IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
Monthly Archives: August 2014
WordPress 3.9.2 Security Release
WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately.
This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It  was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated joint security releases.
WordPress 3.9.2 also contains other security changes:
- Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
- Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
- Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
- Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.
We appreciated responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.
Download WordPress 3.9.2 or venture over to Dashboard â Updates and simply click “Update Now”.
Sites that support automatic background updates will be updated to WordPress 3.9.2 within 12 hours. (If you are still on WordPress 3.8.3 or 3.7.3, you will also be updated to 3.8.4 or 3.7.4. We don’t support older versions, so please update to 3.9.2 for the latest and greatest.)
Already testing WordPress 4.0? The third beta is now available (zip) and it contains these security fixes.
SA-CORE-2014-004 – Drupal core – Denial of service
- Advisory ID: DRUPAL-SA-CORE-2014-004
- Project: Drupal core
- Version: 6.x, 7.x
- Date: 2014-August-06
- Security risk: 13/25 ( Moderately Critical) AC:None/A:None/CI:None/II:None/E:Proof/TD:100
- Exploitable from: Remote
- Vulnerability: Denial of service
Description
Drupal 6 and Drupal 7 include an XML-RPC endpoint which is publicly available (xmlrpc.php). The PHP XML parser used by this XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site’s database to reach the maximum number of open connections. Any of these may lead to the site becoming unavailable or unresponsive (denial of service).
All Drupal sites are vulnerable to this attack whether XML-RPC is used or not.
In addition, a similar vulnerability exists in the core OpenID module (for sites that have this module enabled).
This is a joint release as the XML-RPC vulnerability also affects WordPress (see the announcement).
CVE identifier(s) issued
- CVE-2014-5265 has been issued for the code changes in xmlrpc.inc which prevent entity declarations and therefore address the “vulnerable to an XML entity expansion attack … can cause CPU and memory exhaustion” concern.
- CVE-2014-5266 has been issued for the “Skip parsing if there is an unreasonably large number of tags” in both xmlrpc.inc and xrds.inc.
- CVE-2014-5267 has been issued for the code change to reject any XRDS document with a /<!DOCTYPE/i match.
Versions affected
- Drupal core 7.x versions prior to 7.31.
- Drupal core 6.x versions prior to 6.33.
Solution
Install the latest version:
- If you use Drupal 7.x, upgrade to Drupal core 7.31.
- If you use Drupal 6.x, upgrade to Drupal core 6.33.
If you are unable to install the latest version of Drupal immediately, you can alternatively remove the xmlrpc.php file from the root of Drupal core (or add a rule to .htaccess to prevent access to xmlrpc.php) and disable the OpenID module. These steps are sufficient to mitigate the vulnerability in Drupal core if your site does not require the use of XML-RPC or OpenID functionality. However, this mitigation will not be effective if you are using a contributed module that exposes Drupal’s XML-RPC API at a different URL (for example, the Services module); updating Drupal core is therefore strongly recommended.
Also see the Drupal core project page.
Reported by
Fixed by
- Andrew Nacin of the WordPress Security Team
- Michael Adams of the WordPress Security Team
- Frédéric Marand
- David Rothstein of the Drupal Security Team
- Damien Tournoud of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
- Stéphane Corlosquet of the Drupal Security Team
- Dave Reid of the Drupal Security Team
Coordinated by
- The Drupal Security Team and the WordPress Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
WatchGuard Technologies Named Champion, Wins Value and Trend Setter Award, in Info-Tech Research Group's 2014 Next Generation Firewall Vendor Landscape Report
SB14-216: Vulnerability Summary for the Week of July 28, 2014
Original release date: August 04, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple — quicktime | Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom. | 2014-07-26 | 9.3 | CVE-2014-4979 MISC |
codeaurora — android-msm | The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register. | 2014-08-01 | 7.2 | CVE-2014-0972 |
fonality — trixbox | SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action. | 2014-07-28 | 7.5 | CVE-2014-5109 XF MISC |
fonality — trixbox | maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. | 2014-07-28 | 7.5 | CVE-2014-5112 MISC |
h3c — secbladefw | Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors. | 2014-07-28 | 7.8 | CVE-2013-4840 |
hp — network_virtualization | Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023. | 2014-07-26 | 8.5 | CVE-2014-2625 MISC |
hp — network_virtualization | Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024. | 2014-07-26 | 9.4 | CVE-2014-2626 MISC |
ibm — websphere_portal | SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2014-07-29 | 7.5 | CVE-2014-3055 XF AIXAPAR |
linux — linux_kernel | arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call. | 2014-08-01 | 7.2 | CVE-2014-3534 CONFIRM CONFIRM |
mailpoet — mailpoet_newsletters | The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/. | 2014-07-27 | 7.5 | CVE-2014-4725 MLIST MISC MISC MISC MISC |
mailpoet — mailpoet_newsletters | Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors. | 2014-07-27 | 7.5 | CVE-2014-4726 MLIST |
microsoft — windows_xp | Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem. | 2014-07-26 | 7.2 | CVE-2014-4971 MISC MISC FULLDISC FULLDISC |
moodle — moodle | The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on. | 2014-07-29 | 7.5 | CVE-2014-3541 MLIST |
morpho — itemiser_3 | Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request. | 2014-07-26 | 10.0 | CVE-2014-2363 MISC |
ol-commerce_project — ol-commerce | Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php. | 2014-07-28 | 7.5 | CVE-2014-5104 BID MISC |
sabreairlinesolutions — crew_management | Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. | 2014-07-26 | 7.5 | CVE-2014-4858 |
sap — solution_manager | The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | 2014-07-31 | 7.5 | CVE-2014-5175 CONFIRM XF BID MISC FULLDISC CONFIRM |
vbulletin — vbulletin | SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items. | 2014-07-25 | 7.5 | CVE-2014-5102 MISC MISC |
webidsupport — webid | WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter. | 2014-07-29 | 7.5 | CVE-2014-5114 BID MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
aas9 — zerocms | Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field. | 2014-07-29 | 4.3 | CVE-2014-4710 MISC EXPLOIT-DB |
acmailer — acmailer | Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization. | 2014-07-29 | 6.8 | CVE-2014-3896 CONFIRM JVNDB JVN |
apple — cups | The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. | 2014-07-29 | 5.0 | CVE-2014-5031 MLIST MLIST DEBIAN SECUNIA |
cairographics — cairo | The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. | 2014-07-29 | 5.0 | CVE-2014-5116 CONFIRM OSVDB EXPLOIT-DB |
caucho — resin | The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism. | 2014-07-26 | 5.0 | CVE-2014-2966 |
cisco — webex_meetings_server | The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. | 2014-07-26 | 5.0 | CVE-2014-3301 |
cisco — webex_meetings_server | user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708. | 2014-08-01 | 5.8 | CVE-2014-3302 |
cisco — webex_meetings_server | The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713. | 2014-07-28 | 4.0 | CVE-2014-3303 |
cisco — webex_meetings_server | The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. | 2014-07-28 | 5.0 | CVE-2014-3304 |
cisco — webex_meetings_server | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735. | 2014-07-26 | 6.8 | CVE-2014-3305 |
cisco — telepresence_server_software | Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060. | 2014-07-26 | 4.3 | CVE-2014-3324 |
cisco — security_manager | SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957. | 2014-07-26 | 6.5 | CVE-2014-3326 |
cisco — unified_presence_server | The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125. | 2014-07-26 | 5.0 | CVE-2014-3328 |
cisco — prime_data_center_network_manager | Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620. | 2014-07-29 | 4.3 | CVE-2014-3329 |
concrete5 — concrete5 | concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php, (10) system/seo/view.php, (11) view.php, (12) users/attributes.php, (13) scrapbook/view.php, (14) pages/attributes.php, (15) files/attributes.php, or (16) files/search.php in single_pages/dashboard/. | 2014-07-28 | 5.0 | CVE-2014-5107 BID MISC OSVDB |
concrete5 — concrete5 | Cross-site scripting (XSS) vulnerability in single_pagesdownload_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file. | 2014-07-28 | 4.3 | CVE-2014-5108 BID MISC OSVDB |
dirphp_project — dirphp | Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php. | 2014-07-29 | 5.0 | CVE-2014-5115 EXPLOIT-DB |
elasticsearch — elasticsearch | The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor’s intended security policy if the user does not run Elasticsearch in its own independent virtual machine. | 2014-07-28 | 6.8 | CVE-2014-3120 MISC BID MISC OSVDB EXPLOIT-DB MISC |
fonality — trixbox | Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter. | 2014-07-28 | 4.3 | CVE-2014-5110 XF MISC |
