SB14-237: Vulnerability Summary for the Week of August 18, 2014

Original release date: August 25, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alienvault — open_source_security_information_management The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. 2014-08-21 10.0 CVE-2014-5158
MISC
MISC
alienvault — open_source_security_information_management SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. 2014-08-21 7.5 CVE-2014-5159
MISC
alienvault — open_source_security_information_management The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805. 2014-08-21 10.0 CVE-2014-5210
MISC
MISC
BID
apache — traffic_server Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. 2014-08-22 10.0 CVE-2014-3525
SECUNIA
MLIST
bssys — rbs_bs-client Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter. 2014-08-22 7.5 CVE-2014-4197
MISC
SECUNIA
cacti — cacti The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. 2014-08-22 7.5 CVE-2014-5261
MISC
XF
BID
MLIST
MLIST
cacti — cacti SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-08-22 7.5 CVE-2014-5262
MISC
XF
BID
MLIST
MLIST
emc — documentum_d2 EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket. 2014-08-20 8.5 CVE-2014-2515
BUGTRAQ
emc — documentum_content_server EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. 2014-08-20 8.5 CVE-2014-4618
BUGTRAQ
freereprintables — articlefr Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php. 2014-08-22 7.5 CVE-2014-5097
MISC
BUGTRAQ
MISC
ibm — infosphere_master_data_management IBM InfoSphere Master Data Management – Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 allow local users to obtain administrator privileges via unspecified vectors. 2014-08-17 7.5 CVE-2014-3063
XF
ibm — global_console_manager_16_firmware systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter. 2014-08-17 7.1 CVE-2014-3085
XF
EXPLOIT-DB
ibm — websphere_application_server IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Balancer crash) via unspecified vectors. 2014-08-21 7.1 CVE-2014-4764
XF
AIXAPAR
iridium — open_port The Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allow remote attackers to read hardcoded credentials via the web interface. 2014-08-17 9.3 CVE-2014-0326
CERT-VN
iridium — open_port The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321. 2014-08-17 9.3 CVE-2014-0327
kk-osk — advance-flow SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-08-19 7.5 CVE-2014-3906
JVNDB
JVN
linux — linux_kernel The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a “mount -o remount” command within a user namespace. 2014-08-18 7.2 CVE-2014-5206
MLIST
linux — linux_kernel fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a “mount -o remount” command within a user namespace. 2014-08-18 7.2 CVE-2014-5207
MLIST
novell — open_enterprise_server Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before Scheduled Maintenance Update 9413 for Linux has unknown impact and attack vectors. 2014-08-17 10.0 CVE-2014-0609
CONFIRM
CONFIRM
redhat — jboss_enterprise_application_platform RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818. 2014-08-19 7.5 CVE-2014-3490
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
rubyonrails — ruby_on_rails activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls. 2014-08-20 7.5 CVE-2014-3514
MLIST
MLIST
siemens — simatic_s7-1500_cpu Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets. 2014-08-17 7.1 CVE-2014-5074
tenfourzero — shutter SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-08-17 7.5 CVE-2014-3904
wordpress — wordpress wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data. 2014-08-18 7.5 CVE-2014-5203
CONFIRM
MLIST

