Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Oracle Releases January 2015 Security Advisory

January 20, 2015 007admin Leave a comment

Original release date: January 20, 2015

Oracle has released its Critical Patch Update for January 2015 to address 169 vulnerabilities across multiple products.

This update contains the following security fixes:

8 for Oracle Database Server
36 for Oracle Fusion Middleware
10 for Oracle Enterprise Manager Grid Control
10 for Oracle E-Business Suite
6 for Oracle Supply Chain Products Suite
7 for Oracle PeopleSoft Products
1 for Oracle JD Edwards Products
17 for Oracle Siebel CRM
2 for Oracle iLearning
2 for Oracle Communications Applications
1 for Oracle Retail Applications
1 for Oracle Health Sciences Applications
19 for Oracle Java SE
29 for Oracle Sun Systems Products Suite
11 for Oracle Linux and Virtualization
9 for Oracle MySQL

US-CERT encourages users and administrators to review the Oracle January 2015 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Ubuntu Releases Security Updates

January 20, 2015 007admin Leave a comment

Original release date: January 20, 2015

Ubuntu has released security updates to address multiple vulnerabilities affecting Ubuntu 10.04 LTS, 12.04 LTS, 14.04 LTS, and 14.10. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code.

Users and administrators are encouraged to review Ubuntu Security Notices USN-2460-1, USN-2477-1, USN-2478-1, and USN-2479-1, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB15-019: Vulnerability Summary for the Week of January 12, 2015

January 19, 2015 007admin Leave a comment

Original release date: January 19, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — adobe_air	Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors.	2015-01-13	10.0	CVE-2015-0301
adobe — adobe_air	Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0306.	2015-01-13	10.0	CVE-2015-0303
adobe — adobe_air	Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309.	2015-01-13	10.0	CVE-2015-0304
adobe — adobe_air	Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code by leveraging an unspecified “type confusion.”	2015-01-13	9.3	CVE-2015-0305 CONFIRM
adobe — adobe_air	Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303.	2015-01-13	10.0	CVE-2015-0306
adobe — adobe_air	Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.	2015-01-13	8.5	CVE-2015-0307
adobe — adobe_air	Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors.	2015-01-13	10.0	CVE-2015-0308
adobe — adobe_air	Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304.	2015-01-13	10.0	CVE-2015-0309
awpcp — another_wordpress_classifieds_plugin	SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.	2015-01-13	7.5	CVE-2014-10013 XF EXPLOIT-DB MISC
dev4press — gd_star_rating	SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php.	2015-01-12	7.5	CVE-2014-2839 XF FULLDISC
divx — directshowdemuxfilter	Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow.	2015-01-13	7.5	CVE-2014-10024 BID FULLDISC
domphp — domphp	Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.	2015-01-13	7.5	CVE-2014-10037 XF EXPLOIT-DB OSVDB
domphp — domphp	SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.	2015-01-13	7.5	CVE-2014-10038 XF EXPLOIT-DB MISC OSVDB
fluxbb — fluxbb	SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.	2015-01-13	7.5	CVE-2014-10029 XF SECUNIA FULLDISC MISC
hancom — hancom_office_2010_se	Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.	2015-01-12	7.5	CVE-2013-7420 XF BUGTRAQ
ibm — pureapplication_system	Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.	2015-01-09	9.0	CVE-2014-6158
ibm — aix	lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.	2015-01-15	7.2	CVE-2014-8904 XF AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR
ismail_fahmi — ganesha_digital_library	Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.	2015-01-13	7.5	CVE-2014-100031 XF SECUNIA MISC
itechscripts — itechclassifieds	SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.	2015-01-13	7.5	CVE-2014-100020 XF BID EXPLOIT-DB OSVDB
libpng — libpng	Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16 might allow context-dependent attackers to execute arbitrary code via a “very wide interlaced” PNG image.	2015-01-10	10.0	CVE-2014-9495 SECTRACK BID MLIST MISC MLIST
licensepal — arcticdesk	SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	2015-01-13	7.5	CVE-2014-100035
linux — linux_kernel	Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.	2015-01-09	7.2	CVE-2014-9529 CONFIRM MLIST CONFIRM
maianscriptworld — maian_uploader	SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.	2015-01-13	7.5	CVE-2014-10004 XF MISC OSVDB
microsoft — windows_7	The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or “Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability.”	2015-01-13	7.2	CVE-2015-0002 MISC MISC MISC
microsoft — windows_7	The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user’s UsrClass.dat registry hive, aka MSRC ID 20674 or “Microsoft User Profile Service Elevation of Privilege Vulnerability.”	2015-01-13	7.2	CVE-2015-0004 MISC
microsoft — windows_7	Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka “Windows Telnet Service Buffer Overflow Vulnerability.”	2015-01-13	10.0	CVE-2015-0014
microsoft — windows_server_2003	Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka “Network Policy Server RADIUS Implementation Denial of Service Vulnerability.”	2015-01-13	7.8	CVE-2015-0015
microsoft — windows_7	Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka “Directory Traversal Elevation of Privilege Vulnerability.”	2015-01-13	9.3	CVE-2015-0016
mozilla — firefox	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	2015-01-14	7.5	CVE-2014-8634 CONFIRM CONFIRM
mozilla — firefox	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.	2015-01-14	7.5	CVE-2014-8635 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
mozilla — firefox	The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.	2015-01-14	7.5	CVE-2014-8636 CONFIRM
mozilla — firefox	Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.	2015-01-14	7.5	CVE-2014-8641 CONFIRM
mozilla — firefox	Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin’s process.	2015-01-14	7.1	CVE-2014-8643 CONFIRM
mtouch_quiz_project — mtouch_quiz	SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php.	2015-01-13	7.5	CVE-2014-100022 MISC XF SECUNIA
phpjabbers — event_booking_calendar	SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.	2015-01-13	7.5	CVE-2014-10015 MISC
pomm-project — pomm	SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	2015-01-13	7.5	CVE-2014-100019 CONFIRM XF BID SECUNIA
qualcomm — eudora_worldmail	Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command.	2015-01-13	7.5	CVE-2014-10031 XF EXPLOIT-DB OSVDB
realnetworks — realarcade_installer	The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.	2015-01-12	10.0	CVE-2013-2603 MISC MISC OSVDB
realnetworks — realarcade_installer	RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game’s directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.	2015-01-12	7.2	CVE-2013-2604 MISC MISC OSVDB
schneider-electric — wonderware_intouch_access_anywhere_server	Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.	2015-01-09	10.0	CVE-2014-9190 CONFIRM
sendy — sendy	SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter.	2015-01-13	7.5	CVE-2014-100011 XF BID BUGTRAQ EXPLOIT-DB
sendy — sendy	SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.	2015-01-13	7.5	CVE-2014-100012 EXPLOIT-DB
softbb — softbb	SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter.	2015-01-15	7.5	CVE-2014-9560 BID MISC FULLDISC MISC
solidworks — product_data_management	Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000.	2015-01-13	7.5	CVE-2014-100014 XF EXPLOIT-DB SECUNIA
tecorange — simple_e-document	SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.	2015-01-13	7.5	CVE-2014-10020 XF EXPLOIT-DB MISC OSVDB
topicsviewer — topicsviewer	Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.	2015-01-13	7.5	CVE-2014-10023 XF BID EXPLOIT-DB MISC OSVDB OSVDB OSVDB OSVDB
trendnet — tv-ip422w	Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.	2015-01-13	7.5	CVE-2014-10011 XF MISC MISC BID MISC
welcart — e-commerce	Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.	2015-01-13	7.5	CVE-2014-10017 XF BID MISC
wpsymposium — wp_symposium	Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.	2015-01-13	7.5	CVE-2014-10021 EXPLOIT-DB
yourmembers — yourmembers	SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.	2015-01-13	7.5	CVE-2014-100003 EXPLOIT-DB MISC

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
adobe — adobe_air	Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to obtain sensitive keystroke information via unspecified vectors.	2015-01-13	5.0	CVE-2015-0302
airties — air_6372	Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter.	2015-01-13	4.3	CVE-2014-100032 XF MISC
apache — traffic_server	Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing.	2015-01-13	5.0	CVE-2014-10022 CONFIRM SECTRACK MLIST
apache — cloudstack	Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.	2015-01-15	5.0	CVE-2014-9593 SECUNIA
april’s_super_functions_pack_project — april’s_super_functions_pack	Cross-site scripting (XSS) vulnerability in readme.php in the April’s Super Functions Pack plugin before 1.4.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information.	2015-01-13	4.3	CVE-2014-100026 XF BID SECUNIA OSVDB
awpcp — another_wordpress_classifieds_plugin	Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.	2015-01-13	4.3	CVE-2014-10012 XF MISC
cisco — anyconnect_secure_mobility_client	Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.	2015-01-14	5.0	CVE-2014-3314
cisco — unified_communications_domain_manager	Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276.	2015-01-09	5.0	CVE-2014-8020
cisco — identity_services_engine_software	Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776.	2015-01-15	4.3	CVE-2014-8022
cisco — webex_meetings_server	Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321.	2015-01-15	5.0	CVE-2014-8034
cisco — webex_meetings_server	The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247.	2015-01-09	5.0	CVE-2014-8035
cisco — webex_meetings_server	The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting’s invite list via a crafted URL, aka Bug ID CSCuj40254.	2015-01-09	5.0	CVE-2014-8036
cisco — asyncos	Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113.	2015-01-14	4.3	CVE-2015-0577
cisco — adaptive_security_appliance_software	Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network, aka Bug ID CSCur45455.	2015-01-14	5.7	CVE-2015-0578
cisco — telepresence_video_communication_server	Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473.	2015-01-14	5.0	CVE-2015-0579
cisco — nx-os	The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129.	2015-01-09	5.0	CVE-2015-0582
cisco — webex_meeting_center	Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281.	2015-01-14	5.0	CVE-2015-0583
cisco — unified_communications_domain_manager	Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055.	2015-01-15	6.8	CVE-2015-0588
cisco — unified_communications_domain_manager	Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177.	2015-01-15	5.0	CVE-2015-0591
clientresponse_project — clientresponse	Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field.	2015-01-13	4.3	CVE-2014-100013 XF EXPLOIT-DB
context_project — context	Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.	2015-01-15	5.8	CVE-2015-1051 BID
corel — corelcad	Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory.	2015-01-15	4.6	CVE-2014-8394 BID BUGTRAQ MISC FULLDISC
corel — painter	Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed.	2015-01-15	4.6	CVE-2014-8395 BID BUGTRAQ MISC FULLDISC
corel — pdf_fusion	Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed.	2015-01-15	4.6	CVE-2014-8396 BID BUGTRAQ MISC FULLDISC
corel — fastflick	Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed.	2015-01-15	4.6	CVE-2014-8397 BID BUGTRAQ MISC FULLDISC
corel — fastflick	Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed.	2015-01-15	4.6	CVE-2014-8398 BID BUGTRAQ MISC FULLDISC
couponphp — couponphp	Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.	2015-01-13	6.5	CVE-2014-10034 XF MISC EXPLOIT-DB MISC OSVDB OSVDB CONFIRM
couponphp — couponphp	Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php.	2015-01-13	4.3	CVE-2014-10035 MISC EXPLOIT-DB SECUNIA MISC OSVDB OSVDB OSVDB CONFIRM
csphere — clansphere	Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.	2015-01-13	4.3	CVE-2014-100010 MISC BID BUGTRAQ SECUNIA FULLDISC
d-link — dir-60	Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.	2015-01-13	6.8	CVE-2014-100005 XF SECUNIA MISC
d-link — dap-1360_firmware	Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.	2015-01-13	6.8	CVE-2014-10025 MISC FULLDISC
d-link — dap-1360_firmware	index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin.	2015-01-13	5.0	CVE-2014-10026 MISC FULLDISC
d-link — dap-1360_firmware	Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi.	2015-01-13	6.8	CVE-2014-10027 MISC FULLDISC
d-link — dap-1360_firmware	Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41.	2015-01-13	4.3	CVE-2014-10028 MISC FULLDISC
dev4press — gd_star_rating	Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors.	2015-01-12	6.8	CVE-2014-2838 XF SECUNIA FULLDISC
e107 — e107	Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING.	2015-01-15	4.3	CVE-2015-1041 MISC XF BID MLIST MISC MISC FULLDISC MISC
f5 — big-ip_application_security_manager	Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account.	2015-01-15	4.3	CVE-2015-1050 XF BUGTRAQ FULLDISC MISC
flatpress — flatpress	Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI.	2015-01-13	4.3	CVE-2014-100036 MISC CONFIRM XF SECUNIA
fluxbb — fluxbb	Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.	2015-01-13	5.8	CVE-2014-10030 CONFIRM
ganesha_digital_library_project — ganesha_digital_library	Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter.	2015-01-13	5.0	CVE-2014-100029 XF MISC
ganesha_digital_library_project — ganesha_digital_library	Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action.	2015-01-13	4.3	CVE-2014-100030 XF SECUNIA MISC
getusedtoit — wp_slimstat	Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL.	2015-01-13	4.3	CVE-2014-100027 CONFIRM XF BID SECUNIA
gnu — binutils	The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.	2015-01-15	5.0	CVE-2014-8738 CONFIRM CONFIRM MLIST MLIST MLIST
haxx — libcurl	CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.	2015-01-15	4.3	CVE-2014-8150 DEBIAN SECUNIA SECUNIA
haxx — libcurl	The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.	2015-01-15	5.8	CVE-2014-8151 SECUNIA
hk_exif_tags_project — hk_exif_tags	Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.	2015-01-13	4.3	CVE-2014-100007 XF SECUNIA
hp — insight_control_server_deployment	Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-01-15	4.3	CVE-2014-7881
ibm — sterling_b2b_integrator	The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request.	2015-01-09	5.0	CVE-2014-6199 XF
ibm — emptoris	The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	2015-01-09	4.0	CVE-2014-6212 XF
iwcn — stark_crm	Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page.	2015-01-13	6.8	CVE-2014-10008 XF XF MISC MISC SECUNIA
iwcn — stark_crm	Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.	2015-01-13	4.3	CVE-2014-10009 XF MISC MISC SECUNIA
jetbrains — teamcity	Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.	2015-01-13	5.0	CVE-2014-10002 SECUNIA
jetbrains — teamcity	Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.	2015-01-13	4.3	CVE-2014-10036 MISC XF SECUNIA CONFIRM
joomlaskin — js_multi_hotel	Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the roomid parameter.	2015-01-09	4.3	CVE-2013-7419 MISC
joomlaskin — js_multi_hotel	Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter.	2015-01-13	4.3	CVE-2014-100008 XF MISC MISC
joomlaskin — js_multi_hotel	The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php, (2) myCalendar.php, (3) refreshDate.php, (4) show_image.php, (5) widget.php, (6) phpthumb/GdThumb.inc.php, or (7) phpthumb/thumb_plugins/gd_reflection.inc.php in includes/.	2015-01-13	5.0	CVE-2014-100009 MISC MISC
licensepal — arcticdesk	Directory traversal vulnerability in LicensePal ArcticDesk before 1.2.5 allows remote attackers to read arbitrary files via unspecified vectors.	2015-01-13	5.0	CVE-2014-100033 MISC SECUNIA
licensepal — arcticdesk	Cross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-01-13	4.3	CVE-2014-100034 XF SECUNIA
litech — router_advertisement_daemon	The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.	2015-01-15	4.0	CVE-2014-8153 MISC CONFIRM CONFIRM BID
maianscriptworld — maian_uploader	Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.	2015-01-13	4.3	CVE-2014-10003 XF MISC OSVDB
maianscriptworld — maian_uploader	Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message.	2015-01-13	5.0	CVE-2014-10005 OSVDB MISC
maianscriptworld — maian_uploader	Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.	2015-01-13	6.8	CVE-2014-10006 MISC
maianscriptworld — maian_weblog	Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact action to index.php.	2015-01-13	4.3	CVE-2014-10007 MISC XF SECUNIA
mantisbt — mantisbt	Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.	2015-01-09	4.3	CVE-2014-9271 CONFIRM MLIST MLIST MLIST
mantisbt — mantisbt	The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.	2015-01-09	4.3	CVE-2014-9272 CONFIRM CONFIRM MLIST MLIST
mcafee — epolicy_orchestrator	XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.	2015-01-09	4.0	CVE-2015-0921 FULLDISC FULLDISC MISC
mcafee — epolicy_orchestrator	McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers’ installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.	2015-01-09	5.0	CVE-2015-0922 FULLDISC FULLDISC MISC
microsoft — windows_7	The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka “NLA Security Feature Bypass Vulnerability.”	2015-01-13	6.1	CVE-2015-0006
microsoft — windows_7	mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka “WebDAV Elevation of Privilege Vulnerability.”	2015-01-13	4.7	CVE-2015-0011
moip_project — moip	Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback.	2015-01-09	4.3	CVE-2014-9500 MLIST MLIST
mozilla — firefox	Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.	2015-01-14	5.0	CVE-2014-8637 CONFIRM
mozilla — firefox	The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.	2015-01-14	6.8	CVE-2014-8638 CONFIRM
mozilla — firefox	Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.	2015-01-14	6.8	CVE-2014-8639 CONFIRM
mozilla — firefox	The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.	2015-01-14	5.0	CVE-2014-8640 CONFIRM
mozilla — firefox	Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.	2015-01-14	4.3	CVE-2014-8642 CONFIRM
mtouch_quiz_project — mtouch_quiz	Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php.	2015-01-13	4.3	CVE-2014-100023 MISC XF XF SECUNIA
mywebsiteadvisor — simple_security	Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php.	2015-01-15	4.3	CVE-2014-9570 MISC BUGTRAQ
orangehrm — orangehrm	Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter.	2015-01-13	4.3	CVE-2014-100021 BID SECUNIA MISC
oscommerce — online_merchant	SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.	2015-01-13	6.5	CVE-2014-10033 CONFIRM XF MISC EXPLOIT-DB OSVDB
panasonic — arbitrator_back-end_server_mk_2.0_vpu	Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information.	2015-01-15	4.3	CVE-2014-9596
photocati_media — photocrati	Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter.	2015-01-13	4.3	CVE-2014-100016 XF BID SECUNIA MISC OSVDB
phpjabbers — appointment_scheduler	Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller.	2015-01-13	6.8	CVE-2014-10001 XF XF EXPLOIT-DB SECUNIA MISC
phpjabbers — appointment_scheduler	Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.	2015-01-13	5.0	CVE-2014-10010 XF EXPLOIT-DB MISC
phpjabbers — event_booking_calendar	Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller.	2015-01-13	6.8	CVE-2014-10014 XF XF SECUNIA MISC
phpkit — phpkit	Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php.	2015-01-15	4.3	CVE-2015-1052 BID MISC MISC FULLDISC MISC
phponlinechat — phponlinechat	Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field.	2015-01-13	4.3	CVE-2014-100017 XF BID EXPLOIT-DB MISC
pods_foundation — pods	Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.	2015-01-15	4.3	CVE-2014-7956 BID BUGTRAQ FULLDISC MISC
pods_foundation — pods	Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete action in the pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admin.php, (4) deactivate and reset pod data via the pods_reset_deactivate parameter in the pod-settings page to wp-admin/admin.php, (5) delete the admin role via the id parameter in a delete action in the pods-component-roles-and-capabilities page to wp-admin/admin.php, or (6) enable “roles and capabilities” in a toggle action in the pods-components page to wp-admin/admin.php.	2015-01-15	6.8	CVE-2014-7957 BID BUGTRAQ FULLDISC MISC
redhat — jboss_data_virtualization	XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.	2015-01-15	5.0	CVE-2014-0171 CONFIRM
roundcube — webmail	Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.	2015-01-15	6.8	CVE-2014-9587 CONFIRM MISC BID MLIST
sap — sap_kernel	Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.	2015-01-15	6.5	CVE-2014-9594 SECUNIA MISC MISC
sap — sap_kernel	Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.	2015-01-15	6.5	CVE-2014-9595 SECUNIA MISC MISC
savsoft — savsoft_quiz	Cross-site request forgery (CSRF) vulnerability in index.php/user_data/insert_user in Savsoft Quiz allows remote attackers to hijack the authentication of administrators for requests that create an administrator account via a crafted request.	2015-01-13	6.8	CVE-2014-100025 XF BID SECUNIA MISC
scriptbrasil — taboada_macronews	SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.	2015-01-13	6.5	CVE-2014-10032 XF EXPLOIT-DB OSVDB
seopanel — seo_panel	Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-01-13	4.3	CVE-2014-100024 XF SECUNIA OSVDB
seopressor — seo_plugin_liveoptim	Cross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.	2015-01-13	6.8	CVE-2014-100001 XF SECUNIA
sitecore — cms	Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information.	2015-01-13	4.3	CVE-2014-100004 XF BID BUGTRAQ MISC SECUNIA OSVDB
softbb — softbb	Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter.	2015-01-15	4.3	CVE-2014-9561 BID MISC FULLDISC MISC
solidworks — product_data_management	Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.	2015-01-13	6.4	CVE-2014-100015 XF EXPLOIT-DB EXPLOIT-DB MISC
storytlr — storytlr	Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to archives/.	2015-01-13	4.3	CVE-2014-100037 MISC SECUNIA
storytlr — storytlr	Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/.	2015-01-13	4.3	CVE-2014-100038 MISC XF SECUNIA
suse — gcab	Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by “tmpmoo.”	2015-01-15	6.4	CVE-2015-0552 CONFIRM CONFIRM MLIST SUSE
tapatalk — tapatalk	Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter.	2015-01-15	4.3	CVE-2014-8869 MISC BID BUGTRAQ FULLDISC
tapatalk — tapatalk	Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter.	2015-01-15	5.8	CVE-2014-8870 BID BUGTRAQ FULLDISC
teracom — t2-b-gawv1.4u10y-bi	Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.	2015-01-13	4.3	CVE-2014-10018 XF BID EXPLOIT-DB OSVDB
teracom — t2-b-gawv1.4u10y-bi	Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or (2) change the password via a crafted request.	2015-01-13	6.8	CVE-2014-10019 XF EXPLOIT-DB
tp-link — tl-wr840n_firmware	Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.	2015-01-09	6.8	CVE-2014-9510 BID MISC FULLDISC
unconfirmed_project — unconfirmed	Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php.	2015-01-13	4.3	CVE-2014-100018 CONFIRM MISC BID SECUNIA
webcrafted_project — webcrafted	Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username.	2015-01-13	4.3	CVE-2014-100028 XF BID SECUNIA MISC
webtrees — webtrees	Multiple cross-site scripting (XSS) vulnerabilities in modules_v3/googlemap/wt_v3_street_view.php in webtrees before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) map, (2) streetview, or (3) reset parameter.	2015-01-13	4.3	CVE-2014-100006 XF MISC SECUNIA
welcart — e-commerce	Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time parameter in an add_delivery_method action to wp-admin/admin-ajax.php.	2015-01-13	4.3	CVE-2014-10016 XF BID SECUNIA MISC
wireshark — wireshark	Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.	2015-01-09	5.0	CVE-2015-0559 CONFIRM CONFIRM
wireshark — wireshark	The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015-01-09	5.0	CVE-2015-0560 CONFIRM CONFIRM
wireshark — wireshark	asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.	2015-01-09	5.0	CVE-2015-0561 CONFIRM CONFIRM
wireshark — wireshark	Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.	2015-01-09	5.0	CVE-2015-0562 CONFIRM CONFIRM
wireshark — wireshark	epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015-01-09	5.0	CVE-2015-0563 CONFIRM CONFIRM CONFIRM
wireshark — wireshark	Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.	2015-01-09	5.0	CVE-2015-0564 CONFIRM
wpeasycart — wp_easycart	Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.	2015-01-15	6.5	CVE-2014-9308 BID EXPLOIT-DB MISC MISC OSVDB
xen — xen	The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.	2015-01-12	4.9	CVE-2014-6268 XF SECTRACK BID
zfcuser_project — zfcuser	Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.	2015-01-15	4.3	CVE-2015-1039 CONFIRM CONFIRM BID MLIST
zohocorp — manageengine_supportcenter_plus	Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.	2015-01-13	5.0	CVE-2014-100002 CONFIRM XF EXPLOIT-DB OSVDB

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
bedita — bedita	Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) “note text” field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view.	2015-01-15	3.5	CVE-2015-1040 CONFIRM BID MISC MLIST FULLDISC MISC
codewrights — hart_device_type_manager	The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 mA current loop.	2015-01-09	2.1	CVE-2014-9191
godwin’s_law_project — godwin’s_law	Cross-site scripting (XSS) vulnerability in the Godwin’s Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message.	2015-01-09	3.5	CVE-2014-9499 XF MLIST MLIST
ibm — curam_social_program_management	Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.	2015-01-09	3.5	CVE-2014-3096
linux — linux_kernel	The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.	2015-01-09	2.1	CVE-2014-9584 CONFIRM CONFIRM MLIST CONFIRM
linux — linux_kernel	The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.	2015-01-09	2.1	CVE-2014-9585 MLIST MLIST MISC CONFIRM
malwarebytes — malwarebytes_anti-exploit	mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.	2015-01-13	2.1	CVE-2014-100039 CONFIRM OSVDB
mantisbt — mantisbt	Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.	2015-01-09	2.6	CVE-2014-9269 CONFIRM DEBIAN MLIST MLIST
mediawiki — mediawiki	Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.	2015-01-16	3.5	CVE-2014-9475 MLIST MLIST DEBIAN
microsoft — windows_8	The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka “Windows Error Reporting Security Feature Bypass Vulnerability.”	2015-01-13	1.9	CVE-2015-0001
poll_chart_block_project — poll_chart_block	Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title.	2015-01-09	3.5	CVE-2014-9501 MLIST MLIST
redhat — network_satellite	Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.	2015-01-15	3.5	CVE-2014-7811
redhat — network_satellite	Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.	2015-01-15	3.5	CVE-2014-7812
school_administration_project — school_administration	Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title.	2015-01-09	3.5	CVE-2014-9505 XF MLIST MLIST
siemens — simatic_wincc_sm@rtclient	The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.	2015-01-14	2.1	CVE-2014-5231
siemens — simatic_wincc_sm@rtclient	The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.	2015-01-14	1.9	CVE-2014-5232
siemens — simatic_wincc_sm@rtclient	The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism.	2015-01-14	1.9	CVE-2014-5233
webform_invitation_project — webform_invitation	Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web script or HTML via a node title.	2015-01-09	3.5	CVE-2014-9498 MLIST MLIST

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Affordable Care Act Phishing Campaign

January 15, 2015 007admin Leave a comment

Original release date: January 15, 2015

US-CERT is aware of a phishing campaign purporting to come from a U.S. Federal Government Agency. The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private information or install malicious code.

US-CERT encourages users to take the following measures to protect themselves:

Do not follow links or download attachments in unsolicited email messages.
Maintain up-to-date antivirus software.
Refer to the Avoiding Social Engineering and Phishing Attacks Security Tip for additional information on social engineering attacks.

If affected by the campaign, users should report the incident to appropriate parties within their organization and notify US-CERT.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

IC3 Issues Alert on University Employee Payroll Scam

January 15, 2015 007admin Leave a comment

Original release date: January 15, 2015

The Internet Crime Complaint Center (IC3) has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent e-mails and websites to entice employees to reveal login credentials.

Users are encouraged to review the IC3 Alert for details and refer to Security Tip ST04-014 for information on social engineering and phishing attacks.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Mozilla Releases Security Updates for Firefox, Firefox ESR, SeaMonkey, and Thunderbird

January 14, 2015 007admin Leave a comment

Original release date: January 14, 2015

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, SeaMonkey, and Thunderbird. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

Updates available include:

Firefox 35
Firefox ESR 31.4
SeaMonkey 2.32
Thunderbird 31.4

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, SeaMonkey, and Thunderbird and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Adobe Releases Security Updates for Flash Player

January 13, 2015 007admin Leave a comment

Original release date: January 13, 2015

Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could potentially allow an attacker to take control of the affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-01 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Microsoft Releases January 2015 Security Bulletin

January 13, 2015 007admin Leave a comment

Original release date: January 13, 2015

Microsoft has released eight updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, or security feature bypass.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-001 – MS15-008 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

SB15-012: Vulnerability Summary for the Week of January 5, 2015

January 12, 2015 007admin Leave a comment

Original release date: January 12, 2015

High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
ajax_post_search_project — ajax_post_search	SQL injection vulnerability in the “the_search_function” function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a “the_search_text” action to wp-admin/admin-ajax.php.	2015-01-07	7.5	CVE-2012-5853 CONFIRM BUGTRAQ
asus — wrt_firmware	common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.	2015-01-08	10.0	CVE-2014-9583 MISC EXPLOIT-DB MISC
basic-cms — sweetrice	Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action.	2015-01-03	7.5	CVE-2010-5317 MISC
cts_projects&software — classad	SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.	2015-01-02	7.5	CVE-2014-9455 MISC
debian — mime-support	run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.	2015-01-06	7.5	CVE-2014-7209 XF BID MLIST SECUNIA
deliciousdays — cformsii	Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory.	2015-01-07	7.5	CVE-2014-9473 CONFIRM BUGTRAQ
don_ho — notepad++	Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information.	2015-01-02	10.0	CVE-2014-9456 EXPLOIT-DB
hex-rays — ida	Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.	2015-01-02	10.0	CVE-2014-9458 SECUNIA
humhub — humhub	SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.	2015-01-06	7.5	CVE-2014-9528 CONFIRM XF EXPLOIT-DB FULLDISC MISC
infinitewp — infinitewp_admin_panel	SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.	2015-01-05	7.5	CVE-2014-9519 MISC FULLDISC
infinitewp — infinitewp_admin_panel	SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.	2015-01-05	7.5	CVE-2014-9520 MISC FULLDISC
infinitewp — infinitewp_admin_panel	Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename.	2015-01-05	7.5	CVE-2014-9521 MISC FULLDISC
installatron — gq_file_manager	SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.	2015-01-02	7.5	CVE-2014-9445 XF EXPLOIT-DB
linux — linux_kernel	The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets.	2015-01-02	7.8	CVE-2014-9428 MLIST CONFIRM MLIST MLIST CONFIRM CONFIRM
mediawiki — mediawiki	The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.	2015-01-04	7.5	CVE-2014-9277 CONFIRM MLIST MLIST DEBIAN SECTRACK
microweber — microweber	SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.	2015-01-03	7.5	CVE-2014-9464 MISC CONFIRM
mini-stream — rm-mp3_converter	Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.	2015-01-02	7.5	CVE-2014-9448 EXPLOIT-DB EXPLOIT-DB OSVDB
osclass — osclass	SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.	2015-01-05	7.5	CVE-2014-8083 BID BUGTRAQ FULLDISC MISC MISC
osclass — osclass	Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.	2015-01-05	7.5	CVE-2014-8084 BID BUGTRAQ FULLDISC MISC MISC
php — php	sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping’s length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.	2015-01-02	7.5	CVE-2014-9427 CONFIRM MLIST MLIST MLIST CONFIRM
phpmyrecipes_project — phpmyrecipes	SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.	2015-01-02	7.5	CVE-2014-9440 XF EXPLOIT-DB MISC
projectsend — projectsend	Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.	2015-01-07	7.5	CVE-2014-9567 XF EXPLOIT-DB EXPLOIT-DB MISC OSVDB
sefrengo — sefrengo	Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.	2015-01-08	7.5	CVE-2015-0919 MISC FULLDISC MISC
sonatype — nexus	Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.	2015-01-05	7.5	CVE-2014-9389 SECUNIA
typo3 — typo3	The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a “Cache Poisoning” attack using a URL with arbitrary arguments, which triggers a reload of the page.	2015-01-04	7.5	CVE-2014-9509
vdgsecurity — vdg_sense	Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENSE (formerly DIVA) 2.3.13 allow remote attackers to execute arbitrary code via the (1) user or (2) password parameter in an AuthenticateUser request.	2015-01-02	7.5	CVE-2014-9451 MISC XF BID FULLDISC MISC
xen — xen	Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.	2015-01-07	7.8	CVE-2015-0361
zabbix — zabbix	Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.	2015-01-02	7.5	CVE-2014-9450 SECUNIA

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
absolutengine — absolut_engine	Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php.	2015-01-02	6.5	CVE-2014-9435 BID MISC FULLDISC
apache — solr	Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.	2015-01-06	4.3	CVE-2014-3628 SECUNIA MLIST
apache — poi	HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.	2015-01-06	5.0	CVE-2014-9527 CONFIRM SECUNIA CONFIRM
banner_effect_header_project — banner_effect_header	Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.	2015-01-08	6.8	CVE-2015-0920 XF XF MISC
basic-cms — sweetrice	Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie.	2015-01-03	4.3	CVE-2010-5316 MISC
basic-cms — sweetrice	The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator’s password by specifying the administrator’s e-mail address in the email parameter.	2015-01-03	4.3	CVE-2010-5318 MISC
chialab_&_channelweb — bedita	Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index.	2015-01-03	4.3	CVE-2010-5314 MISC
chialab_&_channelweb — bedita	Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser.	2015-01-03	6.8	CVE-2010-5315 MISC
cisco — secure_access_control_system	The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.	2015-01-08	6.5	CVE-2014-8027
cisco — secure_access_control_system	Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019.	2015-01-08	4.3	CVE-2014-8028
cisco — secure_access_control_system	Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150.	2015-01-08	5.8	CVE-2014-8029
cisco — webex_meetings_server	Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.	2015-01-08	4.3	CVE-2014-8030
cisco — webex_meetings_server	Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456.	2015-01-08	6.8	CVE-2014-8031
cisco — webex_meetings_server	The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449.	2015-01-08	4.0	CVE-2014-8032
cisco — webex_meetings_server	The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421.	2015-01-08	5.0	CVE-2014-8033
codiad — codiad	Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.	2015-01-08	5.0	CVE-2014-9581 EXPLOIT-DB
codiad — codiad	Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.	2015-01-08	4.3	CVE-2014-9582 EXPLOIT-DB
concrete5 — concrete5	Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php.	2015-01-05	4.3	CVE-2014-9526 XF BUGTRAQ FULLDISC MISC MISC
d-link — dcs-2103_hd_cube_network_camera	Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.	2015-01-05	4.3	CVE-2014-9517 MISC MISC
d-link — dir-655	Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.	2015-01-05	4.3	CVE-2014-9518 BID CONFIRM SECUNIA
e107 — e107	Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action.	2015-01-02	6.8	CVE-2014-9459 CONFIRM MISC FULLDISC
efssoft — easy_file_sharing_web_server	Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp.	2015-01-02	4.3	CVE-2014-9439 XF EXPLOIT-DB
elfutils_project — elfutils	Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.	2015-01-02	6.4	CVE-2014-9447 MLIST BID MLIST SECUNIA
emc — documentum_wdk	Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-01-06	4.3	CVE-2014-4635 BUGTRAQ
emc — documentum_wdk	Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.	2015-01-06	6.8	CVE-2014-4636 BUGTRAQ
emc — documentum_wdk	Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.	2015-01-06	6.4	CVE-2014-4637 BUGTRAQ
emc — documentum_wdk	EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors.	2015-01-06	5.0	CVE-2014-4638 BUGTRAQ
emc — documentum_wdk	EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.	2015-01-06	5.0	CVE-2014-4639 BUGTRAQ
exiv2 — exiv2	Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.	2015-01-02	5.0	CVE-2014-9449 SECUNIA CONFIRM
facebook_like_box_project — facebook_like_box	Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php.	2015-01-05	6.8	CVE-2014-9524 SECUNIA MISC
frontend_uploader_project — frontend_uploader	Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI.	2015-01-02	4.3	CVE-2014-9444 BID FULLDISC MISC
ipcop — ipcop	Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer.	2015-01-02	4.3	CVE-2013-7417 XF MISC MISC MISC
ipcop — ipcop	cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability.	2015-01-02	6.5	CVE-2013-7418 MISC MISC MISC
justin_klein — wp-vipergb	Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php.	2015-01-02	6.8	CVE-2014-9460 CONFIRM XF XF MISC
kajona — kajona	Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.	2015-01-08	4.3	CVE-2015-0917 CONFIRM CONFIRM MISC FULLDISC MISC
kan-studio — kandidat_cms	Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to admin/edit.php, or (3) modify articles via the edit parameter to admin/news.php.	2015-01-03	6.8	CVE-2010-5319 MISC
koha — koha	Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl.	2015-01-02	4.3	CVE-2014-9446 BID SECUNIA CONFIRM
lightbox_photo_gallery_project — lightbox_photo_gallery	Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php.	2015-01-02	6.8	CVE-2014-9441 XF MISC
mediawiki — mediawiki	Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview.	2015-01-04	5.1	CVE-2014-9276 CONFIRM MLIST MLIST SECTRACK
memht — memht_portal	Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php.	2015-01-03	6.8	CVE-2010-5320 MISC
nyu — opensso_integration	Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to inject arbitrary web script or HTML via the url parameter.	2015-01-02	4.3	CVE-2014-7293 MISC FULLDISC
nyu — opensso_integration	Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.	2015-01-02	5.8	CVE-2014-7294 MISC FULLDISC MISC
oetiker+partner_ag — rrdtool	Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.	2015-01-04	5.0	CVE-2013-2131 MISC MISC MISC MLIST MLIST MLIST
open-xchange — open-xchange_appsuite	Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.	2015-01-05	4.3	CVE-2014-1679 MISC XF BUGTRAQ SECUNIA
open-xchange — open-xchange_appsuite	Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.	2015-01-07	4.3	CVE-2014-8993 SECTRACK BUGTRAQ SECUNIA MISC
openssl — openssl	The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.	2015-01-08	5.0	CVE-2014-3570 CONFIRM
openssl — openssl	OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.	2015-01-08	5.0	CVE-2014-3571 CONFIRM CONFIRM
openssl — openssl	The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.	2015-01-08	5.0	CVE-2014-3572 CONFIRM
openssl — openssl	OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate’s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.	2015-01-08	5.0	CVE-2014-8275 CONFIRM CONFIRM
openssl — openssl	The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.	2015-01-08	5.0	CVE-2015-0204 CONFIRM
openssl — openssl	The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.	2015-01-08	5.0	CVE-2015-0205 CONFIRM
openssl — openssl	Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.	2015-01-08	5.0	CVE-2015-0206 CONFIRM
openstack — image_registry_and_delivery_service_(glance)	The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.	2015-01-07	5.5	CVE-2014-9493 CONFIRM MLIST
osclass — osclass	Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.	2015-01-05	6.8	CVE-2014-8085 BID BUGTRAQ FULLDISC MISC MISC CONFIRM
paloaltonetworks — pan-os	Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.	2015-01-06	4.3	CVE-2014-3764 CONFIRM SECUNIA
papoo — cms_papoo_light	Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.	2015-01-05	4.3	CVE-2014-9522 BID BUGTRAQ EXPLOIT-DB MISC MISC OSVDB
pmb_services — pmb	SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php.	2015-01-02	6.5	CVE-2014-9457 EXPLOIT-DB
projectsend — projectsend	Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information.	2015-01-08	4.3	CVE-2014-9580 XF EXPLOIT-DB MISC
quick_page/post_redirect_project — quick_page/post_redirect	Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php.	2015-01-05	6.8	CVE-2014-2598 MISC XF EXPLOIT-DB SECUNIA FULLDISC MISC OSVDB OSVDB
reality66 — cart66_lite	SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php.	2015-01-02	6.5	CVE-2014-9442 MISC CONFIRM SECUNIA
redcloth — redcloth_library	Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.	2015-01-07	4.3	CVE-2012-6684 MISC FULLDISC MISC MISC
redhat — libvirt	The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.	2015-01-06	4.0	CVE-2014-8131 SUSE
relevanssi — relevanssi	Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015-01-02	4.3	CVE-2014-9443 SECUNIA
sap — netweaver_business_client_for_html	Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.	2015-01-07	4.3	CVE-2014-9569 MISC SECUNIA
sefrengo — sefrengo	Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php.	2015-01-08	4.3	CVE-2015-0918 MISC FULLDISC MISC
simple_sticky_footer_project — simple_sticky_footer	Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php.	2015-01-02	6.8	CVE-2014-9454 XF XF MISC
simple_visitor_stat_project — simple_visitor_stat	Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP User-Agent or (2) HTTP Referer header.	2015-01-02	4.3	CVE-2014-9453 XF MISC
sliding_social_icons_project — sliding_social_icons	Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php.	2015-01-02	6.8	CVE-2014-9437 XF MISC
smartcat — our_team_showcase	Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php.	2015-01-05	6.8	CVE-2014-9523 MISC
social_microblogging_pro_project — social_microblogging_pro	Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the “Web Site” input in the Profile section.	2015-01-05	4.3	CVE-2014-9516 EXPLOIT-DB OSVDB
strongswan — strongswan	strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.	2015-01-07	5.0	CVE-2014-9221 CONFIRM SECUNIA SECUNIA
sysaid — sysaid	Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\ (four backslashes) in the fileName parameter to getRdsLogFile.	2015-01-02	5.0	CVE-2014-9436 XF EXPLOIT-DB FULLDISC MISC
timed_popup_project — timed_popup	Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php.	2015-01-05	6.8	CVE-2014-9525 XF XF MISC
typo3 — typo3	The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.	2015-01-04	4.3	CVE-2014-9508
vbulletin — vbulletin	Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors.	2015-01-02	6.8	CVE-2014-9438 MISC XF MISC
vdgsecurity — vdg_sense	Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/.	2015-01-02	5.0	CVE-2014-9452 MISC XF BID FULLDISC MISC
vdgsecurity — vdg_sense	VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header.	2015-01-08	6.4	CVE-2014-9575 MISC FULLDISC MISC
vdgsecurity — vdg_sense	VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access.	2015-01-08	5.0	CVE-2014-9576 MISC FULLDISC MISC
vdgsecurity — vdg_sense	VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response.	2015-01-08	4.0	CVE-2014-9577 MISC FULLDISC MISC
vdgsecurity — vdg_sense	VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of password hash.	2015-01-08	5.0	CVE-2014-9578 MISC FULLDISC MISC
vdgsecurity — vdg_sense	VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files.	2015-01-08	5.0	CVE-2014-9579 MISC FULLDISC MISC
zohocorp — manageengine_adselfservice_plus	Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.	2015-01-07	4.3	CVE-2014-3779 XF MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
absolutengine — absolut_engine	Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter.	2015-01-02	3.5	CVE-2014-9434 BID MISC FULLDISC
linuxcontainers — cgmanager	cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.	2015-01-07	2.1	CVE-2014-1425
mantisbt — mantisbt	MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.	2015-01-04	3.5	CVE-2014-9506 CONFIRM DEBIAN MLIST
mediawiki — mediawiki	MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.	2015-01-04	2.6	CVE-2014-9507
reality66 — cart66_lite	Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php.	2015-01-02	3.5	CVE-2014-9461 CONFIRM MISC CONFIRM

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

OpenSSL Patches Eight Vulnerabilities

January 8, 2015 007admin Leave a comment

Original release date: January 08, 2015

OpenSSL has released updates patching eight vulnerabilities, one of which may allow an attacker to cause a Denial of Service condition.

The following updates are available:

OpenSSL 1.0.1k for 1.0.1 users
OpenSSL 1.0.0p for 1.0.0 users
OpenSSL 0.9.8zd for 0.9.8 users

Users and administrators are encouraged to review the OpenSSL Security Advisory for additional information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

007 Software

Category Archives: US-CERT

Oracle Releases January 2015 Security Advisory

Ubuntu Releases Security Updates

SB15-019: Vulnerability Summary for the Week of January 12, 2015

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Affordable Care Act Phishing Campaign

IC3 Issues Alert on University Employee Payroll Scam

Mozilla Releases Security Updates for Firefox, Firefox ESR, SeaMonkey, and Thunderbird

Adobe Releases Security Updates for Flash Player

Microsoft Releases January 2015 Security Bulletin

SB15-012: Vulnerability Summary for the Week of January 5, 2015

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

OpenSSL Patches Eight Vulnerabilities

Software and Security Information