fonality — trixbox | Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/. | 2014-07-28 | 5.0 | CVE-2014-5111 MISC |
gnu — glibc | Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. | 2014-07-29 | 6.8 | CVE-2014-0475 CONFIRM SECTRACK MLIST MLIST DEBIAN |
gurock — testrail | Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity. | 2014-07-26 | 4.3 | CVE-2014-4857 |
homepage_decorator_perlmailer_project — homepage_decorator_perlmailer | Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-07-29 | 4.3 | CVE-2014-3897 JVNDB JVN |
hp — nonstop_netbatch | Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors. | 2014-08-01 | 5.2 | CVE-2014-2627 |
hp — data_protector | ** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is “by design.” | 2014-08-01 | 6.4 | CVE-2014-5160 MISC MISC |
ibm — atlas_ediscovery_process_management | Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2014-07-29 | 4.3 | CVE-2014-0889 XF CONFIRM |
ibm — rational_software_architect_design_manager | Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site. | 2014-07-30 | 6.5 | CVE-2014-0947 XF |
ibm — rational_software_architect_design_manager | Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive. | 2014-07-30 | 6.0 | CVE-2014-0948 XF |
ibm — embedded_websphere_application_server | install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program. | 2014-07-29 | 6.9 | CVE-2014-3020 XF |
ibm — websphere_portal | Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2014-07-29 | 5.8 | CVE-2014-3054 XF AIXAPAR |
ibm — websphere_portal | The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors. | 2014-07-29 | 5.0 | CVE-2014-3056 XF AIXAPAR |
ibm — websphere_portal | Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-07-29 | 4.3 | CVE-2014-3057 XF AIXAPAR |
ibm — infosphere_information_server | Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection. | 2014-07-26 | 4.3 | CVE-2014-3071 XF |
ibm — sametime | Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-07-26 | 4.3 | CVE-2014-4748 XF |
innominate — mguard_firmware | Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request. | 2014-07-30 | 5.0 | CVE-2014-2356 |
invisionpower — invision_power_board | Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. | 2014-07-28 | 4.3 | CVE-2014-5106 XF BID BUGTRAQ |
iodata — ts-ptcam/poe_camera | The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. | 2014-07-29 | 6.4 | CVE-2014-3895 JVNDB JVN |
libndp — libndp | Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement. | 2014-07-31 | 6.8 | CVE-2014-3554 CONFIRM XF MLIST |
linux — linux_kernel | The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program. | 2014-08-01 | 6.2 | CVE-2014-5045 CONFIRM MLIST CONFIRM |
linux — linux_kernel | The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. | 2014-08-01 | 5.4 | CVE-2014-5077 MLIST |
moodle — moodle | mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2014-07-29 | 4.3 | CVE-2014-3542 MLIST |
moodle — moodle | mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format. | 2014-07-29 | 4.3 | CVE-2014-3543 MLIST |
moodle — moodle | Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz. | 2014-07-29 | 6.0 | CVE-2014-3545 MLIST |
moodle — moodle | Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL. | 2014-07-29 | 5.0 | CVE-2014-3546 MLIST |
moodle — moodle | Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge. | 2014-07-29 | 4.3 | CVE-2014-3547 MLIST |
moodle — moodle | Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog. | 2014-07-29 | 4.3 | CVE-2014-3548 MLIST |
moodle — moodle | Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt. | 2014-07-29 | 4.3 | CVE-2014-3549 MLIST |
moodle — moodle | Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task. | 2014-07-29 | 4.3 | CVE-2014-3550 MLIST |
moodle — moodle | The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. | 2014-07-29 | 6.0 | CVE-2014-3552 MLIST |
moodle — moodle | mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships. | 2014-07-29 | 4.9 | CVE-2014-3553 MLIST |
netty_project — netty | The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message. | 2014-07-31 | 5.0 | CVE-2014-3488 CONFIRM SECUNIA |
ol-commerce_project — ol-commerce | Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php. | 2014-07-28 | 4.3 | CVE-2014-5105 BID MISC |
omeka — omeka | Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security. | 2014-07-25 | 6.8 | CVE-2014-5100 XF XF MISC MISC BID EXPLOIT-DB MISC |
reviewboard — review_board | Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page. | 2014-07-25 | 4.3 | CVE-2014-5027 BID MLIST MLIST |
sap — hana | Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-07-31 | 4.3 | CVE-2014-5172 CONFIRM XF BID BUGTRAQ MISC FULLDISC CONFIRM MISC |
sap — hana_extend_application_services | SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public. | 2014-07-31 | 5.0 | CVE-2014-5173 CONFIRM XF BUGTRAQ FULLDISC CONFIRM MISC |
sap — fi_manager_self-service | SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | 2014-07-31 | 6.0 | CVE-2014-5176 CONFIRM XF BID BUGTRAQ MISC FULLDISC CONFIRM MISC |
silver-peak — vx | Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | 2014-07-28 | 6.8 | CVE-2014-2974 |
silver-peak — vx | Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | 2014-07-28 | 4.3 | CVE-2014-2975 |
torproject — tor | Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names. | 2014-07-30 | 4.3 | CVE-2014-5117 CONFIRM MLIST MLIST MISC |
transmissionbt — transmission | Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. | 2014-07-29 | 6.8 | CVE-2014-4909 MISC CONFIRM CONFIRM UBUNTU BID OSVDB MLIST MLIST DEBIAN SECUNIA SECUNIA SECUNIA FEDORA MISC |
ubnt — unifi_video | The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file. | 2014-07-25 | 6.0 | CVE-2014-2227 BID MISC FULLDISC |
visualware — myconnection_server | Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter. | 2014-07-28 | 4.3 | CVE-2014-5113 BID MISC MISC |
vitamin_plugin_project — vitamin | Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php. | 2014-07-31 | 5.0 | CVE-2012-6651 BID MLIST MLIST |
webidsupport — webid | Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php. | 2014-07-25 | 4.3 | CVE-2014-5101 BID MISC |
wireshark — wireshark | The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip ‘n’ characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. | 2014-08-01 | 5.0 | CVE-2014-5161 |
wireshark — wireshark | The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip ‘n’ and ‘r’ characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet. | 2014-08-01 | 5.0 | CVE-2014-5162 |
wireshark — wireshark | The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2014-08-01 | 5.0 | CVE-2014-5163 CONFIRM |
wireshark — wireshark | The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 2014-08-01 | 5.0 | CVE-2014-5164 CONFIRM |
wireshark — wireshark | The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. | 2014-08-01 | 5.0 | CVE-2014-5165 CONFIRM CONFIRM |
zohocorp — manageengine_eventlog_analyzer | Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. | 2014-07-25 | 4.3 | CVE-2014-5103 BUGTRAQ MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache — subversion | svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the –pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. | 2014-07-28 | 2.4 | CVE-2013-4262 |
apache — subversion | The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the –pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). | 2014-07-28 | 2.4 | CVE-2013-7393 |
apple — cups | The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. | 2014-07-29 | 1.5 | CVE-2014-5029 MLIST MLIST DEBIAN SECUNIA |
apple — cups | CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. | 2014-07-29 | 1.9 | CVE-2014-5030 MLIST MLIST DEBIAN SECUNIA |
ibm — maximo_asset_management | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field. | 2014-07-30 | 3.5 | CVE-2014-0914 XF AIXAPAR |
ibm — maximo_asset_management | Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field. | 2014-07-30 | 3.5 | CVE-2014-0915 XF AIXAPAR |
ibm — infosphere_master_data_management | The GDS component in IBM InfoSphere Master Data Management – Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. | 2014-08-01 | 3.5 | CVE-2014-3009 XF |
ibm — maximo_asset_management | Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/. | 2014-07-30 | 3.5 | CVE-2014-3025 XF AIXAPAR |
ibm — maximo_asset_management | CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 2014-07-29 | 3.5 | CVE-2014-3026 XF |
ibm — rational_team_concert | IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors. | 2014-07-29 | 3.5 | CVE-2014-3050 XF |
ibm — sametime | The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim’s browser. | 2014-07-26 | 2.1 | CVE-2014-4747 |
moodle — moodle | Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field. | 2014-07-29 | 3.5 | CVE-2014-3544 MISC MLIST |
moodle — moodle | Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric. | 2014-07-29 | 3.5 | CVE-2014-3551 MLIST |
sap — hana_extend_application_services | SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network. | 2014-07-31 | 2.9 | CVE-2014-5171 CONFIRM BUGTRAQ MISC FULLDISC CONFIRM MISC |
sap — netweaver_business_warehouse | The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2014-07-31 | 3.5 | CVE-2014-5174 CONFIRM XF BID MISC CONFIRM MISC |
ubnt — unifi_controller | Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors. | 2014-07-29 | 2.6 | CVE-2014-2226 BID MISC FULLDISC MISC |
zarafa — webapp | WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. | 2014-07-29 | 2.1 | CVE-2014-0103 CONFIRM BID FEDORA FEDORA |
Â
This product is provided subject to this Notification and this Privacy & Use policy.