Original release date: January 05, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ajaxplorer — ajaxplorer | Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation. | 2014-12-27 | 7.5 | CVE-2013-6227 MISC |
cray — cray_linux_environment | apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912. | 2014-12-26 | 7.2 | CVE-2014-0748 MISC |
easewe_software — easewe_ftp_ocx_activex_control | The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method. | 2014-12-31 | 7.5 | CVE-2011-5292 MISC |
exponentcms — exponent_cms | Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | 2014-12-29 | 7.5 | CVE-2013-3295 MISC |
facebook — hiphop_virtual_machine | CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a n (newline) character before the end of a string. | 2014-12-28 | 7.5 | CVE-2014-2208 CONFIRM |
facebook — hiphop_virtual_machine | Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function. | 2014-12-28 | 7.5 | CVE-2014-6228 CONFIRM |
gogago — gogago_youtube_video_converter | Buffer overflow in the Download method in a certain ActiveX control in MDIEEx.dll in Gogago YouTube Video Converter 1.1.6 allows remote attackers to execute arbitrary code via a long argument. | 2015-01-01 | 9.3 | CVE-2011-5295 MISC |
ipswitch — tftp_server | Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation. | 2014-12-27 | 7.8 | CVE-2011-4722 XF OSVDB EXPLOIT-DB SECTRACK SECUNIA MISC |
minibb — minibb | bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php. | 2014-12-31 | 7.5 | CVE-2014-9254 MISC SECUNIA |
nakahira — cdnvote | Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter. | 2015-01-01 | 7.5 | CVE-2011-5308 MISC CONFIRM CONFIRM |
openbsd — libressl | Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake. | 2014-12-28 | 7.5 | CVE-2014-9424 CONFIRM MISC |
php — php | Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2014-12-30 | 7.5 | CVE-2014-9425 MLIST CONFIRM CONFIRM CONFIRM |
php — php | The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. | 2014-12-30 | 7.5 | CVE-2014-9426 CONFIRM CONFIRM |
redaxscript — redaxscript | Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. | 2015-01-01 | 7.5 | CVE-2011-5313 MISC |
redmine — redmine_git_hosting_plugin | git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. | 2014-12-27 | 7.5 | CVE-2013-4663 MISC |
schneider_electric — proclima | Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers. | 2014-12-27 | 10.0 | CVE-2014-8511 CONFIRM |
schneider_electric — proclima | Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers. | 2014-12-27 | 7.5 | CVE-2014-8512 |
schneider_electric — proclima | Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. | 2014-12-27 | 7.5 | CVE-2014-8513 |
schneider_electric — proclima | Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. | 2014-12-27 | 7.5 | CVE-2014-8514 |
schneider_electric — proclima | Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. | 2014-12-27 | 9.0 | CVE-2014-9188 |
social_slider_project — social_slider | SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter. | 2014-12-31 | 7.5 | CVE-2011-5286 MISC |
softaculous — webuzo | index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. | 2014-12-27 | 7.5 | CVE-2013-6041 MISC |
soundexchange — soundexchange | Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. | 2014-12-31 | 7.5 | CVE-2014-8145 BID MISC |
threediffy — threedify_designer | The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allows remote attackers to write to arbitrary files via a pathname in the argument. | 2014-12-31 | 9.3 | CVE-2011-5293 MISC |
threedify — threedify_designer | Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allow remote attackers to execute arbitrary code via a long argument to the (1) cmdExport, (2) cmdImport, (3) cmdOpen, or (4) cmdSave method. | 2014-12-31 | 9.3 | CVE-2011-5288 MISC |
umbraco — umbraco_cms | The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request. | 2014-12-27 | 7.5 | CVE-2013-4793 MISC |
videolan — vlc_media_player | Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder. | 2014-12-26 | 7.5 | CVE-2010-1441 MLIST |
videolan — vlc_media_player | VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer. | 2014-12-26 | 7.5 | CVE-2010-1442 MLIST |
videolan — vlc_media_player | The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive. | 2014-12-26 | 7.5 | CVE-2010-1444 MLIST CONFIRM |
videolan — vlc_media_player | Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session. | 2014-12-26 | 7.5 | CVE-2010-1445 MLIST |
videolan — vlc_media_player | Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header. | 2014-12-26 | 7.5 | CVE-2010-2062 MISC FULLDISC MLIST CONFIRM |
videolan — vlc_media_player | Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c. | 2014-12-26 | 7.5 | CVE-2011-3623 CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
videowhisper — videowhisper_live_streaming_integration | Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. | 2014-12-29 | 10.0 | CVE-2014-1905 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
amcharts — flash | Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf; the message element in the chart_data parameter to (3) amcolumn.swf, (4) amline.swf, (5) amradar.swf, or (6) amxy.sw; or (7) the settings_file parameter to amstock.swf. | 2014-12-27 | 4.3 | CVE-2012-1303 MISC |
ammap_project — ammap | Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf. | 2014-12-27 | 4.3 | CVE-2012-1302 MISC |
apache — http_server | mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. | 2014-12-29 | 4.3 | CVE-2014-8109 CONFIRM CONFIRM CONFIRM MLIST |
ashampoo_gmbh_&_co. — ashampoo_3d_cad_professional_3 | The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in CyViewer.ocx in Ashampoo 3D CAD Professional 3.x before 3.0.2 allows remote attackers to write to arbitrary files via a pathname in the first argument. | 2014-12-31 | 6.4 | CVE-2011-5291 MISC |
bugfree — bugfree | Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the ActionType parameter to Bug.php, the ReportMode parameter to (2) Report.php or (3) ReportLeft.php, or the PATH_INFO to (4) AdminProjectList.php, (5) AdminGroupList.php, or (6) AdminUserLogList.php. | 2014-12-31 | 4.3 | CVE-2011-5285 MISC |
cambio_project — cambio | Cross-site request forgery (CSRF) vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action. | 2015-01-01 | 6.8 | CVE-2011-5316 MISC |
cherry-design — wikipad | Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 2015-01-01 | 4.3 | CVE-2011-5309 MISC |
cherry-design — wikipad | Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | 2015-01-01 | 5.0 | CVE-2011-5310 MISC |
cherry-design — wikipad | Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] parameter. | 2015-01-01 | 6.8 | CVE-2011-5311 MISC |
clausmuus — spitfire | Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 allows remote attackers to inject arbitrary web script or HTML via a cms_username cookie. | 2015-01-01 | 4.3 | CVE-2011-5303 MISC |
db_backup_project — db_backup | Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | 2014-12-31 | 5.0 | CVE-2014-9119 MISC XF MLIST |
dflabs — ptk | Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout. | 2014-12-27 | 6.8 | CVE-2012-1415 EXPLOIT-DB |
diafan — diafan.cms | Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/. | 2015-01-01 | 6.8 | CVE-2011-5318 MISC |
diego_uscanga — atube_catcher | The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows remote attackers to write to arbitrary files via a pathname in the argument. | 2014-12-31 | 6.4 | CVE-2011-5289 MISC |
doorkeeper_project — doorkeeper | Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors. | 2014-12-31 | 6.8 | CVE-2014-8144 CONFIRM XF MLIST |
emc — rsa_bsafe | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server’s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a “triple handshake attack.” | 2014-12-30 | 4.3 | CVE-2014-4630 MISC BUGTRAQ |
emc — appsync | Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | 2014-12-30 | 4.6 | CVE-2014-4634 BUGTRAQ |
eucalyptus — eucalyptus | The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic amplification) via spoofed DNS queries. | 2014-12-26 | 4.3 | CVE-2013-4769 |
facebook — hiphop_virtual_machine | Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory. | 2014-12-28 | 5.0 | CVE-2014-2209 CONFIRM |
facebook — hiphop_virtual_machine | The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector. | 2014-12-28 | 5.0 | CVE-2014-5386 CONFIRM |
facebook — hiphop_virtual_machine | The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses ” for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal ” character. | 2014-12-28 | 5.0 | CVE-2014-6229 CONFIRM |
gollos — gollos | Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to (1) register.aspx, (2) publication/info.aspx, or (3) user/add.aspx, or (4) the q parameter to product/list.aspx. | 2015-01-01 | 4.3 | CVE-2011-5312 MISC |
gslideshow_project — gslideshow | Multiple cross-site request forgery (CSRF) vulnerabilities in the gSlideShow plugin 0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) rss, (2) display_time or (3) transistion_time parameter in the gslideshow.php page to wp-admin/options-general.php. | 2014-12-31 | 6.8 | CVE-2014-9391 MISC |
hesk — hesk | Multiple cross-site scripting (XSS) vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the hesklang[attempt] parameter to (3) inc/assignment_search.inc.php, (4) inc/attachments.inc.php, (5) inc/common.inc.php, (6) inc/database.inc.php, (7) inc/prepare_ticket_search.inc.php, (8) inc/print_tickets.inc.php, (9) inc/show_admin_nav.inc.php, (10) inc/show_search_form.inc.php, or (11) inc/ticket_list.inc.php; or (12) the PATH_INFO to language/en/text.php. | 2014-12-31 | 4.3 | CVE-2011-5287 MISC |
hillstone_software — hs_tftp_server | Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation. | 2014-12-27 | 5.0 | CVE-2011-4720 MISC |
ibm — security_identity_manager | Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 2014-12-28 | 6.0 | CVE-2014-6168 XF |
idrive_inc — idrive_online_backup | The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control in UniBasic100_EDA1811C.ocx in IDrive Online Backup 3.4.0 allows remote attackers to write to arbitrary files via a pathname in the first argument. | 2014-12-31 | 6.4 | CVE-2011-5290 MISC |
jce-tech — video_niche_script | Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE-Tech PHP Video Script (aka Video Niche Script) 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) video or (2) title parameter. | 2014-12-31 | 4.3 | CVE-2014-8752 BID MISC FULLDISC |
kofax — kofax_e-transactions_sender_sendbox | The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kofax e-Transactions Sender Sendbox 2.5.0.933 allows remote attackers to write to arbitrary files via a pathname in the first argument. | 2015-01-01 | 6.4 | CVE-2011-5294 MISC |
kubelabs — phpdug | Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the story_url parameter to add_story.php, (2) the email parameter to editprofile.php, (3) the title parameter to adm/content_add.php, or (4) the username parameter to adm/admin_edit.php. | 2015-01-01 | 4.3 | CVE-2011-5301 MISC |
kubelabs — phpdug | Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote attackers to hijack the authentication of administrators for requests that modify credentials. | 2015-01-01 | 6.8 | CVE-2011-5302 MISC |
libssh — libssh | Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. | 2014-12-28 | 5.0 | CVE-2014-8132 CONFIRM |
nginx — nginx | The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a “plaintext command injection” attack, a similar issue to CVE-2011-0411. | 2014-12-29 | 4.3 | CVE-2014-3556 CONFIRM CONFIRM |
open-xchange — open-xchange_appsuite | The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315. | 2014-12-27 | 4.0 | CVE-2013-6241 CONFIRM BUGTRAQ |
photosmash_project — photosmash | Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 2015-01-01 | 4.3 | CVE-2011-5307 MISC |
phpthumb_project — phpthumb | The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter. | 2014-12-27 | 4.3 | CVE-2013-6919 CONFIRM MISC |
pictobrowser_project — pictobrowser | Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (pictobrowser-gallery) plugin 0.3.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the pictoBrowserFlickrUser parameter in the options-page.php page to wp-admin/options-general.php. | 2014-12-31 | 6.8 | CVE-2014-9392 MISC |
plogger — plogger | Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions. | 2014-12-29 | 5.0 | CVE-2014-2224 MISC |
pommo — pommo-ardvark | Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter to admin/setup/config/general.php, (3) the group_name parameter to admin/subscribers/subscribers_groups.php, or (4) the field_name parameter to admin/setup/setup_fields.php. | 2015-01-01 | 4.3 | CVE-2011-5299 MISC |
pommo — pommo-ardvark | Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin_ parameters. | 2015-01-01 | 6.8 | CVE-2011-5300 MISC |
post_to_twitter_project — post_to_twitter | Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) idptt_twitter_username or (2) idptt_tweet_prefix parameter to wp-admin/options-general.php. | 2014-12-31 | 6.8 | CVE-2014-9393 MISC |
pwgrandom_project — pwgrandom | Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrandom_title or (2) pwgrandom_category parameter in the pwgrandom page to wp-admin/options-general.php. | 2014-12-31 | 6.8 | CVE-2014-9394 MISC |
redaxscript — redaxscript | templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | 2015-01-01 | 5.0 | CVE-2011-5314 MISC |
s9y — serendipity | Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php. | 2014-12-31 | 4.3 | CVE-2014-9432 CONFIRM BUGTRAQ MISC FULLDISC |
sensiolabs — symfony | The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750. | 2014-12-27 | 5.0 | CVE-2013-5958 |
simpleflickr_project — simpleflickr | Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simpleflickr_width, (2) simpleflickr_bgcolor, or (3) simpleflickr_xmldatapath parameter in the simpleFlickr.php page to wp-admin/options-general.php. | 2014-12-31 | 6.8 | CVE-2014-9396 MISC |
simplelife_project — simplelife | Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php. | 2014-12-31 | 6.8 | CVE-2014-9395 MISC |
smoothwall — smoothwall | Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action. | 2014-12-31 | 4.3 | CVE-2011-5283 EXPLOIT-DB MISC OSVDB |
smoothwall — smoothwall | Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi. | 2014-12-31 | 6.8 | CVE-2011-5284 EXPLOIT-DB MISC OSVDB |
smoothwall — smoothwall | Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi. | 2014-12-31 | 4.3 | CVE-2014-9429 MISC |
smoothwall — smoothwall | Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action. | 2014-12-31 | 4.3 | CVE-2014-9430 MISC |
smoothwall — smoothwall | Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi. | 2014-12-31 | 6.8 | CVE-2014-9431 MISC |
sodahead — sodahead_polls | Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) the poll_id parameter to customizer.php or (2) the customize parameter to poll.php. | 2015-01-01 | 4.3 | CVE-2011-5304 MISC MISC |
softaculous — webuzo | The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests. | 2014-12-27 | 5.0 | CVE-2013-6043 MISC CONFIRM |
syndeocms — syndeocms | Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action. | 2014-12-27 | 6.8 | CVE-2012-1203 EXPLOIT-DB |
tribal — tribiq_cms | The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3) cmsincludes/cms_plugin_api_link.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | 2014-12-29 | 4.3 | CVE-2011-2727 MISC |
ttfreeware — tigertoms_chat_room | Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter to default.php or (2) the username parameter to chat_form.php. | 2015-01-01 | 4.3 | CVE-2011-5297 MISC |
tuttophp — happy_chat | Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. | 2015-01-01 | 4.3 | CVE-2011-5296 MISC |
tweetscribe_project — tweetscribe | Cross-site request forgery (CSRF) vulnerability in the TweetScribe plugin 1.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the tweetscribe_username parameter in a save action in the tweetscribe.php page to wp-admin/options-general.php. | 2014-12-31 | 6.8 | CVE-2014-9399 MISC |
twiki — twiki | Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences. | 2014-12-31 | 4.3 | CVE-2014-9325 SECTRACK FULLDISC MISC |
twiki — twiki | Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a “‘” (single quote) in the scope parameter to do/view/TWiki/WebSearch. | 2014-12-31 | 4.3 | CVE-2014-9367 SECTRACK FULLDISC MISC |
twimp-wp_project — twimp-wp | Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the message_format parameter in the twimp-wp.php page to wp-admin/options-general.php. | 2014-12-31 | 6.8 | CVE-2014-9397 MISC |
twitter_liveblog_project — twitter_liveblog | Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the mashtlb_twitter_username parameter in the twitter-liveblog.php page to wp-admin/options-general.php. | 2014-12-31 | 6.8 | CVE-2014-9398 MISC |
videolan — vlc_media_player | The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document. | 2014-12-26 | 5.0 | CVE-2010-1443 MLIST CONFIRM |
videowhisper — videowhisper_live_streaming_integration | The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | 2014-12-29 | 5.0 | CVE-2014-1908 MISC |
viralheat — argyle_social | Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that (1) modify credentials via the role parameter to users/create/, (2) modify rules via the terms field in stream_filter_rule JSON data to settings-ajax/stream_filter_rules/create, or (3) modify efforts via the title field in effort JSON data to publish-ajax/efforts/create. | 2015-01-01 | 6.8 | CVE-2011-5298 MISC |
whcms_project — whcms | Cross-site request forgery (CSRF) vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action. | 2015-01-01 | 6.8 | CVE-2011-5315 MISC |
wondercms — wondercms | Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter. | 2015-01-01 | 4.3 | CVE-2011-5317 MISC |
wp_limit_posts_automatically_project — wp_limit_posts_automatically | Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the lpa_post_letters parameter in the wp-limit-posts-automatically.php page to wp-admin/options-general.php. | 2014-12-31 | 6.8 | CVE-2014-9401 MISC |
wp_unique_article_header_image_project — wp_unique_article_header_image | Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp Unique Article Header Image plugin 1.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) gt_default_header or (2) gt_homepage_header parameter in the wp-unique-header.php page to wp-admin/options-general.php. | 2014-12-31 | 6.8 | CVE-2014-9400 MISC |
zaunz_gmbh — cosmoshop | Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via (1) the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, (2) the typ parameter to cgi-bin/admin/artikeladmin.cgi, or (3) the suchbegriff parameter to cgi-bin/admin/shophilfe_suche.cgi. | 2015-01-01 | 4.3 | CVE-2011-5305 MISC |
zaunz_gmbh — cosmoshop | Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action. | 2015-01-01 | 6.8 | CVE-2011-5306 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
avast! — avast!_internet_security | Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \.aswFW. | 2014-12-27 | 2.1 | CVE-2010-5075 MISC MISC MISC BID |
claroline — claroline | Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the “First name” field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php. | 2014-12-26 | 3.5 | CVE-2013-4753 MISC |
contenido — contendio | Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter. | 2014-12-31 | 2.6 | CVE-2014-9433 BUGTRAQ MISC SECUNIA FULLDISC |
ibm — rational_appscan_source | IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. | 2014-12-28 | 2.1 | CVE-2014-6123 XF |
ibm — websphere_service_registry_and_repository | IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | 2014-12-28 | 2.1 | CVE-2014-6160 XF AIXAPAR |
owl — intranet_knowledgebase | Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php. | 2014-12-26 | 3.5 | CVE-2013-4754 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.