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — adobe_air Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a ‘$’ (dollar sign) or ‘(‘ (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671. 2014-08-19 6.8 CVE-2014-5333
MISC
alienvault — open_source_security_information_management SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2014-08-21 6.5 CVE-2014-5383
apache — ofbiz Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message. 2014-08-22 4.3 CVE-2014-0232
XF
SECTRACK
BID
BUGTRAQ
SECUNIA
MLIST
MISC
apache — subversion The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. 2014-08-19 4.0 CVE-2014-3504
CONFIRM
apache — subversion The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. 2014-08-19 4.0 CVE-2014-3522
XF
BID
SECUNIA
apache — subversion Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. 2014-08-19 4.0 CVE-2014-3528
apache — httpasyncclient org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a “CN=” string in a field in the distinguished name (DN) of a certificate, as demonstrated by the “foo,CN=www.apache.org” string in the O field. 2014-08-21 5.8 CVE-2014-3577
FULLDISC
MISC
baidu — spark_browser Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function. 2014-08-19 5.0 CVE-2014-5349
MISC
EXPLOIT-DB
OSVDB
binarymoon — timthumb Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter. 2014-08-21 4.3 CVE-2009-5142
CONFIRM
OSVDB
MISC
binarymoon — timthumb Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. 2014-08-21 4.3 CVE-2010-5302
CONFIRM
OSVDB
binarymoon — timthumb Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString. 2014-08-21 4.3 CVE-2010-5303
bitdefender — gravityzone Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server. 2014-08-19 5.0 CVE-2014-5350
MISC
CONFIRM
FULLDISC
blackberry — q10 The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode. 2014-08-18 6.1 CVE-2014-2388
BUGTRAQ
MISC
MISC
cisco — asr_5000_series_software The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID CSCuo21914. 2014-08-20 4.3 CVE-2014-3331
cisco — webex_meetmenow Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166. 2014-08-20 4.0 CVE-2014-3340
cisco — nexus_5000 The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616. 2014-08-19 5.0 CVE-2014-3341
debian — kde4libs KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and “PID reuse race conditions.” 2014-08-19 6.9 CVE-2014-5033
UBUNTU
DEBIAN
SECUNIA
SECUNIA
SECUNIA
CONFIRM
SUSE
disqus — disqus_comment_system Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter. 2014-08-19 4.3 CVE-2014-5345
MISC
BID
FULLDISC
MISC
disqus — disqus_comment_system Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to wp-admin/edit-comments.php, (3) import comments via an import_comments action, or (4) export comments via an export_comments action to wp-admin/index.php. 2014-08-19 6.8 CVE-2014-5346
MISC
FULLDISC
disqus — disqus_comment_system Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comments.php in manage.php or that (4) reset or (5) delete plugin options via the reset parameter to wp-admin/edit-comments.php. 2014-08-19 6.8 CVE-2014-5347
MISC
MISC
XF
XF
BID
EXPLOIT-DB
FULLDISC
MISC
MISC
drupal — drupal The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. 2014-08-18 5.0 CVE-2014-5265
CONFIRM
CONFIRM
drupal — drupal The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265. 2014-08-18 5.0 CVE-2014-5266
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
emc — rsa_archer_egrc EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. 2014-08-20 4.0 CVE-2014-0640
BUGTRAQ
emc — rsa_archer_egrc Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. 2014-08-20 6.8 CVE-2014-0641
BUGTRAQ
emc — rsa_archer_egrc EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product’s functionality, via unspecified vectors. 2014-08-20 5.4 CVE-2014-2505
BUGTRAQ
emc — digital_assets_manager Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter. 2014-08-20 4.3 CVE-2014-2511
BUGTRAQ
emc — rsa_archer_egrc Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. 2014-08-20 6.5 CVE-2014-2517
BUGTRAQ
emc — digital_assets_manager Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. 2014-08-20 6.8 CVE-2014-2518
BUGTRAQ
emc — documentum_content_server EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request. 2014-08-20 6.3 CVE-2014-2520
BUGTRAQ
emc — documentum_content_server EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. 2014-08-20 6.3 CVE-2014-2521
BUGTRAQ
esri — arcgis_for_server Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. 2014-08-22 4.3 CVE-2014-5121
BUGTRAQ
esri — arcgis_for_server Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login. 2014-08-22 5.8 CVE-2014-5122
BUGTRAQ
fedoraproject — 389_directory_server Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. 2014-08-21 5.0 CVE-2014-3562
CONFIRM
fengoffice — feng_office Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field. 2014-08-19 4.3 CVE-2014-5343
XF
BID
MISC
freebsd — freebsd The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2014-5384 is used for the NULL pointer dereference. 2014-08-21 5.0 CVE-2014-3951
SECTRACK
MLIST
freebsd — freebsd The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT from CVE-2014-3951 per ADT2 due to different vulnerability types. 2014-08-21 5.0 CVE-2014-5384
SECTRACK
MLIST
ibm — websphere_datapower_soa_appliance IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack. 2014-08-16 4.3 CVE-2014-0852
XF
ibm — websphere_application_server IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response. 2014-08-21 4.3 CVE-2014-0965
XF
AIXAPAR
ibm — infosphere_master_data_management SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management – Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2014-08-17 6.5 CVE-2014-0966
XF
ibm — infosphere_master_data_management Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data Management – Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to hijack the authentication of arbitrary users. 2014-08-17 6.8 CVE-2014-0969
XF
ibm — websphere_application_server IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition. 2014-08-21 4.3 CVE-2014-3022
XF
AIXAPAR
ibm — websphere_application_server The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. 2014-08-21 5.0 CVE-2014-3070
XF
AIXAPAR
ibm — global_console_manager_16_firmware Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php. 2014-08-17 4.3 CVE-2014-3080
XF
EXPLOIT-DB
ibm — global_console_manager_16_firmware prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter. 2014-08-17 6.3 CVE-2014-3081
XF
EXPLOIT-DB
ibm — websphere_application_server IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors. 2014-08-21 5.0 CVE-2014-3083
XF
AIXAPAR
ibm — business_process_manager callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2014-08-17 4.0 CVE-2014-3087
XF
ibm — rational_directory_administrator The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file. 2014-08-21 4.9 CVE-2014-3089
XF
ibm — powervc IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key. 2014-08-20 4.3 CVE-2014-4749
XF
ibm — websphere_application_server IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors. 2014-08-21 6.5 CVE-2014-4767
XF
AIXAPAR
ibm — infosphere_master_data_management IBM InfoSphere Master Data Management – Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 do not properly protect credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. 2014-08-17 5.0 CVE-2014-4775
XF
linecorp — line LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2014-08-16 4.3 CVE-2013-7144
MISC
mobiloud — mobiloud Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (mobiloud-mobile-app-plugin) plugin before 2.3.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. 2014-08-19 4.3 CVE-2014-5344
SECUNIA
openstack — neutron The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). 2014-08-19 5.0 CVE-2014-4615
UBUNTU
BID
MLIST
MLIST
MLIST
SECUNIA
REDHAT
owncloud — owncloud Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php. 2014-08-20 6.8 CVE-2014-4929
BID
MANDRIVA
CONFIRM
piwigo — piwigo Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649. 2014-08-17 4.3 CVE-2014-3900
CONFIRM
JVNDB
JVN
redhat — jboss_enterprise_application_platform The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2133. 2014-08-19 5.5 CVE-2014-3464
CONFIRM
redhat — jboss_enterprise_application_platform The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors. 2014-08-19 4.9 CVE-2014-3472
CONFIRM
riverbed — steelapp_traffic_manager Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject arbitrary web script or HTML via the logfile parameter. 2014-08-19 4.3 CVE-2014-5348
BID
FULLDISC
schrack — technik_microcontrol Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors. 2014-08-20 4.3 CVE-2014-5382
MISC
FULLDISC
shopizer — shopizer com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack. 2014-08-21 5.0 CVE-2014-5385
BUGTRAQ
FULLDISC
symantec — encryption_desktop Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size. 2014-08-21 5.0 CVE-2014-3436
BID
tenfourzero — shutter Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-08-17 4.3 CVE-2014-3905
wordpress — wordpress wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack. 2014-08-18 6.8 CVE-2014-5204
CONFIRM
MLIST
wordpress — wordpress wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack. 2014-08-18 6.8 CVE-2014-5205
CONFIRM
MLIST
xml-dt_project — xml-dt The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file. 2014-08-16 4.9 CVE-2014-5260
CONFIRM
CONFIRM
CONFIRM
MLIST

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
blackberry — blackberry_enterprise_service BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file. 2014-08-18 2.1 CVE-2014-1469
gnu — readline The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. 2014-08-20 3.3 CVE-2014-2524
FEDORA
MISC
MANDRIVA
MLIST
MLIST
CONFIRM
ibm — tivoli_storage_manager Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors. 2014-08-17 2.1 CVE-2014-0876
XF
ibm — infosphere_biginsights IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 2014-08-17 2.6 CVE-2014-0905
XF
CONFIRM
ibm — powervc IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network. 2014-08-20 2.9 CVE-2014-4750
XF
jayj — cakifo Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data. 2014-08-19 3.5 CVE-2014-3903
JVNDB
JVN
openstack — horizon Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name. 2014-08-22 3.5 CVE-2014-3594
CONFIRM
CONFIRM
CONFIRM
CONFIRM
XF
BID
MLIST
phpmyadmin — phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. 2014-08-21 3.5 CVE-2014-5273
phpmyadmin — phpmyadmin Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js. 2014-08-21 3.5 CVE-2014-5274
wordpress — wordpress Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL. 2014-08-18 2.1 CVE-2014-5240
CONFIRM
MLIST

Back to top

 


This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply