Monthly Archives: January 2015

Redhat

Update on Red Hat Enterprise Linux 6 and FIPS 140 validations

Leave a comment

Red Hat achieved its latest successful FIPS 140 validation back in April 2013. Since then, a lot has happened. There have been well publicized attacks on cryptographic protocols, weaknesses in implementations, and changing government requirements. With all of these issues in play, we want to explain what we are doing about it.

One of the big changes was that we enabled support of Elliptic Curve Cryptography (ECC) and Elliptic Curve Diffie Hellman (ECDH) in Red Hat Enterprise Linux to meet the National Institute of Standards and Technology’s (NIST’s) “Suite B” requirements taking effect this year. Because we added new ciphers, we knew we needed to re-certify. Re-certification brings many advantages to our government customers, who not only benefit from the re-certification, but they also maintain coverage from our last FIPS 140 validation effort. One advantage of re-certification is that we have picked up fixes for BEAST, Lucky 13, Heartbleed, Poodle, and some lesser known vulnerabilities around certificate validation. It should be noted that these attacks are against higher level protocols that are not part of any crypto primitives covered by a FIPS validation. But, knowing the fixes are in the packages under evaluation should give customers additional peace of mind.

The Red Hat Enterprise Linux 6 re-certification is now under way. It includes reworked packages to meet all the updated requirements that NIST has put forth taking effect Jan. 1, 2014, such as a new Deterministic Random Bit Generator (DRGB) as specified in SP 800-90A (PDF); an updated RSA key generation technique as specified in FIPS 186-4 (PDF); and updated key sizes and algorithms as specified in SP 800-131A (PDF).

Progress on the certification is moving along – we’ve completed review and preliminary testing and are now applying for Cryptographic Algorithm Validation System (CAVS) certificates. After that, we’ll submit validation paperwork to NIST. All modules being re-certified are currently listed on NIST’s Modules in Process page, except Volume Encryption (dm-crypt). Its re-certification is taking a different route because the change is so minor thus not needing CAVS testing. We are expecting the certifications to be completed early this year.

AVG

The arrival of toy drones

Leave a comment

Drones have landed – as one of the hottest gifts over this past holiday season and one of the biggest hits at the 2015 Consumer Electronics Show this past week.

Unmanned aircraft systems (UAS), as they are also known, are like model airplanes on steroids. They can hover, fly and often come equipped with cameras. They can belong to you or anyone else for under $100 dollars.

The cheap availability and growing capabilities of drones means that there are privacy and safety issues at stake.

We’ve already seen drones experience near misses with aircraft at major airports while unmanned flying cameras are an obvious threat to privacy.

It’s clear that drones are going to be around for a while and that legislation is needed to set reasonable and responsible limitations for recreational drone use.

However, regulation is still very much up in the air, if you’ll pardon the pun.

 

Who is taking action on drones?

The U.S. Federal Aviation Administration has issued a list of do’s and don’ts for flying safety regarding model aircraft for recreational use. These mostly focus on keeping them away from flying aircraft, airports and within sight line of the user. (See guidelines here.)

National Parks Service has banned drones from all National Parks, worried that the noise and proximity to wildlife would disturb nesting, migratory, and reproductive habits. The NPS also noted visitor safety was an issue.

Drone industry officials announced that they are teaming up with the government and model aircraft hobbyists to launch a safety campaign, which includes a website (www.knowbeforeyoufly.com) that includes safety tips and FAA regulations.

In the U.K, the Civilian Air Authority has already set protocols, mostly involving flying over congested areas and airspace, and the European Aviation Safety Agency is developing EU-wide safety standards which reportedly will be as high as those for manned aircraft.

Commercial use of drones has become a thorny subject and there is pending legislation in U.S. Congress that might even require commercial drone operators to have pilot licenses.

With all this legislation in the works, it’s clear there’s a lot more to this year’s hot toy story than first meets the eye. And you can bet there’s going to be a lot more to come…

Title image courtesy of firstsing

CentOS

CEBA-2015:0029 CentOS 7 httpd BugFix Update

Leave a comment 
CentOS Errata and Bugfix Advisory 2015:0029 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0029.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
744f3338e01129ad7500c508aa7bdf8100dc1453e0de0921dc41390117088995  httpd-2.4.6-19.el7.centos.x86_64.rpm
79ad55851e9d1145e9ae968b1abe16a1f0d73c16086516fede81f80e3f35180d  httpd-devel-2.4.6-19.el7.centos.x86_64.rpm
95242c4f7142243dbfb68be4c1c8b76b7160f65e3c9c06db239222466ea25aa7  httpd-manual-2.4.6-19.el7.centos.noarch.rpm
133ba146ad0e551467c55afe4387250035f07c9957843c282104c62d45fae90b  httpd-tools-2.4.6-19.el7.centos.x86_64.rpm
9e781c17c1a914b8cf59bb38d894154a42b1545c1df30cf3d9ec53b2452ac541  mod_ldap-2.4.6-19.el7.centos.x86_64.rpm
a62c536476780783e782f408e2443df1a6a88d9a83343b8f647e7ec6b0acd93f  mod_proxy_html-2.4.6-19.el7.centos.x86_64.rpm
8cdcaa691924aecdc7827bf0d752e9c42ef03d67ee84166301174cf3fb468ee7  mod_session-2.4.6-19.el7.centos.x86_64.rpm
48cb1fd76d126ed5484820b1db9818a5f2ca9a83ee5ccab3a981d43c1b673468  mod_ssl-2.4.6-19.el7.centos.x86_64.rpm

Source:
8dd954944e236efb90c390003531eb9e843ae90fb8c7e6412c6c8ee06de68164  httpd-2.4.6-19.el7.centos.src.rpm
Mandriva

[ MDVSA-2015:022 ] wireshark

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:022
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : January 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated wireshark packages fix security vulnerabilities:
 
 The DEC DNA Routing Protocol dissector could crash (CVE-2015-0562).
 
 The SMTP dissector could crash (CVE-2015-0563).
 
 Wireshark could crash while decypting TLS/SSL sessions (CVE-2015-0564).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0562
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0563
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0564
 http:
Mandriva

[ MDVSA-2015:021 ] curl

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:021
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : January 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerability:
 
 When libcurl sends a request to a server via a HTTP proxy, it copies
 the entire URL into the request and sends if off. If the given URL
 contains line feeds and carriage returns those will be sent along to
 the proxy too, which allows the program to for example send a separate
 HTTP request injected embedded in the URL (CVE-2014-8150).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-
US-CERT

SB15-012: Vulnerability Summary for the Week of January 5, 2015

Leave a comment

Original release date: January 12, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
ajax_post_search_project — ajax_post_search SQL injection vulnerability in the “the_search_function” function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a “the_search_text” action to wp-admin/admin-ajax.php. 2015-01-07 7.5 CVE-2012-5853
CONFIRM
BUGTRAQ
asus — wrt_firmware common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change. 2015-01-08 10.0 CVE-2014-9583
MISC
EXPLOIT-DB
MISC
basic-cms — sweetrice Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action. 2015-01-03 7.5 CVE-2010-5317
MISC
cts_projects&software — classad SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. 2015-01-02 7.5 CVE-2014-9455
MISC
debian — mime-support run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. 2015-01-06 7.5 CVE-2014-7209
XF
BID
MLIST
SECUNIA
deliciousdays — cformsii Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory. 2015-01-07 7.5 CVE-2014-9473
CONFIRM
BUGTRAQ
don_ho — notepad++ Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information. 2015-01-02 10.0 CVE-2014-9456
EXPLOIT-DB
hex-rays — ida Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors. 2015-01-02 10.0 CVE-2014-9458
SECUNIA
humhub — humhub SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error. 2015-01-06 7.5 CVE-2014-9528
CONFIRM
XF
EXPLOIT-DB
FULLDISC
MISC
infinitewp — infinitewp_admin_panel SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter. 2015-01-05 7.5 CVE-2014-9519
MISC
FULLDISC
infinitewp — infinitewp_admin_panel SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter. 2015-01-05 7.5 CVE-2014-9520
MISC
FULLDISC
infinitewp — infinitewp_admin_panel Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename. 2015-01-05 7.5 CVE-2014-9521
MISC
FULLDISC
installatron — gq_file_manager SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. 2015-01-02 7.5 CVE-2014-9445
XF
EXPLOIT-DB
linux — linux_kernel The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets. 2015-01-02 7.8 CVE-2014-9428
MLIST
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
mediawiki — mediawiki The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. 2015-01-04 7.5 CVE-2014-9277
CONFIRM
MLIST
MLIST
DEBIAN
SECTRACK
microweber — microweber SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. 2015-01-03 7.5 CVE-2014-9464
MISC
CONFIRM
mini-stream — rm-mp3_converter Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file. 2015-01-02 7.5 CVE-2014-9448
EXPLOIT-DB
EXPLOIT-DB
OSVDB
osclass — osclass SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. 2015-01-05 7.5 CVE-2014-8083
BID
BUGTRAQ
FULLDISC
MISC
MISC
osclass — osclass Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action. 2015-01-05 7.5 CVE-2014-8084
BID
BUGTRAQ
FULLDISC
MISC
MISC
php — php sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping’s length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. 2015-01-02 7.5 CVE-2014-9427
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
phpmyrecipes_project — phpmyrecipes SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. 2015-01-02 7.5 CVE-2014-9440
XF
EXPLOIT-DB
MISC
projectsend — projectsend Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory. 2015-01-07 7.5 CVE-2014-9567
XF
EXPLOIT-DB
EXPLOIT-DB
MISC
OSVDB
sefrengo — sefrengo Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. 2015-01-08 7.5 CVE-2015-0919
MISC
FULLDISC
MISC
sonatype — nexus Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. 2015-01-05 7.5 CVE-2014-9389
SECUNIA
typo3 — typo3 The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a “Cache Poisoning” attack using a URL with arbitrary arguments, which triggers a reload of the page. 2015-01-04 7.5 CVE-2014-9509
vdgsecurity — vdg_sense Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENSE (formerly DIVA) 2.3.13 allow remote attackers to execute arbitrary code via the (1) user or (2) password parameter in an AuthenticateUser request. 2015-01-02 7.5 CVE-2014-9451
MISC
XF
BID
FULLDISC
MISC
xen — xen Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. 2015-01-07 7.8 CVE-2015-0361
zabbix — zabbix Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter. 2015-01-02 7.5 CVE-2014-9450
SECUNIA

Back to top

Medium Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
absolutengine — absolut_engine Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php. 2015-01-02 6.5 CVE-2014-9435
BID
MISC
FULLDISC
apache — solr Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. 2015-01-06 4.3 CVE-2014-3628
SECUNIA
MLIST
apache — poi HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. 2015-01-06 5.0 CVE-2014-9527
CONFIRM
SECUNIA
CONFIRM
banner_effect_header_project — banner_effect_header Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php. 2015-01-08 6.8 CVE-2015-0920
XF
XF
MISC
basic-cms — sweetrice Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie. 2015-01-03 4.3 CVE-2010-5316
MISC
basic-cms — sweetrice The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator’s password by specifying the administrator’s e-mail address in the email parameter. 2015-01-03 4.3 CVE-2010-5318
MISC
chialab_&_channelweb — bedita Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index. 2015-01-03 4.3 CVE-2010-5314
MISC
chialab_&_channelweb — bedita Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser. 2015-01-03 6.8 CVE-2010-5315
MISC
cisco — secure_access_control_system The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. 2015-01-08 6.5 CVE-2014-8027
cisco — secure_access_control_system Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019. 2015-01-08 4.3 CVE-2014-8028
cisco — secure_access_control_system Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150. 2015-01-08 5.8 CVE-2014-8029
cisco — webex_meetings_server Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. 2015-01-08 4.3 CVE-2014-8030
cisco — webex_meetings_server Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. 2015-01-08 6.8 CVE-2014-8031
cisco — webex_meetings_server The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. 2015-01-08 4.0 CVE-2014-8032
cisco — webex_meetings_server The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. 2015-01-08 5.0 CVE-2014-8033
codiad — codiad Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. 2015-01-08 5.0 CVE-2014-9581
EXPLOIT-DB
codiad — codiad Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. 2015-01-08 4.3 CVE-2014-9582
EXPLOIT-DB
concrete5 — concrete5 Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php. 2015-01-05 4.3 CVE-2014-9526
XF
BUGTRAQ
FULLDISC
MISC
MISC
d-link — dcs-2103_hd_cube_network_camera Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm. 2015-01-05 4.3 CVE-2014-9517
MISC
MISC
d-link — dir-655 Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter. 2015-01-05 4.3 CVE-2014-9518
BID
CONFIRM
SECUNIA
e107 — e107 Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. 2015-01-02 6.8 CVE-2014-9459
CONFIRM
MISC
FULLDISC
efssoft — easy_file_sharing_web_server Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp. 2015-01-02 4.3 CVE-2014-9439
XF
EXPLOIT-DB
elfutils_project — elfutils Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. 2015-01-02 6.4 CVE-2014-9447
MLIST
BID
MLIST
SECUNIA
emc — documentum_wdk Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-01-06 4.3 CVE-2014-4635
BUGTRAQ
emc — documentum_wdk Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. 2015-01-06 6.8 CVE-2014-4636
BUGTRAQ
emc — documentum_wdk Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. 2015-01-06 6.4 CVE-2014-4637
BUGTRAQ
emc — documentum_wdk EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. 2015-01-06 5.0 CVE-2014-4638
BUGTRAQ
emc — documentum_wdk EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value. 2015-01-06 5.0 CVE-2014-4639
BUGTRAQ
exiv2 — exiv2 Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file. 2015-01-02 5.0 CVE-2014-9449
SECUNIA
CONFIRM
facebook_like_box_project — facebook_like_box Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php. 2015-01-05 6.8 CVE-2014-9524
SECUNIA
MISC
frontend_uploader_project — frontend_uploader Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI. 2015-01-02 4.3 CVE-2014-9444
BID
FULLDISC
MISC
ipcop — ipcop Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer. 2015-01-02 4.3 CVE-2013-7417
XF
MISC
MISC
MISC
ipcop — ipcop cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability. 2015-01-02 6.5 CVE-2013-7418
MISC
MISC
MISC
justin_klein — wp-vipergb Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php. 2015-01-02 6.8 CVE-2014-9460
CONFIRM
XF
XF
MISC
kajona — kajona Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. 2015-01-08 4.3 CVE-2015-0917
CONFIRM
CONFIRM
MISC
FULLDISC
MISC
kan-studio — kandidat_cms Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to admin/edit.php, or (3) modify articles via the edit parameter to admin/news.php. 2015-01-03 6.8 CVE-2010-5319
MISC
koha — koha Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl. 2015-01-02 4.3 CVE-2014-9446
BID
SECUNIA
CONFIRM
lightbox_photo_gallery_project — lightbox_photo_gallery Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php. 2015-01-02 6.8 CVE-2014-9441
XF
MISC
mediawiki — mediawiki Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview. 2015-01-04 5.1 CVE-2014-9276
CONFIRM
MLIST
MLIST
SECTRACK
memht — memht_portal Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php. 2015-01-03 6.8 CVE-2010-5320
MISC
nyu — opensso_integration Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to inject arbitrary web script or HTML via the url parameter. 2015-01-02 4.3 CVE-2014-7293
MISC
FULLDISC
nyu — opensso_integration Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. 2015-01-02 5.8 CVE-2014-7294
MISC
FULLDISC
MISC
oetiker+partner_ag — rrdtool Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. 2015-01-04 5.0 CVE-2013-2131
MISC
MISC
MISC
MLIST
MLIST
MLIST
open-xchange — open-xchange_appsuite Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file. 2015-01-05 4.3 CVE-2014-1679
MISC
XF
BUGTRAQ
SECUNIA
open-xchange — open-xchange_appsuite Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type. 2015-01-07 4.3 CVE-2014-8993
SECTRACK
BUGTRAQ
SECUNIA
MISC
openssl — openssl The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. 2015-01-08 5.0 CVE-2014-3570
CONFIRM
openssl — openssl OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. 2015-01-08 5.0 CVE-2014-3571
CONFIRM
CONFIRM
openssl — openssl The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. 2015-01-08 5.0 CVE-2014-3572
CONFIRM
openssl — openssl OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate’s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. 2015-01-08 5.0 CVE-2014-8275
CONFIRM
CONFIRM
openssl — openssl The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role. 2015-01-08 5.0 CVE-2015-0204
CONFIRM
openssl — openssl The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. 2015-01-08 5.0 CVE-2015-0205
CONFIRM
openssl — openssl Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. 2015-01-08 5.0 CVE-2015-0206
CONFIRM
openstack — image_registry_and_delivery_service_(glance) The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. 2015-01-07 5.5 CVE-2014-9493
CONFIRM
MLIST
osclass — osclass Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. 2015-01-05 6.8 CVE-2014-8085
BID
BUGTRAQ
FULLDISC
MISC
MISC
CONFIRM
paloaltonetworks — pan-os Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563. 2015-01-06 4.3 CVE-2014-3764
CONFIRM
SECUNIA
papoo — cms_papoo_light Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php. 2015-01-05 4.3 CVE-2014-9522
BID
BUGTRAQ
EXPLOIT-DB
MISC
MISC
OSVDB
pmb_services — pmb SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. 2015-01-02 6.5 CVE-2014-9457
EXPLOIT-DB
projectsend — projectsend Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information. 2015-01-08 4.3 CVE-2014-9580
XF
EXPLOIT-DB
MISC
quick_page/post_redirect_project — quick_page/post_redirect Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php. 2015-01-05 6.8 CVE-2014-2598
MISC
XF
EXPLOIT-DB
SECUNIA
FULLDISC
MISC
OSVDB
OSVDB
reality66 — cart66_lite SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php. 2015-01-02 6.5 CVE-2014-9442
MISC
CONFIRM
SECUNIA
redcloth — redcloth_library Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. 2015-01-07 4.3 CVE-2012-6684
MISC
FULLDISC
MISC
MISC
redhat — libvirt The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. 2015-01-06 4.0 CVE-2014-8131
SUSE
relevanssi — relevanssi Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-01-02 4.3 CVE-2014-9443
SECUNIA
sap — netweaver_business_client_for_html Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285. 2015-01-07 4.3 CVE-2014-9569
MISC
SECUNIA
sefrengo — sefrengo Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php. 2015-01-08 4.3 CVE-2015-0918
MISC
FULLDISC
MISC
simple_sticky_footer_project — simple_sticky_footer Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php. 2015-01-02 6.8 CVE-2014-9454
XF
XF
MISC
simple_visitor_stat_project — simple_visitor_stat Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP User-Agent or (2) HTTP Referer header. 2015-01-02 4.3 CVE-2014-9453
XF
MISC
sliding_social_icons_project — sliding_social_icons Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php. 2015-01-02 6.8 CVE-2014-9437
XF
MISC
smartcat — our_team_showcase Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php. 2015-01-05 6.8 CVE-2014-9523
MISC
social_microblogging_pro_project — social_microblogging_pro Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the “Web Site” input in the Profile section. 2015-01-05 4.3 CVE-2014-9516
EXPLOIT-DB
OSVDB
strongswan — strongswan strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. 2015-01-07 5.0 CVE-2014-9221
CONFIRM
SECUNIA
SECUNIA
sysaid — sysaid Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\ (four backslashes) in the fileName parameter to getRdsLogFile. 2015-01-02 5.0 CVE-2014-9436
XF
EXPLOIT-DB
FULLDISC
MISC
timed_popup_project — timed_popup Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php. 2015-01-05 6.8 CVE-2014-9525
XF
XF
MISC
typo3 — typo3 The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors. 2015-01-04 4.3 CVE-2014-9508
vbulletin — vbulletin Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors. 2015-01-02 6.8 CVE-2014-9438
MISC
XF
MISC
vdgsecurity — vdg_sense Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/. 2015-01-02 5.0 CVE-2014-9452
MISC
XF
BID
FULLDISC
MISC
vdgsecurity — vdg_sense VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header. 2015-01-08 6.4 CVE-2014-9575
MISC
FULLDISC
MISC
vdgsecurity — vdg_sense VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access. 2015-01-08 5.0 CVE-2014-9576
MISC
FULLDISC
MISC
vdgsecurity — vdg_sense VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response. 2015-01-08 4.0 CVE-2014-9577
MISC
FULLDISC
MISC
vdgsecurity — vdg_sense VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of password hash. 2015-01-08 5.0 CVE-2014-9578
MISC
FULLDISC
MISC
vdgsecurity — vdg_sense VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files. 2015-01-08 5.0 CVE-2014-9579
MISC
FULLDISC
MISC
zohocorp — manageengine_adselfservice_plus Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do. 2015-01-07 4.3 CVE-2014-3779
XF
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
absolutengine — absolut_engine Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter. 2015-01-02 3.5 CVE-2014-9434
BID
MISC
FULLDISC
linuxcontainers — cgmanager cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors. 2015-01-07 2.1 CVE-2014-1425
mantisbt — mantisbt MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues. 2015-01-04 3.5 CVE-2014-9506
CONFIRM
DEBIAN
MLIST
mediawiki — mediawiki MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS. 2015-01-04 2.6 CVE-2014-9507
reality66 — cart66_lite Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php. 2015-01-02 3.5 CVE-2014-9461
CONFIRM
MISC
CONFIRM

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Panda Security

Be careful if you use Linux in your company: It is not immune

Leave a comment

linux malware

The most common open operating systems are often seen, and not without its reasons, as a good option for companies. Unlike Windows, installation is free or costs very little and they do not need constant upgrading.

Another benefit is security. Viruses often target Windows computers and there is no place for them on devices running this software. Therefore, many IT departments choose open operating systems. However, despite their many strong points, they are not immune (if anyone thought otherwise).

2014 was not a good year for Linux. During the year, different types of malware and vulnerabilities affecting this software were detected, ending its reputation as unbreachable and giving its followers something else to worry about; from now on, they will have to pay more attention to the security of their computers.

Linux

One of these concerns comes in the form of Turla, malicious software that is also known as Snake or Ouroboros. It is believed to have come from Russia but it has been infecting Windows computers worldwide for years. Recently, a version of this Trojan targeting Linux was also detected.

Turla uses a backdoor to give cyber-criminals access to the computer, as if they were just another user, without needing to use the ‘root’ account (the account that has all rights and permissions). As a result, the restrictions that the operating system puts on this type of entry are bypassed.

Home users, in principle, do not need to worry, but the same does not apply to companies. Those who use the aforementioned malware usually do so for corporate espionage or surveillance, not for stealing credit card numbers.

In addition, X.org, a server on which open-source graphic interfaces can be run (including Linux), is also vulnerable. Several vulnerabilities have been published that make its users an easy target for cybercriminals.

Another security flaw that has been on the operating system for years is Shellshock, which does not affect Windows. The bug lies in the program that parses the open software commands (Bash). When a Linux device connects to an insecure Wi-Fi network, this window allows a Trojan to get into the device without any problems. Fortunately, the security patches released have fixed the hole.

But security flaws and malware are not the only headaches of open operating system users. It is not always easy to get the security patches prepared by developers. Whereas access to modifications to search engines and other important programs is guaranteed, the same does not occur with other components.

Linux-firefox

An example is what happened with Owncloud, an application for storing files online in open format (an alternative to the well-known Dropbox). When installed under Ubuntu, one of the most popular Linux distributions, it did not execute any security updates. The developer had stopped working on the tool, leaving it at the mercy of cyber-criminals.

Something similar happens with other open-source programs that are not widely used or distributed, such as the user interface Manjaro, which has not received any security modification for a long time either.

Do you use Linux at home or on your computer at work?

The post Be careful if you use Linux in your company: It is not immune appeared first on MediaCenter Panda Security.