SB15-019: Vulnerability Summary for the Week of January 12, 2015

Original release date: January 19, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors. 2015-01-13 10.0 CVE-2015-0301
adobe — adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0306. 2015-01-13 10.0 CVE-2015-0303
adobe — adobe_air Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309. 2015-01-13 10.0 CVE-2015-0304
adobe — adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code by leveraging an unspecified “type confusion.” 2015-01-13 9.3 CVE-2015-0305
CONFIRM
adobe — adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303. 2015-01-13 10.0 CVE-2015-0306
adobe — adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors. 2015-01-13 8.5 CVE-2015-0307
adobe — adobe_air Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors. 2015-01-13 10.0 CVE-2015-0308
adobe — adobe_air Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304. 2015-01-13 10.0 CVE-2015-0309
awpcp — another_wordpress_classifieds_plugin SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action. 2015-01-13 7.5 CVE-2014-10013
XF
EXPLOIT-DB
MISC
dev4press — gd_star_rating SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php. 2015-01-12 7.5 CVE-2014-2839
XF
FULLDISC
divx — directshowdemuxfilter Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow. 2015-01-13 7.5 CVE-2014-10024
BID
FULLDISC
domphp — domphp Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php. 2015-01-13 7.5 CVE-2014-10037
XF
EXPLOIT-DB
OSVDB
domphp — domphp SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. 2015-01-13 7.5 CVE-2014-10038
XF
EXPLOIT-DB
MISC
OSVDB
fluxbb — fluxbb SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter. 2015-01-13 7.5 CVE-2014-10029
XF
SECUNIA
FULLDISC
MISC
hancom — hancom_office_2010_se Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file. 2015-01-12 7.5 CVE-2013-7420
XF
BUGTRAQ
ibm — pureapplication_system Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component. 2015-01-09 9.0 CVE-2014-6158
ibm — aix lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. 2015-01-15 7.2 CVE-2014-8904
XF
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ismail_fahmi — ganesha_digital_library Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. 2015-01-13 7.5 CVE-2014-100031
XF
SECUNIA
MISC
itechscripts — itechclassifieds SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. 2015-01-13 7.5 CVE-2014-100020
XF
BID
EXPLOIT-DB
OSVDB
libpng — libpng Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16 might allow context-dependent attackers to execute arbitrary code via a “very wide interlaced” PNG image. 2015-01-10 10.0 CVE-2014-9495
SECTRACK
BID
MLIST
MISC
MLIST
licensepal — arcticdesk SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-01-13 7.5 CVE-2014-100035
linux — linux_kernel Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. 2015-01-09 7.2 CVE-2014-9529
CONFIRM
MLIST
CONFIRM
maianscriptworld — maian_uploader SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2015-01-13 7.5 CVE-2014-10004
XF
MISC
OSVDB
microsoft — windows_7 The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or “Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability.” 2015-01-13 7.2 CVE-2015-0002
MISC
MISC
MISC
microsoft — windows_7 The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user’s UsrClass.dat registry hive, aka MSRC ID 20674 or “Microsoft User Profile Service Elevation of Privilege Vulnerability.” 2015-01-13 7.2 CVE-2015-0004
MISC
microsoft — windows_7 Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka “Windows Telnet Service Buffer Overflow Vulnerability.” 2015-01-13 10.0 CVE-2015-0014
microsoft — windows_server_2003 Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka “Network Policy Server RADIUS Implementation Denial of Service Vulnerability.” 2015-01-13 7.8 CVE-2015-0015
microsoft — windows_7 Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka “Directory Traversal Elevation of Privilege Vulnerability.” 2015-01-13 9.3 CVE-2015-0016
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2015-01-14 7.5 CVE-2014-8634
CONFIRM
CONFIRM
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2015-01-14 7.5 CVE-2014-8635
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. 2015-01-14 7.5 CVE-2014-8636
CONFIRM
mozilla — firefox Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. 2015-01-14 7.5 CVE-2014-8641
CONFIRM
mozilla — firefox Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin’s process. 2015-01-14 7.1 CVE-2014-8643
CONFIRM
mtouch_quiz_project — mtouch_quiz SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. 2015-01-13 7.5 CVE-2014-100022
MISC
XF
SECUNIA
phpjabbers — event_booking_calendar SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. 2015-01-13 7.5 CVE-2014-10015
MISC
pomm-project — pomm SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-01-13 7.5 CVE-2014-100019
CONFIRM
XF
BID
SECUNIA
qualcomm — eudora_worldmail Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command. 2015-01-13 7.5 CVE-2014-10031
XF
EXPLOIT-DB
OSVDB
realnetworks — realarcade_installer The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method. 2015-01-12 10.0 CVE-2013-2603
MISC
MISC
OSVDB
realnetworks — realarcade_installer RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game’s directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory. 2015-01-12 7.2 CVE-2013-2604
MISC
MISC
OSVDB
schneider-electric — wonderware_intouch_access_anywhere_server Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. 2015-01-09 10.0 CVE-2014-9190
CONFIRM
sendy — sendy SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. 2015-01-13 7.5 CVE-2014-100011
XF
BID
BUGTRAQ
EXPLOIT-DB
sendy — sendy SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. 2015-01-13 7.5 CVE-2014-100012
EXPLOIT-DB
softbb — softbb SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter. 2015-01-15 7.5 CVE-2014-9560
BID
MISC
FULLDISC
MISC
solidworks — product_data_management Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000. 2015-01-13 7.5 CVE-2014-100014
XF
EXPLOIT-DB
SECUNIA
tecorange — simple_e-document SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. 2015-01-13 7.5 CVE-2014-10020
XF
EXPLOIT-DB
MISC
OSVDB
topicsviewer — topicsviewer Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/. 2015-01-13 7.5 CVE-2014-10023
XF
BID
EXPLOIT-DB
MISC
OSVDB
OSVDB
OSVDB
OSVDB
trendnet — tv-ip422w Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function. 2015-01-13 7.5 CVE-2014-10011
XF
MISC
MISC
BID
MISC
welcart — e-commerce Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. 2015-01-13 7.5 CVE-2014-10017
XF
BID
MISC
wpsymposium — wp_symposium Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/. 2015-01-13 7.5 CVE-2014-10021
EXPLOIT-DB
yourmembers — yourmembers SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI. 2015-01-13 7.5 CVE-2014-100003
EXPLOIT-DB
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to obtain sensitive keystroke information via unspecified vectors. 2015-01-13 5.0 CVE-2015-0302
airties — air_6372 Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter. 2015-01-13 4.3 CVE-2014-100032
XF
MISC
apache — traffic_server Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. 2015-01-13 5.0 CVE-2014-10022
CONFIRM
SECTRACK
MLIST
apache — cloudstack Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. 2015-01-15 5.0 CVE-2014-9593
SECUNIA
april’s_super_functions_pack_project — april’s_super_functions_pack Cross-site scripting (XSS) vulnerability in readme.php in the April’s Super Functions Pack plugin before 1.4.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. 2015-01-13 4.3 CVE-2014-100026
XF
BID
SECUNIA
OSVDB
awpcp — another_wordpress_classifieds_plugin Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. 2015-01-13 4.3 CVE-2014-10012
XF
MISC
cisco — anyconnect_secure_mobility_client Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940. 2015-01-14 5.0 CVE-2014-3314
cisco — unified_communications_domain_manager Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276. 2015-01-09 5.0 CVE-2014-8020
cisco — identity_services_engine_software Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776. 2015-01-15 4.3 CVE-2014-8022
cisco — webex_meetings_server Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. 2015-01-15 5.0 CVE-2014-8034
cisco — webex_meetings_server The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247. 2015-01-09 5.0 CVE-2014-8035
cisco — webex_meetings_server The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting’s invite list via a crafted URL, aka Bug ID CSCuj40254. 2015-01-09 5.0 CVE-2014-8036
cisco — asyncos Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113. 2015-01-14 4.3 CVE-2015-0577
cisco — adaptive_security_appliance_software Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network, aka Bug ID CSCur45455. 2015-01-14 5.7 CVE-2015-0578
cisco — telepresence_video_communication_server Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473. 2015-01-14 5.0 CVE-2015-0579
cisco — nx-os The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. 2015-01-09 5.0 CVE-2015-0582
cisco — webex_meeting_center Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. 2015-01-14 5.0 CVE-2015-0583
cisco — unified_communications_domain_manager Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. 2015-01-15 6.8 CVE-2015-0588
cisco — unified_communications_domain_manager Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. 2015-01-15 5.0 CVE-2015-0591
clientresponse_project — clientresponse Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field. 2015-01-13 4.3 CVE-2014-100013
XF
EXPLOIT-DB
context_project — context Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. 2015-01-15 5.8 CVE-2015-1051
BID
corel — corelcad Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory. 2015-01-15 4.6 CVE-2014-8394
BID
BUGTRAQ
MISC
FULLDISC
corel — painter Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed. 2015-01-15 4.6 CVE-2014-8395
BID
BUGTRAQ
MISC
FULLDISC
corel — pdf_fusion Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed. 2015-01-15 4.6 CVE-2014-8396
BID
BUGTRAQ
MISC
FULLDISC
corel — fastflick Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed. 2015-01-15 4.6 CVE-2014-8397
BID
BUGTRAQ
MISC
FULLDISC
corel — fastflick Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed. 2015-01-15 4.6 CVE-2014-8398
BID
BUGTRAQ
MISC
FULLDISC
couponphp — couponphp Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/. 2015-01-13 6.5 CVE-2014-10034
XF
MISC
EXPLOIT-DB
MISC
OSVDB
OSVDB
CONFIRM
couponphp — couponphp Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php. 2015-01-13 4.3 CVE-2014-10035
MISC
EXPLOIT-DB
SECUNIA
MISC
OSVDB
OSVDB
OSVDB
CONFIRM
csphere — clansphere Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php. 2015-01-13 4.3 CVE-2014-100010
MISC
BID
BUGTRAQ
SECUNIA
FULLDISC
d-link — dir-60 Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. 2015-01-13 6.8 CVE-2014-100005
XF
SECUNIA
MISC
d-link — dap-1360_firmware Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi. 2015-01-13 6.8 CVE-2014-10025
MISC
FULLDISC
d-link — dap-1360_firmware index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. 2015-01-13 5.0 CVE-2014-10026
MISC
FULLDISC
d-link — dap-1360_firmware Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi. 2015-01-13 6.8 CVE-2014-10027
MISC
FULLDISC
d-link — dap-1360_firmware Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. 2015-01-13 4.3 CVE-2014-10028
MISC
FULLDISC
dev4press — gd_star_rating Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors. 2015-01-12 6.8 CVE-2014-2838
XF
SECUNIA
FULLDISC
e107 — e107 Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING. 2015-01-15 4.3 CVE-2015-1041
MISC
XF
BID
MLIST
MISC
MISC
FULLDISC
MISC
f5 — big-ip_application_security_manager Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account. 2015-01-15 4.3 CVE-2015-1050
XF
BUGTRAQ
FULLDISC
MISC
flatpress — flatpress Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. 2015-01-13 4.3 CVE-2014-100036
MISC
CONFIRM
XF
SECUNIA
fluxbb — fluxbb Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. 2015-01-13 5.8 CVE-2014-10030
CONFIRM
ganesha_digital_library_project — ganesha_digital_library Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. 2015-01-13 5.0 CVE-2014-100029
XF
MISC
ganesha_digital_library_project — ganesha_digital_library Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action. 2015-01-13 4.3 CVE-2014-100030
XF
SECUNIA
MISC
getusedtoit — wp_slimstat Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-01-13 4.3 CVE-2014-100027
CONFIRM
XF
BID
SECUNIA
gnu — binutils The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. 2015-01-15 5.0 CVE-2014-8738
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
haxx — libcurl CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. 2015-01-15 4.3 CVE-2014-8150
DEBIAN
SECUNIA
SECUNIA
haxx — libcurl The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. 2015-01-15 5.8 CVE-2014-8151
SECUNIA
hk_exif_tags_project — hk_exif_tags Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information. 2015-01-13 4.3 CVE-2014-100007
XF
SECUNIA
hp — insight_control_server_deployment Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-01-15 4.3 CVE-2014-7881
ibm — sterling_b2b_integrator The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request. 2015-01-09 5.0 CVE-2014-6199
XF
ibm — emptoris The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2015-01-09 4.0 CVE-2014-6212
XF
iwcn — stark_crm Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page. 2015-01-13 6.8 CVE-2014-10008
XF
XF
MISC
MISC
SECUNIA
iwcn — stark_crm Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page. 2015-01-13 4.3 CVE-2014-10009
XF
MISC
MISC
SECUNIA
jetbrains — teamcity Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. 2015-01-13 5.0 CVE-2014-10002
SECUNIA
jetbrains — teamcity Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. 2015-01-13 4.3 CVE-2014-10036
MISC
XF
SECUNIA
CONFIRM
joomlaskin — js_multi_hotel Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the roomid parameter. 2015-01-09 4.3 CVE-2013-7419
MISC
joomlaskin — js_multi_hotel Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter. 2015-01-13 4.3 CVE-2014-100008
XF
MISC
MISC
joomlaskin — js_multi_hotel The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php, (2) myCalendar.php, (3) refreshDate.php, (4) show_image.php, (5) widget.php, (6) phpthumb/GdThumb.inc.php, or (7) phpthumb/thumb_plugins/gd_reflection.inc.php in includes/. 2015-01-13 5.0 CVE-2014-100009
MISC
MISC
licensepal — arcticdesk Directory traversal vulnerability in LicensePal ArcticDesk before 1.2.5 allows remote attackers to read arbitrary files via unspecified vectors. 2015-01-13 5.0 CVE-2014-100033
MISC
SECUNIA
licensepal — arcticdesk Cross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-01-13 4.3 CVE-2014-100034
XF
SECUNIA
litech — router_advertisement_daemon The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each. 2015-01-15 4.0 CVE-2014-8153
MISC
CONFIRM
CONFIRM
BID
maianscriptworld — maian_uploader Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. 2015-01-13 4.3 CVE-2014-10003
XF
MISC
OSVDB
maianscriptworld — maian_uploader Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. 2015-01-13 5.0 CVE-2014-10005
OSVDB
MISC
maianscriptworld — maian_uploader Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. 2015-01-13 6.8 CVE-2014-10006
MISC
maianscriptworld — maian_weblog Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact action to index.php. 2015-01-13 4.3 CVE-2014-10007
MISC
XF
SECUNIA
mantisbt — mantisbt Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename. 2015-01-09 4.3 CVE-2014-9271
CONFIRM
MLIST
MLIST
MLIST
mantisbt — mantisbt The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol. 2015-01-09 4.3 CVE-2014-9272
CONFIRM
CONFIRM
MLIST
MLIST
mcafee — epolicy_orchestrator XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do. 2015-01-09 4.0 CVE-2015-0921
FULLDISC
FULLDISC
MISC
mcafee — epolicy_orchestrator McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers’ installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password. 2015-01-09 5.0 CVE-2015-0922
FULLDISC
FULLDISC
MISC
microsoft — windows_7 The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka “NLA Security Feature Bypass Vulnerability.” 2015-01-13 6.1 CVE-2015-0006
microsoft — windows_7 mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka “WebDAV Elevation of Privilege Vulnerability.” 2015-01-13 4.7 CVE-2015-0011
moip_project — moip Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback. 2015-01-09 4.3 CVE-2014-9500
MLIST
MLIST
mozilla — firefox Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element. 2015-01-14 5.0 CVE-2014-8637
CONFIRM
mozilla — firefox The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. 2015-01-14 6.8 CVE-2014-8638
CONFIRM
mozilla — firefox Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. 2015-01-14 6.8 CVE-2014-8639
CONFIRM
mozilla — firefox The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls. 2015-01-14 5.0 CVE-2014-8640
CONFIRM
mozilla — firefox Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate. 2015-01-14 4.3 CVE-2014-8642
CONFIRM
mtouch_quiz_project — mtouch_quiz Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php. 2015-01-13 4.3 CVE-2014-100023
MISC
XF
XF
SECUNIA
mywebsiteadvisor — simple_security Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php. 2015-01-15 4.3 CVE-2014-9570
MISC
BUGTRAQ
orangehrm — orangehrm Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter. 2015-01-13 4.3 CVE-2014-100021
BID
SECUNIA
MISC
oscommerce — online_merchant SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action. 2015-01-13 6.5 CVE-2014-10033
CONFIRM
XF
MISC
EXPLOIT-DB
OSVDB
panasonic — arbitrator_back-end_server_mk_2.0_vpu Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information. 2015-01-15 4.3 CVE-2014-9596
photocati_media — photocrati Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter. 2015-01-13 4.3 CVE-2014-100016
XF
BID
SECUNIA
MISC
OSVDB
phpjabbers — appointment_scheduler Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller. 2015-01-13 6.8 CVE-2014-10001
XF
XF
EXPLOIT-DB
SECUNIA
MISC
phpjabbers — appointment_scheduler Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller. 2015-01-13 5.0 CVE-2014-10010
XF
EXPLOIT-DB
MISC
phpjabbers — event_booking_calendar Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller. 2015-01-13 6.8 CVE-2014-10014
XF
XF
SECUNIA
MISC
phpkit — phpkit Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php. 2015-01-15 4.3 CVE-2015-1052
BID
MISC
MISC
FULLDISC
MISC
phponlinechat — phponlinechat Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field. 2015-01-13 4.3 CVE-2014-100017
XF
BID
EXPLOIT-DB
MISC
pods_foundation — pods Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php. 2015-01-15 4.3 CVE-2014-7956
BID
BUGTRAQ
FULLDISC
MISC
pods_foundation — pods Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete action in the pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admin.php, (4) deactivate and reset pod data via the pods_reset_deactivate parameter in the pod-settings page to wp-admin/admin.php, (5) delete the admin role via the id parameter in a delete action in the pods-component-roles-and-capabilities page to wp-admin/admin.php, or (6) enable “roles and capabilities” in a toggle action in the pods-components page to wp-admin/admin.php. 2015-01-15 6.8 CVE-2014-7957
BID
BUGTRAQ
FULLDISC
MISC
redhat — jboss_data_virtualization XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint. 2015-01-15 5.0 CVE-2014-0171
CONFIRM
roundcube — webmail Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins. 2015-01-15 6.8 CVE-2014-9587
CONFIRM
MISC
BID
MLIST
sap — sap_kernel Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734. 2015-01-15 6.5 CVE-2014-9594
SECUNIA
MISC
MISC
sap — sap_kernel Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271. 2015-01-15 6.5 CVE-2014-9595
SECUNIA
MISC
MISC
savsoft — savsoft_quiz Cross-site request forgery (CSRF) vulnerability in index.php/user_data/insert_user in Savsoft Quiz allows remote attackers to hijack the authentication of administrators for requests that create an administrator account via a crafted request. 2015-01-13 6.8 CVE-2014-100025
XF
BID
SECUNIA
MISC
scriptbrasil — taboada_macronews SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. 2015-01-13 6.5 CVE-2014-10032
XF
EXPLOIT-DB
OSVDB
seopanel — seo_panel Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-01-13 4.3 CVE-2014-100024
XF
SECUNIA
OSVDB
seopressor — seo_plugin_liveoptim Cross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information. 2015-01-13 6.8 CVE-2014-100001
XF
SECUNIA
sitecore — cms Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information. 2015-01-13 4.3 CVE-2014-100004
XF
BID
BUGTRAQ
MISC
SECUNIA
OSVDB
softbb — softbb Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter. 2015-01-15 4.3 CVE-2014-9561
BID
MISC
FULLDISC
MISC
solidworks — product_data_management Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload. 2015-01-13 6.4 CVE-2014-100015
XF
EXPLOIT-DB
EXPLOIT-DB
MISC
storytlr — storytlr Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to archives/. 2015-01-13 4.3 CVE-2014-100037
MISC
SECUNIA
storytlr — storytlr Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/. 2015-01-13 4.3 CVE-2014-100038
MISC
XF
SECUNIA
suse — gcab Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by “tmpmoo.” 2015-01-15 6.4 CVE-2015-0552
CONFIRM
CONFIRM
MLIST
SUSE
tapatalk — tapatalk Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter. 2015-01-15 4.3 CVE-2014-8869
MISC
BID
BUGTRAQ
FULLDISC
tapatalk — tapatalk Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter. 2015-01-15 5.8 CVE-2014-8870
BID
BUGTRAQ
FULLDISC
teracom — t2-b-gawv1.4u10y-bi Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter. 2015-01-13 4.3 CVE-2014-10018
XF
BID
EXPLOIT-DB
OSVDB
teracom — t2-b-gawv1.4u10y-bi Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or (2) change the password via a crafted request. 2015-01-13 6.8 CVE-2014-10019
XF
EXPLOIT-DB
tp-link — tl-wr840n_firmware Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. 2015-01-09 6.8 CVE-2014-9510
BID
MISC
FULLDISC
unconfirmed_project — unconfirmed Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php. 2015-01-13 4.3 CVE-2014-100018
CONFIRM
MISC
BID
SECUNIA
webcrafted_project — webcrafted Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username. 2015-01-13 4.3 CVE-2014-100028
XF
BID
SECUNIA
MISC
webtrees — webtrees Multiple cross-site scripting (XSS) vulnerabilities in modules_v3/googlemap/wt_v3_street_view.php in webtrees before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) map, (2) streetview, or (3) reset parameter. 2015-01-13 4.3 CVE-2014-100006
XF
MISC
SECUNIA
welcart — e-commerce Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time parameter in an add_delivery_method action to wp-admin/admin-ajax.php. 2015-01-13 4.3 CVE-2014-10016
XF
BID
SECUNIA
MISC
wireshark — wireshark Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. 2015-01-09 5.0 CVE-2015-0559
CONFIRM
CONFIRM
wireshark — wireshark The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-01-09 5.0 CVE-2015-0560
CONFIRM
CONFIRM
wireshark — wireshark asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. 2015-01-09 5.0 CVE-2015-0561
CONFIRM
CONFIRM
wireshark — wireshark Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. 2015-01-09 5.0 CVE-2015-0562
CONFIRM
CONFIRM
wireshark — wireshark epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. 2015-01-09 5.0 CVE-2015-0563
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. 2015-01-09 5.0 CVE-2015-0564
CONFIRM
wpeasycart — wp_easycart Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/. 2015-01-15 6.5 CVE-2014-9308
BID
EXPLOIT-DB
MISC
MISC
OSVDB
xen — xen The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU. 2015-01-12 4.9 CVE-2014-6268
XF
SECTRACK
BID
zfcuser_project — zfcuser Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. 2015-01-15 4.3 CVE-2015-1039
CONFIRM
CONFIRM
BID
MLIST
zohocorp — manageengine_supportcenter_plus Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket. 2015-01-13 5.0 CVE-2014-100002
CONFIRM
XF
EXPLOIT-DB
OSVDB

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
bedita — bedita Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) “note text” field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view. 2015-01-15 3.5 CVE-2015-1040
CONFIRM
BID
MISC
MLIST
FULLDISC
MISC
codewrights — hart_device_type_manager The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 mA current loop. 2015-01-09 2.1 CVE-2014-9191
godwin’s_law_project — godwin’s_law Cross-site scripting (XSS) vulnerability in the Godwin’s Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message. 2015-01-09 3.5 CVE-2014-9499
XF
MLIST
MLIST
ibm — curam_social_program_management Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-01-09 3.5 CVE-2014-3096
linux — linux_kernel The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. 2015-01-09 2.1 CVE-2014-9584
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. 2015-01-09 2.1 CVE-2014-9585
MLIST
MLIST
MISC
CONFIRM
malwarebytes — malwarebytes_anti-exploit mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information. 2015-01-13 2.1 CVE-2014-100039
CONFIRM
OSVDB
mantisbt — mantisbt Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie. 2015-01-09 2.6 CVE-2014-9269
CONFIRM
DEBIAN
MLIST
MLIST
mediawiki — mediawiki Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message. 2015-01-16 3.5 CVE-2014-9475
MLIST
MLIST
DEBIAN
microsoft — windows_8 The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka “Windows Error Reporting Security Feature Bypass Vulnerability.” 2015-01-13 1.9 CVE-2015-0001
poll_chart_block_project — poll_chart_block Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title. 2015-01-09 3.5 CVE-2014-9501
MLIST
MLIST
redhat — network_satellite Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API. 2015-01-15 3.5 CVE-2014-7811
redhat — network_satellite Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field. 2015-01-15 3.5 CVE-2014-7812
school_administration_project — school_administration Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title. 2015-01-09 3.5 CVE-2014-9505
XF
MLIST
MLIST
siemens — simatic_wincc_sm@rtclient The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors. 2015-01-14 2.1 CVE-2014-5231
siemens — simatic_wincc_sm@rtclient The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state. 2015-01-14 1.9 CVE-2014-5232
siemens — simatic_wincc_sm@rtclient The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism. 2015-01-14 1.9 CVE-2014-5233
webform_invitation_project — webform_invitation Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web script or HTML via a node title. 2015-01-09 3.5 CVE-2014-9498
MLIST
MLIST

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply