2014-05-227.5CVE-2014-3788cogentdatahub -- cogent_datahubGetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.2014-05-227.5CVE-2014-3789construtiva -- cis_manager_cmsSQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp.2014-05-207.5CVE-2014-3749controlsystemworks -- csworksSQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests.2014-05-207.5CVE-2014-2351efssoft -- easy_file_sharing_web_serverStack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.2014-05-2010.0CVE-2014-3791emerson -- deltavEmerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.2014-05-227.5CVE-2014-2350google -- chromeUse-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.2014-05-217.5CVE-2014-1743google -- chromeInteger overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation.2014-05-217.5CVE-2014-1744google -- chromeUse-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.2014-05-217.5CVE-2014-1745google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2014-05-217.5CVE-2014-1749google -- chromeInteger underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.2014-05-217.5CVE-2014-3152hanon -- faceidHanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.2014-05-2210.0CVE-2014-2938ibm -- websphere_portalIBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.2014-05-227.5CVE-2014-0954juniper -- network_and_security_manager_softwareUnspecified vulnerability in the NSM XDB service in NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors.2014-05-1910.0CVE-2014-3411juniper -- junos_spaceUnspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors.2014-05-2010.0CVE-2014-3412libgadu -- libgadulibgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.2014-05-227.5CVE-2014-3775microp_project -- micropStack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is probably caused by a separate, unnamed function.2014-05-227.5CVE-2010-5299microsoft -- internet_explorerUse-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.2014-05-229.3CVE-2014-1770openvas -- openvas_managerOpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.2014-05-197.5CVE-2013-6765openvas -- openvas_administratorOpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC.2014-05-197.5CVE-2013-6766realnetworks -- realplayerThe GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.2014-05-209.3CVE-2014-3444skyboxsecurity -- skybox_view_appliance_isoSkybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.2014-05-178.5CVE-2014-2084x2go -- x2go_serverx2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks.2014-05-209.0CVE-2013-7383yokogawa -- b/m9000_vp_softwareStack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.2014-05-168.3CVE-2014-0782Back to top

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1323apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1324apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1326apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1327apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1329apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1330apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1331apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1333apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1334apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1335apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1336apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1337apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1338apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1339apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1341apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1342apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1343apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.2014-05-226.8CVE-2014-1344apple -- safariWebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL.2014-05-225.0CVE-2014-1346apple -- itunesApple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.2014-05-184.4CVE-2014-1347barracudadrive -- barracudadriveMultiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) blog, (2) bloggeruser, or (3) bloggerpasswd parameter to private/manage/.2014-05-214.3CVE-2014-3807barracudadrive -- barracudadriveMultiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) role parameter to roles.lsp, (2) name parameter to user.lsp, (3) path parameter to wizard/setuser.lsp, (4) host parameter to tunnelconstr.lsp, or (5) newpath parameter to wfsconstr.lsp in rtl/protected/admin/.2014-05-214.3CVE-2014-3808beetel -- 450tc2_routerCross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Password and uiViewTools_PasswordConfirm parameters to Forms/tools_admin_1.2014-05-206.8CVE-2014-3792bizagi -- business_process_management_suiteCross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter.2014-05-224.3CVE-2014-2947bizagi -- business_process_management_suiteSQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request.2014-05-226.5CVE-2014-2948cisco -- nx-osDirectory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.2014-05-204.6CVE-2013-6975cisco -- unified_web_and_e-mail_interaction_managerCross-site scripting (XSS) vulnerability in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj43033.2014-05-204.3CVE-2014-2192cisco -- unified_web_and_e-mail_interaction_managerCisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.2014-05-204.3CVE-2014-2193cisco -- unified_web_and_e-mail_interaction_managersystem/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity.2014-05-206.8CVE-2014-2194cisco -- content_security_management_applianceCisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085.2014-05-204.3CVE-2014-2195cisco -- webex_business_suitemeetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.2014-05-205.0CVE-2014-2199cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug ID CSCun69561.2014-05-206.3CVE-2014-3264cisco -- security_managerCross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900.2014-05-204.3CVE-2014-3265cisco -- unified_border_elementCisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packets, aka Bug ID CSCuj72215.2014-05-205.0CVE-2014-3268cisco -- ios_xeThe SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204.2014-05-206.8CVE-2014-3269cisco -- ios_xrThe DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.2014-05-205.0CVE-2014-3270cisco -- ios_xrThe DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.2014-05-205.0CVE-2014-3271cisco -- iosThe LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.2014-05-206.1CVE-2014-3273dotclear -- dotclearSQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.2014-05-226.5CVE-2014-3783emerson -- deltavEmerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges.2014-05-224.6CVE-2014-2349flag_module_project -- flagEval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.2014-05-176.5CVE-2014-3453flying_cart -- flying_cartCross-site scripting (XSS) vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php.2014-05-224.3CVE-2014-3846gitlab -- gitlabThe Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.2014-05-176.5CVE-2013-4489google -- chromeThe InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.2014-05-215.0CVE-2014-1746google -- chromeCross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."2014-05-214.3CVE-2014-1747google -- chromeThe ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.2014-05-215.0CVE-2014-1748google -- chromeThe SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.2014-05-214.3CVE-2014-3803hp -- icewall_mcrpUnspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors.2014-05-225.0CVE-2014-2604ibm -- websphere_portalIBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request.2014-05-225.0CVE-2014-0949ibm -- websphere_portalCross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebSphere Portal 7.0 before 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-224.3CVE-2014-0951ibm -- websphere_portalCross-site scripting (XSS) vulnerability in boot_config.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF28, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-224.3CVE-2014-0952ibm -- websphere_portalCross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-05-224.3CVE-2014-0955ibm -- websphere_portalCross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-05-224.3CVE-2014-0956ibm -- websphere_portalOpen redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2014-05-224.3CVE-2014-0958ibm -- websphere_portalIBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect.2014-05-224.0CVE-2014-0959imember360 -- imember360Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter.2014-05-224.3CVE-2014-3842intel -- ideo_videoir41_32.ax 4.51.16.3 for Intel Ideo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file.2014-05-194.3CVE-2014-3735k-litecodec -- k-lite_codecFilters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .jpg file.2014-05-164.3CVE-2014-3452livezilla -- livezillaLiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.2014-05-194.3CVE-2013-7033livezilla -- livezillaLiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033.2014-05-196.8CVE-2013-7385mahara -- maharaMahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block.2014-05-194.0CVE-2013-4429mahara -- maharaCross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php.2014-05-194.3CVE-2013-4430mahara -- maharaMahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.2014-05-195.5CVE-2013-4431mahara -- maharaMahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.2014-05-194.0CVE-2013-4432mail_on_update_project -- mail_on_updateCross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change the "List of alternative recipients" via the mailonupdate_mailto parameter in the mail-on-update page to wp-admin/options-general.php. NOTE: a third party claims that 5.2.1 and 5.2.2 are also vulnerable, but the issue might require a separate CVE identifier since this might reflect an incomplete fix.2014-05-226.8CVE-2013-2107microsoft -- debug_interface_access_software_development_kitmsdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.2014-05-206.8CVE-2014-3802netiq -- sentinelDirectory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.2014-05-206.8CVE-2014-3460opentext -- exceed_ondemandOpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file.2014-05-195.0CVE-2013-6805opentext -- exceed_ondemandOpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext.2014-05-196.8CVE-2013-6806opentext -- exceed_ondemandThe client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.2014-05-196.8CVE-2013-6807opentext -- exceed_ondemandOpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.2014-05-196.4CVE-2013-6994pocoo -- jinja2FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.2014-05-194.4CVE-2014-0012pocoo -- jinja2The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.2014-05-194.4CVE-2014-1402python -- pythonPython 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.2014-05-194.3CVE-2013-7040quick_tabs_module_project -- quicktabsThe Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab.2014-05-195.0CVE-2013-4406sap -- netweaverSAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.2014-05-195.0CVE-2014-3787seopanel -- seo_panelMultiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to proxy.php.2014-05-204.3CVE-2014-1855spumko_project -- hapi_server_frameworkThe hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors.2014-05-165.0CVE-2014-3742tech-banker -- contact_bankCross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information.2014-05-224.3CVE-2014-3841tinymce -- color_pickerThe TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.2014-05-225.0CVE-2014-3844tinymce -- color_pickerCross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information.2014-05-226.8CVE-2014-3845typo3 -- typo3The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.2014-05-204.0CVE-2012-6146typo3 -- typo3The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 does not properly check file extensions, which allows remote authenticated editors to execute arbitrary PHP code by uploading a .php file.2014-05-206.5CVE-2013-4250typo3 -- typo3The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.2014-05-205.5CVE-2013-4320typo3 -- typo3The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250.2014-05-206.5CVE-2013-4321unrealircd -- unrealircdUse-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7384 was assigned for the NULL pointer dereference.2014-05-195.0CVE-2013-6413unrealircd -- unrealircdUnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types.2014-05-195.0CVE-2013-7384urbanairship -- python-oauth2The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.2014-05-204.3CVE-2013-4346urbanairship -- python-oauth2The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.2014-05-205.8CVE-2013-4347vicidial -- vicidialVICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.2014-05-175.0CVE-2013-7382vmturbo -- operations_managerDirectory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.2014-05-215.0CVE-2014-3806wordpress -- booking_systemSQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.2014-05-226.5CVE-2014-3210zemanta -- search_everythingCross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.2014-05-226.8CVE-2014-3843zenoss -- zenossCross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.2014-05-204.3CVE-2014-3738zenoss -- zenossOpen redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter.2014-05-205.8CVE-2014-3739Back to top

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoflorian_weber -- spacesThe Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.2014-05-172.1CVE-2013-4498gdm-guest-session_project -- gdm-guest-sessiongdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue.2014-05-222.1CVE-2012-6648gnome -- gnome-terminalThe "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string, "\033[100000000000000000@".2014-05-213.5CVE-2011-2198leon_weber -- pyxtrlockpyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash.2014-05-193.6CVE-2013-4426leon_weber -- pyxtrlockpyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access to the keyboard or mouse without unlocking the screen via unspecified vectors.2014-05-192.1CVE-2013-4427mediafront -- mediafrontCross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings.2014-05-202.1CVE-2013-4380robert_ancell -- lightdmdebian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.2014-05-222.1CVE-2012-0943xen -- xenThe ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow.2014-05-193.3CVE-2014-3714xen -- xenBuffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.2014-05-193.3CVE-2014-3715xen -- xenXen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.2014-05-191.9CVE-2014-3716xen -- xenXen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.2014-05-193.3CVE-2014-3717Back to top

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Technical