SB15-012: Vulnerability Summary for the Week of January 5, 2015

Original release date: January 12, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ajax_post_search_project — ajax_post_search SQL injection vulnerability in the “the_search_function” function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a “the_search_text” action to wp-admin/admin-ajax.php. 2015-01-07 7.5 CVE-2012-5853
CONFIRM
BUGTRAQ
asus — wrt_firmware common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change. 2015-01-08 10.0 CVE-2014-9583
MISC
EXPLOIT-DB
MISC
basic-cms — sweetrice Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action. 2015-01-03 7.5 CVE-2010-5317
MISC
cts_projects&software — classad SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. 2015-01-02 7.5 CVE-2014-9455
MISC
debian — mime-support run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. 2015-01-06 7.5 CVE-2014-7209
XF
BID
MLIST
SECUNIA
deliciousdays — cformsii Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory. 2015-01-07 7.5 CVE-2014-9473
CONFIRM
BUGTRAQ
don_ho — notepad++ Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information. 2015-01-02 10.0 CVE-2014-9456
EXPLOIT-DB
hex-rays — ida Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors. 2015-01-02 10.0 CVE-2014-9458
SECUNIA
humhub — humhub SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error. 2015-01-06 7.5 CVE-2014-9528
CONFIRM
XF
EXPLOIT-DB
FULLDISC
MISC
infinitewp — infinitewp_admin_panel SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter. 2015-01-05 7.5 CVE-2014-9519
MISC
FULLDISC
infinitewp — infinitewp_admin_panel SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter. 2015-01-05 7.5 CVE-2014-9520
MISC
FULLDISC
infinitewp — infinitewp_admin_panel Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename. 2015-01-05 7.5 CVE-2014-9521
MISC
FULLDISC
installatron — gq_file_manager SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. 2015-01-02 7.5 CVE-2014-9445
XF
EXPLOIT-DB
linux — linux_kernel The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets. 2015-01-02 7.8 CVE-2014-9428
MLIST
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
mediawiki — mediawiki The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. 2015-01-04 7.5 CVE-2014-9277
CONFIRM
MLIST
MLIST
DEBIAN
SECTRACK
microweber — microweber SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. 2015-01-03 7.5 CVE-2014-9464
MISC
CONFIRM
mini-stream — rm-mp3_converter Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file. 2015-01-02 7.5 CVE-2014-9448
EXPLOIT-DB
EXPLOIT-DB
OSVDB
osclass — osclass SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. 2015-01-05 7.5 CVE-2014-8083
BID
BUGTRAQ
FULLDISC
MISC
MISC
osclass — osclass Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action. 2015-01-05 7.5 CVE-2014-8084
BID
BUGTRAQ
FULLDISC
MISC
MISC
php — php sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping’s length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. 2015-01-02 7.5 CVE-2014-9427
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
phpmyrecipes_project — phpmyrecipes SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. 2015-01-02 7.5 CVE-2014-9440
XF
EXPLOIT-DB
MISC
projectsend — projectsend Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory. 2015-01-07 7.5 CVE-2014-9567
XF
EXPLOIT-DB
EXPLOIT-DB
MISC
OSVDB
sefrengo — sefrengo Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. 2015-01-08 7.5 CVE-2015-0919
MISC
FULLDISC
MISC
sonatype — nexus Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. 2015-01-05 7.5 CVE-2014-9389
SECUNIA
typo3 — typo3 The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a “Cache Poisoning” attack using a URL with arbitrary arguments, which triggers a reload of the page. 2015-01-04 7.5 CVE-2014-9509
vdgsecurity — vdg_sense Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENSE (formerly DIVA) 2.3.13 allow remote attackers to execute arbitrary code via the (1) user or (2) password parameter in an AuthenticateUser request. 2015-01-02 7.5 CVE-2014-9451
MISC
XF
BID
FULLDISC
MISC
xen — xen Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. 2015-01-07 7.8 CVE-2015-0361
zabbix — zabbix Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter. 2015-01-02 7.5 CVE-2014-9450
SECUNIA

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
absolutengine — absolut_engine Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php. 2015-01-02 6.5 CVE-2014-9435
BID
MISC
FULLDISC
apache — solr Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. 2015-01-06 4.3 CVE-2014-3628
SECUNIA
MLIST
apache — poi HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file. 2015-01-06 5.0 CVE-2014-9527
CONFIRM
SECUNIA
CONFIRM
banner_effect_header_project — banner_effect_header Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php. 2015-01-08 6.8 CVE-2015-0920
XF
XF
MISC
basic-cms — sweetrice Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie. 2015-01-03 4.3 CVE-2010-5316
MISC
basic-cms — sweetrice The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator’s password by specifying the administrator’s e-mail address in the email parameter. 2015-01-03 4.3 CVE-2010-5318
MISC
chialab_&_channelweb — bedita Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index. 2015-01-03 4.3 CVE-2010-5314
MISC
chialab_&_channelweb — bedita Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser. 2015-01-03 6.8 CVE-2010-5315
MISC
cisco — secure_access_control_system The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. 2015-01-08 6.5 CVE-2014-8027
cisco — secure_access_control_system Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019. 2015-01-08 4.3 CVE-2014-8028
cisco — secure_access_control_system Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150. 2015-01-08 5.8 CVE-2014-8029
cisco — webex_meetings_server Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. 2015-01-08 4.3 CVE-2014-8030
cisco — webex_meetings_server Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. 2015-01-08 6.8 CVE-2014-8031
cisco — webex_meetings_server The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. 2015-01-08 4.0 CVE-2014-8032
cisco — webex_meetings_server The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. 2015-01-08 5.0 CVE-2014-8033
codiad — codiad Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. 2015-01-08 5.0 CVE-2014-9581
EXPLOIT-DB
codiad — codiad Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. 2015-01-08 4.3 CVE-2014-9582
EXPLOIT-DB
concrete5 — concrete5 Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php. 2015-01-05 4.3 CVE-2014-9526
XF
BUGTRAQ
FULLDISC
MISC
MISC
d-link — dcs-2103_hd_cube_network_camera Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm. 2015-01-05 4.3 CVE-2014-9517
MISC
MISC
d-link — dir-655 Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter. 2015-01-05 4.3 CVE-2014-9518
BID
CONFIRM
SECUNIA
e107 — e107 Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action. 2015-01-02 6.8 CVE-2014-9459
CONFIRM
MISC
FULLDISC
efssoft — easy_file_sharing_web_server Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp. 2015-01-02 4.3 CVE-2014-9439
XF
EXPLOIT-DB
elfutils_project — elfutils Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. 2015-01-02 6.4 CVE-2014-9447
MLIST
BID
MLIST
SECUNIA
emc — documentum_wdk Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-01-06 4.3 CVE-2014-4635
BUGTRAQ
emc — documentum_wdk Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. 2015-01-06 6.8 CVE-2014-4636
BUGTRAQ
emc — documentum_wdk Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. 2015-01-06 6.4 CVE-2014-4637
BUGTRAQ
emc — documentum_wdk EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. 2015-01-06 5.0 CVE-2014-4638
BUGTRAQ
emc — documentum_wdk EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value. 2015-01-06 5.0 CVE-2014-4639
BUGTRAQ
exiv2 — exiv2 Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file. 2015-01-02 5.0 CVE-2014-9449
SECUNIA
CONFIRM
facebook_like_box_project — facebook_like_box Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php. 2015-01-05 6.8 CVE-2014-9524
SECUNIA
MISC
frontend_uploader_project — frontend_uploader Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI. 2015-01-02 4.3 CVE-2014-9444
BID
FULLDISC
MISC
ipcop — ipcop Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer. 2015-01-02 4.3 CVE-2013-7417
XF
MISC
MISC
MISC
ipcop — ipcop cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability. 2015-01-02 6.5 CVE-2013-7418
MISC
MISC
MISC
justin_klein — wp-vipergb Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php. 2015-01-02 6.8 CVE-2014-9460
CONFIRM
XF
XF
MISC
kajona — kajona Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. 2015-01-08 4.3 CVE-2015-0917
CONFIRM
CONFIRM
MISC
FULLDISC
MISC
kan-studio — kandidat_cms Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to admin/edit.php, or (3) modify articles via the edit parameter to admin/news.php. 2015-01-03 6.8 CVE-2010-5319
MISC
koha — koha Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl. 2015-01-02 4.3 CVE-2014-9446
BID
SECUNIA
CONFIRM
lightbox_photo_gallery_project — lightbox_photo_gallery Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php. 2015-01-02 6.8 CVE-2014-9441
XF
MISC
mediawiki — mediawiki Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview. 2015-01-04 5.1 CVE-2014-9276
CONFIRM
MLIST
MLIST
SECTRACK
memht — memht_portal Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php. 2015-01-03 6.8 CVE-2010-5320
MISC
nyu — opensso_integration Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to inject arbitrary web script or HTML via the url parameter. 2015-01-02 4.3 CVE-2014-7293
MISC
FULLDISC
nyu — opensso_integration Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. 2015-01-02 5.8 CVE-2014-7294
MISC
FULLDISC
MISC
oetiker+partner_ag — rrdtool Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. 2015-01-04 5.0 CVE-2013-2131
MISC
MISC
MISC
MLIST
MLIST
MLIST
open-xchange — open-xchange_appsuite Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file. 2015-01-05 4.3 CVE-2014-1679
MISC
XF
BUGTRAQ
SECUNIA
open-xchange — open-xchange_appsuite Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type. 2015-01-07 4.3 CVE-2014-8993
SECTRACK
BUGTRAQ
SECUNIA
MISC
openssl — openssl The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. 2015-01-08 5.0 CVE-2014-3570
CONFIRM
openssl — openssl OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. 2015-01-08 5.0 CVE-2014-3571
CONFIRM
CONFIRM
openssl — openssl The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. 2015-01-08 5.0 CVE-2014-3572
CONFIRM
openssl — openssl OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate’s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. 2015-01-08 5.0 CVE-2014-8275
CONFIRM
CONFIRM
openssl — openssl The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role. 2015-01-08 5.0 CVE-2015-0204
CONFIRM
openssl — openssl The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. 2015-01-08 5.0 CVE-2015-0205
CONFIRM
openssl — openssl Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. 2015-01-08 5.0 CVE-2015-0206
CONFIRM
openstack — image_registry_and_delivery_service_(glance) The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. 2015-01-07 5.5 CVE-2014-9493
CONFIRM
MLIST
osclass — osclass Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. 2015-01-05 6.8 CVE-2014-8085
BID
BUGTRAQ
FULLDISC
MISC
MISC
CONFIRM
paloaltonetworks — pan-os Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563. 2015-01-06 4.3 CVE-2014-3764
CONFIRM
SECUNIA
papoo — cms_papoo_light Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php. 2015-01-05 4.3 CVE-2014-9522
BID
BUGTRAQ
EXPLOIT-DB
MISC
MISC
OSVDB
pmb_services — pmb SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. 2015-01-02 6.5 CVE-2014-9457
EXPLOIT-DB
projectsend — projectsend Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information. 2015-01-08 4.3 CVE-2014-9580
XF
EXPLOIT-DB
MISC
quick_page/post_redirect_project — quick_page/post_redirect Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php. 2015-01-05 6.8 CVE-2014-2598
MISC
XF
EXPLOIT-DB
SECUNIA
FULLDISC
MISC
OSVDB
OSVDB
reality66 — cart66_lite SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php. 2015-01-02 6.5 CVE-2014-9442
MISC
CONFIRM
SECUNIA
redcloth — redcloth_library Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. 2015-01-07 4.3 CVE-2012-6684
MISC
FULLDISC
MISC
MISC
redhat — libvirt The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. 2015-01-06 4.0 CVE-2014-8131
SUSE
relevanssi — relevanssi Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-01-02 4.3 CVE-2014-9443
SECUNIA
sap — netweaver_business_client_for_html Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285. 2015-01-07 4.3 CVE-2014-9569
MISC
SECUNIA
sefrengo — sefrengo Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php. 2015-01-08 4.3 CVE-2015-0918
MISC
FULLDISC
MISC
simple_sticky_footer_project — simple_sticky_footer Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php. 2015-01-02 6.8 CVE-2014-9454
XF
XF
MISC
simple_visitor_stat_project — simple_visitor_stat Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP User-Agent or (2) HTTP Referer header. 2015-01-02 4.3 CVE-2014-9453
XF
MISC
sliding_social_icons_project — sliding_social_icons Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php. 2015-01-02 6.8 CVE-2014-9437
XF
MISC
smartcat — our_team_showcase Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php. 2015-01-05 6.8 CVE-2014-9523
MISC
social_microblogging_pro_project — social_microblogging_pro Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the “Web Site” input in the Profile section. 2015-01-05 4.3 CVE-2014-9516
EXPLOIT-DB
OSVDB
strongswan — strongswan strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. 2015-01-07 5.0 CVE-2014-9221
CONFIRM
SECUNIA
SECUNIA
sysaid — sysaid Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\ (four backslashes) in the fileName parameter to getRdsLogFile. 2015-01-02 5.0 CVE-2014-9436
XF
EXPLOIT-DB
FULLDISC
MISC
timed_popup_project — timed_popup Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php. 2015-01-05 6.8 CVE-2014-9525
XF
XF
MISC
typo3 — typo3 The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors. 2015-01-04 4.3 CVE-2014-9508
vbulletin — vbulletin Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors. 2015-01-02 6.8 CVE-2014-9438
MISC
XF
MISC
vdgsecurity — vdg_sense Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/. 2015-01-02 5.0 CVE-2014-9452
MISC
XF
BID
FULLDISC
MISC
vdgsecurity — vdg_sense VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header. 2015-01-08 6.4 CVE-2014-9575
MISC
FULLDISC
MISC
vdgsecurity — vdg_sense VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access. 2015-01-08 5.0 CVE-2014-9576
MISC
FULLDISC
MISC
vdgsecurity — vdg_sense VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response. 2015-01-08 4.0 CVE-2014-9577
MISC
FULLDISC
MISC
vdgsecurity — vdg_sense VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of password hash. 2015-01-08 5.0 CVE-2014-9578
MISC
FULLDISC
MISC
vdgsecurity — vdg_sense VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files. 2015-01-08 5.0 CVE-2014-9579
MISC
FULLDISC
MISC
zohocorp — manageengine_adselfservice_plus Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do. 2015-01-07 4.3 CVE-2014-3779
XF
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
absolutengine — absolut_engine Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter. 2015-01-02 3.5 CVE-2014-9434
BID
MISC
FULLDISC
linuxcontainers — cgmanager cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors. 2015-01-07 2.1 CVE-2014-1425
mantisbt — mantisbt MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues. 2015-01-04 3.5 CVE-2014-9506
CONFIRM
DEBIAN
MLIST
mediawiki — mediawiki MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS. 2015-01-04 2.6 CVE-2014-9507
reality66 — cart66_lite Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php. 2015-01-02 3.5 CVE-2014-9461
CONFIRM
MISC
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply