Original release date: January 12, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ajax_post_search_project — ajax_post_search | SQL injection vulnerability in the “the_search_function” function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a “the_search_text” action to wp-admin/admin-ajax.php. | 2015-01-07 | 7.5 | CVE-2012-5853 CONFIRM BUGTRAQ |
asus — wrt_firmware | common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change. | 2015-01-08 | 10.0 | CVE-2014-9583 MISC EXPLOIT-DB MISC |
basic-cms — sweetrice | Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action. | 2015-01-03 | 7.5 | CVE-2010-5317 MISC |
cts_projects&software — classad | SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 2015-01-02 | 7.5 | CVE-2014-9455 MISC |
debian — mime-support | run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | 2015-01-06 | 7.5 | CVE-2014-7209 XF BID MLIST SECUNIA |
deliciousdays — cformsii | Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory. | 2015-01-07 | 7.5 | CVE-2014-9473 CONFIRM BUGTRAQ |
don_ho — notepad++ | Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information. | 2015-01-02 | 10.0 | CVE-2014-9456 EXPLOIT-DB |
hex-rays — ida | Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors. | 2015-01-02 | 10.0 | CVE-2014-9458 SECUNIA |
humhub — humhub | SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error. | 2015-01-06 | 7.5 | CVE-2014-9528 CONFIRM XF EXPLOIT-DB FULLDISC MISC |
infinitewp — infinitewp_admin_panel | SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter. | 2015-01-05 | 7.5 | CVE-2014-9519 MISC FULLDISC |
infinitewp — infinitewp_admin_panel | SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter. | 2015-01-05 | 7.5 | CVE-2014-9520 MISC FULLDISC |
infinitewp — infinitewp_admin_panel | Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename. | 2015-01-05 | 7.5 | CVE-2014-9521 MISC FULLDISC |
installatron — gq_file_manager | SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | 2015-01-02 | 7.5 | CVE-2014-9445 XF EXPLOIT-DB |
linux — linux_kernel | The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets. | 2015-01-02 | 7.8 | CVE-2014-9428 MLIST CONFIRM MLIST MLIST CONFIRM CONFIRM |
mediawiki — mediawiki | The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. | 2015-01-04 | 7.5 | CVE-2014-9277 CONFIRM MLIST MLIST DEBIAN SECTRACK |
microweber — microweber | SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. | 2015-01-03 | 7.5 | CVE-2014-9464 MISC CONFIRM |
mini-stream — rm-mp3_converter | Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file. | 2015-01-02 | 7.5 | CVE-2014-9448 EXPLOIT-DB EXPLOIT-DB OSVDB |
osclass — osclass | SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. | 2015-01-05 | 7.5 | CVE-2014-8083 BID BUGTRAQ FULLDISC MISC MISC |
osclass — osclass | Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action. | 2015-01-05 | 7.5 | CVE-2014-8084 BID BUGTRAQ FULLDISC MISC MISC |
php — php | sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping’s length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. | 2015-01-02 | 7.5 | CVE-2014-9427 CONFIRM MLIST MLIST MLIST CONFIRM |
phpmyrecipes_project — phpmyrecipes | SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. | 2015-01-02 | 7.5 | CVE-2014-9440 XF EXPLOIT-DB MISC |
projectsend — projectsend | Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory. | 2015-01-07 | 7.5 | CVE-2014-9567 XF EXPLOIT-DB EXPLOIT-DB MISC OSVDB |
sefrengo — sefrengo | Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. | 2015-01-08 | 7.5 | CVE-2015-0919 MISC FULLDISC MISC |
sonatype — nexus | Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. | 2015-01-05 | 7.5 | CVE-2014-9389 SECUNIA |
typo3 — typo3 | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a “Cache Poisoning” attack using a URL with arbitrary arguments, which triggers a reload of the page. | 2015-01-04 | 7.5 | CVE-2014-9509 |
vdgsecurity — vdg_sense | Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENSE (formerly DIVA) 2.3.13 allow remote attackers to execute arbitrary code via the (1) user or (2) password parameter in an AuthenticateUser request. | 2015-01-02 | 7.5 | CVE-2014-9451 MISC XF BID FULLDISC MISC |
xen — xen | Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. | 2015-01-07 | 7.8 | CVE-2015-0361 |
zabbix — zabbix | Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter. | 2015-01-02 | 7.5 | CVE-2014-9450 SECUNIA |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
absolutengine — absolut_engine | Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php. | 2015-01-02 | 6.5 | CVE-2014-9435 BID MISC FULLDISC |
apache — solr | Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. | 2015-01-06 | 4.3 | CVE-2014-3628 SECUNIA MLIST |
apache — poi | HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. | 2015-01-06 | 5.0 | CVE-2014-9527 CONFIRM SECUNIA CONFIRM |
banner_effect_header_project — banner_effect_header | Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php. | 2015-01-08 | 6.8 | CVE-2015-0920 XF XF MISC |
basic-cms — sweetrice | Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie. | 2015-01-03 | 4.3 | CVE-2010-5316 MISC |
basic-cms — sweetrice | The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator’s password by specifying the administrator’s e-mail address in the email parameter. | 2015-01-03 | 4.3 | CVE-2010-5318 MISC |
chialab_&_channelweb — bedita | Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index. | 2015-01-03 | 4.3 | CVE-2010-5314 MISC |
chialab_&_channelweb — bedita | Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser. | 2015-01-03 | 6.8 | CVE-2010-5315 MISC |
cisco — secure_access_control_system | The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. | 2015-01-08 | 6.5 | CVE-2014-8027 |
cisco — secure_access_control_system | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019. | 2015-01-08 | 4.3 | CVE-2014-8028 |
cisco — secure_access_control_system | Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150. | 2015-01-08 | 5.8 | CVE-2014-8029 |
cisco — webex_meetings_server | Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. | 2015-01-08 | 4.3 | CVE-2014-8030 |
cisco — webex_meetings_server | Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. | 2015-01-08 | 6.8 | CVE-2014-8031 |
cisco — webex_meetings_server | The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. | 2015-01-08 | 4.0 | CVE-2014-8032 |
cisco — webex_meetings_server | The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. | 2015-01-08 | 5.0 | CVE-2014-8033 |
codiad — codiad | Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | 2015-01-08 | 5.0 | CVE-2014-9581 EXPLOIT-DB |
codiad — codiad | Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | 2015-01-08 | 4.3 | CVE-2014-9582 EXPLOIT-DB |
concrete5 — concrete5 | Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php. | 2015-01-05 | 4.3 | CVE-2014-9526 XF BUGTRAQ FULLDISC MISC MISC |
d-link — dcs-2103_hd_cube_network_camera | Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm. | 2015-01-05 | 4.3 | CVE-2014-9517 MISC MISC |
d-link — dir-655 | Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter. | 2015-01-05 | 4.3 | CVE-2014-9518 BID CONFIRM SECUNIA |
e107 — e107 | Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. | 2015-01-02 | 6.8 | CVE-2014-9459 CONFIRM MISC FULLDISC |
efssoft — easy_file_sharing_web_server | Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp. | 2015-01-02 | 4.3 | CVE-2014-9439 XF EXPLOIT-DB |
elfutils_project — elfutils | Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. | 2015-01-02 | 6.4 | CVE-2014-9447 MLIST BID MLIST SECUNIA |
emc — documentum_wdk | Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-01-06 | 4.3 | CVE-2014-4635 BUGTRAQ |
emc — documentum_wdk | Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. | 2015-01-06 | 6.8 | CVE-2014-4636 BUGTRAQ |
emc — documentum_wdk | Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | 2015-01-06 | 6.4 | CVE-2014-4637 BUGTRAQ |
emc — documentum_wdk | EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. | 2015-01-06 | 5.0 | CVE-2014-4638 BUGTRAQ |
emc — documentum_wdk | EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value. | 2015-01-06 | 5.0 | CVE-2014-4639 BUGTRAQ |
exiv2 — exiv2 | Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file. | 2015-01-02 | 5.0 | CVE-2014-9449 SECUNIA CONFIRM |
facebook_like_box_project — facebook_like_box | Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php. | 2015-01-05 | 6.8 | CVE-2014-9524 SECUNIA MISC |
