Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

OPM Identity-Protection Phishing Campaigns

June 30, 2015 007admin Leave a comment

Original release date: June 30, 2015

US-CERT is aware of phishing campaigns masquerading as emails from the Office of Personnel Management (OPM) or the identity protection firm CSID. For those affected by the recent data breach, the legitimate domain used for accessing identity protection services is https://opm.csid.com.

US-CERT recommends that users visit the OPM website for more information. Users are also encouraged to report suspicious email to US-CERT.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB15-180: Vulnerability Summary for the Week of June 22, 2015

June 29, 2015 007admin Leave a comment

Original release date: June 29, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — photoshop_cc	Adobe Photoshop CC before 16.0 (aka 2015.0.0) allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.	2015-06-24	10.0	CVE-2015-3109 CONFIRM
adobe — bridge	Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.	2015-06-24	10.0	CVE-2015-3110 CONFIRM CONFIRM
adobe — bridge	Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.	2015-06-24	10.0	CVE-2015-3111 CONFIRM CONFIRM
adobe — bridge	Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.	2015-06-24	10.0	CVE-2015-3112 CONFIRM CONFIRM
adobe — flash_player	Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.	2015-06-23	10.0	CVE-2015-3113 CONFIRM
airties — air_firmware	Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.	2015-06-19	10.0	CVE-2015-2797 EXPLOIT-DB EXPLOIT-DB MISC OSVDB
aptexx — resident_anywhere	Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request.	2015-06-23	7.5	CVE-2014-4882 CERT-VN
audiosharescript — audioshare	PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[‘basedir’] parameter.	2015-06-23	7.5	CVE-2015-4726 MISC
avigilon — avigilon_control_center	Directory traversal vulnerability in Avigilon Control Center (ACC) 4 before 4.12.0.54 and 5 before 5.4.2.22 allows remote attackers to read arbitrary files via a crafted help/ URL.	2015-06-23	7.8	CVE-2015-2860 CERT-VN
cisco — ios	Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation, aka Bug ID CSCug00885.	2015-06-23	7.8	CVE-2015-4200 CISCO
cisco — webex_meeting_center	Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398.	2015-06-24	7.5	CVE-2015-4208 CISCO
cisco — anyconnect_secure_mobility_client	Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862.	2015-06-24	7.2	CVE-2015-4211 CISCO
cisco — wireless_lan_controller_software	Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.	2015-06-26	7.2	CVE-2015-4224 CISCO
cups — cups	The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.	2015-06-26	10.0	CVE-2015-1158 CERT-VN CONFIRM MISC CONFIRM CONFIRM CONFIRM MISC
persian_car_cms_project — persian_car_cms	SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.	2015-06-19	7.5	CVE-2015-4678 MISC
sap — mobile_platform	XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.	2015-06-24	7.5	CVE-2015-5068 MISC MISC
tinysrp_project — tinysrp	Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field.	2015-06-19	7.5	CVE-2015-4675 FULLDISC MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
aftab — tickfa	SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action.	2015-06-19	6.5	CVE-2015-4676 MISC
airties — rt-210_firmware	Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm.	2015-06-19	4.3	CVE-2015-4679 MISC
alcatel-lucent — cellpipe_7130_rg_5ae.m2013_hol_firmware	Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add_user action in a request to password.cmd.	2015-06-23	6.8	CVE-2015-4586 MISC
apphp — hotel_site	SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.	2015-06-22	6.5	CVE-2015-4713 MISC
arduino_json_project — arduino_json	The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a (backslash) followed by a terminator, as demonstrated by “\”, which triggers a buffer overflow and over-read.	2015-06-22	5.0	CVE-2015-4590 CONFIRM CONFIRM CONFIRM BID MLIST
async-http-client_project — async-http-client	Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.	2015-06-24	4.3	CVE-2013-7397 CONFIRM MLIST
async-http-client_project — async-http-client	main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.	2015-06-24	4.3	CVE-2013-7398 CONFIRM MLIST
audiosharescript — audioshare	Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter.	2015-06-23	4.3	CVE-2015-4725 MISC
cisco — data_center_analytics_framework	Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807.	2015-06-23	6.8	CVE-2015-4189 CISCO
cisco — nx-os	Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415.	2015-06-20	6.1	CVE-2015-4197 CISCO
cisco — web_security_appliance	Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409.	2015-06-20	4.3	CVE-2015-4198 CISCO
cisco — asr_5000_series_software	The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Session Manager restart) via an invalid TCP/IP header, aka Bug ID CSCut68058.	2015-06-20	5.0	CVE-2015-4201 CISCO
cisco — ios	Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203.	2015-06-20	5.0	CVE-2015-4202 CISCO
cisco — ios	Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396.	2015-06-23	5.4	CVE-2015-4203 CISCO
cisco — cisco_ios	Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051.	2015-06-23	6.8	CVE-2015-4204 CISCO
cisco — ios_xr	Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.	2015-06-23	5.7	CVE-2015-4205 CISCO
cisco — webex_meeting_center	Cisco WebEx Meeting Center places a meeting’s access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147.	2015-06-23	5.0	CVE-2015-4207 CISCO
cisco — webex_meeting_center	Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913.	2015-06-23	6.4	CVE-2015-4209 CISCO
cisco — webex_meeting_center	Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806.	2015-06-23	4.3	CVE-2015-4210 CISCO
cisco — webex_meeting_center	Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.	2015-06-24	5.0	CVE-2015-4212 CISCO
cisco — nx-os	Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391.	2015-06-24	4.0	CVE-2015-4213 CISCO
cisco — unified_meetingplace	Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050.	2015-06-24	4.0	CVE-2015-4214 CISCO
cisco — wireless_lan_controller_software	Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6 device, aka Bug ID CSCuj01046.	2015-06-24	6.1	CVE-2015-4215 CISCO
cisco — content_security_management_virtual_appliance	The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers’ installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.	2015-06-26	5.0	CVE-2015-4216 CISCO
cisco — content_security_management_virtual_appliance	The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers’ installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.	2015-06-26	4.3	CVE-2015-4217 CISCO CISCO
cisco — jabber	The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858.	2015-06-24	5.0	CVE-2015-4218 CISCO
cisco — identity_services_engine_software	Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.	2015-06-24	4.0	CVE-2015-4219 CISCO
cisco — unified_presence_server	Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773.	2015-06-25	4.3	CVE-2015-4220 CISCO
cisco — unified_communications_manager_im_and_presence_service	Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194.	2015-06-26	4.0	CVE-2015-4221 CISCO
cisco — unified_communications_manager_im_and_presence_service	SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325.	2015-06-26	6.5	CVE-2015-4222 CISCO
cisco — ios_xr	Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478.	2015-06-25	5.0	CVE-2015-4223 CISCO
cups — cups	Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.	2015-06-26	4.3	CVE-2015-1159 CERT-VN CONFIRM MISC CONFIRM CONFIRM CONFIRM MISC
dream-multimedia-tv — dreambox_dm500-s_firmware	Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.	2015-06-22	4.3	CVE-2015-4714 MISC
drupal — drupal	The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.	2015-06-22	4.0	CVE-2015-3231 CONFIRM DEBIAN
drupal — drupal	Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.	2015-06-22	5.8	CVE-2015-3232 CONFIRM DEBIAN
drupal — drupal	Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	2015-06-22	5.8	CVE-2015-3233 CONFIRM DEBIAN
drupal — drupal	The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users’ accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.	2015-06-22	4.3	CVE-2015-3234 CONFIRM DEBIAN
emc — rsa_validation_manager	Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.	2015-06-22	4.3	CVE-2015-0526 BUGTRAQ
fiverrscript — fiverrscript	Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.	2015-06-19	6.8	CVE-2015-4677 EXPLOIT-DB
google — chrome	content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests.	2015-06-26	5.0	CVE-2015-1266 CONFIRM CONFIRM CONFIRM
google — chrome	Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp.	2015-06-26	5.0	CVE-2015-1267 CONFIRM CONFIRM CONFIRM CONFIRM
google — chrome	bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value’s DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL.	2015-06-26	5.0	CVE-2015-1268 CONFIRM CONFIRM CONFIRM
google — chrome	The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase.	2015-06-26	4.3	CVE-2015-1269 CONFIRM CONFIRM CONFIRM
haxx — curl	cURL and libcurl 7.40.0 through 7.42.1 sends the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.	2015-06-22	5.0	CVE-2015-3236 CONFIRM
haxx — curl	The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.	2015-06-22	6.4	CVE-2015-3237 CONFIRM
mcafee — epolicy_orchestrator	Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2015-06-23	5.8	CVE-2015-2859 CERT-VN CONFIRM CONFIRM
metalgenix — genixcms	Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.	2015-06-24	4.3	CVE-2015-5066 BUGTRAQ MISC MISC
mysql-lite-administrator_project — mysql-lite-administrator	Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to coloni.php.	2015-06-24	4.3	CVE-2015-5064 BUGTRAQ MISC
nextend — facebook_connect	Cross-site scripting (XSS) vulnerability in the new_fb_sign_button function in nextend-facebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter.	2015-06-24	4.3	CVE-2015-4413 CONFIRM CONFIRM FULLDISC
openstack — icehouse	OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.	2015-06-25	6.8	CVE-2015-1851 CONFIRM MLIST MLIST MLIST DEBIAN MLIST
paypal_currency_converter_basic_for_woocommerce_project — paypal_currency_converter_basic_for_woocommerce	Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.	2015-06-24	5.0	CVE-2015-5065 CONFIRM EXPLOIT-DB CONFIRM MISC
pearson — proctorcache	Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers’ installations, which allows remote attackers to modify test metadata or cause a denial of service (test disruption) by leveraging knowledge of this password.	2015-06-23	5.0	CVE-2015-0972 CERT-VN
ruby-lang — ruby	RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a “DNS hijack attack.”	2015-06-24	5.0	CVE-2015-3900 CONFIRM
sap — netweaver	The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Note 2059659 and 2057982.	2015-06-24	5.0	CVE-2015-5067 MISC MISC
sensiolabs — symfony	Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language=”php” attribute of a SCRIPT element.	2015-06-24	6.8	CVE-2015-2308 CONFIRM JVNDB JVN
silverstripe — silverstripe	Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.	2015-06-24	5.8	CVE-2015-5062 BUGTRAQ MISC
silverstripe — silverstripe	Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.	2015-06-24	4.3	CVE-2015-5063 BUGTRAQ MISC
swiftkey — swiftkey_sdk	Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.	2015-06-19	6.4	CVE-2015-4641 CERT-VN MISC MISC MISC MISC
toshiba — chec	CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.	2015-06-24	5.0	CVE-2014-4875 CONFIRM CERT-VN
zohocorp — manageengine_assetexplorer	Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned.	2015-06-24	4.3	CVE-2015-2169 MISC FULLDISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
swiftkey — swiftkey_sdk	The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution.	2015-06-19	2.9	CVE-2015-4640 CERT-VN MISC MISC MISC MISC
zohocorp — manageengine_assetexplorer	Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.	2015-06-24	3.5	CVE-2015-5061 MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Cisco Releases Security Updates

June 25, 2015 007admin Leave a comment

Original release date: June 25, 2015

Cisco has released security updates to address vulnerabilities in Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Content Security Management Virtual Appliance (SMAv) software. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected appliance.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Fraud Alert Issued on Business Email Compromise Scam

June 24, 2015 007admin Leave a comment

Original release date: June 24, 2015

The Financial Services Information Sharing and Analysis Center (FS-ISAC) and federal law enforcement agencies have released a joint alert warning companies of a sophisticated wire payment scam referred to as business email compromise (BEC). Scammers use fraudulent information to trick companies into directing financial transactions into accounts scammers control.

Users and administrators are encouraged to review the BEC Joint Report for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

IC3 Issues Alert on CryptoWall Ransomware

June 23, 2015 007admin Leave a comment

Original release date: June 23, 2015

The Internet Crime Complaint Center (IC3) has issued an alert warning that U.S. individuals and businesses are still at risk of CryptoWall ransomware fraud. Scam operators use ransomware—a type of malicious software—to infect a device and restrict access until a ransom fee is paid. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee files will be released.

US-CERT encourages users and administrators to review the IC3 Alert for details and refer to the US-CERT Alert TA-295A for information on crypto ransomware.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Adobe Releases Security Updates for Flash Player

June 23, 2015 007admin Leave a comment

Original release date: June 23, 2015

Adobe has released security updates to address a critical vulnerability in Flash Player for Windows, Macintosh, and Linux. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-14 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Google Releases Security Update for Chrome

June 22, 2015 007admin Leave a comment

Original release date: June 22, 2015

Google has released Chrome version 43.0.2357.130 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to obtain sensitive information.

Users and administrators are encouraged to review the Chrome Releases Page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB15-173: Vulnerability Summary for the Week of June 15, 2015

June 22, 2015 007admin Leave a comment

Original release date: June 22, 2015

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
cacti — cacti	SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.	2015-06-17	7.5	CVE-2015-4342 CONFIRM FULLDISC MISC CONFIRM
cacti — cacti	SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.	2015-06-17	7.5	CVE-2015-4454 CONFIRM CONFIRM
cgi_rescue — blobee	CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors.	2015-06-13	7.5	CVE-2015-2962 JVNDB JVN
cisco — ios_xr_software	Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allows remote attackers to cause a denial of service (NPU ASIC scan and line-card reload) via crafted IPv6 extension headers, aka Bug ID CSCtx03546.	2015-06-12	7.8	CVE-2015-0769 CISCO
cisco — telepresence_video_communication_server_software	Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in an SDP session during a SIP connection, aka Bug ID CSCut42422.	2015-06-12	7.1	CVE-2015-0772 CISCO
cisco — unified_computing_system	Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.	2015-06-17	7.2	CVE-2015-4183 CISCO
cisco — virtualization_experience_client_6000_series_firmware	The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412.	2015-06-17	7.2	CVE-2015-4186 CISCO
emc — unified_infrastructure_manager/provisioning	EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name.	2015-06-17	10.0	CVE-2015-0546 BUGTRAQ
frontend_user_upload_project — frontend_user_upload	Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a direct request to the file in the fileadmin folder.	2015-06-16	7.5	CVE-2015-4607 MISC
igreks — milkystep_light	Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.	2015-06-13	7.5	CVE-2015-2955 JVNDB JVN CONFIRM
igreks — milkystep_light	SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	2015-06-13	7.5	CVE-2015-2956 JVNDB JVN CONFIRM
job_fair_project — job_fair	Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the extension upload folder.	2015-06-16	7.5	CVE-2015-4606 CONFIRM MISC
joomla — joomla!	SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.	2015-06-18	7.5	CVE-2015-4654 MISC
libmimedir_project — libmimedir	libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes at the end of the file, related to “free” function calls in the “lexer’s memory clean-up procedure.”	2015-06-16	7.5	CVE-2015-3205 EXPLOIT-DB MISC
milw0rm_project — milw0rm_clone_script	Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.	2015-06-18	7.5	CVE-2015-4658 EXPLOIT-DB
n-tron — 702w_industrial_wireless_access_point	N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers’ installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.	2015-06-13	8.8	CVE-2012-4716 MISC
openssl — openssl	The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.	2015-06-12	7.5	CVE-2014-8176 CONFIRM CONFIRM CONFIRM
qemu — qemu	Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.	2015-06-15	7.5	CVE-2015-3209 CONFIRM
vmware — fusion	VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command.	2015-06-13	7.8	CVE-2015-2341 CONFIRM

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
actian — matrix	Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table.	2015-06-13	6.5	CVE-2015-3993 CONFIRM
adobe — connect	Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.	2015-06-13	4.3	CVE-2015-0343 CONFIRM BUGTRAQ
adobe — connect	Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-06-13	4.3	CVE-2015-0344 CONFIRM
akronymmanager_project — akronymmanager	SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.	2015-06-17	6.0	CVE-2015-2803 CONFIRM MISC EXPLOIT-DB BUGTRAQ FULLDISC MISC
alcatel-lucent — omniswitch_firmware	The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack session via a brute force attack.	2015-06-16	4.3	CVE-2015-2804 MISC BUGTRAQ FULLDISC MISC
alcatel-lucent — omniswitch_firmware	Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.	2015-06-16	6.8	CVE-2015-2805 MISC EXPLOIT-DB SECTRACK BUGTRAQ FULLDISC MISC
alcatel-lucent — cellpipe_7130_router_firmware	Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the “Custom application” field in the “port triggering” menu.	2015-06-18	4.3	CVE-2015-4587 MISC
automattic — genericons	Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.	2015-06-17	4.3	CVE-2015-3429 MISC MISC CONFIRM CONFIRM FULLDISC
bonitasoft — bonita_bpm_portal	Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.	2015-06-18	5.0	CVE-2015-3897 MISC BUGTRAQ MISC
ca — client_automation	CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, allows local users to gain privileges via an unspecified environment variable.	2015-06-17	4.6	CVE-2015-3316 CONFIRM
ca — client_automation	CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly perform bounds checking, which allows local users to gain privileges via unspecified vectors.	2015-06-17	4.6	CVE-2015-3317 CONFIRM
ca — client_automation	CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unknown vectors.	2015-06-17	4.6	CVE-2015-3318 CONFIRM
cacti — cacti	Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-06-17	4.3	CVE-2015-2665 MISC CONFIRM
campaign_monitor_project — campaign_monitor	Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable.	2015-06-15	6.8	CVE-2015-4364 CONFIRM MISC CONFIRM MLIST
chaos_tool_suite_project — ctools	The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.	2015-06-15	4.3	CVE-2015-4375 MISC CONFIRM MLIST MLIST
chaos_tool_suite_project — ctools	Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages.	2015-06-16	5.8	CVE-2015-4398 MISC CONFIRM CONFIRM BID MLIST MLIST
cisco — prime_network_control_system	The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371.	2015-06-12	6.5	CVE-2015-0768 CISCO
cisco — nexus_1000v	The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498, CSCuu77170, and CSCuu77182.	2015-06-12	5.0	CVE-2015-0775 CISCO
cisco — ios_xr	telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.	2015-06-12	5.0	CVE-2015-0776 CISCO
cisco — identity_services_engine_software	The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.	2015-06-12	5.5	CVE-2015-4182 CISCO
cisco — email_security_appliance	The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.	2015-06-13	5.0	CVE-2015-4184 CISCO
cisco — ios	The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.	2015-06-13	6.9	CVE-2015-4185 CISCO
cisco — prime_collaboration	SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104.	2015-06-17	5.0	CVE-2015-4188 CISCO
cisco — prime_service_catalog	Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683.	2015-06-17	4.3	CVE-2015-4190 CISCO
cisco — ios_xr	Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of service (ipv6_io service reload) via a malformed IPv6 packet, aka Bug ID CSCuq95565.	2015-06-18	5.0	CVE-2015-4191 CISCO
cisco — webex_meeting_center	The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861.	2015-06-18	5.0	CVE-2015-4194 CISCO
cisco — ios_xr	Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127.	2015-06-18	4.0	CVE-2015-4195 CISCO
cisco — adaptive_security_appliance_software	The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, aka Bug ID CSCuu66218.	2015-06-17	4.3	CVE-2015-4550 CISCO
civicrm — civicrm_private_report	Cross-site request forgery (CSRF) vulnerability in the CiviCRM private report module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of users for requests that delete reports via unspecified vectors.	2015-06-15	6.8	CVE-2015-4391 MISC CONFIRM CONFIRM MLIST
commerce_ogone_project — commerce_ogone	The Commerce Ogone module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to complete the checkout for an order without paying via unspecified vectors.	2015-06-15	5.0	CVE-2015-4368 CONFIRM MISC MLIST
decisions_project — decisions	Cross-site request forgery (CSRF) vulnerability in the Decisions module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that remove individual voters via unspecified vectors.	2015-06-15	6.8	CVE-2015-4383 MISC MLIST
developer_log_project — developer_log	SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors.	2015-06-16	6.5	CVE-2015-4613 CONFIRM MISC
elasticsearch — kibana	Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-06-15	4.3	CVE-2015-4093 CONFIRM BUGTRAQ MISC
elasticsearch — logstash	Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option.	2015-06-15	6.4	CVE-2015-4152 CONFIRM CONFIRM BUGTRAQ MISC
eliacom — enhanced_sql_portal	Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php.	2015-06-18	4.3	CVE-2015-4660 BUGTRAQ MISC
entitybulkdelete_project — entitybulkdelete	Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML via unknown vectors involving creating or editing (1) comments, (2) taxonomy terms, or (3) nodes.	2015-06-15	4.3	CVE-2015-4386 MISC CONFIRM MLIST
faq-frequenty_asked_questions_project — faq-frequently_asked_questions	SQL injection vulnerability in the “FAQ – Frequently Asked Questions” (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	2015-06-16	6.5	CVE-2015-4612 CONFIRM MISC
ffmpeg — ffmpeg	The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.	2015-06-16	6.8	CVE-2015-3395 CONFIRM CONFIRM DEBIAN CONFIRM
finder_project — finder	Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	2015-06-15	5.8	CVE-2015-4363 MISC MLIST
igreks — milkystep_light	The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.	2015-06-13	6.5	CVE-2015-2952 JVNDB JVN CONFIRM
igreks — milkystep_light	Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2958.	2015-06-13	5.0	CVE-2015-2953 JVNDB JVN CONFIRM
igreks — milkystep_light	Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users.	2015-06-13	6.8	CVE-2015-2954 JVNDB JVN CONFIRM
igreks — milkystep_light	Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-06-13	4.3	CVE-2015-2957 JVNDB JVN CONFIRM
igreks — milkystep_light	Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953.	2015-06-13	6.4	CVE-2015-2958 JVNDB JVN CONFIRM
inlinks_project — inlinks	Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments.	2015-06-15	4.3	CVE-2015-4347 MISC MLIST
invoice_project — invoice	Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices via unspecified vectors.	2015-06-15	6.8	CVE-2015-4382 CONFIRM CONFIRM MISC MLIST
ispconfig — ispconfig	SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2.	2015-06-15	6.5	CVE-2015-4118 MISC EXPLOIT-DB BUGTRAQ MISC CONFIRM
ispconfig — ispconfig	Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php.	2015-06-15	6.8	CVE-2015-4119 MISC EXPLOIT-DB BUGTRAQ MISC CONFIRM
keyword_research_project — keyword_research	Multiple cross-site request forgery (CSRF) vulnerabilities in the Keyword Research module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of users with the “kwresearch admin site keywords” permission for requests that (1) create, (2) delete, or (3) set priorities to keywords via unspecified vectors.	2015-06-15	5.1	CVE-2015-4396 MISC CONFIRM MLIST
labsmedia — clickheat	Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php.	2015-06-18	6.8	CVE-2015-4659 EXPLOIT-DB
limesurvey — limesurvey	SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.	2015-06-18	6.5	CVE-2015-4628 CONFIRM CONFIRM CONFIRM CONFIRM
mailbird — mailbird	Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL.	2015-06-18	4.3	CVE-2015-4657 FULLDISC FULLDISC
mcafee — epolicy_orchestrator	Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-06-15	4.3	CVE-2015-4559 CONFIRM
node_template_project — node_template	Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote attackers to hijack the authentication of users with the “access node template” permission for requests that delete node templates via unspecified vectors.	2015-06-15	6.8	CVE-2015-4397 MISC MLIST
open_graph_importer_project — open_graph_importer	The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the “import og_tag_importer” permission.	2015-06-15	4.0	CVE-2015-4389 MISC MLIST
openssl — openssl	The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.	2015-06-12	4.3	CVE-2015-1788 CONFIRM CONFIRM
openssl — openssl	The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.	2015-06-12	4.3	CVE-2015-1789 CONFIRM CONFIRM
openssl — openssl	The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.	2015-06-12	5.0	CVE-2015-1790 CONFIRM CONFIRM
openssl — openssl	Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.	2015-06-12	6.8	CVE-2015-1791 CONFIRM CONFIRM
openssl — openssl	The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.	2015-06-12	5.0	CVE-2015-1792 CONFIRM CONFIRM
opsview — opsview	Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to a Test service check page.	2015-06-18	4.3	CVE-2015-4420 EXPLOIT-DB
osscube — custom_sitemap	Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via unspecified vectors.	2015-06-15	5.8	CVE-2015-4353 MISC MLIST
perfecto_project — perfecto	Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.	2015-06-15	5.8	CVE-2015-4371 MISC CONFIRM MLIST
registration_codes_project — registration_codes	Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors.	2015-06-15	6.8	CVE-2015-4360 CONFIRM CONFIRM CONFIRM CONFIRM MISC MLIST
registration_codes_project — registration_codes	Cross-site request forgery (CSRF) vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors.	2015-06-15	6.8	CVE-2015-4361 CONFIRM MISC MLIST
restful_web_services_project — restful_web_services	The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors.	2015-06-15	5.0	CVE-2015-4345 CONFIRM CONFIRM MISC MLIST
rle — nova-wind_turbine_hmi_firmware	RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors.	2015-06-13	5.0	CVE-2015-3951 MISC
se_html5_album_audio_player_project — se_html5_album_audio_player	Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.	2015-06-17	5.0	CVE-2015-4414 EXPLOIT-DB MISC MISC
searchblox — searchblox	Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.	2015-06-18	4.3	CVE-2015-3422 MISC BUGTRAQ MISC
services_basic_authentication_project — services_basic_authentication	The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching.	2015-06-15	5.0	CVE-2015-4344 CONFIRM MISC MLIST
services_project — services	The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the “Save file information” permission to execute arbitrary code via a crafted filename.	2015-06-15	6.0	CVE-2015-4393 MISC CONFIRM MLIST
services_project — services	The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors.	2015-06-15	5.0	CVE-2015-4394 MISC CONFIRM MLIST
smoelenboek_project — smoelenboek	SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	2015-06-16	6.5	CVE-2015-4611 CONFIRM MISC
spider_contacts_project — spider_contacts	SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the “access Spider Contacts category administration” permission to execute arbitrary SQL commands via unspecified vectors.	2015-06-15	6.0	CVE-2015-4348 MISC MLIST
spider_contacts_project — spider_contacts	Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact categories via unspecified vectors.	2015-06-15	5.8	CVE-2015-4349 MISC MLIST
store_locator_project — store_locator	SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	2015-06-16	6.5	CVE-2015-4610 CONFIRM MISC
symphony-cms — symphony_cms	Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors.	2015-06-18	4.3	CVE-2015-4661 BUGTRAQ MISC MISC
synology — diskstation_manager	Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the “compound” parameter to entry.cgi.	2015-06-18	4.3	CVE-2015-4655 CONFIRM MISC FULLDISC
synology — photo_station	Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/.	2015-06-18	4.3	CVE-2015-4656 CONFIRM MISC FULLDISC
tracking_code_project — tracking_code	Cross-site request forgery (CSRF) vulnerability in tracking_code.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors.	2015-06-15	6.8	CVE-2015-4362 CONFIRM MISC CONFIRM MLIST CONFIRM
user_import_project — user_import	Multiple cross-site request forgery (CSRF) vulnerabilities in the User Import module 6.x-4.x before 6.x-4.4 and 7.x-2.x before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) continue or (2) delete an ongoing import via unspecified vectors.	2015-06-15	6.8	CVE-2015-4390 MISC CONFIRM CONFIRM MLIST
vestacp — vesta_control_panel	Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users.	2015-06-18	6.8	CVE-2015-2861 CERT-VN CONFIRM CONFIRM
vmware — fusion	TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a different vulnerability than CVE-2012-0897.	2015-06-13	5.8	CVE-2015-2336 CONFIRM
vmware — fusion	TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.	2015-06-13	5.8	CVE-2015-2337 CONFIRM
vmware — fusion	TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2339.	2015-06-13	6.1	CVE-2015-2338 CONFIRM
vmware — fusion	TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2338.	2015-06-13	6.1	CVE-2015-2339 CONFIRM
vmware — fusion	TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors.	2015-06-13	6.1	CVE-2015-2340 CONFIRM
w1.fi — hostapd	The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.	2015-06-15	4.3	CVE-2015-4141 MLIST MLIST CONFIRM SUSE
w1.fi — hostapd	Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.	2015-06-15	4.3	CVE-2015-4142 MLIST MLIST CONFIRM REDHAT SUSE
w1.fi — hostapd	The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.	2015-06-15	5.0	CVE-2015-4143 MLIST MLIST CONFIRM SUSE
w1.fi — hostapd	The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.	2015-06-15	5.0	CVE-2015-4144 MLIST MLIST CONFIRM SUSE
w1.fi — hostapd	The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.	2015-06-15	5.0	CVE-2015-4145 MLIST MLIST CONFIRM SUSE
w1.fi — hostapd	The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.	2015-06-15	5.0	CVE-2015-4146 MLIST MLIST CONFIRM CONFIRM SUSE
watchdog_aggregator_project —	Cross-site request forgery (CSRF) vulnerability in the Watchdog Aggregator module for Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable monitoring sites via unspecified vectors.	2015-06-15	6.8	CVE-2015-4355 MISC MLIST
web-dorado — spider_catalog	Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors.	2015-06-15	6.8	CVE-2015-4350 MISC MLIST
web-dorado — web-dorado_spider_video_player	The Spider Video Player module for Drupal allows remote authenticated users with the “access Spider Video Player administration” permission to delete arbitrary files via a crafted URL.	2015-06-15	4.9	CVE-2015-4351 MISC MLIST
web-dorado — web-dorado_spider_video_player	Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors.	2015-06-15	5.8	CVE-2015-4352 MISC MLIST
webform_multiple_file_upload_project — webform_multiple_file_upload	Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors.	2015-06-15	6.8	CVE-2015-4379 MISC CONFIRM CONFIRM MLIST
wp_smiley_project — wp_smiley	Cross-site request forgery (CSRF) vulnerability in the WP Smiley plugin 1.4.1 for WordPress allows remote attackers to hijack the authentication of editors for requests that conduct cross-site scripting (XSS) attacks via the s4w-more parameter to the smilies4wp.php page to wp-admin/options-general.php.	2015-06-18	6.8	CVE-2015-4140 BID MLIST MLIST
wt_directory_project — wt_directory	SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	2015-06-16	6.5	CVE-2015-4609 CONFIRM MISC
xcloner — xcloner	cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file.	2015-06-17	6.5	CVE-2015-4336 MISC BID MISC
xcloner — xcloner	Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php.	2015-06-17	6.5	CVE-2015-4338 MISC BID MISC
xen — xen	GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.	2015-06-15	4.9	CVE-2015-4163 CONFIRM
xen — xen	The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.	2015-06-15	4.9	CVE-2015-4164 CONFIRM
yoast — wordpress_seo	Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in the WordPress SEO by Yoast plugin before 2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the post_title parameter to wp-admin/post-new.php, which is not properly handled in the snippet preview functionality.	2015-06-17	4.3	CVE-2012-6692 CONFIRM CONFIRM MISC MISC SECTRACK FULLDISC MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
be_user_log_project — be_user_log	Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	2015-06-16	3.5	CVE-2015-4608 MISC
ceph — ceph-deploy	ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.	2015-06-16	2.1	CVE-2015-3010 CONFIRM CONFIRM CONFIRM MLIST MLIST REDHAT
crumbs_project — crumbs	Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the “Administer Crumbs” permission to inject arbitrary web script or HTML via a custom breadcrumb separator.	2015-06-15	2.1	CVE-2015-4378 MISC CONFIRM MLIST
current_search_links_project — current_search_links	Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the “Append the keywords passed by the user to the list” option is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted search query.	2015-06-15	2.6	CVE-2015-4388 MISC CONFIRM MLIST
display_suite_project — display_suite	Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings.	2015-06-15	3.5	CVE-2015-4392 MISC CONFIRM MLIST
hybridauth_social_login_project — hybridauth_social_login	The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the “Ask user for a password when registering” option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database.	2015-06-15	3.5	CVE-2015-4395 MISC CONFIRM MLIST
image_title_project — image_title	Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.	2015-06-15	3.5	CVE-2015-4372 MISC CONFIRM MLIST
imagefield_info_project — imagefield_info	Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Imagefield Info module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the “Administer image styles” permission to inject arbitrary web script or HTML via unspecified vectors.	2015-06-15	2.1	CVE-2015-4385 MISC CONFIRM MLIST
invoice_project — invoice	Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the “Administer own invoices” permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the “Invoice” content type.	2015-06-15	3.5	CVE-2015-4381 CONFIRM CONFIRM MISC MLIST
linear_case_project — linear_case	Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.	2015-06-15	3.5	CVE-2015-4380 MISC CONFIRM MLIST
mover_project — mover	Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.	2015-06-15	3.5	CVE-2015-4366 MISC MLIST
og_tabs_project — og_tabs	Cross-site scripting (XSS) vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group.	2015-06-15	3.5	CVE-2015-4373 MISC CONFIRM MLIST
password_policy_project — password_policy	Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a crafted username that is imported from an external source.	2015-06-15	2.6	CVE-2015-4387 MISC CONFIRM CONFIRM MLIST
petition_project — petition	Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Petition module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with the “create petition” permission to inject arbitrary web script or HTML via unknown vectors.	2015-06-15	2.1	CVE-2015-4377 MISC CONFIRM MLIST
profile2_privacy_project — profile2_privacy	Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the “Administer Profile2 Privacy Levels” permission to inject arbitrary web script or HTML via unspecified vectors.	2015-06-15	3.5	CVE-2015-4376 MISC CONFIRM MLIST MLIST
registration_codes_project — registration_codes	Multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via unspecified vectors.	2015-06-15	3.5	CVE-2015-4359 CONFIRM CONFIRM CONFIRM MISC MLIST
simple_subscription_project — simple_subscription	Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the “administer blocks” permission to inject arbitrary web script or HTML via vectors related to block content.	2015-06-15	3.5	CVE-2015-4367 MISC CONFIRM CONFIRM MLIST
sinapsi — esolar_light_firmware	Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page.	2015-06-13	2.1	CVE-2015-3949 MISC
site_documentation_project — site_documentation	Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.	2015-06-15	3.5	CVE-2015-4370 MISC CONFIRM MLIST
sms_framework_project — sms_framework	Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the “Send to phone” submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews.	2015-06-15	2.6	CVE-2015-4346 MISC CONFIRM MLIST
taxonomy_accordion_project — taxonomy_accordion	Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.	2015-06-15	3.5	CVE-2015-4365 MISC MLIST
trick_question_project — trick_question	Cross-site scripting (XSS) vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the “Administer Trick Question” permission to inject arbitrary web script or HTML via unspecified vectors.	2015-06-15	3.5	CVE-2015-4369 CONFIRM CONFIRM MISC MLIST
ubercart_webform_checkout_pane_project — ubercart_webform_checkout_pane	Cross-site scripting (XSS) vulnerability in the Ubercart Webform Checkout Pane module 6.x-3.x before 6.x-3.10 and 7.x-3.x before 7.x-3.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.	2015-06-15	3.5	CVE-2015-4384 CONFIRM CONFIRM MISC MLIST
ubercart_webform_integration_project — ubercart_webform_integration	Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.	2015-06-15	3.5	CVE-2015-4354 CONFIRM CONFIRM MISC MLIST
ubercount_discount_coupons_project — ubercart_discount_coupons	Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.	2015-06-15	3.5	CVE-2015-4358 CONFIRM MISC MLIST
webform_project — webform	Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform.	2015-06-15	3.5	CVE-2015-4356 MISC CONFIRM MLIST MLIST
webform_project — webform	Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the default title of a webform block.	2015-06-15	3.5	CVE-2015-4357 CONFIRM CONFIRM CONFIRM MISC MLIST MLIST
webform_project — webform	Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recipient (To) address of an email.	2015-06-16	3.5	CVE-2015-4374 MISC CONFIRM CONFIRM CONFIRM MLIST MLIST
wp_smiley_project — wp_smiley	Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parameter to wp-admin/options-general.php.	2015-06-18	3.5	CVE-2015-4139 BID MLIST MLIST
xcloner — xcloner	Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.	2015-06-17	3.5	CVE-2015-4337 MISC BID MISC

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Adobe Releases Security Updates for Multiple Products

June 16, 2015 007admin Leave a comment

Original release date: June 16, 2015

Adobe has released security updates for Adobe Photoshop Creative Cloud (CC) and Bridge CC to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB15-12 and APSB15-13 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB15-166: Vulnerability Summary for the Week of June 8, 2015

June 15, 2015 007admin Leave a comment

Original release date: June 15, 2015

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — air	Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.	2015-06-09	10.0	CVE-2015-3100 CONFIRM
adobe — air	Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3106 and CVE-2015-3107.	2015-06-09	10.0	CVE-2015-3103 CONFIRM
adobe — air	Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.	2015-06-09	10.0	CVE-2015-3104 CONFIRM
adobe — air	Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.	2015-06-09	10.0	CVE-2015-3105 CONFIRM
adobe — air	Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107.	2015-06-09	10.0	CVE-2015-3106 CONFIRM
adobe — air	Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106.	2015-06-09	10.0	CVE-2015-3107 CONFIRM
apache — tomcat	Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (memory consumption) via a series of aborted upload attempts.	2015-06-07	7.8	CVE-2014-0230 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST
beckhoff — ipc_diagnostics	Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi.	2015-06-08	9.0	CVE-2015-4051 MISC FULLDISC CONFIRM
buffalotech — bhr-4grv2_firmware	The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.	2015-06-08	7.7	CVE-2014-9284 JVNDB JVN
cisco — edge_340_firmware	Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132.	2015-06-07	7.2	CVE-2015-0767 CISCO
comodo — geekbuddy	Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.	2015-06-09	7.2	CVE-2014-7872 EXPLOIT-DB OSVDB
linux — linux_kernel	Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.	2015-06-07	9.0	CVE-2015-4001 CONFIRM MLIST CONFIRM
linux — linux_kernel	drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.	2015-06-07	9.0	CVE-2015-4002 CONFIRM CONFIRM MLIST CONFIRM CONFIRM
linux — linux_kernel	The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.	2015-06-07	7.8	CVE-2015-4003 CONFIRM MLIST CONFIRM
linux — linux_kernel	The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.	2015-06-07	8.5	CVE-2015-4004 MLIST MLIST
microsoft — internet_explorer	Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.”	2015-06-09	9.3	CVE-2015-1687 MS
microsoft — windows_7	Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Microsoft Windows Kernel Use After Free Vulnerability.”	2015-06-09	7.2	CVE-2015-1720 MS
microsoft — windows_7	The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka “Win32k Null Pointer Dereference Vulnerability.”	2015-06-09	7.2	CVE-2015-1721 MS
microsoft — windows_7	Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability.”	2015-06-09	7.2	CVE-2015-1722 MS
microsoft — windows_7	Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Microsoft Windows Station Use After Free Vulnerability.”	2015-06-09	7.2	CVE-2015-1723 MS
microsoft — windows_7	Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Microsoft Windows Kernel Object Use After Free Vulnerability.”	2015-06-09	7.2	CVE-2015-1724 MS
microsoft — windows_7	Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Win32k Buffer Overflow Vulnerability.”	2015-06-09	7.2	CVE-2015-1725 MS
microsoft — windows_7	Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Microsoft Windows Kernel Brush Object Use After Free Vulnerability.”	2015-06-09	7.2	CVE-2015-1726 MS
microsoft — windows_7	Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Win32k Pool Buffer Overflow Vulnerability.”	2015-06-09	7.2	CVE-2015-1727 MS
microsoft — windows_media_player	Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka “Windows Media Player RCE via DataObject Vulnerability.”	2015-06-09	9.3	CVE-2015-1728 MS
microsoft — internet_explorer	Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.”	2015-06-09	9.3	CVE-2015-1730 MS
microsoft — internet_explorer	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1736, CVE-2015-1737, and CVE-2015-1755.	2015-06-09	9.3	CVE-2015-1731 MS
microsoft — internet_explorer	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1742, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753.	2015-06-09	9.3	CVE-2015-1732 MS
microsoft — internet_explorer	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1740, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766.	2015-06-09	9.3	CVE-2015-1735 MS
microsoft — internet_explorer	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1731, CVE-2015-1737, and CVE-2015-1755.	2015-06-09	9.3	CVE-2015-1736 MS
microsoft — internet_explorer	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1755.	2015-06-09	9.3	CVE-2015-1737 MS
microsoft — internet_explorer	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1735, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766.	2015-06-09	9.3	CVE-2015-1740 MS
microsoft — internet_explorer	Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1752.	2015-06-09	9.3	CVE-2015-1741 MS
microsoft — internet_explorer	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1732, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753.	2015-06-09	9.3	CVE-2015-1742 MS
microsoft — internet_explorer	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1745, and CVE-2015-1766.	2015-06-09	9.3	CVE-2015-1744 MS
microsoft — internet_explorer	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1766.	2015-06-09	9.3	CVE-2015-1745 MS
microsoft — internet_explorer	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1750, and CVE-2015-1753.	2015-06-09	9.3	CVE-2015-1747 MS
microsoft — internet_explorer	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1753.	2015-06-09	9.3	CVE-2015-1750 MS
microsoft — internet_explorer	Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.”	2015-06-09	9.3	CVE-2015-1751 MS
microsoft — internet_explorer	Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1741.	2015-06-09	9.3	CVE-2015-1752 MS
microsoft — internet_explorer	Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1750.	2015-06-09	9.3	CVE-2015-1753 MS
microsoft — internet_explorer	Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.”	2015-06-09	9.3	CVE-2015-1754 MS
microsoft — internet_explorer	Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1737.	2015-06-09	9.3	CVE-2015-1755 MS
microsoft — windows_7	Use-after-free vulnerability in Microsoft Common Controls in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted web site that is accessed with the F12 Developer Tools feature of Internet Explorer, aka “Microsoft Common Control Use After Free Vulnerability.”	2015-06-09	9.3	CVE-2015-1756 MS
microsoft — office_compatibility_pack	Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2015-06-09	9.3	CVE-2015-1759 MS
microsoft — office	Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”	2015-06-09	9.3	CVE-2015-1760 MS
microsoft — internet_explorer	Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1745.	2015-06-09	9.3	CVE-2015-1766 MS
microsoft — windows_2003_server	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka “Win32k Memory Corruption Elevation of Privilege Vulnerability.”	2015-06-09	7.2	CVE-2015-1768 MS
microsoft — office_2013	Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Uninitialized Memory Use Vulnerability.”	2015-06-09	9.3	CVE-2015-1770 MS
microsoft — windows_7	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.”	2015-06-09	7.2	CVE-2015-2360 MS
montala — resourcespace	Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.	2015-06-09	7.5	CVE-2015-3648 MISC BUGTRAQ CONFIRM MISC
novell — zenworks_configuration_management	Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324.	2015-06-07	10.0	CVE-2010-5323 CONFIRM CONFIRM MISC EXPLOIT-DB
novell — zenworks_configuration_management	Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323.	2015-06-07	10.0	CVE-2010-5324 CONFIRM CONFIRM MISC MISC
novell — zenworks_configuration_management	Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.	2015-06-07	10.0	CVE-2015-0779 CONFIRM EXPLOIT-DB MISC MISC FULLDISC
php — php	The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.	2015-06-09	7.5	CVE-2015-3307 CONFIRM CONFIRM
php — php	Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.	2015-06-09	7.5	CVE-2015-3329 CONFIRM CONFIRM CONFIRM
php — php	Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.	2015-06-09	7.5	CVE-2015-4022 CONFIRM CONFIRM
php — php	PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.	2015-06-09	7.5	CVE-2015-4025 CONFIRM CONFIRM
php — php	The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.	2015-06-09	7.5	CVE-2015-4026 CONFIRM CONFIRM
php — php	The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a “type confusion” issue.	2015-06-09	7.5	CVE-2015-4147 CONFIRM CONFIRM MLIST
pivotal_software — redis	Redis before 2.8.1 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.	2015-06-09	10.0	CVE-2015-4335 CONFIRM CONFIRM MLIST MLIST MLIST DEBIAN MISC
sybase — adaptive_server_enterprise	SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995.	2015-06-08	7.5	CVE-2014-6284 MISC
sysaid — sysaid	SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.	2015-06-08	7.5	CVE-2015-2993 CONFIRM FULLDISC MISC
sysaid — sysaid	Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.	2015-06-08	8.5	CVE-2015-2996 CONFIRM FULLDISC MISC
sysaid — sysaid	SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack.	2015-06-08	7.8	CVE-2015-3000 CONFIRM FULLDISC MISC
t1utils_project — t1utils	Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.	2015-06-08	7.5	CVE-2015-3905 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST MLIST UBUNTU
usersultra — usersultra	Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php.	2015-06-09	7.5	CVE-2015-4109 CONFIRM BUGTRAQ MISC
zohocorp — manageengine_netflow_analyzer	Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.	2015-06-08	7.5	CVE-2015-2959 CONFIRM JVNDB JVN

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — air	Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass a CVE-2014-5333 protection mechanism via unspecified vectors.	2015-06-09	6.8	CVE-2015-3096 CONFIRM
adobe — air	Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.	2015-06-09	5.0	CVE-2015-3097 CONFIRM
adobe — air	Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3099 and CVE-2015-3102.	2015-06-09	5.0	CVE-2015-3098 CONFIRM
adobe — air	Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3102.	2015-06-09	5.0	CVE-2015-3099 CONFIRM
adobe — air	The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, when Internet Explorer is used, allows attackers to perform a transition from Low Integrity to Medium Integrity via unspecified vectors.	2015-06-09	4.3	CVE-2015-3101 CONFIRM
adobe — air	Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3099.	2015-06-09	5.0	CVE-2015-3102 CONFIRM
adobe — air	Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.	2015-06-09	5.0	CVE-2015-3108 CONFIRM
apache — tomcat	The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.	2015-06-07	5.0	CVE-2014-7810 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
cisco — firesight_system_software	Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099.	2015-06-12	4.3	CVE-2015-0737 CISCO
cisco — telepresence_tc_software	CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341.	2015-06-07	5.0	CVE-2015-0770 CISCO
cisco — ios	The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505.	2015-06-12	6.3	CVE-2015-0771 CISCO
cisco — firesight_system_software	Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user’s dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.	2015-06-12	5.5	CVE-2015-0773 CISCO
cisco — application_and_content_networking_system_software	Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650.	2015-06-12	4.3	CVE-2015-0774 CISCO
coppermine-gallery — coppermine_photo_gallery	Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.	2015-06-10	5.0	CVE-2015-3923 CONFIRM MISC
dolibarr — dolibarr	Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM before 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php.	2015-06-10	4.3	CVE-2015-3935 CONFIRM CONFIRM FULLDISC MISC
ektron — ektron_content_management_system	Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.	2015-06-09	5.8	CVE-2015-3624 BUGTRAQ MISC MISC
encrypted_contact_form_project — encrypted_contact_form	Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php.	2015-06-09	6.8	CVE-2015-4010 CONFIRM CONFIRM BUGTRAQ FULLDISC
hp — webinspect	Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.	2015-06-07	4.0	CVE-2015-2125 HP
ibm — marketing_operations	Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.	2015-06-07	4.0	CVE-2014-6222 CONFIRM AIXAPAR AIXAPAR AIXAPAR
ibm — marketing_operations	IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via unspecified vectors.	2015-06-07	4.0	CVE-2014-8887 CONFIRM AIXAPAR AIXAPAR AIXAPAR
ibm — rational_collaborative_lifecycle_management	Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	2015-06-07	4.0	CVE-2015-0112 CONFIRM
kankun — smartsocket	The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2) obtain access to the device by encrypting messages.	2015-06-09	6.8	CVE-2015-4080 MISC BUGTRAQ
libmspack_project — libmspack	The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.	2015-06-11	4.3	CVE-2014-9732 CONFIRM MLIST
libmspack_project — libmspack	The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.	2015-06-11	4.3	CVE-2015-4467 CONFIRM MLIST CONFIRM
libmspack_project — libmspack	Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.	2015-06-11	4.3	CVE-2015-4468 CONFIRM MLIST CONFIRM
libmspack_project — libmspack	The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.	2015-06-11	4.3	CVE-2015-4469 CONFIRM MLIST CONFIRM
libmspack_project — libmspack	Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.	2015-06-11	4.3	CVE-2015-4470 CONFIRM MLIST
libmspack_project — libmspack	Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.	2015-06-11	4.3	CVE-2015-4471 CONFIRM CONFIRM MLIST
libmspack_project — libmspack	Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.	2015-06-11	6.8	CVE-2015-4472 CONFIRM MLIST
lighttpd — lighttpd	mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.	2015-06-09	5.0	CVE-2015-3200 SECTRACK CONFIRM MISC
magnifica_webscripts — anima_gallery	Multiple directory traversal vulnerabilities in func.php in Magnifica Webscripts Anima Gallery 2.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme or (2) lang cookie parameter to AnimaGallery/.	2015-06-10	5.0	CVE-2015-4415 BUGTRAQ
microsoft — internet_explorer	Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability.”	2015-06-09	6.8	CVE-2015-1739 MS
microsoft — internet_explorer	Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-1748.	2015-06-09	6.8	CVE-2015-1743 MS
microsoft — internet_explorer	Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-1743.	2015-06-09	6.8	CVE-2015-1748 MS
microsoft — windows_server_2008	Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka “ADFS XSS Elevation of Privilege Vulnerability.”	2015-06-09	4.3	CVE-2015-1757 MS
microsoft — windows_7	Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, aka “Windows LoadLibrary EoP Vulnerability.”	2015-06-09	6.9	CVE-2015-1758 MS
microsoft — exchange_server	The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka “Exchange Server-Side Request Forgery Vulnerability.”	2015-06-09	4.3	CVE-2015-1764 MS
microsoft — internet_explorer	Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site.	2015-06-09	4.3	CVE-2015-1765 MS
microsoft — exchange_server	Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka “Exchange Cross-Site Request Forgery Vulnerability.”	2015-06-09	6.8	CVE-2015-1771 MS
microsoft — exchange_server	Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka “Exchange HTML Injection Vulnerability.”	2015-06-09	4.3	CVE-2015-2359 MS
php — php	ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.	2015-06-09	5.8	CVE-2015-2783 CONFIRM CONFIRM
php — php	The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a “deconfigured interpreter.”	2015-06-09	6.8	CVE-2015-3330 CONFIRM CONFIRM CONFIRM MLIST CONFIRM
php — php	The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.	2015-06-09	5.0	CVE-2015-4021 CONFIRM CONFIRM
php — php	Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.	2015-06-09	5.0	CVE-2015-4024 CONFIRM CONFIRM
php — php	The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a “type confusion” issue.	2015-06-09	5.0	CVE-2015-4148 CONFIRM CONFIRM MLIST
sysaid — sysaid	Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.	2015-06-08	6.5	CVE-2015-2994 CONFIRM FULLDISC MISC
sysaid — sysaid	SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.	2015-06-08	6.8	CVE-2015-2995 CONFIRM FULLDISC MISC
sysaid — sysaid	SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.	2015-06-08	5.0	CVE-2015-2997 CONFIRM FULLDISC MISC
sysaid — sysaid	SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.	2015-06-08	5.0	CVE-2015-2998 CONFIRM FULLDISC MISC
sysaid — sysaid	Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp.	2015-06-08	6.5	CVE-2015-2999 CONFIRM FULLDISC MISC
sysaid — sysaid	SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.	2015-06-08	5.0	CVE-2015-3001 CONFIRM FULLDISC MISC
wftpserver — wing_ftp_server	Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html.	2015-06-10	6.8	CVE-2015-4108 CONFIRM BUGTRAQ BUGTRAQ BUGTRAQ MISC MISC
xcloner — xcloner	cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG[‘tarcompress’], (5) $_CONFIG[‘filename’], (6) $_CONFIG[‘exfile_tar’], (7) $_CONFIG[sqldump], (8) $_CONFIG[‘mysql_host’], (9) $_CONFIG[‘mysql_pass’], (10) $_CONFIG[‘mysql_user’], (11) $database_name, or (12) $sqlfile variable.	2015-06-10	6.5	CVE-2014-8603 MISC MISC
xcloner — xcloner	The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors.	2015-06-10	5.0	CVE-2014-8604 MISC MISC
xcloner — xcloner	The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/.	2015-06-10	5.0	CVE-2014-8605 MISC MISC
xcloner — xcloner	Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php.	2015-06-10	4.0	CVE-2014-8606 MISC MISC
zanematthew — zm_ajax_login_&_register	Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.	2015-06-10	5.0	CVE-2015-4153 EXPLOIT-DB CONFIRM BUGTRAQ MISC
zanematthew — zm_ajax_login_&_register	Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-06-10	4.3	CVE-2015-4465 CONFIRM
zarafa — zarafa_collaboration_platform	provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.	2015-06-09	6.6	CVE-2015-3436 CONFIRM FEDORA FEDORA
zohocorp — manageengine_netflow_analyzer	Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-06-08	4.3	CVE-2015-2960 CONFIRM JVNDB JVN
zohocorp — manageengine_netflow_analyzer	Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.	2015-06-08	6.8	CVE-2015-2961 CONFIRM JVNDB JVN
zohocorp — manageengine_netflow_analyzer	Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.	2015-06-08	5.0	CVE-2015-4418 CONFIRM

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
ceph — ceph-deploy	The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.	2015-06-08	2.1	CVE-2015-4053 BID MLIST MLIST CONFIRM
ektron — ektron_content_management_system	Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter.	2015-06-09	3.5	CVE-2015-4427 BUGTRAQ MISC MISC
ibm — marketing_operations	Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	2015-06-07	3.5	CVE-2014-6175 CONFIRM AIXAPAR AIXAPAR AIXAPAR
microsoft — windows_7	The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka “Microsoft Windows Kernel Information Disclosure Vulnerability.”	2015-06-09	2.1	CVE-2015-1719 MS
redhat — thermostat	Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.	2015-06-08	2.1	CVE-2015-3201 REDHAT CONFIRM CONFIRM
strongswan — strongswan	strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.	2015-06-10	2.6	CVE-2015-4171 CONFIRM CONFIRM UBUNTU DEBIAN SECTRACK MLIST MLIST MLIST
xcloner — xcloner	The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.	2015-06-10	2.1	CVE-2014-8607 MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

007 Software

Category Archives: US-CERT

OPM Identity-Protection Phishing Campaigns

SB15-180: Vulnerability Summary for the Week of June 22, 2015

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Cisco Releases Security Updates

Fraud Alert Issued on Business Email Compromise Scam

IC3 Issues Alert on CryptoWall Ransomware

Adobe Releases Security Updates for Flash Player

Google Releases Security Update for Chrome

SB15-173: Vulnerability Summary for the Week of June 15, 2015

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Adobe Releases Security Updates for Multiple Products

SB15-166: Vulnerability Summary for the Week of June 8, 2015

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Software and Security Information