Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

SB15-005: Vulnerability Summary for the Week of December 29, 2014

Original release date: January 05, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ajaxplorer — ajaxplorer Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation. 2014-12-27 7.5 CVE-2013-6227
MISC
cray — cray_linux_environment apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912. 2014-12-26 7.2 CVE-2014-0748
MISC
easewe_software — easewe_ftp_ocx_activex_control The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method. 2014-12-31 7.5 CVE-2011-5292
MISC
exponentcms — exponent_cms Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. 2014-12-29 7.5 CVE-2013-3295
MISC
facebook — hiphop_virtual_machine CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a n (newline) character before the end of a string. 2014-12-28 7.5 CVE-2014-2208
CONFIRM
facebook — hiphop_virtual_machine Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function. 2014-12-28 7.5 CVE-2014-6228
CONFIRM
gogago — gogago_youtube_video_converter Buffer overflow in the Download method in a certain ActiveX control in MDIEEx.dll in Gogago YouTube Video Converter 1.1.6 allows remote attackers to execute arbitrary code via a long argument. 2015-01-01 9.3 CVE-2011-5295
MISC
ipswitch — tftp_server Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation. 2014-12-27 7.8 CVE-2011-4722
XF
OSVDB
EXPLOIT-DB
SECTRACK
SECUNIA
MISC
minibb — minibb bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php. 2014-12-31 7.5 CVE-2014-9254
MISC
SECUNIA
nakahira — cdnvote Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter. 2015-01-01 7.5 CVE-2011-5308
MISC
CONFIRM
CONFIRM
openbsd — libressl Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake. 2014-12-28 7.5 CVE-2014-9424
CONFIRM
MISC
php — php Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2014-12-30 7.5 CVE-2014-9425
MLIST
CONFIRM
CONFIRM
CONFIRM
php — php The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. 2014-12-30 7.5 CVE-2014-9426
CONFIRM
CONFIRM
redaxscript — redaxscript Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. 2015-01-01 7.5 CVE-2011-5313
MISC
redmine — redmine_git_hosting_plugin git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. 2014-12-27 7.5 CVE-2013-4663
MISC
schneider_electric — proclima Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers. 2014-12-27 10.0 CVE-2014-8511
CONFIRM
schneider_electric — proclima Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers. 2014-12-27 7.5 CVE-2014-8512
schneider_electric — proclima Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. 2014-12-27 7.5 CVE-2014-8513
schneider_electric — proclima Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. 2014-12-27 7.5 CVE-2014-8514
schneider_electric — proclima Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. 2014-12-27 9.0 CVE-2014-9188
social_slider_project — social_slider SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter. 2014-12-31 7.5 CVE-2011-5286
MISC
softaculous — webuzo index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. 2014-12-27 7.5 CVE-2013-6041
MISC
soundexchange — soundexchange Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. 2014-12-31 7.5 CVE-2014-8145
BID
MISC
threediffy — threedify_designer The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allows remote attackers to write to arbitrary files via a pathname in the argument. 2014-12-31 9.3 CVE-2011-5293
MISC
threedify — threedify_designer Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allow remote attackers to execute arbitrary code via a long argument to the (1) cmdExport, (2) cmdImport, (3) cmdOpen, or (4) cmdSave method. 2014-12-31 9.3 CVE-2011-5288
MISC
umbraco — umbraco_cms The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request. 2014-12-27 7.5 CVE-2013-4793
MISC
videolan — vlc_media_player Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder. 2014-12-26 7.5 CVE-2010-1441
MLIST
videolan — vlc_media_player VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer. 2014-12-26 7.5 CVE-2010-1442
MLIST
videolan — vlc_media_player The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive. 2014-12-26 7.5 CVE-2010-1444
MLIST
CONFIRM
videolan — vlc_media_player Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session. 2014-12-26 7.5 CVE-2010-1445
MLIST
videolan — vlc_media_player Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header. 2014-12-26 7.5 CVE-2010-2062
MISC
FULLDISC
MLIST
CONFIRM
videolan — vlc_media_player Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c. 2014-12-26 7.5 CVE-2011-3623
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
videowhisper — videowhisper_live_streaming_integration Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. 2014-12-29 10.0 CVE-2014-1905
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
amcharts — flash Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf; the message element in the chart_data parameter to (3) amcolumn.swf, (4) amline.swf, (5) amradar.swf, or (6) amxy.sw; or (7) the settings_file parameter to amstock.swf. 2014-12-27 4.3 CVE-2012-1303
MISC
ammap_project — ammap Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf. 2014-12-27 4.3 CVE-2012-1302
MISC
apache — http_server mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. 2014-12-29 4.3 CVE-2014-8109
CONFIRM
CONFIRM
CONFIRM
MLIST
ashampoo_gmbh_&_co. — ashampoo_3d_cad_professional_3 The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in CyViewer.ocx in Ashampoo 3D CAD Professional 3.x before 3.0.2 allows remote attackers to write to arbitrary files via a pathname in the first argument. 2014-12-31 6.4 CVE-2011-5291
MISC
bugfree — bugfree Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the ActionType parameter to Bug.php, the ReportMode parameter to (2) Report.php or (3) ReportLeft.php, or the PATH_INFO to (4) AdminProjectList.php, (5) AdminGroupList.php, or (6) AdminUserLogList.php. 2014-12-31 4.3 CVE-2011-5285
MISC
cambio_project — cambio Cross-site request forgery (CSRF) vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action. 2015-01-01 6.8 CVE-2011-5316
MISC
cherry-design — wikipad Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. 2015-01-01 4.3 CVE-2011-5309
MISC
cherry-design — wikipad Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. 2015-01-01 5.0 CVE-2011-5310
MISC
cherry-design — wikipad Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] parameter. 2015-01-01 6.8 CVE-2011-5311
MISC
clausmuus — spitfire Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 allows remote attackers to inject arbitrary web script or HTML via a cms_username cookie. 2015-01-01 4.3 CVE-2011-5303
MISC
db_backup_project — db_backup Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. 2014-12-31 5.0 CVE-2014-9119
MISC
XF
MLIST
dflabs — ptk Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout. 2014-12-27 6.8 CVE-2012-1415
EXPLOIT-DB
diafan — diafan.cms Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/. 2015-01-01 6.8 CVE-2011-5318
MISC
diego_uscanga — atube_catcher The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows remote attackers to write to arbitrary files via a pathname in the argument. 2014-12-31 6.4 CVE-2011-5289
MISC
doorkeeper_project — doorkeeper Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors. 2014-12-31 6.8 CVE-2014-8144
CONFIRM
XF
MLIST
emc — rsa_bsafe EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server’s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a “triple handshake attack.” 2014-12-30 4.3 CVE-2014-4630
MISC
BUGTRAQ
emc — appsync Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. 2014-12-30 4.6 CVE-2014-4634
BUGTRAQ
eucalyptus — eucalyptus The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic amplification) via spoofed DNS queries. 2014-12-26 4.3 CVE-2013-4769
facebook — hiphop_virtual_machine Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory. 2014-12-28 5.0 CVE-2014-2209
CONFIRM
facebook — hiphop_virtual_machine The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector. 2014-12-28 5.0 CVE-2014-5386
CONFIRM
facebook — hiphop_virtual_machine The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses ” for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal ” character. 2014-12-28 5.0 CVE-2014-6229
CONFIRM
gollos — gollos Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to (1) register.aspx, (2) publication/info.aspx, or (3) user/add.aspx, or (4) the q parameter to product/list.aspx. 2015-01-01 4.3 CVE-2011-5312
MISC
gslideshow_project — gslideshow Multiple cross-site request forgery (CSRF) vulnerabilities in the gSlideShow plugin 0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) rss, (2) display_time or (3) transistion_time parameter in the gslideshow.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9391
MISC
hesk — hesk Multiple cross-site scripting (XSS) vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the hesklang[attempt] parameter to (3) inc/assignment_search.inc.php, (4) inc/attachments.inc.php, (5) inc/common.inc.php, (6) inc/database.inc.php, (7) inc/prepare_ticket_search.inc.php, (8) inc/print_tickets.inc.php, (9) inc/show_admin_nav.inc.php, (10) inc/show_search_form.inc.php, or (11) inc/ticket_list.inc.php; or (12) the PATH_INFO to language/en/text.php. 2014-12-31 4.3 CVE-2011-5287
MISC
hillstone_software — hs_tftp_server Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation. 2014-12-27 5.0 CVE-2011-4720
MISC
ibm — security_identity_manager Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2014-12-28 6.0 CVE-2014-6168
XF
idrive_inc — idrive_online_backup The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control in UniBasic100_EDA1811C.ocx in IDrive Online Backup 3.4.0 allows remote attackers to write to arbitrary files via a pathname in the first argument. 2014-12-31 6.4 CVE-2011-5290
MISC
jce-tech — video_niche_script Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE-Tech PHP Video Script (aka Video Niche Script) 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) video or (2) title parameter. 2014-12-31 4.3 CVE-2014-8752
BID
MISC
FULLDISC
kofax — kofax_e-transactions_sender_sendbox The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kofax e-Transactions Sender Sendbox 2.5.0.933 allows remote attackers to write to arbitrary files via a pathname in the first argument. 2015-01-01 6.4 CVE-2011-5294
MISC
kubelabs — phpdug Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the story_url parameter to add_story.php, (2) the email parameter to editprofile.php, (3) the title parameter to adm/content_add.php, or (4) the username parameter to adm/admin_edit.php. 2015-01-01 4.3 CVE-2011-5301
MISC
kubelabs — phpdug Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote attackers to hijack the authentication of administrators for requests that modify credentials. 2015-01-01 6.8 CVE-2011-5302
MISC
libssh — libssh Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. 2014-12-28 5.0 CVE-2014-8132
CONFIRM
nginx — nginx The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a “plaintext command injection” attack, a similar issue to CVE-2011-0411. 2014-12-29 4.3 CVE-2014-3556
CONFIRM
CONFIRM
open-xchange — open-xchange_appsuite The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315. 2014-12-27 4.0 CVE-2013-6241
CONFIRM
BUGTRAQ
photosmash_project — photosmash Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. 2015-01-01 4.3 CVE-2011-5307
MISC
phpthumb_project — phpthumb The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter. 2014-12-27 4.3 CVE-2013-6919
CONFIRM
MISC
pictobrowser_project — pictobrowser Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (pictobrowser-gallery) plugin 0.3.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the pictoBrowserFlickrUser parameter in the options-page.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9392
MISC
plogger — plogger Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions. 2014-12-29 5.0 CVE-2014-2224
MISC
pommo — pommo-ardvark Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter to admin/setup/config/general.php, (3) the group_name parameter to admin/subscribers/subscribers_groups.php, or (4) the field_name parameter to admin/setup/setup_fields.php. 2015-01-01 4.3 CVE-2011-5299
MISC
pommo — pommo-ardvark Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin_ parameters. 2015-01-01 6.8 CVE-2011-5300
MISC
post_to_twitter_project — post_to_twitter Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) idptt_twitter_username or (2) idptt_tweet_prefix parameter to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9393
MISC
pwgrandom_project — pwgrandom Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrandom_title or (2) pwgrandom_category parameter in the pwgrandom page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9394
MISC
redaxscript — redaxscript templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. 2015-01-01 5.0 CVE-2011-5314
MISC
s9y — serendipity Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php. 2014-12-31 4.3 CVE-2014-9432
CONFIRM
BUGTRAQ
MISC
FULLDISC
sensiolabs — symfony The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750. 2014-12-27 5.0 CVE-2013-5958
simpleflickr_project — simpleflickr Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simpleflickr_width, (2) simpleflickr_bgcolor, or (3) simpleflickr_xmldatapath parameter in the simpleFlickr.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9396
MISC
simplelife_project — simplelife Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9395
MISC
smoothwall — smoothwall Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action. 2014-12-31 4.3 CVE-2011-5283
EXPLOIT-DB
MISC
OSVDB
smoothwall — smoothwall Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi. 2014-12-31 6.8 CVE-2011-5284
EXPLOIT-DB
MISC
OSVDB
smoothwall — smoothwall Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi. 2014-12-31 4.3 CVE-2014-9429
MISC
smoothwall — smoothwall Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action. 2014-12-31 4.3 CVE-2014-9430
MISC
smoothwall — smoothwall Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi. 2014-12-31 6.8 CVE-2014-9431
MISC
sodahead — sodahead_polls Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) the poll_id parameter to customizer.php or (2) the customize parameter to poll.php. 2015-01-01 4.3 CVE-2011-5304
MISC
MISC
softaculous — webuzo The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests. 2014-12-27 5.0 CVE-2013-6043
MISC
CONFIRM
syndeocms — syndeocms Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action. 2014-12-27 6.8 CVE-2012-1203
EXPLOIT-DB
tribal — tribiq_cms The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3) cmsincludes/cms_plugin_api_link.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. 2014-12-29 4.3 CVE-2011-2727
MISC
ttfreeware — tigertoms_chat_room Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter to default.php or (2) the username parameter to chat_form.php. 2015-01-01 4.3 CVE-2011-5297
MISC
tuttophp — happy_chat Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. 2015-01-01 4.3 CVE-2011-5296
MISC
tweetscribe_project — tweetscribe Cross-site request forgery (CSRF) vulnerability in the TweetScribe plugin 1.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the tweetscribe_username parameter in a save action in the tweetscribe.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9399
MISC
twiki — twiki Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences. 2014-12-31 4.3 CVE-2014-9325
SECTRACK
FULLDISC
MISC
twiki — twiki Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a “‘” (single quote) in the scope parameter to do/view/TWiki/WebSearch. 2014-12-31 4.3 CVE-2014-9367
SECTRACK
FULLDISC
MISC
twimp-wp_project — twimp-wp Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the message_format parameter in the twimp-wp.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9397
MISC
twitter_liveblog_project — twitter_liveblog Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the mashtlb_twitter_username parameter in the twitter-liveblog.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9398
MISC
videolan — vlc_media_player The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document. 2014-12-26 5.0 CVE-2010-1443
MLIST
CONFIRM
videowhisper — videowhisper_live_streaming_integration The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. 2014-12-29 5.0 CVE-2014-1908
MISC
viralheat — argyle_social Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that (1) modify credentials via the role parameter to users/create/, (2) modify rules via the terms field in stream_filter_rule JSON data to settings-ajax/stream_filter_rules/create, or (3) modify efforts via the title field in effort JSON data to publish-ajax/efforts/create. 2015-01-01 6.8 CVE-2011-5298
MISC
whcms_project — whcms Cross-site request forgery (CSRF) vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action. 2015-01-01 6.8 CVE-2011-5315
MISC
wondercms — wondercms Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter. 2015-01-01 4.3 CVE-2011-5317
MISC
wp_limit_posts_automatically_project — wp_limit_posts_automatically Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the lpa_post_letters parameter in the wp-limit-posts-automatically.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9401
MISC
wp_unique_article_header_image_project — wp_unique_article_header_image Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp Unique Article Header Image plugin 1.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) gt_default_header or (2) gt_homepage_header parameter in the wp-unique-header.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9400
MISC
zaunz_gmbh — cosmoshop Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via (1) the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, (2) the typ parameter to cgi-bin/admin/artikeladmin.cgi, or (3) the suchbegriff parameter to cgi-bin/admin/shophilfe_suche.cgi. 2015-01-01 4.3 CVE-2011-5305
MISC
zaunz_gmbh — cosmoshop Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action. 2015-01-01 6.8 CVE-2011-5306
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
avast! — avast!_internet_security Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \.aswFW. 2014-12-27 2.1 CVE-2010-5075
MISC
MISC
MISC
BID
claroline — claroline Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the “First name” field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php. 2014-12-26 3.5 CVE-2013-4753
MISC
contenido — contendio Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter. 2014-12-31 2.6 CVE-2014-9433
BUGTRAQ
MISC
SECUNIA
FULLDISC
ibm — rational_appscan_source IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. 2014-12-28 2.1 CVE-2014-6123
XF
ibm — websphere_service_registry_and_repository IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. 2014-12-28 2.1 CVE-2014-6160
XF
AIXAPAR
owl — intranet_knowledgebase Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php. 2014-12-26 3.5 CVE-2013-4754
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

SB14-363: Vulnerability Summary for the Week of December 22, 2014

Original release date: December 29, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — meraki_mr_firmware Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device’s case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077. 2014-12-23 7.2 CVE-2014-7995
CONFIRM
cisco — meraki_mr_firmware Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565. 2014-12-23 7.7 CVE-2014-7999
CONFIRM
ibm — security_appscan IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive. 2014-12-22 9.3 CVE-2014-6119
XF
innominate — mguard_firmware Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting. 2014-12-19 9.0 CVE-2014-9193
linux — linux_kernel drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application. 2014-12-24 7.2 CVE-2014-4322
ntp — ntp Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. 2014-12-19 7.5 CVE-2014-9295
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php — php Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019. 2014-12-20 7.5 CVE-2014-8142
CONFIRM
CONFIRM
piwigo — piwigo SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit. 2014-12-23 7.5 CVE-2014-9115
FULLDISC
CONFIRM
symantec — deployment_solution Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. 2014-12-22 7.2 CVE-2014-7286
BID
yokogawa — centum_cs_3000 BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784. 2014-12-22 7.5 CVE-2014-5208
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
c-icap_project — c-icap The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a ” ” or “?” character in an ICAP request, as demonstrated by use of the OPTIONS method. 2014-12-19 5.0 CVE-2013-7401
OSVDB
CONFIRM
GENTOO
MISC
MLIST
cisco — adaptive_security_appliance_software The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860. 2014-12-19 4.3 CVE-2014-3410
cisco — meraki_mr_firmware Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991. 2014-12-23 5.4 CVE-2014-7994
CONFIRM
cisco — prime_infrastructure Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019. 2014-12-19 4.0 CVE-2014-8007
cisco — identity_services_engine_software The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor’s guest account via a modified HTTP request, aka Bug ID CSCur64400. 2014-12-22 4.0 CVE-2014-8015
cisco — identity_services_engine_software The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673. 2014-12-22 5.0 CVE-2014-8017
cisco — unified_communications_domain_manager Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661. 2014-12-22 4.3 CVE-2014-8018
cisco — enterprise_content_delivery_system Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148. 2014-12-19 5.0 CVE-2014-8019
cisco — jabber_guest The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789. 2014-12-22 4.3 CVE-2014-8024
cisco — jabber_guest The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801. 2014-12-22 4.3 CVE-2014-8025
cisco — jabber_guest Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074. 2014-12-22 4.3 CVE-2014-8026
dandyid_services_project — dandyid_services Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) email_address or (2) sidebarTitle parameter in the dandyid-services.php page to wp-admin/options-general.php. 2014-12-19 6.8 CVE-2014-9335
MISC
huawei — p7-l10_firmware The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted package. 2014-12-19 4.3 CVE-2014-9135
XF
ibm — security_appscan IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument. 2014-12-22 5.5 CVE-2014-6122
XF
ibm — security_appscan IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors. 2014-12-22 4.3 CVE-2014-6135
XF
ibm — websphere_service_registry_and_repository The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. 2014-12-24 4.3 CVE-2014-6153
XF
AIXAPAR
ibm — websphere_service_registry_and_repository Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors. 2014-12-24 4.0 CVE-2014-6155
XF
AIXAPAR
ibm — websphere_service_registry_and_repository IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. 2014-12-24 4.0 CVE-2014-6177
XF
AIXAPAR
ibm — websphere_service_registry_and_repository Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-24 4.3 CVE-2014-6179
XF
AIXAPAR
ibm — websphere_service_registry_and_repository IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors. 2014-12-24 4.0 CVE-2014-6181
XF
AIXAPAR
ibm — websphere_service_registry_and_repository IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph. 2014-12-24 4.0 CVE-2014-6186
XF
AIXAPAR
ibm — websphere_service_registry_and_repository Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. 2014-12-24 6.0 CVE-2014-6187
XF
AIXAPAR
ibm — infosphere_master_data_management_collaborative_server The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management – Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator’s credentials and consequently gain privileges via unspecified vectors. 2014-12-22 4.0 CVE-2014-8896
XF
itwitter_project — itwitter Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) itex_t_twitter_username or (2) itex_t_twitter_userpass parameter in the iTwitter.php page to wp-admin/options-general.php. 2014-12-19 6.8 CVE-2014-9336
FULLDISC
MISC
jayde_online — spnbabble Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNbabble plugin 1.4.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the spnbabble.php page to wp-admin/options-general.php. 2014-12-19 6.8 CVE-2014-9339
MISC
mikiurl_wordpress_eklentisi_project — mikiurl_wordpress_eklentisi Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl WordPress Eklentisi plugin 2.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) twitter_kullanici or (2) twitter_sifre parameter in a kaydet action in the mikiurl.php page to wp-admin/options-general.php. 2014-12-19 6.8 CVE-2014-9337
MISC
modx — modx_revolution Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter. 2014-12-22 4.3 CVE-2014-8992
MISC
morfy_cms_project — morfy_cms Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter. 2014-12-19 6.5 CVE-2014-9185
MISC
MISC
BUGTRAQ
FULLDISC
MISC
netiq — access_manager nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2014-12-23 4.0 CVE-2014-5214
MISC
FULLDISC
MISC
netiq — access_manager NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp. 2014-12-23 4.0 CVE-2014-5215
MISC
FULLDISC
MISC
netiq — access_manager Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412. 2014-12-23 4.3 CVE-2014-5216
MISC
FULLDISC
MISC
netiq — access_manager Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action. 2014-12-23 6.8 CVE-2014-5217
MISC
FULLDISC
MISC
netiq — access_manager Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216. 2014-12-23 4.3 CVE-2014-9412
MISC
FULLDISC
MISC
novell — edirectory Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. 2014-12-19 4.3 CVE-2014-5212
MISC
CONFIRM
BUGTRAQ
novell — edirectory nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. 2014-12-19 4.0 CVE-2014-5213
MISC
CONFIRM
BUGTRAQ
ntp — ntp The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. 2014-12-19 5.0 CVE-2014-9293
CONFIRM
CONFIRM
CONFIRM
ntp — ntp util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. 2014-12-19 5.0 CVE-2014-9294
CONFIRM
CONFIRM
CONFIRM
ntp — ntp The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. 2014-12-19 5.0 CVE-2014-9296
CONFIRM
CONFIRM
CONFIRM
o2tweet_project — o2tweet Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) o2t_username or (2) o2t_tags parameter to wp-admin/options-general.php. 2014-12-19 6.8 CVE-2014-9338
MISC
openssl — openssl The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix. 2014-12-24 5.0 CVE-2014-3569
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
otrs — otrs_help_desk The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors. 2014-12-19 6.0 CVE-2014-9324
SECUNIA
puppetlabs — puppet Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint. 2014-12-19 4.0 CVE-2014-9355
SECUNIA
twitterdash_project — twitterdash Cross-site request forgery (CSRF) vulnerability in the twitterDash plugin 2.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the username_twitterDash parameter in the twitterDash.php page to wp-admin/options-general.php. 2014-12-19 6.8 CVE-2014-9368
MISC
wpcommenttwit_project — wpcommenttwit Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the wpCommentTwit.php page to wp-admin/options-general.php. 2014-12-19 6.8 CVE-2014-9340
MISC
yurl_retwitt_project — yurl_retwitt Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) yurl_login or (2) yurl_anchor parameter in the yurl page to wp-admin/options-general.php. 2014-12-19 6.8 CVE-2014-9341
MISC
znc — znc The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a “use-after-delete” error. 2014-12-19 4.0 CVE-2014-9403
CONFIRM
BID
MLIST
SECUNIA

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — meraki_mr_firmware Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012. 2014-12-23 3.3 CVE-2014-7993
CONFIRM
ibm — security_appscan Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-22 3.5 CVE-2014-6121
XF
ibm — websphere_service_registry_and_repository Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2014-12-24 3.5 CVE-2014-6132
XF
CONFIRM
AIXAPAR
ibm — websphere_service_registry_and_repository Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2014-12-24 3.5 CVE-2014-6178
XF
AIXAPAR
ibm — websphere_service_registry_and_repository Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header. 2014-12-24 3.5 CVE-2014-6180
XF
AIXAPAR
ibm — websphere_service_registry_and_repository Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2014-12-24 3.5 CVE-2014-6188
XF
AIXAPAR
ibm — infosphere_master_data_management_collaborative_server Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management – Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-22 3.5 CVE-2014-8897
XF
ibm — infosphere_master_data_management_collaborative_server Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management – Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-22 3.5 CVE-2014-8898
XF
ibm — infosphere_master_data_management_collaborative_server Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management – Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-22 3.5 CVE-2014-8899
CONFIRM
redhat — libvirt The storageVolUpload function in storage/storage_driver.c in libvirt does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a “virsh vol-upload” command. 2014-12-19 2.1 CVE-2014-8135
CONFIRM
SECUNIA
redhat — libvirt The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. 2014-12-19 2.1 CVE-2014-8136
SECUNIA

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for OS X

Original release date: December 23, 2014

Apple has released security updates for OS X Mountain Lion, Mavericks, and Yosemite to address multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to take control of a vulnerable system.

US-CERT encourages users and administrators to review Apple Security Update HT6601 and Vulnerability Note VU#852879 for additional information, and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB14-356: Vulnerability Summary for the Week of December 15, 2014

Original release date: December 22, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alliedtelesis — ar440s Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request. 2014-12-19 10.0 CVE-2014-7249
arris — touchstone_tg862g/ct_firmware ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php. 2014-12-18 10.0 CVE-2014-9406
FULLDISC
docker — docker Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. 2014-12-12 7.5 CVE-2014-6407
MLIST
SECUNIA
SECUNIA
SUSE
FEDORA
docker — docker Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. 2014-12-16 10.0 CVE-2014-9357
CONFIRM
BUGTRAQ
emc — documentum_content_server EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object’s owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515. 2014-12-16 9.0 CVE-2014-4626
MISC
ettercap_project — ettercap Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password. 2014-12-19 7.5 CVE-2014-6395
MISC
CONFIRM
BUGTRAQ
ettercap_project — ettercap The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location. 2014-12-19 7.5 CVE-2014-6396
MISC
CONFIRM
BUGTRAQ
ettercap_project — ettercap Integer underflow in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c. 2014-12-19 7.5 CVE-2014-9376
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
ettercap_project — ettercap Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet. 2014-12-19 7.5 CVE-2014-9377
MISC
CONFIRM
BUGTRAQ
ettercap_project — ettercap Ettercap 8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c. 2014-12-19 7.5 CVE-2014-9378
MISC
CONFIRM
CONFIRM
BUGTRAQ
ettercap_project — ettercap The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow. 2014-12-19 7.5 CVE-2014-9379
MISC
CONFIRM
BUGTRAQ
google — android luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. 2014-12-15 7.2 CVE-2014-7911
FULLDISC
google — android Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135. 2014-12-15 7.5 CVE-2014-8507
MISC
FULLDISC
MISC
google — android The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824. 2014-12-15 7.2 CVE-2014-8609
MISC
FULLDISC
MISC
gparted — gparted GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. 2014-12-19 7.2 CVE-2014-7208
FULLDISC
honeywell — opos_suite Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method. 2014-12-12 7.5 CVE-2014-8269
MISC
MISC
k7computing — k7firewall_packet_driver Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka K7Firewall Packet Driver) before 14.0.1.16, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via a crafted parameter in a DeviceIoControl API call. 2014-12-12 7.2 CVE-2014-7136
MISC
FULLDISC
MISC
k7computing — k7av_sentry_device_driver Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors. 2014-12-12 7.2 CVE-2014-8956
MISC
FULLDISC
MISC
libvncserver — libvncserver The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. 2014-12-15 7.5 CVE-2014-6052
MISC
CONFIRM
MLIST
SECUNIA
SECUNIA
MLIST
linux — linux_kernel arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. 2014-12-17 7.2 CVE-2014-9322
CONFIRM
CONFIRM
MLIST
CONFIRM
malwarebytes — malwarebytes_anti-exploit The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable. 2014-12-16 9.3 CVE-2014-4936
MISC
manageengine — desktop_central The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. 2014-12-16 10.0 CVE-2014-9371
MISC
manageengine — netflow_analyzer Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename. 2014-12-16 10.0 CVE-2014-9373
MISC
mozilla — network_security_services The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function’s improper handling of an arbitrary-length encoding of 0x00. 2014-12-15 7.5 CVE-2014-1569
MISC
MISC
CONFIRM
MISC
qemu — qemu The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. 2014-12-12 7.5 CVE-2014-7840
CONFIRM
XF
MLIST
rpm — rpm Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. 2014-12-16 7.5 CVE-2013-6435
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
rpm — rpm Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. 2014-12-16 10.0 CVE-2014-8118
REDHAT
safenet-inc — safenet_authentication_service_outlook_web_access_agent Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa. 2014-12-16 7.8 CVE-2014-5359
MISC
sap — businessobjects SAP BussinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. 2014-12-17 10.0 CVE-2014-9387
BUGTRAQ
MISC
FULLDISC
sixapart — movabletype SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-12-16 7.5 CVE-2014-9057
SECUNIA
zenoss — zenoss_core Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386. 2014-12-15 7.5 CVE-2014-6256
CERT-VN
CONFIRM
zenoss — zenoss_core Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657. 2014-12-15 9.3 CVE-2014-6261
zenoss — zenoss_core The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. 2014-12-15 7.5 CVE-2014-9249
zoneo-soft — phptraffica SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header. 2014-12-16 7.5 CVE-2014-8340
BUGTRAQ
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. 2014-12-18 5.0 CVE-2014-3580
SECUNIA
apache — http_server The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. 2014-12-15 5.0 CVE-2014-3583
CONFIRM
apache — subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. 2014-12-18 5.0 CVE-2014-8108
SECUNIA
arris — touchstone_tg862g/ct_firmware Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. 2014-12-17 6.8 CVE-2014-5437
FULLDISC
FULLDISC
bittorrent — bittorrent The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. 2014-12-12 6.8 CVE-2014-8515
MISC
c-icap_project — c-icap Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request. 2014-12-17 5.0 CVE-2013-7402
DEBIAN
CONFIRM
SECUNIA
SECUNIA
MLIST
ca — release_automation Cross-site request forgery (CSRF) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2014-12-16 6.8 CVE-2014-8246
BUGTRAQ
SECTRACK
FULLDISC
ca — release_automation Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-16 4.3 CVE-2014-8247
BUGTRAQ
SECTRACK
FULLDISC
ca — release_automation SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query. 2014-12-16 6.5 CVE-2014-8248
BUGTRAQ
SECTRACK
FULLDISC
cisco — prime_security_manager Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661. 2014-12-12 4.3 CVE-2014-3364
cisco — isb8320-e_high-definition_ip-only_dvr The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422. 2014-12-16 4.3 CVE-2014-8006
cisco — adaptive_security_appliance_software Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695. 2014-12-18 4.3 CVE-2014-8012
cisco — ios_xr Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. 2014-12-18 5.0 CVE-2014-8014
cisco — ironport_email_security_appliances The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864. 2014-12-18 5.0 CVE-2014-8016
dell — idrac6_modular The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. 2014-12-19 5.0 CVE-2014-8272
digium — asterisk Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame. 2014-12-12 5.0 CVE-2014-9374
SECTRACK
BID
BUGTRAQ
SECUNIA
FULLDISC
MISC
docker — docker Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. 2014-12-12 5.0 CVE-2014-6408
MLIST
SECUNIA
SECUNIA
SUSE
FEDORA
docker — docker Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) “docker load” operation or (2) “registry communications.” 2014-12-16 6.4 CVE-2014-9358
CONFIRM
BUGTRAQ
dokuwiki — dokuwiki The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php. 2014-12-17 4.3 CVE-2014-9253
CONFIRM
CONFIRM
XF
SECTRACK
BID
MISC
MLIST
ekahau — activator Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts. 2014-12-19 4.3 CVE-2014-2716
BID
BUGTRAQ
MISC
MISC
ekahau — activator Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 uses part of the MAC address as part of the RC4 setup key, which makes it easier for remote attackers to guess the key via a brute-force attack. 2014-12-19 5.0 CVE-2014-9408
BID
BUGTRAQ
MISC
MISC
emc — rsa_authentication_manager Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2014-12-12 5.8 CVE-2014-2516
BUGTRAQ
emc — isilon_insightiq Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-12 4.3 CVE-2014-4628
BUGTRAQ
emc — rsa_archer_egrc Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-12 4.3 CVE-2014-4633
BUGTRAQ
ettercap_project — ettercap The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature. 2014-12-19 5.0 CVE-2014-9380
MISC
CONFIRM
BUGTRAQ
ettercap_project — ettercap Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation. 2014-12-19 5.0 CVE-2014-9381
MISC
CONFIRM
BUGTRAQ
file_project — file The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. 2014-12-17 5.0 CVE-2014-8116
CONFIRM
CONFIRM
CONFIRM
SECTRACK
MLIST
file_project — file softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. 2014-12-17 5.0 CVE-2014-8117
CONFIRM
CONFIRM
SECTRACK
MLIST
firebirdsql — firebird The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. 2014-12-16 5.0 CVE-2014-9323
SUSE
glpi-project — glpi SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. 2014-12-19 6.5 CVE-2014-9258
EXPLOIT-DB
MISC
SECUNIA
OSVDB
goywp — webpress Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) name, (3) address, or (4) comment parameter to forms.php. 2014-12-16 4.3 CVE-2014-8751
FULLDISC
MISC
hp — tcp_ip_services_openvms Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors. 2014-12-17 5.0 CVE-2014-7880
ibm — business_process_manager The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit. 2014-12-16 6.5 CVE-2014-4844
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site. 2014-12-18 4.3 CVE-2014-6076
XF
ibm — security_access_manager_for_mobile Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2014-12-18 6.8 CVE-2014-6077
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack. 2014-12-18 5.0 CVE-2014-6078
XF
ibm — security_access_manager_for_mobile SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2014-12-18 6.5 CVE-2014-6080
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (administration UI outage) via unspecified vectors. 2014-12-18 4.0 CVE-2014-6082
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. 2014-12-18 5.0 CVE-2014-6083
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak SSL cipher. 2014-12-18 5.0 CVE-2014-6084
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session. 2014-12-18 5.0 CVE-2014-6086
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak algorithm in an SSL cipher suite. 2014-12-18 5.0 CVE-2014-6087
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher. 2014-12-18 5.0 CVE-2014-6088
XF
ibm — security_access_manager_for_mobile IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area. 2014-12-18 4.0 CVE-2014-6089
XF
CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL. 2014-12-18 5.0 CVE-2014-6164
XF
ibm — websphere_application_server The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4, and Feature Pack for CEA 1.x before 1.0.0.15, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2014-12-18 4.3 CVE-2014-6166
XF
ibm — websphere_application_server Cross-site scripting (XSS) vulnerability in the URL rewriting feature in IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2014-12-18 4.3 CVE-2014-6167
XF
ibm — websphere_portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2014-12-18 4.3 CVE-2014-6171
XF
ibm — websphere_application_server IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site. 2014-12-18 4.3 CVE-2014-6174
XF
ibm — business_process_manager IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher. 2014-12-16 4.3 CVE-2014-6176
XF
ibm — business_process_manager Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. 2014-12-16 4.0 CVE-2014-6182
XF
ibm — websphere_portal IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack. 2014-12-18 4.9 CVE-2014-6193
XF
AIXAPAR
ibm — db2 IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement. 2014-12-12 4.0 CVE-2014-6209
XF
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — db2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements. 2014-12-12 4.0 CVE-2014-6210
XF
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
ibm — websphere_application_server IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet’s deployment descriptor security constraints and ServletSecurity annotations. 2014-12-18 5.1 CVE-2014-8890
XF
ibm — db2 IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query. 2014-12-18 4.0 CVE-2014-8901
XF
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — websphere_portal Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2014-12-18 4.3 CVE-2014-8902
XF
AIXAPAR
k7computing — k7av_sentry_device_driver The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer dereference) as demonstrated by a filename containing “crashme{1}quot;. 2014-12-12 4.9 CVE-2014-8608
MISC
BID
FULLDISC
MISC
libvncserver — libvncserver The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. 2014-12-15 5.0 CVE-2014-6053
MLIST
UBUNTU
SECUNIA
SECUNIA
MLIST
manageengine — password_manager_pro Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename. 2014-12-16 6.4 CVE-2014-9372
MISC
mantisbt — mantisbt The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request. 2014-12-17 5.0 CVE-2014-8553
CONFIRM
CONFIRM
CONFIRM
XF
MLIST
mantisbt — mantisbt bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. 2014-12-17 5.0 CVE-2014-9388
CONFIRM
MLIST
microsoft — internet_explorer Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference counting. 2014-12-15 6.8 CVE-2014-8967
MISC
modwsgi — mod_wsgi mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. 2014-12-16 6.9 CVE-2014-8583
CONFIRM
UBUNTU
MLIST
MLIST
SUSE
novell — edirectory Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter. 2014-12-19 4.3 CVE-2014-5212
CONFIRM
BUGTRAQ
novell — edirectory nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. 2014-12-19 4.0 CVE-2014-5213
CONFIRM
BUGTRAQ
openstack — horizon OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. 2014-12-12 4.3 CVE-2014-8124
SECUNIA
pcre — perl-compatible_regular_expression_library Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. 2014-12-16 5.0 CVE-2014-8964
CONFIRM
MLIST
FEDORA
pingidentity — pingfederate Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter. 2014-12-12 6.4 CVE-2014-8489
MISC
FULLDISC
MISC
pwgen_project — pwgen Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. 2014-12-19 5.0 CVE-2013-4440
MLIST
MLIST
FEDORA
FEDORA
FEDORA
pwgen_project — pwgen Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. 2014-12-19 5.0 CVE-2013-4442
MISC
MLIST
MLIST
FEDORA
FEDORA
FEDORA
redhat — libvirt The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection. 2014-12-12 4.3 CVE-2013-4399
BID
GENTOO
SECUNIA
revive-adserver — revive_adserver Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php. 2014-12-19 4.3 CVE-2014-8793
MISC
CONFIRM
BID
BUGTRAQ
BUGTRAQ
MISC
MISC
revive-adserver — revive_adserver The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack. 2014-12-19 5.0 CVE-2014-8875
BID
BUGTRAQ
MISC
revive-adserver — revive_adserver Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/. 2014-12-19 6.8 CVE-2014-9407
ricksoft — wbs_gantt-chart Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267. 2014-12-19 4.3 CVE-2014-7268
splunk — splunk Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-16 4.3 CVE-2014-5466
symantec — web_gateway The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts. 2014-12-17 6.5 CVE-2014-7285
BID
thermostat_project — thermostat The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors. 2014-12-18 4.4 CVE-2014-8120
REDHAT
tsutaya — tsutaya The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document. 2014-12-19 6.8 CVE-2014-7241
CONFIRM
unitedplanet — intrexx_professional Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter. 2014-12-19 4.3 CVE-2014-2026
BID
BUGTRAQ
MISC
MISC
w3edge — total_cache Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the “Cache key” in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI. 2014-12-19 4.3 CVE-2014-8724
MISC
BUGTRAQ
MISC
zenoss — zenoss_core Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653. 2014-12-15 6.8 CVE-2014-6253
CONFIRM
zenoss — zenoss_core Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410. 2014-12-15 4.3 CVE-2014-6254
zenoss — zenoss_core Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998. 2014-12-15 6.4 CVE-2014-6255
zenoss — zenoss_core Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407. 2014-12-15 5.0 CVE-2014-6257
zenoss — zenoss_core An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411. 2014-12-15 5.0 CVE-2014-6258
zenoss — zenoss_core Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to CVE-2003-1564. 2014-12-15 5.0 CVE-2014-6259
zenoss — zenoss_core Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412. 2014-12-15 6.8 CVE-2014-6260
zenoss — zenoss_core Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382. 2014-12-15 5.0 CVE-2014-9245
zenoss — zenoss_core Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389. 2014-12-15 4.0 CVE-2014-9247
zenoss — zenoss_core Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406. 2014-12-15 5.0 CVE-2014-9248
zenoss — zenoss_core Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418. 2014-12-15 5.0 CVE-2014-9250
zenoss — zenoss_core Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413. 2014-12-15 5.0 CVE-2014-9251
zenoss — zenoss_core Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388. 2014-12-15 6.8 CVE-2014-9385
CONFIRM
zenoss — zenoss_core Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691. 2014-12-15 6.8 CVE-2014-9386

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arris — touchstone_tg862g/ct_firmware Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php. 2014-12-17 3.5 CVE-2014-5438
FULLDISC
google — android AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795. 2014-12-15 3.3 CVE-2014-8610
MISC
MISC
FULLDISC
FULLDISC
MISC
ibm — rational_quality_manager Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-18 3.5 CVE-2014-4801
XF
ibm — cognos_business_intelligence Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-12 3.5 CVE-2014-6145
XF
ibm — business_process_manager Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-18 3.5 CVE-2014-6173
XF
juniper — mobile_system_software Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9.0.x before 9.0.2.11, 9.0.3.x before 9.0.3.5, and 9.1.x before 9.1.1, when “Proxy ARP” or “No Broadcast” features are enabled in a clustered setup, allows remote attackers to cause a denial of service (device disconnect) via unspecified vectors. 2014-12-12 2.9 CVE-2014-6381
SECTRACK
BID
linux — linux_kernel arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value. 2014-12-17 2.1 CVE-2014-8133
CONFIRM
CONFIRM
MLIST
CONFIRM
linux — linux_kernel The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. 2014-12-12 2.1 CVE-2014-8134
CONFIRM
mit — kerberos The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. 2014-12-16 3.5 CVE-2014-5353
mit — kerberos plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin “add_principal -nokey” or “purgekeys -all” command. 2014-12-16 3.5 CVE-2014-5354
CONFIRM
puppetlabs — puppet_server Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service. 2014-12-17 1.9 CVE-2014-7170
ricksoft — wbs_gantt-chart Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268. 2014-12-19 3.5 CVE-2014-7267
zenoss — zenoss_core Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416. 2014-12-15 2.1 CVE-2014-9252

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

"Misfortune Cookie" Broadband Router Vulnerability

Original release date: December 20, 2014

Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device.

Users and administrators are encouraged to review Vulnerability Note VU#561444, the Allegro Press Release, and Check Point’s Security Advisory for additional information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

FTC Releases "Package Delivery" Themed Scam Alert

Original release date: December 19, 2014

The Federal Trade Commission (FTC) has released a Scam Alert addressing a “Package Delivery” themed phishing campaign regarding package delivery notifications from the U.S. Postal Service.  Scam operators often use false information linked to reputable organizations to imply the email is legitimate.

Users are encouraged to review the FTC Scam Alert for details, and refer to the Recognizing and Avoiding Email Scams Publication for information on email scams.


This product is provided subject to this Notification and this Privacy & Use policy.

TA14-353A: Targeted Destructive Malware

Original release date: December 19, 2014

Systems Affected

Microsoft Windows

Overview

US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities recently targeting a major entertainment company. This SMB Worm Tool is equipped with a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool.

SMB Worm Tool: This worm uses a brute force authentication attack to propagate via Windows SMB shares. It connects home every five minutes to send log data back to command and control (C2) infrastructure if it has successfully spread to other Windows hosts via SMB port 445. The tool also accepts new scan tasking when it connects to C2. There are two main threads: the first thread calls home and sends back logs (a list of successful SMB exploitations), and the second thread attempts to guess passwords for SMB connections. If the password is correctly guessed, a file share is established and file is copied and run on the newly-infected host.

Listening Implant: During installation of this tool, a portion of the binaries is decrypted using AES, with a key derived from the phrase “National Football League.” Additionally, this implant listens for connections on TCP port 195 (for “sensvc.exe” and “msensvc.exe”) and TCP port 444 (for “netcfg.dll”). Each message sent to and from this implant is preceded with its length, then XOR encoded with the byte 0x1F. Upon initial connection, the victim sends the string, “HTTP/1.1 GET /dns?x00.” The controller then responds with the string “200 www.yahoo.com!x00” (for “sensvc.exe” and “msensvc.exe”) or with the string “RESPONSE 200 OK!!” (for “netcfg.dll”). The controller sends the byte “!” (0x21) to end the network connection. This special message is not preceded with a length or XOR encoded.

Lightweight Backdoor: This is a backdoor listener that is designed as a service DLL. It includes functionality such as file transfer, system survey, process manipulation, file time matching and proxy capability. The listener can also perform arbitrary code execution and execute commands on the command line. This tool includes functionality to open ports in a victim host’s firewall and take advantage of universal Plug and Play (UPNP) mechanisms to discover routers and gateway devices, and add port mappings, allowing inbound connections to victim hosts on Network Address Translated (NAT) private networks. There are no callback domains associated with this malware since connections are inbound only on a specified port number.

Proxy Tool: Implants in this malware family are typically loaded via a dropper installed as a service, then configured to listen on TCP port 443. The implant may have an associated configuration file which can contain a configurable port. This proxy tool has basic backdoor functionality, including the ability to fingerprint the victim machine, run remote commands, perform directory listings, perform process listings, and transfer files.

Destructive Hard Drive Tool: This tool is a tailored hard-drive wiping tool that is intended to destroy data past the point of recovery and to complicate the victim machine’s recovery. If the CNE operator has administrator-level privileges on the host, the program will over-write portions of up-to the first four physical drives attached, and over-write the master boot record (MBR) with a program designed to cause further damage if the hard drive is re-booted. This further results in the victim machine being non-operational with irrecoverable data (There is a caveat for machines installed with the windows 7 operating system: windows 7 machines will continue to operate in a degraded state with the targeted files destroyed until after reboot, in which the infected MBR then wipes the drive.) If the actor has user-level access, the result includes specific files being deleted and practically irrecoverable, but the victim machine would remain usable.

Destructive Target Cleaning Tool: This tool renders victim machines inoperable by overwriting the Master Boot Record. The tool is dropped and installed by another executable and consists of three parts: an executable and a dll which contain the destructive components, and an encoded command file that contains the actual destruction commands to be executed.

Network Propagation Wiper: The malware has the ability to propagate throughout the target network via built-in Windows shares. Based on the username/password provided in the configuration file and the hostname/IP address of target systems, the malware will access remote network shares in order to upload a copy of the wiper and begin the wiping process on these remote systems. The malware uses several methods to access shares on the remote systems to begin wiping files. Checking for existing shares via “\hostnameadmin$system32” and “\hostnameshared$system32” or create a new share “cmd.exe /q /c net share shared$=%SystemRoot% /GRANT:everyone, FULL”. Once successful, the malware uploads a copy of the wiper file “taskhostXX.exe”, changes the file-time to match that of the built-in file “calc.exe”, and starts the remote process. The remote process is started via the command “cmd.exe /c wmic.exe /node:hostname /user:username /password:pass PROCESS CALL CREATE”. Hostname, username, and password are then obtained from the configuration file. Afterwards, the remote network share is removed via “cmd.exe /q /c net share shared$ /delete”. Once the wiper has been uploaded, the malware reports its status back to one of the four C2 IP addresses.

Technical and strategic mitigation recommendations are included in the Solution section below.

US-CERT recommends reviewing the Security Tip Handling Destructive Malware #ST13-003.

Description

Cyber threat actors are using an SMB worm to conduct cyber exploitation activities.  This tool contains five components – a listening implant, lightweight backdoor, proxy tool, destructive hard drive tool, and destructive target cleaning tool.

The SMB worm propagates throughout an infected network via brute-force authentication attacks, and connects to a C2 infrastructure.

Impact

Due to the highly destructive functionality of this malware, an organization infected could experience operational impacts including loss of intellectual property and disruption of critical systems.

Solution

Users and administrators are recommended to take the following preventive measures to protect their computer networks:

  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
  • Keep your operating system and application software up-to-date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
  • Review Security Tip Handling Destructive Malware #ST13-003 and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.
  • Review Recommended Practices for Control Systems, and Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies (pdf).

The following is a list of the Indicators of Compromise (IOCs) that can be added to network security solutions to determine whether they are present on a network.

MD5s:

SMB worm tool:

MD5: f6f48551d7723d87daeef2e840ae008f

Characterization: File Hash Watchlist

Notes: “SMB worm tool”

         Earliest PE compile Time: 20141001T072107Z

         Most Recent PE compile Time: 20141001T072107Z

 

MD5: 194ae075bf53aa4c83e175d4fa1b9d89

Characterization: File Hash Watchlist

Notes: “SMB worm tool”

         Earliest PE compile Time: 20141001T120954Z

         Most Recent PE compile Time: 20141001T142138Z

 

Lightweight backdoor:

MD5: f57e6156907dc0f6f4c9e2c5a792df48

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20110411T225224Z

         Latest PE compile time: 20110411T225224Z

 

MD5: 838e57492f632da79dcd5aa47b23f8a9

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20110517T050015Z

         Latest PE compile time: 20110605T204508Z

 

MD5: 11c9374cea03c3b2ca190b9a0fd2816b

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20110729T062417Z

         Latest PE compile time: 20110729T062958Z

 

MD5: 7fb0441a08690d4530d2275d4d7eb351

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20120128T071327Z

         Latest PE compile time: 20120128T071327Z

 

MD5: 7759c7d2c6d49c8b0591a3a7270a44da

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20120309T105837Z

         Latest PE compile time: 20120309T105837Z

 

MD5: 7e48d5ba6e6314c46550ad226f2b3c67

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20120311T090329Z

         Latest PE compile time: 20120311T090329Z

 

MD5: 0a87c6f29f34a09acecce7f516cc7fdb

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20120325T053138Z

         Latest PE compile time: 20130513T090422Z

 

MD5: 25fb1e131f282fa25a4b0dec6007a0ce

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20130802T054822Z

         Latest PE compile time: 20130802T054822Z

 

MD5: 9761dd113e7e6673b94ab4b3ad552086

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20130913T013016Z

         Latest PE compile time: 20130913T013016Z

 

MD5: c905a30badb458655009799b1274205c

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20140205T090906Z

         Latest PE compile time: 20140205T090906Z

 

MD5: 40adcd738c5bdc5e1cc3ab9a48b3df39

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20140320T152637Z

         Latest PE compile time: 20140402T023748Z

 

MD5: 68a26b8eaf2011f16a58e4554ea576a1

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20140321T014949Z

         Latest PE compile time: 20140321T014949Z

 

MD5: 74982cd1f3be3d0acfb0e6df22dbcd67

Characterization: File Hash Watchlist

Notes: “Lightweight backdoor”

         Earliest PE compile time: 20140506T020330Z

         Latest PE compile time: 20140506T020330Z

 

Proxy tool:

MD5: 734740b16053ccc555686814a93dfbeb

Characterization: File Hash Watchlist

Notes: “Proxy tool”

         Earliest PE compile time: 20140611T064905Z

         Latest PE compile time: 20140611T064905Z

 

MD5: 3b9da603992d8001c1322474aac25f87

Characterization: File Hash Watchlist

Notes: “Proxy tool”

         Earliest PE compile time: 20140617T035143Z

         Latest PE compile time: 20140617T035143Z

 

MD5: e509881b34a86a4e2b24449cf386af6a

Characterization: File Hash Watchlist

Notes: “Proxy tool”

         Earliest PE compile time : 20140618T064527Z

         Latest PE compile time: 20140618T064527Z

 

MD5: 9ab7f2bf638c9d911c2c742a574db89e

Characterization: File Hash Watchlist

Notes: “Proxy tool”

         Earliest PE compile time: 20140724T011233Z

         Latest PE compile time: 20140724T011233Z

 

MD5: a565e8c853b8325ad98f1fac9c40fb88

Characterization: File Hash Watchlist

Notes: “Proxy tool”

         Earliest PE compile time: 20140724T065031Z

         Latest PE compile time: 20140902T135050Z

 

MD5: 0bb82def661dd013a1866f779b455cf3

Characterization: File Hash Watchlist

Notes: “Proxy tool”

         Earliest PE compile time: 20140819T024812Z

         Latest PE compile time: 20140819T024812Z

 

MD5: b8ffff8b57586d24e1e65cd0b0ad9173

Characterization: File Hash Watchlist

Notes: “Proxy tool”

         Earliest PE compile time: 20140902T172442Z

         Latest PE compile time: 20140902T172442Z

 

MD5: 4ef0ad7ad4fe3ef4fb3db02cd82bface

Characterization: File Hash Watchlist

Notes: “Proxy tool”

         Earliest PE compile time: 20141024T134136Z

         Latest PE compile time: 20141024T134136Z

 

MD5: eb435e86604abced7c4a2b11c4637a52

Characterization: File Hash Watchlist

Notes: “Proxy tool”

         Earliest PE compile time: 20140526T010925Z

         Latest PE compile time: 20140526T010925Z

 

MD5: ed7a9c6d9fc664afe2de2dd165a9338c

Characterization: File Hash Watchlist

Notes: “Proxy tool”

         Earliest PE compile time: 20140611T064904Z

 

Destructive hard drive tool:

MD5: 8dec36d7f5e6cbd5e06775771351c54e

Characterization: File Hash Watchlist

Notes: “Destructive hard drive tool”

         Earliest PE compile time: 20120507T151820Z

         Latest PE compile time: 20120507T151820Z

 

MD5: a385900a36cad1c6a2022f31e8aca9f7

Characterization: File Hash Watchlist

Notes: “Destructive target cleaning tool”

         Earliest PE compile time: 20130318T003315Z

         Latest PE compile time: 20130318T003315Z

 

MD5: 7bea4323807f7e8cf53776e24cbd71f1

Characterization: File Hash Watchlist

Notes: “Destructive target cleaning tool”

         Earliest PE compile time: 20130318T003319Z

         Latest PE compile time: 20130318T003319Z

 

Name: d1c27ee7ce18675974edf42d4eea25c6.bin

Size: 268579 bytes (268.6 KB)

MD5: D1C27EE7CE18675974EDF42D4EEA25C6

PE Compile Time: 2014-11-22 00:06:54

 

The malware has the following characteristics:

While the original filename of this file is unknown, it was likely “diskpartmg16.exe”. This file serves as a dropper. It drops destructive malware: “igfxtrayex.exe”. When the dropper file was executed, it started a second instance of itself with “-i” as an argument, and then terminated. The second instance of the dropper file installed itself as the “WinsSchMgmt” service with “-k” as a command line argument, started the service, and then terminated. The “WinsSchMgmt” service executed the file with “-k” as an argument, which started another instance of the file using “-s” as an argument. The “-s” instance dropped and executed “igfxtrayex.exe”, created “net_ver.dat”, and began generating network traffic over TCP ports 445 and 139 to victim IP addresses.

 

Name: net_ver.dat

Size: 4572 bytes (4.6 KB)  (size will vary)

MD5: 93BC819011B2B3DA8487F964F29EB934  (hash will vary)

 

This is a log file created by the dropper, and appended to as the scans progress  It contains what appear to be hostnames, IP addresses, and the number 2.   Entries in the file have the structure “HOSTNAME | IP Address | 2”.

 

Name: igfxtrayex.exe

Size: 249856 bytes (249.9 KB)

MD5: 760C35A80D758F032D02CF4DB12D3E55

PE Compile Time: 2014-11-24 04:11:08

 

This file is destructive malware: a disk wiper with network beacon capabilities. If “igfxtrayex.exe” is run with no parameters, it creates and starts a copy of itself with the “–i” argument. After 10 minutes, the “igfxtrayex.exe” makes three copies of itself and places them in the same directory from which it was executed. These copies are named according to the format “taskhostXX.exe” (where X is a randomly generated ASCII character). These copies are then executed, each with a different argument (one being “-m”, one being “-d” and the other “-w”). Network connection attempts are made to one of three hard-coded IP addresses in a random order to port 8080 or 8000. If a connection to the IP address cannot be made, it attempts to connect to another of the three IP addresses, until connections to all three IP addresses have been attempted. The following command-line string is then executed: “cmd.exe /c net stop MSExchangeIS /y”. A 120-minute (2 hour) sleep command is issued after which the computer is shut down and rebooted.

 

Name: iissvr.exe

Size: 114688 bytes (114.7 KB)

MD5: E1864A55D5CCB76AF4BF7A0AE16279BA

PE Compile Time: 2014-11-13 02:05:35

 

This file, when executed, starts a listener on localhost port 80. It has 3 files contained in the resource section; all xor’d with 0x63.

 

Name: usbdrv3_32bit.sys

Size: 24280 bytes (24.3 KB)

MD5: 6AEAC618E29980B69721158044C2E544

PE Compile Time: 2009-08-21 06:05:32

 

This SYS file is a commercially available tool that allows read/write access to files and raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008 (32-bit). It is dropped from resource ID 0x81 of “igfxtrayex.exe”.

 

Name: usbdrv3_64bit.sys

Size: 28120 bytes (28.1 KB)

MD5: 86E212B7FC20FC406C692400294073FF

PE Compile Time: 2009-08-21 06:05:35

 

This SYS file is a also a commercially available tool that allows read/write access to files and raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008 (64-bit). It is dropped from resource ID 0x83 of “igfxtrayex.exe”.

 

Name: igfxtpers.exe

Size: 91888 bytes (91.9 KB)

MD5: e904bf93403c0fb08b9683a9e858c73e

PE Compile Time: 2014-07-07 08:01:09

 

A summary of the C2 IP addresses:

IP Address Country Port Filename
203.131.222.102 Thailand 8080 Diskpartmg16.exe
igfxtrayex.exe
igfxtpers.exe
217.96.33.164 Poland 8000 Diskpartmg16.exe
igfxtrayex.exe
88.53.215.64 Italy 8000 Diskpartmg16.exe
igfxtrayex.exe
200.87.126.116 Bolivia 8000 File 7
58.185.154.99 Singapore 8080 File 7
212.31.102.100 Cypress 8080 File 7
208.105.226.235 United States igfxtpers.exe

 

Snort signatures:

SMB Worm Tool (not necessarily the tool itself):

alert tcp any any -> any any (msg:”Wiper1″;content:”|be 64 ba f2 a8 64|”;offset:16;depth:6;sid:1;)

alert tcp any any -> any any (msg:”Wiper2″;content:”|c9 06 d9 96 fc 37 23 5a fe f9 40 ba 4c 94 14 98|”;offset:0;depth:16;sid:3;)

alert tcp any any -> any any (msg:”Wiper3″;content:”|aa 64 ba f2 56 9b|”;offset:0;depth:50;sid:2;)

alert ip any any -> any any (msg:”Wiper4″;content:”|aa 74 ba f2 b9 75|”;offset:0;depth:74;sid:4;)

 

Listening Implant:

alert tcp any any -> any any (msg:”Backdoor1″;content:”|0c 1f 1f 1f 4d 5a 4c 4f 50 51 4c 5a 3f 2d 2f 2f 3f 50 54 3e 3e 3e|”;offset:0;depth:22;sid:9;)

alert tcp any any -> any any (msg:”Backdoor2″;content:”|d3 c4 d2 d1 ce cf d2 c4 a1 b3 b1 b1 a1 ce ca a0 a0 a0|”;offset:0;depth:18;sid:12;)

alert ip any any -> any any (msg:”Backdoor3″;content:”|17 08 14 13 67 0f 13 13 17 67 15 02 16 12 02 14 13 78 47 47|”;depth:24;sid:1;)

alert ip any any -> any any (msg:”Backdoor4″;content:”|4f 50 4c 4b 3f 57 4b 4b 4f 3f 4d 5a 4e 4a 5a 4c 4b 20 1f|”;depth:23;sid:2;)

alert ip any any -> any any (msg:”Backdoor5″;content:”|15 02 14 17 08 09 14 02 67 75 77 77 67 08 0c 66 66 66|”;depth:22;sid:3;)

alert tcp any any -> any any (msg:”Backdoor6″;content:”|09 22 33 30 28 35 2c|”;sid:4;)

alert tcp any any -> any any (msg:”Backdoor7″;content:”|13 2f 22 35 22 67 26 35 22 29 27 33 67 28 37 22 29 67 37 28 35 33 34 69|”;sid:5;)

alert tcp any any -> any any (msg:”Backdoor8″;content:”|43 47 47 47 45 67 47 47 43 47 47 47 44 67 47 47|”;sid:6;)

alert tcp any any -> any any (msg:”Backdoor9″;content:”|43 47 47 47 42 67 47 47 43 47 47 47 4f 67 47 47 43 47 47 47 43 67 47 47 43 47 47 47 4e 67 47 47|”;sid:7;)

alert tcp any any -> any any (msg:”Backdoor10″;content:”|d1 ce d2 d5 a1 c9 d5 d5 d1 a1 d3 c4 d0 d4 c4 d2 d5 be|”;offset:0;depth:18;sid:8;)

alert tcp any any -> any any (msg:”Backdoor11″;content:”|17 08 14 13 67 0f 13 13 17 67 15 02 16 12 02 14 13 78|”;offset:0;depth:18;sid:10;)

alert tcp any any -> any any (msg:”Backdoor12″;content:”|0c 1f 1f 1f 4f 50 4c 4b 3f 57 4b 4b 4f 3f 4d 5a 4e 4a 5a 4c 4b 20|”;sid:11;)

 

Lightweight Backdoor:

alert tcp any 488 <> any any (msg:”Proxy1″;content:”|60 db 37 37 37 37 37 37|”;sid:3;)

alert tcp any any -> any 488 (msg:”Proxy2″;content:”|60 db 37 37 37 37 37 37|”;sid:4;)

alert tcp any any -> any any (msg:”Proxy3″;content:”|4c 4c|”;offset:16;depth:2;content:”|75 14 2a 2a|”;distance:4;within:4;sid:4;)

alert tcp any any -> any any (msg:”Proxy4″;content:”|8A 10 80 C2 67 80 F2 24 88 10|”;content:”8A 10 80 F2 24 80 EA 67 88 10″;sid:2;)

alert tcp any 488 <> any any (msg:”Proxy5″;content:”|65 db 37 37 37 37 37 37|”;sid:2;)

alert tcp any any -> any 488 (msg:”Proxy6″;content:”|65 db 37 37 37 37 37 37|”;sid:2;)

alert tcp any [547,8080,133,117,189,159] -> any any (msg:”Proxy7″;content:”|7b 08 2a 2a|”;offset:17;content:”|08 2a 2a 01 00|”;distance:0;sid:1;)

alert tcp any any -> any any (msg:”Proxy8″;content:”|8A 10 80 EA 62 80 F2 B4 88 10|”;content:”|8A 10 80 F2 B4 80 C2 62 88 10|”;sid:1;)

alert tcp any any -> any any (msg:”Proxy9″;content:”|8A 10 80 C2 4E 80 F2 79 88 10|”;content:”|8A 10 80 F2 79 80 EA 4E 88 10[“;sid:3;)

alert tcp any any -> any any (msg:”Proxy10″;content:”Sleepy!@#qaz13402scvsde890″;nocase;content:”BC435@PRO62384923412!@3!”;nocase;sid:5;)

 

Proxy Tool:

alert tcp any any -> any any (msg:”Wiper1″;content:”|8A 10 80 C2 3A 80 F2 73 88 10|”;content:”|8A 10 80 F2 73 80 EA 3A 88 10|”;sid:4;)

alert tcp any any -> any any (msg:”Wiper2″;content:!”HTTP/1″;content:”|e2 1d 49 49|”;offset:O;depth:4;content:”|49 49 49 49|”;distance:4;within:4;sid:6;)

alert tcp any any -> any any (msg:”Wiper3″;content:”|82 F4 DE D4 D3 C2 CA F5 C8 C8 D3 82 FB F4 DE D4 D3 C2 CA 94 95 FB D4 D1 C4 CF C8 D4 D3 89 C2 DF C2 87 8A CC 87 00|”;sid:1;)

 

Malware associated with the cyber threat actor:

alert tcp any any -> any [8000,8080] (msg:”WIPER4″;flow: established, to_server;dsize:42;content:”|28 00|”;depth:2;content:”|04 00 00 00|”;offset:38;depth:4;sid:123;)

 

Host Based Indicators

Below are potential YARA signatures to detect malware binaries on host machines:

 

SMB Worm Tool:

strings:

$STR1 = “Global\FwtSqmSession106829323_S-1-5-19”

$STR2 =”EVERYONE”

$STR3 = “y0uar3@s!llyid!07,ou74n60u7f001”

$STR4 = “\KB25468.dat” condition:

(uintl6(0) == 0x5A4D or uint16(0) == 0xCFD0 or uint16(0) ==0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

 

Lightweight Backdoor:

strings:

$STR1 = ”NetMgStart”

$STR2 = ”Netmgmt.srg”

condition:

(uint16(0) == 0x5A4D) and all of them

 

Lightweight Backdoor:

strings:

$STR1 = “prxTroy” ascii wide nocase

condition:

(uintl6(0) == 0x5A4D or uint16(0) == 0xCFD0 or uintl6(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

 

Lightweight Backdoor:

strings:

$strl  = { C6 45 E8 64 C6 45 E9 61 C6 45 EA 79 C6 45 EB 69 C6 45 EC 70 C6 45 ED 6D C6 45 EE 72 C6 45 EF 2E C6 45 F0 74 C6 45 F1  62 C6 45 F2 6C } // ‘dayipmr.tbl’ being moved to ebp

condition:

(uintl6(0) == 0x5A4D or uintl6(0) == 0xCFD0 or uint16(0) == 0xC3D4 or

uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

 

Lightweight Backdoor:

strings:

$strl  = { C6 45 F4 61 C6 45 F5 6E C6 45 F6 73 C6 45 F7 69 C6 45 F8 2E C6 45 F9 6E C6 45 FA 6C C6 45 FB 73 } // ‘ansi.nls’ being moved to ebp

condition:

(uint16(0) == 0x5A4D or uint16(0) == 0xCFD0 or uintl6(0) == 0xC3D4 or

uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

 

Lightweight Backdoor:

strings:

$strl  = { C6 45 F4 74 C6 45 F5 6C C6 45 F6 76 C6 45 F7 63 C6 45 F8 2E C6 45 F9 6E C6 45 FA 6C C6 45 FB 73 } // ‘tlvc.nls’ being moved to ebp

condition:

(uint16(0) == 0x5A4D or uint16(0) == 0xCFD0 or uint16(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

 

Lightweight Backdoor:

strings:

$STR1 = { 8A 10 80 ?? 4E 80 ?? 79 88 10}

$STR2 = {SA 10 80?? 79 80 ?? 4E 88 10}

condition:

(uintl6(0) == 0x5A4D or uintl6(0) == 0xCFD0 or uint16(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

 

Proxy Tool:

strings:

$STR1 = “pmsconfig.msi” wide

$STR2 = “pmslog.msi” wide

condition:

(uint16(0) == 0x5A4D or uint16(0) == 0xCFD0 or uintl6(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and any of them

 

Proxy Tool:

strings:

$STR1 = { 82 F4 DE D4 D3 C2 CA F5 C8 C8 D3 82 FB F4 DE D4 D3 C2 CA 94 95 FB D4 Dl  C4 CF C8 D4 D3 89 C2 DF C2 87 8A CC 87 00 } // ‘%SystemRoot%System32svchost.exe -k’ xor A7

condition:

(uint16(0) == 0x5A4D or uintl6(0) == 0xCFD0 or uint16(0) == 0xC3D4 or

uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

 

Proxy Tool:

strings:

$STR2 = {8A 04 17 8B FB 34 A7 46 88 02 83 C9 FF}

condition:

(uintl6(0) == 0x5A4D or uint16(0) == 0xCFD0 or uintl6(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and $STR2

 

Destructive Hard Drive Tool:

strings:

$str0= “MZ”

$str1 = {c6 84 24 ?? ( 00 | 01 ) 00 00 }

$xorInLoop = { 83 EC 20 B9 08 00 00 00 33 D2 56 8B 74 24 30 57 8D 7C 24 08

F3 A5 8B 7C 24 30 85 FF 7E 3A 8B 74 24 2C 8A 44 24 08 53 8A 4C 24 21 8A 5C 24 2B 32 C1 8A 0C 32 32 C3 32 C8 88 0C 32 B9 1E 00 00 00 8A 5C 0C 0C 88 5C 0C 0D 49 83 F9 FF 7F F2 42 88 44 24 0C 3B D7 7C D0 5B 5F 5E 83 C4 20 C3 }

condition:

$str0 at 0 and $xorInLoop and #str1 > 300

 

Destructive Target Cleaning Tool:

strings:

$s1  = {d3000000 [4] 2c000000 [12] 95000000 [4] 6a000000 [8] 07000000}

condition:

(uintl6(0) == 0x5A4D and uintl6(uint32(0x3c)) == 0x4550) and all of them

 

Destructive Target Cleaning Tool:

strings

$secureWipe= { 83 EC 34 53 55 8B 6C 24 40 56 57 83 CE FF 55 C7 44 24 2C D3 00 00 00 C7 44 24 30 2C 00 00 00 89 74 24 34 89 74 24 38 C7 44 24 3C 95 00 00 00 C7 44 24 40 6A 00 00 00 89 74 24 44 C7 44 24 14 07 00 00 00 FF 15 ?? ?? ?? ?? 3B C6 89 44 24 1C OF 84 (D8 | d9) 01 00 00 33 FF 68 00 00 01 00 57 FF 15 ?? ?? ?? ?? 8B D8 3B DF 89 5C 24 14 OF 84 (BC | BD) 01 00 00 8B 44 24 1C A8 01 74 0A 24 FE 50 55 FF 15 ?? ?? ?? ?? 8B 44 24 4C 2B C7 74 20 48 74 0F 83 E8 02 75 1C C7 44 24 10 03 00 00 00 EB 12 C7 44 24 10 01 00 00 00 89 74 24 28 EB 04 89 7C 24 10 8B 44 24 10 89 7C 24 1C 3B C7 OF 8E ( 5C | 5d ) 01 00 00 8D 44 24 28 89 44 24 4C EB 03 83 CE FF 8B 4C 24 4C 8B 01 3B C6 74 17 8A D0 B9 00 40 00 00 8A F2 8B FB 8B C2 C1 E0 10 66 8B C2 F3 AB EB ( 13 | 14) 33 F6 (E8 | ff 15) ?? ?? ?? ?? 88 04 1E 46 81 FE 00 00 01 00 7C ( EF | ee) 6A 00 6A 00 6A 03 6A 00 6A 03 68 00 00 00 C0 55 FF 15 ?? ?? ?? ?? 8B F0 83 FE FF OF 84 FA 00 00 00 8D 44 24 20 50 56 FF 15 ?? ?? ?? ?? 8B 2D ?? ?? ?? ?? 6A 02 6A 00 6A FF 56 FF D5 8D 4C 24 18 6A 00 51 6A 01 53 56 FF 15 ?? ?? ?? ?? 56 FF 15 ?? ?? ?? ?? 6A 00 6A 00 6A 00 56 FF D5 8B 44 24 24 8B 54 24 20 33 FF 33 DB 85 CO 7C 5A 7F 0A 85 D2 76 54 EB 04 8B 54 24 20 8B CA BD 00 00 01 00 2B CF 1B C3 85 C0 7F 0A 7C 04 3B CD 73 04 2B D7 8B EA 8B 44 24 14 8D 54 24 18 6A 00 52 55 50 56 FF 15 ?? ?? ?? ?? 8B 6C 24 18 8B 44 24 24 03 FD 83 D3 00 3B D8 7C BE 7F 08 8B 54 24 20 3B FA 72 B8 8B 2D ?? ?? ?? ?? 8B 5C 24 10 8B 7C 24 1C 8D 4B FF 3B F9 75 17 56 FF 15 ?? ?? ?? ?? 6A 00 6A 00 6A 00 56 FF D5 56 FF 15 ?? ?? ?? ?? 56 FF 15 ?? ?? ?? ?? 56 FF 15 ?? ?? ?? ?? 8B 4C 24 4C 8B 6C 24 48 47 83 C1 04 3B FB 8B 5C 24 14 89 7C 24 1C 89 4C 24 4C 0F 8C ( AE | AD) FE FF FF 6A 00 55 E8 ?? ?? ?? ?? 83 C4 08 53 FF 15 ?? ?? ?? ?? 5F 5E 5D 5B 83 C4 34 C3}

condition:

$secureWipe

 

Destructive Target Cleaning Tool:

strings:

$S1_CMD_Arg = “”/install'”‘ fullword

$S2_CMD_Parse= “”””%s'”‘  /install “”%s””‘”‘ fullword

$S3_CMD_Builder= “”‘”‘%s””  “”%s'”‘ “”%s'”‘ %s'”‘ fullword

condition:

all of them

 

Destructive Target Cleaning Tool:

strings:

$BATCH_SCRIPT_LN1_0 = “”goto x”” fullword

$BATCH_SCRIPT_LN1_1 = ‘”‘del”” fullword

$BATCH_SCRIPT_LN2_0 = “”if exist”” fullword

$BATCH_SCRIPT_LN3_0 = “”:x'”‘ fullword

$BATCH_SCRIPT_LN4_0 = “”zz%d.bat”” fullword

condition:

(#BATCH_SCRIPT_LNl_l == 2) and all of them”

 

Destructive Target Cleaning Tool:

strings:

$MCU_DLL_ZLIB_COMPRESSED2=

{5CECABAE813CC9BCD5A542F454910428343479806F71D5521E2AOD}

condition:

$MCU_DLL_ZLIB_COMPRESSED2″

 

Destructive Target Cleaning Tool:

strings:

$MCU_INF_StartHexDec =

{010346080A30D63633000B6263750A5052322A00103D1B570A30E67F2A00130952690A50 3A0D2A000E00A26El5104556766572636C7669642E657865}

$MCU_INF_StartHexEnc =

{6C3272386958BF075230780A0A54676166024968790C7A6779588F5E47312739310163615B3D59686721CF5F2120263ElF5413531FlE004543544C55}

condition:

$MCU_INF_StartHexEnc or

$MCU_INF_StartHexDec

Destructive Target Cleaning Tool:

strings:

$ = “SetFilePointer”

$ = “SetEndOfFile”

$ = {75 17 56 ff 15 ?? ?? ?? ?? 6a 00 6a 00 6a 00 56 ffD5 56 ff 15?? ?? ??

?? 56}

condition:

(uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them

 

Destructive Target Cleaning Tool:

strings:

$license=

{E903FFFF820050006F007200740069006F006E007300200063006F007000790072006900670068007400200052006F006200650072007400200064006500200042006100740068002C0020004A006F007200690073002000760061006E002000520061006E007400770069006A006B002C002000440065006C00690061006E000000000000000250000000000A002200CE000800EA03FFFF8200}

$PuTTY= {50007500540054005900}

condition:

(uint16(0) == 0x5A4D and uintl6(uint32(0x3c)) == 0x4550) and $license and not $PuTTY

 

Malware used by cyber threat actor:

strings:

$heapCreateFunction_0 = {33C06A003944240868001000000F94C050FF15????????85C0A3???????07436E893FEFFFF83F803A3???????0750D68F8030000E8??00000059EB0A83F8027518E8????000085C0750FFF35???????0FF15???????033C0C36A0158C3}

$heapCreateFunction =

{558BECB82C120000E8????FFFF8D8568FFFFFF5350C78568FFFFFF94000000FF1????????085C0741A83BD78FFFFFF02751183BD6CFFFFFF0572086A0158E9020100008D85D4EDFFF68901000005068???????0FF15???????085C00F84D000000033DB8D8DD4EDFFFF389DD4EDFFFF74138A013C617C083C7A7F042C20880141381975ED8D85D4EDFFFF6A165068???????0E8????000083C40C85C075088D85D4EDFFFFEB498D8564FEFFFF68040100005053FF15???????0389D64FEFFFF8D8D64FEFFFF74138A013C617C083C7A7F042C20880141381975ED8D8564FEFFFF508D85D4EDFFFF50E8????????59593BC3743E6A2C50E8????????593BC3597430408BC83818740E80393B75048819EB0141381975F26A0A5350E8????000083C40C83F802741D83F803741883F80174138D45FC50E898FEFFFF807DFC06591BC083C0035BC9C3}

$getMajorMinorLinker =

{568B7424086A00832600FF15???????06681384D5A75148B483C85C9740D03C18A481A880E8A401B8846015EC3}

$openServiceManager =

{FF15???0?0?08B?885??74????????????????5?FF15???0?0?08B?????0?0?08BF?85F?74}

condition:

all of them

 

Malware used by cyber threat actor:

strings:

$str1 = “_quit”

$str2 = “_exe”

$str3 = “_put”

$str4 = “_got”

$str5 = “_get”

$str6 =”_del”

$str7 = “_dir”

$str8 = { C7 44 24 18 1F F7}

condition:

(uintl6(0) == 0x5A4D or uintl6(0) == 0xCFD0  or uintl6(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

 

Malware used by cyber threat actor:

strings:

$STR1 = { 50 68 80 00 00 00 68 FF FF 00 00 51 C7 44 24 1C 3a 8b 00 00 }

condition:

(uintl6(0) == 0x5A4D or uint16(0) == 0xCFD0 or uintl6(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

 

Recommended Security Practices

Because of the highly destructive functionality of the malware, an organization infected with the malware could experience operational impacts including loss of intellectual property (IP) and disruption of critical systems. Actual impact to organizations may vary depending on the type and number of systems impacted.

Tactical Mitigations

  • Implement the indicators of compromise within your systems for detection and mitigation purposes.
  • Encourage users to transfer critical files to network shares, to allow for central backed up.
  • Execute daily backups of all critical systems.
  • Periodically execute an “offline” backup of critical files to removable media.
  • Establish emergency communications plans should network resources become unavailable.
  • Isolate any critical networks (including operations networks) from business systems.
  • Identify critical systems and evaluate the need for having on-hand spares to quickly restore service.
  • Ensure antivirus is up to date.
  • Disable credential caching for all desktop devices with particular importance on critical systems such as servers and restrict the number of cached credential for all portable devices to no more than three if possible. This can be accomplished through a Group Policy Object (GPO).
  • Disable AutoRun and Autoplay for any removable media device.
  • Prevent or limit the use of all removable media devices on systems to limit the spread or introduction of malicious software and possible exfiltration data, except where there is a valid business case for use. This business case must be approved by the organization Chief IT Security Officer, with policy/guidance on how such media should be used.
  • Consider restricting account privileges. It is our recommendation that all daily operations should be executed using standard user accounts unless administrative privileges are required for that specific function. Configure all standard user accounts to prevent the execution and installation of any unknown or unauthorized software. Both standard and administrative accounts should have access only to services required for nominal daily duties, enforcing the concept of separation of duties. Lastly, disable Web and email capabilities on administrative accounts. Compromise of admin accounts is one vector that allows malicious activity to become truly persistent in a network environment.
  • Ensure that password policy rules are enforced and Admin password values are changed periodically.
  • Consider prohibiting hosts within the production environment or DMZ from sharing an Active Directory enterprise with hosts on other networks. Each environment should have separate forests within Active Directory, with no trust relationships allowed between the forests if at all possible. If necessary, the trust relationships should be one-way with the low integrity environment trusting the higher integrity environment.
  • Consider deployment of a coaching page with click through acceptance; these are traditionally deployed in an environment to log the acceptance of network acceptable use policy or to notify users of monitoring. Coaching pages also provide some measure of protection from automated malicious activity. This occurs because automated malware is normally incapable of physically clicking an acceptance radial button. Automated malware is traditionally hardcoded to execute, then retrieve commands or additional executables from the Internet. If the malware is unable to initiate an active connection, the full train of infection is potentially halted. The danger still exists that the physical user will authorize access, but through the use of coaching pages, infections can be limited or at least the rate of infection reduced.
  • Monitor logs — Maintain and actively monitor a centralized logging solution that keeps track of all anomalous and potentially malicious activity.
  • Ensure that all network operating systems, web browsers, and other related network hardware and software remain updated with all current patches and fixes.

Strategic Mitigations

  • Organizations should review Security Tip Handling Destructive Malware #ST13-003 and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.
  • Always keep your patch levels up to date, especially on computers that host public services accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  • Build host systems, especially critical systems such as servers, with only essential applications and components required to perform the intended function. Any unused applications or functions should be removed or disabled, if possible, to limit the attack surface of the host.
  • Implement network segmentation through V-LANs to limit the spread of malware.
  • Consider the deployment of Software Restriction Policy set to only allow the execution of approved software (application whitelisting)
  • Recommend the whitelisting of legitimate executable directories to prevent the execution of potentially malicious binaries.
  • Consider the use of two-factor authentication methods for accessing privileged root level accounts or systems.
  • Consider deploying a two-factor authentication through a hardened IPsec/VPN gateway with split-tunneling prohibited for secure remote access.
  • Deny direct Internet access, except through the use of proxies for Enterprise servers and workstations. Perform regular content filtering at the proxies or external firewall points of presence. Also consider the deployment of an explicit versus transparent proxy policy.
  • Implement a Secure Socket Layer (SSL) inspection capability to inspect both ingress and egress encrypted network traffic for potential malicious activity.
  • Isolate network services, such as email and Web application servers by utilizing a secure multi-tenant virtualization technology. This will limit the damage sustained from a compromise or attack of a single network component.
  • Implement best practice guidance and policy to restrict the use of non-Foundation assets for processing or accessing Foundation-controlled data or systems (e.g., working from home, or using a personal device while at the office). It is difficult to enforce corporate policies, detect intrusions, and conduct forensic analysis or remediate compromises on non-corporate owned devices.
  • Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.
  • Place control system networks behind firewalls, and isolate or air gap them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPN is only as secure as the connected devices.
  • Industrial Control System (ICS)-CERT and US-CERT remind organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

References

Revision History

  • December 19, 2014: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.

SB14-349: Vulnerability Summary for the Week of December 8, 2014

Original release date: December 15, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
3s_pocketnet_tech — 3s_pocketnet_tech_video_management_software Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) StartRecordEx, (3) StartScheduledRecord, (4) SetDisplayText, (5) GetONVIFDeviceInformation, (6) GetONVIFProfiles, or (7) GetONVIFStreamUri method or a crafted filename to the (8) SaveCurrentImage or (9) SaveCurrentImageEx method. 2014-12-08 7.5 CVE-2014-9263
MISC
MISC
MISC
MISC
MISC
BID
adobe — flash_player Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. 2014-12-10 10.0 CVE-2014-0580
adobe — flash_player Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164. 2014-12-10 10.0 CVE-2014-0587
adobe — flash_player Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors. 2014-12-10 10.0 CVE-2014-8443
adobe — acrobat Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. 2014-12-10 10.0 CVE-2014-8445
adobe — acrobat Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. 2014-12-10 10.0 CVE-2014-8446
adobe — acrobat Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. 2014-12-10 10.0 CVE-2014-8447
adobe — acrobat Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. 2014-12-10 10.0 CVE-2014-8449
adobe — acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8455 and CVE-2014-9165. 2014-12-10 10.0 CVE-2014-8454
adobe — acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-9165. 2014-12-10 10.0 CVE-2014-8455
adobe — acrobat Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. 2014-12-10 10.0 CVE-2014-8456
adobe — acrobat Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8460 and CVE-2014-9159. 2014-12-10 10.0 CVE-2014-8457
adobe — acrobat Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158. 2014-12-10 10.0 CVE-2014-8458
adobe — acrobat Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8461, and CVE-2014-9158. 2014-12-10 10.0 CVE-2014-8459
adobe — acrobat Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-9159. 2014-12-10 10.0 CVE-2014-8460
adobe — acrobat Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-9158. 2014-12-10 10.0 CVE-2014-8461
adobe — acrobat Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-8461. 2014-12-10 10.0 CVE-2014-9158
adobe — acrobat Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460. 2014-12-10 10.0 CVE-2014-9159
adobe — flash_player Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014. 2014-12-10 10.0 CVE-2014-9163
adobe — flash_player Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0587. 2014-12-10 10.0 CVE-2014-9164
adobe — acrobat Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455. 2014-12-10 10.0 CVE-2014-9165
apple — safari WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. 2014-12-10 7.5 CVE-2014-4466
cisco — unified_computing_system_central_software Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998. 2014-12-10 7.2 CVE-2014-8003
digicom — dg-5514t_adsl_router_firmware Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack. 2014-12-09 10.0 CVE-2014-8496
MISC
emc — documentum_content_server EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference. 2014-12-06 9.0 CVE-2014-4629
XF
SECTRACK
BID
BUGTRAQ
MISC
emerson — dl_8000_remote_terminal_unit Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. 2014-12-08 10.0 CVE-2013-2810
XF
BID
entrypass — n5200_active_network_control_panel EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive information, via a request to /4. 2014-12-07 7.8 CVE-2014-8868
MISC
BUGTRAQ
FULLDISC
entrypass — n5200_active_network_control_panel EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868. 2014-12-07 7.8 CVE-2014-9303
MISC
BUGTRAQ
FULLDISC
erlang — erlang/otp Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command. 2014-12-08 7.5 CVE-2014-1693
CONFIRM
MLIST
FEDORA
ffmpeg — ffmpeg The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file. 2014-12-09 7.5 CVE-2014-9316
CONFIRM
CONFIRM
ffmpeg — ffmpeg The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file. 2014-12-09 7.5 CVE-2014-9317
CONFIRM
ffmpeg — ffmpeg The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size. 2014-12-09 7.5 CVE-2014-9318
CONFIRM
fujitsu — arrows_kiss_f-03d FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. 2014-12-05 7.2 CVE-2014-7253
gnu — binutils The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. 2014-12-09 7.5 CVE-2014-8485
CONFIRM
CONFIRM
CONFIRM
MLIST
FEDORA
FEDORA
FEDORA
MISC
gnu — binutils The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. 2014-12-09 7.5 CVE-2014-8501
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
FEDORA
FEDORA
FEDORA
gnu — binutils Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. 2014-12-09 7.5 CVE-2014-8502
CONFIRM
CONFIRM
CONFIRM
MLIST
FEDORA
FEDORA
FEDORA
gnu — binutils Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. 2014-12-09 7.5 CVE-2014-8503
CONFIRM
CONFIRM
CONFIRM
MLIST
FEDORA
FEDORA
FEDORA
gnu — binutils Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file. 2014-12-09 7.5 CVE-2014-8504
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
FEDORA
FEDORA
FEDORA
guruperl — advertise_with_pleasure! SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi. 2014-12-08 7.5 CVE-2014-9345
EXPLOIT-DB
MISC
OSVDB
hikvision — dvr_ds-7204_firmware Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header. 2014-12-08 7.5 CVE-2014-4880
EXPLOIT-DB
MISC
hp — hp-ux HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors. 2014-12-10 8.5 CVE-2014-7879
ibm — tivoli_endpoint_manager_mobile_device_management IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0.60100 uses the same secret HMAC token across different customers’ installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to (1) Enrollment and Apple iOS Management Extender, (2) Self-service portal, (3) Trusted Services provider, or (4) Admin Portal. 2014-12-06 9.3 CVE-2014-6140
MISC
SECTRACK
BID
BUGTRAQ
FULLDISC
MISC
iij — seil_plus The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Internet Initiative Japan Inc. SEIL series routers SEIL/x86 Fuji 1.00 through 3.22; SEIL/X1, SEIL/X2, and SEIL/B1 1.00 through 4.62; SEIL/Turbo 1.82 through 2.18; and SEIL/neu 2FE Plus 1.82 through 2.18 allow remote attackers to cause a denial of service (restart) via crafted (a) GRE or (b) MPPE packets. 2014-12-05 7.8 CVE-2014-7256
JVNDB
JVN
isc — bind ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. 2014-12-10 7.8 CVE-2014-8500
CERT-VN
BID
SECTRACK
MISC
jasper_project — jasper Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow. 2014-12-08 7.5 CVE-2014-9029
MISC
CONFIRM
XF
UBUNTU
UBUNTU
BID
BUGTRAQ
MLIST
DEBIAN
MISC
joyent — node.js Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file. 2014-12-11 10.0 CVE-2014-7192
CONFIRM
XF
CONFIRM
kde — kde-workspace The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. 2014-12-06 7.2 CVE-2014-8651
UBUNTU
BID
MLIST
MLIST
FEDORA
FEDORA
FEDORA
linux — linux_kernel The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application. 2014-12-12 7.5 CVE-2014-4323
mantisbt — mantisbt The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter. 2014-12-08 7.5 CVE-2014-9280
CONFIRM
XF
BID
MLIST
MLIST
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-6329 and CVE-2014-6376. 2014-12-10 9.3 CVE-2014-6327
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-6327 and CVE-2014-6376. 2014-12-10 9.3 CVE-2014-6329
microsoft — internet_explorer Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-12-10 9.3 CVE-2014-6330
microsoft — office_compatibility_pack Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Invalid Index Remote Code Execution Vulnerability.” 2014-12-10 9.3 CVE-2014-6356
microsoft — office Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, Office 2013 RT Gold and SP1, Office for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 Gold and SP1, and Office Web Apps 2010 SP2 and 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Use After Free Word Remote Code Execution Vulnerability.” 2014-12-10 9.3 CVE-2014-6357
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka “Global Free Remote Code Execution in Excel Vulnerability.” 2014-12-10 9.3 CVE-2014-6360
microsoft — excel Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka “Excel Invalid Pointer Remote Code Execution Vulnerability.” 2014-12-10 9.3 CVE-2014-6361
microsoft — internet_explorer vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “VBScript Memory Corruption Vulnerability.” 2014-12-10 9.3 CVE-2014-6363
microsoft — office Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Component Use After Free Vulnerability.” 2014-12-10 9.3 CVE-2014-6364
microsoft — internet_explorer Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-12-10 9.3 CVE-2014-6366
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-12-10 9.3 CVE-2014-6369
microsoft — internet_explorer Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-12-10 9.3 CVE-2014-6373
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-12-10 9.3 CVE-2014-6374
microsoft — internet_explorer Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-12-10 9.3 CVE-2014-6375
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-6327 and CVE-2014-6329. 2014-12-10 9.3 CVE-2014-6376
microsoft — internet_explorer Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2014-12-10 9.3 CVE-2014-8966
nvidia — gpu_driver The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Lixux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request. 2014-12-10 7.5 CVE-2014-8298
phpmyrecipes_project — phpmyrecipes SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter. 2014-12-08 7.5 CVE-2014-9347
XF
EXPLOIT-DB
OSVDB
plex — plex_media_server Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server. 2014-12-07 7.5 CVE-2014-9304
MISC
BUGTRAQ
robotstats — robotstats SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php. 2014-12-08 7.5 CVE-2014-9348
XF
EXPLOIT-DB
MISC
samsung — smart_viewer The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. 2014-12-08 7.5 CVE-2014-9266
MISC
BID
sap — sql_anywhere Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias. 2014-12-11 7.5 CVE-2014-9264
MISC
MISC
MISC
MISC
ultrapop — i-httpd The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives. 2014-12-11 7.5 CVE-2014-7260
unrtf_project — unrtf UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string “{cb-999999999”. 2014-12-09 7.5 CVE-2014-9274
CONFIRM
MLIST
unrtf_project — unrtf UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file. 2014-12-09 7.5 CVE-2014-9275
CONFIRM
MLIST
MLIST
vmware — vcloud_automation_center The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the “Connect (by) Using VMRC” function. 2014-12-11 9.0 CVE-2014-8373
SECTRACK
BUGTRAQ
SECUNIA
FULLDISC
MISC
zohocorp — manageengine_it360 Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet. 2014-12-10 7.5 CVE-2014-7866
CONFIRM
MISC
FULLDISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451. 2014-12-10 5.0 CVE-2014-8448
adobe — acrobat An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448. 2014-12-10 5.0 CVE-2014-8451
adobe — acrobat Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2014-12-10 5.0 CVE-2014-8452
adobe — acrobat Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors. 2014-12-10 5.0 CVE-2014-8453
adobe — flash_player Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to obtain sensitive information via unspecified vectors. 2014-12-10 5.0 CVE-2014-9162
adobe — coldfusion Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows attackers to cause a denial of service (resource consumption) via unspecified vectors. 2014-12-10 5.0 CVE-2014-9166
alfresco — community_edition Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter. 2014-12-07 6.8 CVE-2014-9300
MISC
BUGTRAQ
alfresco — community_edition Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter. 2014-12-07 6.4 CVE-2014-9301
MISC
BUGTRAQ
alfresco — community_edition Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter. 2014-12-07 5.0 CVE-2014-9302
MISC
BUGTRAQ
apache — cloudstack Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. 2014-12-10 5.0 CVE-2014-7807
BUGTRAQ
apache — struts Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism. 2014-12-10 6.8 CVE-2014-7809
SECTRACK
BUGTRAQ
MISC
apple — safari WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. 2014-12-10 5.0 CVE-2014-4465
apple — safari WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. 2014-12-10 6.8 CVE-2014-4468
apple — safari WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. 2014-12-10 6.8 CVE-2014-4469
apple — safari WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. 2014-12-10 6.8 CVE-2014-4470
apple — safari WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. 2014-12-10 6.8 CVE-2014-4471
apple — safari WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. 2014-12-10 6.8 CVE-2014-4472
apple — safari WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. 2014-12-10 6.8 CVE-2014-4473
apple — safari WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. 2014-12-10 6.8 CVE-2014-4474
apple — safari WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. 2014-12-10 6.8 CVE-2014-4475
autodesk — design_review_2013 The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file. 2014-12-08 6.8 CVE-2014-9268
MISC
bmc — bmc_track-it! BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. 2014-12-12 5.0 CVE-2014-8270
MISC
CONFIRM
bsd — bsd The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. 2014-12-11 5.0 CVE-2014-7250
MISC
cisco — unified_computing_system_central_software The Management subsystem in Cisco Unified Computing System 2.1(3f) and earlier allows remote attackers to obtain sensitive information by reading log files, aka Bug ID CSCur99239. 2014-12-10 5.0 CVE-2014-8009
cisco — unified_communications_domain_manager The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. 2014-12-10 4.6 CVE-2014-8010
debian — hivex lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. 2014-12-08 4.6 CVE-2014-9273
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
elipse — e3 DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets. 2014-12-06 5.0 CVE-2014-5429
MISC
emc — rsa_adaptive_authentication_on-premise RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. 2014-12-08 5.0 CVE-2014-4631
XF
SECTRACK
BID
BUGTRAQ
f5 — arx The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself. 2014-12-09 4.3 CVE-2014-8730
MISC
MLIST
f5 — big-ip Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation. 2014-12-08 4.3 CVE-2014-9342
BUGTRAQ
ffmpeg — ffmpeg The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file. 2014-12-09 5.0 CVE-2014-9319
CONFIRM
fujitsu — arrows_tab_lte_f-01d Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and “improper data validation.” 2014-12-05 4.6 CVE-2014-7252
JVNDB
JVN
MISC
MISC
fujitsu — arrows_me_f-11d Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors. 2014-12-05 4.6 CVE-2014-7254
JVNDB
JVN
MISC
globiz_solutions — snowfox_content_management_system Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/. 2014-12-08 5.8 CVE-2014-9343
MISC
CONFIRM
XF
MISC
MISC
OSVDB
globiz_solutions — snowfox_content_management_system Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/. 2014-12-08 6.8 CVE-2014-9344
XF
MISC
MISC
OSVDB
gnu — binutils The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. 2014-12-09 5.0 CVE-2014-8484
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
FEDORA
FEDORA
FEDORA
ibm — websphere_datapower_xc10_appliance_firmware Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2014-12-11 6.0 CVE-2014-3058
XF
AIXAPAR
ibm — _ibm_rational_lifecycle_integration_adapter_for_windchill Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x before 1.0.1 allows remote attackers to hijack web sessions via unspecified vectors. 2014-12-11 4.3 CVE-2014-4815
XF
ibm — operational_decision_manager The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2014-12-11 5.0 CVE-2014-6114
XF
ibm — websphere_datapower_xc10_appliance_firmware The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors. 2014-12-12 4.0 CVE-2014-6138
XF
AIXAPAR
icecast — icecast Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors. 2014-12-10 4.6 CVE-2014-9091
CONFIRM
CONFIRM
MLIST
MLIST
SUSE
iij — seil_b1_firmware Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent. 2014-12-05 5.0 CVE-2014-7255
JVNDB
JVN
isc — bind The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. 2014-12-10 5.4 CVE-2014-8680
jrss_widget_project — jrss_widget Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter. 2014-12-05 5.8 CVE-2014-9292
MISC
kde — kde-runtime Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. 2014-12-08 4.3 CVE-2014-8600
MISC
BID
FULLDISC
lg — l-03e LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. 2014-12-05 5.0 CVE-2014-7243
JVNDB
JVN
MISC
linpha — linpha Cross-site scripting (XSS) vulnerability in LinPHA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-12 4.3 CVE-2014-7265
linuxfoundation — xen common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066. 2014-12-09 4.4 CVE-2014-9065
MLIST
linuxfoundation — xen Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read request, a different vulnerability than CVE-2014-9065. 2014-12-09 4.7 CVE-2014-9066
MLIST
logintoboggan_project — logintoboggan The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page. 2014-12-10 4.3 CVE-2014-9361
logintoboggan_project — logintoboggan Cross-site scripting (XSS) vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-10 4.3 CVE-2014-9364
mantisbt — mantisbt core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php. 2014-12-12 5.8 CVE-2014-6316
CONFIRM
XF
BID
MLIST
MLIST
mantisbt — mantisbt MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0. 2014-12-06 5.0 CVE-2014-9117
CONFIRM
XF
BID
MLIST
MLIST
mantisbt — mantisbt Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary web script or HTML via the “profile/Platform” field. 2014-12-08 4.3 CVE-2014-9270
CONFIRM
XF
BID
MLIST
MLIST
mantisbt — mantisbt The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL. 2014-12-08 5.0 CVE-2014-9279
XF
BID
MLIST
mantisbt — mantisbt Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT before 1.2.18 allows remote attackers to inject arbitrary web script or HTML via the dest_id field. 2014-12-09 4.3 CVE-2014-9281
CONFIRM
XF
BID
MLIST
MLIST
MLIST
meta_tags_quick_project — meta_tags_quick Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. 2014-12-10 5.5 CVE-2014-9363
microsoft — exchange_server Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka “Outlook Web App Token Spoofing Vulnerability.” 2014-12-10 5.0 CVE-2014-6319
microsoft — exchange_server Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “OWA XSS Vulnerability,” a different vulnerability than CVE-2014-6326. 2014-12-10 4.3 CVE-2014-6325
microsoft — exchange_server Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “OWA XSS Vulnerability,” a different vulnerability than CVE-2014-6325. 2014-12-10 4.3 CVE-2014-6326
microsoft — internet_explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka “Internet Explorer XSS Filter Bypass Vulnerability,” a different vulnerability than CVE-2014-6365. 2014-12-10 5.0 CVE-2014-6328
microsoft — windows_7 The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG images, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka “Graphics Component Information Disclosure Vulnerability.” 2014-12-10 5.0 CVE-2014-6355
microsoft — internet_explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka “Internet Explorer XSS Filter Bypass Vulnerability,” a different vulnerability than CVE-2014-6328. 2014-12-10 4.3 CVE-2014-6365
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka “Internet Explorer ASLR Bypass Vulnerability.” 2014-12-10 4.3 CVE-2014-6368
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2014-12-11 6.8 CVE-2014-1587
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2014-12-11 6.8 CVE-2014-1588
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. 2014-12-11 6.8 CVE-2014-1589
CONFIRM
mozilla — firefox The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. 2014-12-11 4.3 CVE-2014-1590
CONFIRM
mozilla — firefox Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect. 2014-12-11 4.3 CVE-2014-1591
CONFIRM
mozilla — firefox Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. 2014-12-11 6.8 CVE-2014-1592
CONFIRM
mozilla — firefox Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. 2014-12-11 6.8 CVE-2014-1593
CONFIRM
mozilla — firefox Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. 2014-12-11 6.8 CVE-2014-1594
CONFIRM
mozilla — firefox The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method. 2014-12-11 4.3 CVE-2014-8631
CONFIRM
mozilla — firefox The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal. 2014-12-11 4.3 CVE-2014-8632
CONFIRM
nginx — nginx nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct “virtual host confusion” attacks. 2014-12-08 4.3 CVE-2014-3616
nlnet_labs — unbound iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. 2014-12-10 4.3 CVE-2014-8602
CERT-VN
MISC
open-emr — openemr Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_number parameter to interface/reports/prescriptions_report.php; (5) payment_id parameter to interface/billing/edit_payment.php; (6) id parameter to interface/forms_admin/forms_admin.php; (7) form_pid or (8) form_encounter parameter to interface/billing/sl_eob_search.php; (9) sortby parameter to interface/logview/logview.php; form_facility parameter to (10) procedure_stats.php, (11) pending_followup.php, or (12) pending_orders.php in interface/orders/; (13) patient, (14) encounterid, (15) formid, or (16) issue parameter to interface/patient_file/deleter.php; (17) search_term parameter to interface/patient_file/encounter/coding_popup.php; (18) text parameter to interface/patient_file/encounter/search_code.php; (19) form_addr1, (20) form_addr2, (21) form_attn, (22) form_country, (23) form_freeb_type, (24) form_partner, (25) form_name, (26) form_zip, (27) form_state, (28) form_city, or (29) form_cms_id parameter to interface/practice/ins_search.php; (30) form_pid parameter to interface/patient_file/problem_encounter.php; (31) patient, (32) form_provider, (33) form_apptstatus, or (34) form_facility parameter to interface/reports/appointments_report.php; (35) db_id parameter to interface/patient_file/summary/demographics_save.php; (36) p parameter to interface/fax/fax_dispatch_newpid.php; or (37) patient_id parameter to interface/patient_file/reminder/patient_reminders.php. 2014-12-08 6.5 CVE-2014-5462
MISC
FULLDISC
MISC
openbsd — openssh The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. 2014-12-06 4.0 CVE-2014-9278
CONFIRM
CONFIRM
XF
BID
MLIST
MLIST
MISC
phpmyadmin — phpmyadmin libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. 2014-12-08 5.0 CVE-2014-9218
CONFIRM
CONFIRM
CONFIRM
XF
CONFIRM
phpmyadmin — phpmyadmin Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. 2014-12-08 4.3 CVE-2014-9219
CONFIRM
XF
powerdns — recursor PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service (“performance degradations”) via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. 2014-12-10 5.0 CVE-2014-8601
CERT-VN
SECTRACK
BID
MISC
ptc — isoview Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value. 2014-12-08 6.8 CVE-2014-9267
MISC
MISC
MISC
BID
python — python The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject’s (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. 2014-12-12 5.8 CVE-2014-9365
CONFIRM
MLIST
CONFIRM
pyyaml — libyaml scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping. 2014-12-08 5.0 CVE-2014-9130
MISC
CONFIRM
XF
BID
MLIST
MLIST
MLIST
SECUNIA
SECUNIA
qemu — qemu Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. 2014-12-08 4.6 CVE-2014-8106
XF
BID
MLIST
SECUNIA
MLIST
CONFIRM
CONFIRM
reality66 — cart66_lite SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php. 2014-12-08 6.5 CVE-2014-9305
EXPLOIT-DB
MISC
MISC
OSVDB
redhat — jboss_enterprise_portal_platform Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file. 2014-12-11 4.3 CVE-2014-7852
robotstats — robotstats Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter to admin/robots.php. 2014-12-08 4.3 CVE-2014-9349
XF
EXPLOIT-DB
MISC
samsung — smartviewer Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. 2014-12-08 6.8 CVE-2014-9265
MISC
BID
scalix — web_access Cross-site scripting (XSS) vulnerability in the mail administration login panel in Scalix Web Access 11.4.6.12377 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-09 4.3 CVE-2014-9352
MISC
BUGTRAQ
FULLDISC
scalix — web_access XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request. 2014-12-10 6.4 CVE-2014-9360
MISC
BUGTRAQ
FULLDISC
subrion — cms Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/. 2014-12-10 4.3 CVE-2014-9120
MISC
CONFIRM
teeworlds — teeworlds engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote attackers to read memory and cause a denial of service (crash) via unspecified vectors. 2014-12-09 6.4 CVE-2014-9351
CONFIRM
CONFIRM
BID
FEDORA
FEDORA
FEDORA
torch_gmbh — graylog2 Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards. 2014-12-08 5.0 CVE-2014-9217
tp-link — tl-wr740n TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a “new” value in the isNew parameter to PingIframeRpm.htm. 2014-12-08 5.0 CVE-2014-9350
XF
MISC
OSVDB
EXPLOIT-DB
MISC
trihedral — vtscada Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation. 2014-12-11 5.0 CVE-2014-9192
ultrapop — i-httpd Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of a directory index page, a different vulnerability than CVE-2014-7263. 2014-12-11 4.3 CVE-2014-7261
ultrapop — i-httpd Cross-site scripting (XSS) vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string. 2014-12-11 4.3 CVE-2014-7262
ultrapop — i-httpd Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than CVE-2014-7261. 2014-12-11 4.3 CVE-2014-7263
JVNDB
JVN
MISC
vmware — vcenter_server_appliance Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-12-08 4.3 CVE-2014-3797
BUGTRAQ
FULLDISC
vmware — vcenter_server_appliance VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate. 2014-12-08 4.3 CVE-2014-8371
BUGTRAQ
FULLDISC
vmware — airwatch AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference. 2014-12-11 4.0 CVE-2014-8372
FULLDISC
x — x_window_system X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request. 2014-12-10 4.3 CVE-2014-8091
CONFIRM
x — x_window_system Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write. 2014-12-10 6.5 CVE-2014-8092
x — x_window_system Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write. 2014-12-10 6.5 CVE-2014-8093
x — xorg-server Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write. 2014-12-10 6.5 CVE-2014-8094
x — x_window_system The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function. 2014-12-10 6.5 CVE-2014-8095
x — x_window_system The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value. 2014-12-10 6.5 CVE-2014-8096
x — x_window_system The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function. 2014-12-10 6.5 CVE-2014-8097
x — x_window_system The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function. 2014-12-10 6.5 CVE-2014-8098
CONFIRM
x — x_window_system The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function. 2014-12-10 6.5 CVE-2014-8099
x — x_window_system The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function. 2014-12-10 6.5 CVE-2014-8100
x — x_window_system The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function. 2014-12-10 6.5 CVE-2014-8101
x — x_window_system The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value. 2014-12-10 6.5 CVE-2014-8102
x — xorg-server X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension. 2014-12-10 6.5 CVE-2014-8103
yourls — yourls Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality. 2014-12-09 4.3 CVE-2014-8488
FULLDISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
chyrp — chyrp Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/default/pages/manage_users.twig in the Users Management feature in the admin component in Chyrp before 2.5.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user.email or (2) user.website field in a user registration. 2014-12-11 3.5 CVE-2014-7264
gnu — binutils Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. 2014-12-09 3.6 CVE-2014-8737
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
FEDORA
FEDORA
FEDORA
hierarchial_select_project — hierarchical_select Multiple cross-site scripting (XSS) vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the (1) taxonomy term title for instances with Save term lineage enabled or (2) entity type fields. 2014-12-08 3.5 CVE-2014-9346
XF
SECUNIA
hp — smart_update_manager Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows local users to obtain sensitive information, and consequently gain privileges, via unknown vectors. 2014-12-10 2.1 CVE-2014-2608
ibm — systems_director Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors. 2014-12-06 2.1 CVE-2014-3099
XF
BID
CONFIRM
AIXAPAR
ibm — websphere_datapower_xc10_appliance_firmware The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response. 2014-12-11 2.1 CVE-2014-6143
XF
AIXAPAR
ibm — websphere_datapower_xc10_appliance_firmware Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-11 3.5 CVE-2014-6163
XF
AIXAPAR
ibm — websphere_portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2014-12-11 3.5 CVE-2014-6215
XF
AIXAPAR
meta_tags_quick_project — meta_tags_quick Cross-site scripting (XSS) vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the “Edit path based meta tags” permission to inject arbitrary web script or HTML via vectors related to deleting a Path-based Metatag. 2014-12-10 3.5 CVE-2014-9362
microsoft — exchange_server Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka “Exchange URL Redirection Vulnerability.” 2014-12-10 3.5 CVE-2014-6336
mozilla — firefox Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. 2014-12-11 2.1 CVE-2014-1595
CONFIRM
MISC
yokogawa — fast/tools XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors. 2014-12-06 3.2 CVE-2014-7251
XF
JVNDB
JVN

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Docker Releases Security Updates

Original release date: December 12, 2014

Docker versions 1.3.3 and 1.4.0 have been released to address multiple security vulnerabilities, one of which could allow a remote attacker to take control of a vulnerable system.

Users and administrators are encouraged to review the Docker Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Certain TLS Implementations Vulnerable to POODLE Attacks

Original release date: December 09, 2014

A new variant of the POODLE attack may affect some TLS implementations on account of an issue similar to one present in SSL 3.0. Successful exploitation may enable actors to derive plaintext from encrypted communications.

US-CERT encourages users and administrators to review TA14-290A for additional information on the POODLE attack and apply any necessary updates to address the vulnerability.


This product is provided subject to this Notification and this Privacy & Use policy.