frontend_uploader_project — frontend_uploader | Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI. | 2015-01-02 | 4.3 | CVE-2014-9444 BID FULLDISC MISC |
ipcop — ipcop | Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer. | 2015-01-02 | 4.3 | CVE-2013-7417 XF MISC MISC MISC |
ipcop — ipcop | cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability. | 2015-01-02 | 6.5 | CVE-2013-7418 MISC MISC MISC |
justin_klein — wp-vipergb | Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php. | 2015-01-02 | 6.8 | CVE-2014-9460 CONFIRM XF XF MISC |
kajona — kajona | Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. | 2015-01-08 | 4.3 | CVE-2015-0917 CONFIRM CONFIRM MISC FULLDISC MISC |
kan-studio — kandidat_cms | Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to admin/edit.php, or (3) modify articles via the edit parameter to admin/news.php. | 2015-01-03 | 6.8 | CVE-2010-5319 MISC |
koha — koha | Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl. | 2015-01-02 | 4.3 | CVE-2014-9446 BID SECUNIA CONFIRM |
lightbox_photo_gallery_project — lightbox_photo_gallery | Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php. | 2015-01-02 | 6.8 | CVE-2014-9441 XF MISC |
mediawiki — mediawiki | Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview. | 2015-01-04 | 5.1 | CVE-2014-9276 CONFIRM MLIST MLIST SECTRACK |
memht — memht_portal | Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php. | 2015-01-03 | 6.8 | CVE-2010-5320 MISC |
nyu — opensso_integration | Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 2015-01-02 | 4.3 | CVE-2014-7293 MISC FULLDISC |
nyu — opensso_integration | Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | 2015-01-02 | 5.8 | CVE-2014-7294 MISC FULLDISC MISC |
oetiker+partner_ag — rrdtool | Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. | 2015-01-04 | 5.0 | CVE-2013-2131 MISC MISC MISC MLIST MLIST MLIST |
open-xchange — open-xchange_appsuite | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file. | 2015-01-05 | 4.3 | CVE-2014-1679 MISC XF BUGTRAQ SECUNIA |
open-xchange — open-xchange_appsuite | Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type. | 2015-01-07 | 4.3 | CVE-2014-8993 SECTRACK BUGTRAQ SECUNIA MISC |
openssl — openssl | The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. | 2015-01-08 | 5.0 | CVE-2014-3570 CONFIRM |
openssl — openssl | OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. | 2015-01-08 | 5.0 | CVE-2014-3571 CONFIRM CONFIRM |
openssl — openssl | The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. | 2015-01-08 | 5.0 | CVE-2014-3572 CONFIRM |
openssl — openssl | OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate’s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. | 2015-01-08 | 5.0 | CVE-2014-8275 CONFIRM CONFIRM |
openssl — openssl | The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role. | 2015-01-08 | 5.0 | CVE-2015-0204 CONFIRM |
openssl — openssl | The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. | 2015-01-08 | 5.0 | CVE-2015-0205 CONFIRM |
openssl — openssl | Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. | 2015-01-08 | 5.0 | CVE-2015-0206 CONFIRM |
openstack — image_registry_and_delivery_service_(glance) | The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. | 2015-01-07 | 5.5 | CVE-2014-9493 CONFIRM MLIST |
osclass — osclass | Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. | 2015-01-05 | 6.8 | CVE-2014-8085 BID BUGTRAQ FULLDISC MISC MISC CONFIRM |
paloaltonetworks — pan-os | Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563. | 2015-01-06 | 4.3 | CVE-2014-3764 CONFIRM SECUNIA |
papoo — cms_papoo_light | Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php. | 2015-01-05 | 4.3 | CVE-2014-9522 BID BUGTRAQ EXPLOIT-DB MISC MISC OSVDB |
pmb_services — pmb | SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. | 2015-01-02 | 6.5 | CVE-2014-9457 EXPLOIT-DB |
projectsend — projectsend | Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information. | 2015-01-08 | 4.3 | CVE-2014-9580 XF EXPLOIT-DB MISC |
quick_page/post_redirect_project — quick_page/post_redirect | Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php. | 2015-01-05 | 6.8 | CVE-2014-2598 MISC XF EXPLOIT-DB SECUNIA FULLDISC MISC OSVDB OSVDB |
reality66 — cart66_lite | SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php. | 2015-01-02 | 6.5 | CVE-2014-9442 MISC CONFIRM SECUNIA |
redcloth — redcloth_library | Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. | 2015-01-07 | 4.3 | CVE-2012-6684 MISC FULLDISC MISC MISC |
redhat — libvirt | The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. | 2015-01-06 | 4.0 | CVE-2014-8131 SUSE |
relevanssi — relevanssi | Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-01-02 | 4.3 | CVE-2014-9443 SECUNIA |
sap — netweaver_business_client_for_html | Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285. | 2015-01-07 | 4.3 | CVE-2014-9569 MISC SECUNIA |
sefrengo — sefrengo | Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php. | 2015-01-08 | 4.3 | CVE-2015-0918 MISC FULLDISC MISC |
simple_sticky_footer_project — simple_sticky_footer | Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php. | 2015-01-02 | 6.8 | CVE-2014-9454 XF XF MISC |
simple_visitor_stat_project — simple_visitor_stat | Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP User-Agent or (2) HTTP Referer header. | 2015-01-02 | 4.3 | CVE-2014-9453 XF MISC |
sliding_social_icons_project — sliding_social_icons | Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php. | 2015-01-02 | 6.8 | CVE-2014-9437 XF MISC |
smartcat — our_team_showcase | Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php. | 2015-01-05 | 6.8 | CVE-2014-9523 MISC |
social_microblogging_pro_project — social_microblogging_pro | Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the “Web Site” input in the Profile section. | 2015-01-05 | 4.3 | CVE-2014-9516 EXPLOIT-DB OSVDB |
strongswan — strongswan | strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. | 2015-01-07 | 5.0 | CVE-2014-9221 CONFIRM SECUNIA SECUNIA |
sysaid — sysaid | Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\ (four backslashes) in the fileName parameter to getRdsLogFile. | 2015-01-02 | 5.0 | CVE-2014-9436 XF EXPLOIT-DB FULLDISC MISC |
timed_popup_project — timed_popup | Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php. | 2015-01-05 | 6.8 | CVE-2014-9525 XF XF MISC |
typo3 — typo3 | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors. | 2015-01-04 | 4.3 | CVE-2014-9508 |
vbulletin — vbulletin | Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors. | 2015-01-02 | 6.8 | CVE-2014-9438 MISC XF MISC |
vdgsecurity — vdg_sense | Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/. | 2015-01-02 | 5.0 | CVE-2014-9452 MISC XF BID FULLDISC MISC |
vdgsecurity — vdg_sense | VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header. | 2015-01-08 | 6.4 | CVE-2014-9575 MISC FULLDISC MISC |
vdgsecurity — vdg_sense | VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access. | 2015-01-08 | 5.0 | CVE-2014-9576 MISC FULLDISC MISC |
vdgsecurity — vdg_sense | VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response. | 2015-01-08 | 4.0 | CVE-2014-9577 MISC FULLDISC MISC |
vdgsecurity — vdg_sense | VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of password hash. | 2015-01-08 | 5.0 | CVE-2014-9578 MISC FULLDISC MISC |
vdgsecurity — vdg_sense | VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files. | 2015-01-08 | 5.0 | CVE-2014-9579 MISC FULLDISC MISC |
zohocorp — manageengine_adselfservice_plus | Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do. | 2015-01-07 | 4.3 | CVE-2014-3779 XF MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
absolutengine — absolut_engine | Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter. | 2015-01-02 | 3.5 | CVE-2014-9434 BID MISC FULLDISC |
linuxcontainers — cgmanager | cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors. | 2015-01-07 | 2.1 | CVE-2014-1425 |
mantisbt — mantisbt | MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues. | 2015-01-04 | 3.5 | CVE-2014-9506 CONFIRM DEBIAN MLIST |
mediawiki — mediawiki | MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS. | 2015-01-04 | 2.6 | CVE-2014-9507 |
reality66 — cart66_lite | Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php. | 2015-01-02 | 3.5 | CVE-2014-9461 CONFIRM MISC CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.