SB14-314: Vulnerability Summary for the Week of November 3, 2014

Original release date: November 10, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accuenergy — acuvim_ii The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL. 2014-11-05 7.5 CVE-2014-2373
accuenergy — acuvim_ii The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. 2014-11-05 7.5 CVE-2014-2374
asus — rt_firmware ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. 2014-11-04 7.8 CVE-2014-2718
XF
BID
FULLDISC
MISC
MISC
bittorrent — bootstrap-dht The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to “Improper Indexing.” 2014-10-31 7.5 CVE-2014-8509
CONFIRM
MISC
BID
ca — cloud_service_management CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2014-11-04 7.5 CVE-2014-8474
cisco — rv120w The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. 2014-11-07 9.0 CVE-2014-2177
cisco — rv120w Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145. 2014-11-07 7.5 CVE-2014-2178
clip-share — clipshare SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter. 2014-11-04 7.5 CVE-2014-8339
XF
MISC
MISC
compal_broadband_networks — firmware The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors. 2014-11-06 10.0 CVE-2014-8656
MISC
EXPLOIT-DB
MISC
OSVDB
cp_multi_view_event_calendar_project — cp_multi_view_event_calendar SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. 2014-11-04 7.5 CVE-2014-8586
XF
BID
EXPLOIT-DB
MISC
OSVDB
debian — apt APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. 2014-11-03 7.5 CVE-2014-0487
SECUNIA
SECUNIA
debian — apt APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. 2014-11-03 7.5 CVE-2014-0489
SECUNIA
SECUNIA
debian — apt The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. 2014-11-03 7.5 CVE-2014-0490
SECUNIA
SECUNIA
emc — rsa_web_threat_detection SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2014-11-07 9.0 CVE-2014-4627
BUGTRAQ
espocrm — espocrm Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php. 2014-10-31 10.0 CVE-2014-7985
MISC
BID
BUGTRAQ
MISC
ffmpeg — ffmpeg Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. 2014-11-03 7.5 CVE-2014-5271
CONFIRM
OSVDB
CONFIRM
ffmpeg — ffmpeg libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data. 2014-11-05 7.5 CVE-2014-8541
CONFIRM
CONFIRM
ffmpeg — ffmpeg libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. 2014-11-05 7.5 CVE-2014-8542
CONFIRM
CONFIRM
ffmpeg — ffmpeg libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data. 2014-11-05 7.5 CVE-2014-8543
CONFIRM
CONFIRM
ffmpeg — ffmpeg libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. 2014-11-05 7.5 CVE-2014-8544
CONFIRM
CONFIRM
ffmpeg — ffmpeg libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data. 2014-11-05 7.5 CVE-2014-8545
CONFIRM
CONFIRM
ffmpeg — ffmpeg Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data. 2014-11-05 7.5 CVE-2014-8546
CONFIRM
CONFIRM
ffmpeg — ffmpeg libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data. 2014-11-05 7.5 CVE-2014-8547
CONFIRM
CONFIRM
ffmpeg — ffmpeg Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. 2014-11-05 7.5 CVE-2014-8548
CONFIRM
CONFIRM
ffmpeg — ffmpeg libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data. 2014-11-05 7.5 CVE-2014-8549
CONFIRM
CONFIRM
fortinet — coyote_point_equalizer FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors. 2014-11-01 7.5 CVE-2014-8582
XF
CONFIRM
freeradius — freeradius Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. 2014-11-01 7.5 CVE-2014-2015
CONFIRM
UBUNTU
MLIST
MLIST
MLIST
french_national_commission_on_informatics_and_liberty — cookieviz SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter. 2014-11-06 7.5 CVE-2014-8351
XF
FULLDISC
hp — laserjet_cm3530_multifunction_printer_firmware Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. 2014-11-04 9.0 CVE-2014-7875
joomla — joomla! Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive. 2014-11-03 7.5 CVE-2014-7228
MISC
linksys — e4200v2 Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request. 2014-11-01 7.5 CVE-2014-8244
pro_softnet_corporation — ibackup iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file. 2014-11-03 7.2 CVE-2014-5507
XF
BID
EXPLOIT-DB
MISC
qemu — qemu Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. 2014-11-04 7.5 CVE-2013-4148
FEDORA
CONFIRM
qemu — qemu Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. 2014-11-04 7.5 CVE-2013-4149
FEDORA
CONFIRM
qemu — qemu The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write. 2014-11-04 7.5 CVE-2013-4150
FEDORA
CONFIRM
qemu — qemu The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. 2014-11-04 7.5 CVE-2013-4151
FEDORA
CONFIRM
qemu — qemu Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. 2014-11-04 7.5 CVE-2013-4526
MLIST
FEDORA
CONFIRM
qemu — qemu Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. 2014-11-04 7.5 CVE-2013-4527
MLIST
FEDORA
CONFIRM
qemu — qemu Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. 2014-11-04 7.5 CVE-2013-4529
MLIST
FEDORA
qemu — qemu Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. 2014-11-04 7.5 CVE-2013-4530
MLIST
FEDORA
CONFIRM
qemu — qemu Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. 2014-11-04 7.5 CVE-2013-4531
MLIST
FEDORA
CONFIRM
qemu — qemu Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. 2014-11-04 7.5 CVE-2013-4533
MLIST
FEDORA
CONFIRM
qemu — qemu Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. 2014-11-04 7.5 CVE-2013-4534
MLIST
FEDORA
CONFIRM
qemu — qemu The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. 2014-11-04 7.5 CVE-2013-4537
MLIST
FEDORA
CONFIRM
qemu — qemu Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. 2014-11-04 7.5 CVE-2013-4538
MLIST
FEDORA
CONFIRM
qemu — qemu Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. 2014-11-04 7.5 CVE-2013-4539
MLIST
FEDORA
CONFIRM
qemu — qemu Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. 2014-11-04 7.5 CVE-2013-4540
MLIST
FEDORA
CONFIRM
qemu — qemu The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. 2014-11-04 7.5 CVE-2013-4541
FEDORA
CONFIRM
qemu — qemu The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. 2014-11-04 7.5 CVE-2013-4542
FEDORA
CONFIRM
qemu — qemu Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. 2014-11-04 7.5 CVE-2013-6399
FEDORA
CONFIRM
qemu — qemu Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. 2014-11-04 7.5 CVE-2014-0182
FEDORA
CONFIRM
qemu — qemu Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. 2014-11-04 7.5 CVE-2014-0222
MLIST
FEDORA
FEDORA
rsyslog — rsyslog rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. 2014-11-01 7.5 CVE-2014-3634
MLIST
DEBIAN
SECUNIA
SECUNIA
sap — commoncryptolib SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. 2014-11-04 7.5 CVE-2014-8587
CONFIRM
CONFIRM
SECUNIA
MISC
sap — hana SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-11-04 7.5 CVE-2014-8588
MISC
MISC
MISC
sap — document_management_services SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. 2014-11-06 7.2 CVE-2014-8660
MISC
MISC
MISC
sap — customer_relationship_management_internet_sales The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. 2014-11-06 10.0 CVE-2014-8661
MISC
MISC
sap — payroll_process Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. 2014-11-06 7.8 CVE-2014-8662
MISC
MISC
sap — netweaver_business_warehouse SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-11-06 7.5 CVE-2014-8663
MISC
MISC
sap — environment_health_and_safety SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-11-06 7.5 CVE-2014-8664
MISC
MISC
sap — contract_accounting SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2014-11-06 7.5 CVE-2014-8668
MISC
MISC
sap — customer_relationship_management The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. 2014-11-06 10.0 CVE-2014-8669
MISC
MISC
MISC
smarty — smarty Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by “{literal}<{/literal}script language=php>” in a template. 2014-11-03 7.5 CVE-2014-8350
CONFIRM
CONFIRM
XF
BID
MLIST
MLIST
symantec — endpoint_protection_manager The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2014-11-07 7.5 CVE-2014-3437
BID
testlink — testlink lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter. 2014-10-31 7.5 CVE-2014-8081
CONFIRM
XF
BID
BUGTRAQ

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — robotstudio Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.61.02 and Test Signal Viewer 1.5 allows local users to gain privileges via a Trojan horse DLL that is accessed as a result of incorrect DLL configuration by an optional installation program. 2014-11-07 6.9 CVE-2014-5430
MISC
ait-pro — bulletproof-security Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter. 2014-11-06 4.3 CVE-2014-7958
BUGTRAQ
MISC
ait-pro — bulletproof-security SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter. 2014-11-06 6.5 CVE-2014-7959
BUGTRAQ
MISC
allomani — allomani_weblinks Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php. 2014-11-04 4.3 CVE-2014-8593
XF
BID
MISC
axway — securetransport Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/. 2014-11-04 6.8 CVE-2013-7057
XF
EXPLOIT-DB
OSVDB
bundler — bundler Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. 2014-10-31 5.0 CVE-2013-0334
FEDORA
FEDORA
FEDORA
ca — cloud_service_management CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors. 2014-11-04 4.3 CVE-2014-8471
ca — cloud_service_management CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. 2014-11-04 6.8 CVE-2014-8472
ca — cloud_service_management Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2014-11-04 6.8 CVE-2014-8473
cisco — rv120w The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998. 2014-11-07 5.0 CVE-2014-2179
cisco — unity_connection The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493. 2014-11-07 4.0 CVE-2014-7988
cisco — b200_m3 Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176. 2014-11-07 6.8 CVE-2014-7989
cisco — air-ct5760 Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the “request system shell” challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. 2014-11-07 6.8 CVE-2014-7990
citrix — xenmobile Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache. 2014-10-31 5.0 CVE-2014-8495
XF
BID
classapps — selectsurvey.net Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx. 2014-11-06 6.5 CVE-2014-6030
FULLDISC
MISC
compal_broadband_networks — firmware Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie. 2014-11-06 4.3 CVE-2014-8653
XF
MISC
BID
EXPLOIT-DB
MISC
OSVDB
compal_broadband_networks — firmware Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html. 2014-11-06 6.8 CVE-2014-8654
XF
MISC
BID
EXPLOIT-DB
MISC
OSVDB
OSVDB
OSVDB
OSVDB
compal_broadband_networks — firmware The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml. 2014-11-06 5.0 CVE-2014-8655
XF
BID
EXPLOIT-DB
MISC
OSVDB
compal_broadband_networks — firmware The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html. 2014-11-06 5.0 CVE-2014-8657
XF
MISC
EXPLOIT-DB
MISC
OSVDB
croogo — croogo Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page. 2014-10-31 4.3 CVE-2014-8577
MISC
XF
OSVDB
OSVDB
OSVDB
OSVDB
EXPLOIT-DB
MISC
debian — apt APT before 1.0.9 does not “invalidate repository data” when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. 2014-11-03 6.8 CVE-2014-0488
SECUNIA
SECUNIA
denon — avr-3313ci Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname. 2014-11-06 4.3 CVE-2014-8508
MISC
download_manager_project — download_manager Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php. 2014-11-04 5.0 CVE-2014-8585
XF
BID
MISC
ellislab — expressionengine Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php. 2014-11-04 6.5 CVE-2014-5387
MISC
MISC
FULLDISC
enalean — tuleap SQL injection vulnerability in Enalean Tuleap before 7.5 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. 2014-11-04 6.5 CVE-2014-7176
MISC
XF
BID
EXPLOIT-DB
FULLDISC
MISC
enalean — tuleap XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/. 2014-10-31 4.0 CVE-2014-7177
MISC
CONFIRM
XF
BID
OSVDB
FULLDISC
epicor — epicor_enterprise Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection and email settings page. 2014-11-03 5.0 CVE-2014-4311
EXPLOIT-DB
FULLDISC
MISC
espocrm — espocrm install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter. 2014-10-31 5.0 CVE-2014-7986
MISC
BID
BUGTRAQ
MISC
espocrm — espocrm Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php. 2014-10-31 4.3 CVE-2014-7987
MISC
BID
BUGTRAQ
MISC
estsoft — alupdate ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file. 2014-11-03 4.6 CVE-2014-8494
XF
BID
MISC
f5 — big-ip_advanced_firewall_manager Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements. 2014-11-01 5.5 CVE-2014-6032
MISC
MISC
FULLDISC
FULLDISC
FULLDISC
ffmpeg — ffmpeg libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats. 2014-11-03 6.8 CVE-2014-5272
CONFIRM
MLIST
formalms_project — formalms Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php. 2014-11-06 4.3 CVE-2014-5257
MISC
BUGTRAQ
MISC
fortinet — fortianalyzer_firmware Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. 2014-10-31 4.3 CVE-2014-2334
fortinet — fortianalyzer_firmware Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. 2014-10-31 4.3 CVE-2014-2335
fortinet — fortimanager Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. 2014-10-31 4.3 CVE-2014-2336
french_national_commission_on_informatics_and_liberty — cookieviz Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via the max_date parameter. 2014-11-06 4.3 CVE-2014-8352
XF
FULLDISC
gwt_mobile_phonegap_showcase_project — gwt_mobile_phonegap_showcase Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field. 2014-11-07 4.3 CVE-2014-8671
MISC
MISC
ibm — websphere_commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2014-11-05 4.0 CVE-2014-4769
XF
ibm — cognos_mobile IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff. 2014-11-05 4.3 CVE-2014-4810
XF
ibm — websphere_commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. 2014-11-05 4.3 CVE-2014-4834
XF
ibm — notes_traveler The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS. 2014-11-04 5.0 CVE-2014-6130
XF
katello — katello Katello allows remote attackers to cause a denial foser service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method. 2014-11-03 5.0 CVE-2014-3712
MISC
XF
BID
MLIST
meinberg — lantime_m100 Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-11-05 4.3 CVE-2014-5417
modx — modx_revolution Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the “a” parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression. 2014-11-06 4.3 CVE-2014-5451
MISC
CONFIRM
BID
BUGTRAQ
MISC
nordex — nordex_control_2_scada Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. 2014-11-05 4.3 CVE-2014-5408
openstack — keystone OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID. 2014-11-03 6.5 CVE-2014-0204
CONFIRM
CONFIRM
openstack — horizon Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template. 2014-10-31 4.3 CVE-2014-3473
CONFIRM
BID
openstack — horizon Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578. 2014-10-31 4.3 CVE-2014-3475
CONFIRM
BID
openstack — compute OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. 2014-10-31 4.0 CVE-2014-3708
CONFIRM
openstack — compute The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. 2014-10-31 4.0 CVE-2014-8333
CONFIRM
SECUNIA
openstack — horizon Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475. 2014-10-31 4.3 CVE-2014-8578
CONFIRM
BID
php — php The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. 2014-11-05 5.0 CVE-2014-3710
CONFIRM
CONFIRM
CONFIRM
plone — plone The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. 2014-11-03 4.3 CVE-2012-5500
CONFIRM
MLIST
REDHAT
plone — plone The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope. 2014-11-03 5.0 CVE-2012-5508
CONFIRM
CONFIRM
CONFIRM
MLIST
plone — plone Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2). 2014-11-03 5.0 CVE-2012-6661
CONFIRM
CONFIRM
CONFIRM
MLIST
qemu — qemu Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. 2014-11-04 4.6 CVE-2014-0223
MLIST
FEDORA
qemu — qemu hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to “USB post load checks.” 2014-11-04 6.8 CVE-2014-3461
REDHAT
REDHAT
FEDORA
MLIST
quassel-irc — quassel_irc The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. 2014-11-06 5.0 CVE-2014-8483
DEBIAN
SECUNIA
SECUNIA
redhat — freeipa The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server. 2014-11-03 5.0 CVE-2013-0336
CONFIRM
XF
BID
SECUNIA
redhat — network_satellite Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do. 2014-11-03 4.3 CVE-2014-3654
refinedwiki — refinedwiki_original_theme Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.action. 2014-11-06 4.0 CVE-2014-8658
MISC
XF
BID
BUGTRAQ
FULLDISC
MISC
rewardingyourself — rewardingyourself Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code. 2014-11-07 4.3 CVE-2014-8672
MISC
MISC
rsyslog — rsyslog Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634. 2014-11-01 5.0 CVE-2014-3683
MLIST
SECUNIA
ruby-lang — ruby The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. 2014-11-03 5.0 CVE-2014-8080
SECUNIA
sap — netweaver The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. 2014-11-06 5.0 CVE-2014-0995
CONFIRM
XF
BUGTRAQ
MISC
FULLDISC
MISC
MISC
sap — network_interface_router Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. 2014-11-04 5.0 CVE-2014-8589
CONFIRM
CONFIRM
MISC
MISC
sap — netweaver_java_application_server XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. 2014-11-04 4.3 CVE-2014-8590
MISC
MISC
MISC
sap — netweaver Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. 2014-11-04 5.0 CVE-2014-8591
CONFIRM
CONFIRM
MISC
MISC
sap — netweaver Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. 2014-11-04 5.0 CVE-2014-8592
CONFIRM
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
sap — environment_health_and_safety Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. 2014-11-06 5.0 CVE-2014-8659
MISC
MISC
MISC
sap — business_intelligence_development_workbench The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. 2014-11-06 5.0 CVE-2014-8665
MISC
MISC
sap — business_intelligence_development_workbench The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. 2014-11-06 5.0 CVE-2014-8666
MISC
MISC
sap — hana_web-based_development_workbench Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-11-06 4.3 CVE-2014-8667
MISC
MISC
symantec — endpoint_protection_manager Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-11-07 4.3 CVE-2014-3438
CONFIRM
BID
symantec — endpoint_protection_manager ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors. 2014-11-07 6.1 CVE-2014-3439
CONFIRM
BID
testlink — testlink lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message. 2014-10-31 5.0 CVE-2014-8082
CONFIRM
XF
BID
vbulletin — vbulletin Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. 2014-11-06 5.8 CVE-2014-8670
BID
MISC
web_dorado_spider_video_player_project — web_dorado_spider_video_player Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-11-04 4.3 CVE-2014-8584
webedition — webedition_cms Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. 2014-11-06 4.0 CVE-2014-5258
MISC
BUGTRAQ
MISC
wordfence_security_project — wordfence_security Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the WordfenceWhois page to wp-admin/admin.php. 2014-11-06 4.3 CVE-2014-4664
MISC
wp-dbmanager_project — wp-dbmanager The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup[‘filepath’] (aka “Path to Backup:” field) or (2) $backup[‘mysqldumppath’] variable. 2014-10-31 6.5 CVE-2014-8334
XF
MISC
BID
BUGTRAQ
MLIST
MLIST
FULLDISC
MISC
OSVDB
xmlsoft — libxml2 parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the “billion laughs” attack. 2014-11-04 5.0 CVE-2014-3660
MISC
CONFIRM
MISC
BID
DEBIAN
REDHAT
SUSE

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
compfight_project — compfight Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter. 2014-11-05 3.5 CVE-2014-8622
MISC
eset — personal_firewall_ndis_filter The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory via crafted IOCTL calls. 2014-11-04 2.1 CVE-2014-4974
MISC
XF
BID
FULLDISC
MISC
linksys — e4200v2 Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator’s MD5 password hash via a direct request for the /.htpasswd URI. 2014-11-01 3.3 CVE-2014-8243
openstack — horizon Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. 2014-10-31 3.5 CVE-2014-3474
CONFIRM
BID
phpmyadmin — phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page. 2014-11-05 3.5 CVE-2014-8326
CONFIRM
CONFIRM
qemu — qemu The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. 2014-11-01 2.1 CVE-2014-3615
REDHAT
REDHAT
CONFIRM
CONFIRM
shim_project — shim The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors. 2014-10-31 2.1 CVE-2014-8399
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply