SB14-195: Vulnerability Summary for the Week of July 7, 2014

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Title: SB14-195: Vulnerability Summary for the Week of July 7, 2014

NCCIC / US-CERT

National Cyber Awareness System:

07/14/2014 12:09 PM EDT

Original release date: July 14, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aas9 -- zerocms SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action. 2014-07-09 7.5 CVE-2014-4194
MISC
adobe -- adobe_air Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539. 2014-07-09 7.5 CVE-2014-0537
adobe -- adobe_air Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537. 2014-07-09 7.5 CVE-2014-0539
artifectx -- xclassified SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. 2014-07-09 7.5 CVE-2014-4741
BID
MISC
autodesk -- vred Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server. 2014-07-07 10.0 CVE-2014-2967
CERT-VN
avg -- safeguard ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site. 2014-07-08 9.3 CVE-2014-2956
CERT-VN
cisco -- unified_cdm_application_software The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862. 2014-07-07 9.0 CVE-2014-2197
cisco -- unified_cdm_platform_software Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130. 2014-07-07 10.0 CVE-2014-2198
cisco -- unified_cdm_application_software The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041. 2014-07-07 7.5 CVE-2014-3300
dahuasecurity -- dvr_firmware Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. 2014-07-11 7.5 CVE-2013-6117
OSVDB
EXPLOIT-DB
BUGTRAQ
MISC
MISC
docker -- docker Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. 2014-07-11 7.2 CVE-2014-3499
CONFIRM
REDHAT
emc -- documentum_content_server EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. 2014-07-08 8.2 CVE-2014-2513
BUGTRAQ
emc -- documentum_content_server EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. 2014-07-08 8.2 CVE-2014-2514
BUGTRAQ
foecms -- foecms SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter. 2014-07-10 7.5 CVE-2014-4850
MISC
hp -- sitescope Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140. 2014-07-07 7.5 CVE-2014-2614
hp -- universal_configuration_management_database Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083. 2014-07-07 7.5 CVE-2014-2615
hp -- universal_configuration_management_database Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091. 2014-07-07 7.5 CVE-2014-2616
hp -- universal_configuration_management_database Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104. 2014-07-07 10.0 CVE-2014-2617
microsoft -- windows_7 Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." 2014-07-08 7.2 CVE-2014-1767
microsoft -- windows_7 Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted Journal (aka .JNT) file, aka "Windows Journal Remote Code Execution Vulnerability." 2014-07-08 9.3 CVE-2014-1824
microsoft -- windows_7 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the exchange of keyboard and mouse data between programs at different integrity levels, which allows attackers to bypass intended access restrictions by leveraging control over a low-integrity process to launch the On-Screen Keyboard (OSK) and then upload a crafted application, aka "On-Screen Keyboard Elevation of Privilege Vulnerability." 2014-07-08 7.6 CVE-2014-2781
microsoft -- internet_explorer Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." 2014-07-08 9.3 CVE-2014-2785
microsoft -- internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2792 and CVE-2014-2813. 2014-07-08 9.3 CVE-2014-2786
microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806. 2014-07-08 9.3 CVE-2014-2787
microsoft -- internet_explorer Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2794. 2014-07-08 9.3 CVE-2014-2788
microsoft -- internet_explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2795, CVE-2014-2798, and CVE-2014-2804. 2014-07-08 9.3 CVE-2014-2789
microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2802, and CVE-2014-2806. 2014-07-08 9.3 CVE-2014-2790
microsoft -- internet_explorer Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." 2014-07-08 9.3 CVE-2014-2791
microsoft -- internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2786 and CVE-2014-2813. 2014-07-08 9.3 CVE-2014-2792
microsoft -- internet_explorer Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2788. 2014-07-08 9.3 CVE-2014-2794
microsoft -- internet_explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2798, and CVE-2014-2804. 2014-07-08 9.3 CVE-2014-2795
microsoft -- internet_explorer Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." 2014-07-08 9.3 CVE-2014-2797
microsoft -- internet_explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2804. 2014-07-08 9.3 CVE-2014-2798
microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2807 and CVE-2014-2809. 2014-07-08 9.3 CVE-2014-2800
microsoft -- internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." 2014-07-08 9.3 CVE-2014-2801
microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2806. 2014-07-08 9.3 CVE-2014-2802
microsoft -- internet_explorer Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." 2014-07-08 9.3 CVE-2014-2803
microsoft -- internet_explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2798. 2014-07-08 9.3 CVE-2014-2804
microsoft -- internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2802. 2014-07-08 9.3 CVE-2014-2806
microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2809. 2014-07-08 9.3 CVE-2014-2807
microsoft -- internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2807. 2014-07-08 9.3 CVE-2014-2809
microsoft -- internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2786 and CVE-2014-2792. 2014-07-08 9.3 CVE-2014-2813
netgear -- gs108pe NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi. 2014-07-07 8.3 CVE-2014-2969
CERT-VN
netiq -- security_manager Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3460. 2014-07-07 7.5 CVE-2014-0602
php -- php The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage. 2014-07-09 7.5 CVE-2014-3515
CONFIRM
realnetworks -- realplayer Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file. 2014-07-07 9.3 CVE-2014-3113
MISC
rubyonrails -- ruby_on_rails SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. 2014-07-07 7.5 CVE-2014-3482
MLIST
MLIST
rubyonrails -- ruby_on_rails SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting. 2014-07-07 7.5 CVE-2014-3483
MLIST
MLIST
thedigitalcraft -- atomcms SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter. 2014-07-10 7.5 CVE-2014-4852
BID
MISC
xnview -- xnview Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file. 2014-07-09 9.3 CVE-2012-4988
XF
BID
MISC
SECUNIA
FULLDISC
OSVDB
yokogawa -- b/m9000_vp_software Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet. 2014-07-10 8.3 CVE-2014-3888
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- adobe_air Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. 2014-07-09 6.8 CVE-2014-4671
MISC
apache -- cxf The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. 2014-07-07 4.3 CVE-2014-0034
REDHAT
REDHAT
REDHAT
apache -- cxf The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. 2014-07-07 4.3 CVE-2014-0035
REDHAT
REDHAT
REDHAT
apache -- syncope Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack. 2014-07-11 5.0 CVE-2014-3503
BID
BUGTRAQ
MISC
blogstand_banner_plugin_project -- blogstand-smart-banner Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id parameter to wp-admin/options-general.php. 2014-07-10 4.3 CVE-2014-4848
MISC
buffercode -- random_banner Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php. 2014-07-10 4.3 CVE-2014-4847
MISC
christos_zoulas -- file The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. 2014-07-09 4.3 CVE-2014-0207
CONFIRM
CONFIRM
MLIST
christos_zoulas -- file Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. 2014-07-09 5.0 CVE-2014-3478
CONFIRM
MLIST
christos_zoulas -- file The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. 2014-07-09 4.3 CVE-2014-3479
CONFIRM
MLIST
christos_zoulas -- file The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. 2014-07-09 4.3 CVE-2014-3480
CONFIRM
MLIST
christos_zoulas -- file The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. 2014-07-09 4.3 CVE-2014-3487
CONFIRM
MLIST
cisco -- asr_9000_rsp440_router Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985. 2014-07-07 6.4 CVE-2014-3308
cisco -- ios The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. 2014-07-09 5.0 CVE-2014-3309
cisco -- webex_meeting_center The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. 2014-07-10 4.3 CVE-2014-3310
cisco -- webex_meeting_center Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467. 2014-07-10 5.1 CVE-2014-3311
cisco -- spa901_1-line_ip_phone The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435. 2014-07-09 6.9 CVE-2014-3312
cisco -- spa901_1-line_ip_phone Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582. 2014-07-09 4.3 CVE-2014-3313
cisco -- unified_communications_manager Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308. 2014-07-10 4.3 CVE-2014-3315
cisco -- unified_communications_manager The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. 2014-07-10 4.0 CVE-2014-3316
cisco -- unified_communications_manager Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. 2014-07-10 4.0 CVE-2014-3318
citrix -- xendesktop Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors. 2014-07-11 4.9 CVE-2014-4700
custom_banners_plugin_project -- custom_banners Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name parameter to wp-admin/options.php. 2014-07-07 4.3 CVE-2014-4724
MISC
d-link -- dir-645 Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php. 2014-07-07 4.3 CVE-2013-7389
MISC
OSVDB
OSVDB
OSVDB
dolibarr -- dolibarr Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php. 2014-07-11 4.3 CVE-2014-3991
MISC
dolibarr -- dolibarr Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. 2014-07-11 6.5 CVE-2014-3992
MISC
easy_banners_plugin_project -- easy_banners Cross-site scripting (XSS) vulnerability in the Easy Banners plugin 1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter to wp-admin/options-general.php. 2014-07-07 4.3 CVE-2014-4723
MISC
email::address_module_project -- email::address Email::Address module before 1.904 for Perl uses an inefficient regular _expression_, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477. 2014-07-06 5.0 CVE-2014-4720
CONFIRM
MLIST
emc -- centerstage The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2014-07-08 6.8 CVE-2014-2510
BUGTRAQ
foecms -- foecms Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter. 2014-07-10 4.3 CVE-2014-4849
MISC
foecms -- foecms Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter. 2014-07-10 5.8 CVE-2014-4851
MISC
foxitsoftware -- foxit_pdf_sdk_dll Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors. 2014-07-07 6.8 CVE-2014-4646
MISC
SECUNIA
ibm -- flex_system_manager IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors. 2014-07-07 5.0 CVE-2013-5423
XF
AIXAPAR
ibm -- advanced_management_module The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface. 2014-07-07 5.0 CVE-2014-0860
XF
ibm -- algo_credit_limits Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document. 2014-07-07 6.8 CVE-2014-0864
MISC
XF
ibm -- algo_credit_limits RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via crafted serialized objects, as demonstrated by limit manipulations. 2014-07-07 4.9 CVE-2014-0865
MISC
XF
CONFIRM
ibm -- algo_credit_limits RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network. 2014-07-07 4.3 CVE-2014-0866
MISC
XF
ibm -- algo_credit_limits rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string. 2014-07-07 5.8 CVE-2014-0867
MISC
XF
ibm -- algo_credit_limits RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data. 2014-07-07 4.9 CVE-2014-0868
MISC
XF
ibm -- algo_credit_limits The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function. 2014-07-07 4.3 CVE-2014-0869
MISC
XF
ibm -- algo_credit_limits Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrary web script or HTML via (1) the Message parameter to rcore6/main/showerror.jsp, (2) the ButtonsetClass parameter to rcore6/main/buttonset.jsp, (3) the MBName parameter to rcore6/frameset.jsp, (4) the Init parameter to algopds/rcore6/main/browse.jsp, or the (5) Name, (6) StoreName, or (7) STYLESHEET parameter to algopds/rcore6/main/ibrowseheader.jsp. 2014-07-07 4.3 CVE-2014-0870
MISC
XF
ibm -- algo_credit_limits RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character. 2014-07-07 4.3 CVE-2014-0871
MISC
XF
kajona -- kajona Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php. 2014-07-09 4.3 CVE-2014-4742
MISC
CONFIRM
SECUNIA
kajona -- kajona Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter. 2014-07-09 4.3 CVE-2014-4743
CONFIRM
SECUNIA
liferay -- liferay_portal Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter. 2014-07-10 4.3 CVE-2014-2963
CONFIRM
linux -- linux_kernel The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. 2014-07-09 6.9 CVE-2014-4699
CONFIRM
CONFIRM
MLIST
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
matchalabs -- metaslider Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php. 2014-07-10 4.3 CVE-2014-4846
MISC
microsoft -- windows_7 DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow Elevation of Privilege Vulnerability." 2014-07-08 6.9 CVE-2014-2780
microsoft -- internet_explorer Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability." 2014-07-08 6.4 CVE-2014-2783
microsoft -- service_bus Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP messages, aka "Service Bus Denial of Service Vulnerability." 2014-07-08 4.0 CVE-2014-2814
ocsinventory-ng -- ocsinventory_ng Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-07-07 4.3 CVE-2014-4722
BID
MISC
op5 -- monitor Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message. 2014-07-11 4.3 CVE-2014-4907
CONFIRM
BID
SECUNIA
MLIST
opendocman -- opendocman Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file. 2014-07-10 4.3 CVE-2014-4853
MISC
MISC
osticket -- osticket Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php. 2014-07-09 4.3 CVE-2014-4744
MISC
SECUNIA
php -- php Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. 2014-07-10 4.6 CVE-2014-4670
CONFIRM
php -- php Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. 2014-07-10 4.6 CVE-2014-4698
CONFIRM
pnp4nagios -- pnp4nagios Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which is not properly handled in an error message. 2014-07-09 4.3 CVE-2014-4740
BID
SECUNIA
pnp4nagios -- pnp4nagios Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php, leading to improper handling within an http-equiv="refresh" META element. 2014-07-11 4.3 CVE-2014-4908
BID
SECUNIA
MLIST
polldaddy_polls_&_ratings_plugin_project -- polldaddy_polls_&_ratings Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party information. 2014-07-10 4.3 CVE-2014-4856
SECUNIA
polylang_plugin_project -- polylang Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information. 2014-07-10 4.3 CVE-2014-4855
SECUNIA
redhat -- enterprise_mrg Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. 2014-07-11 4.3 CVE-2014-0174
redhat -- cloudforms_3.0_management_engine Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2014-07-07 4.3 CVE-2014-0176
redhat -- cloudforms_3.0_management_engine The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors. 2014-07-07 5.0 CVE-2014-0180
redhat -- cloudforms_3.0_management_engine Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file. 2014-07-07 4.9 CVE-2014-0184
redhat -- jboss_enterprise_application_platform org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging. 2014-07-07 6.8 CVE-2014-0248
SECTRACK
SECUNIA
SECUNIA
redhat -- jboss_enterprise_application_platform org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue. 2014-07-07 5.0 CVE-2014-3481
CONFIRM
REDHAT
REDHAT
REDHAT
redhat -- enterprise_virtualization The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue. 2014-07-11 4.0 CVE-2014-3485
SECTRACK
redhat -- cloudforms_3.0_management_engine The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name. 2014-07-07 6.9 CVE-2014-3486
CONFIRM
redhat -- cloudforms_3.0_management_engine lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack. 2014-07-07 4.3 CVE-2014-3489
rimarts -- becky!_internet_mail Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows remote POP3 servers to execute arbitrary code via a crafted response. 2014-07-09 6.8 CVE-2014-3891
JVNDB
JVN
smartcatdesign -- wp_contruction_mode Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php. 2014-07-10 4.3 CVE-2014-4854
MISC
stillbreathing -- bannerman Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/options-general.php. 2014-07-10 4.3 CVE-2014-4845
MISC
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ibm -- infosphere_biginsights IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. 2014-07-07 3.5 CVE-2013-3993
XF
ibm -- storwize_unified_v7000_software Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions. 2014-07-07 3.5 CVE-2014-0875
ibm -- algo_credit_limits RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document. 2014-07-07 3.5 CVE-2014-0894
MISC
XF
openstack -- neutron The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. 2014-07-11 3.5 CVE-2014-4167
CONFIRM
UBUNTU
SECUNIA
MLIST
php -- php The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. 2014-07-06 2.6 CVE-2014-4721
MISC
CONFIRM
CONFIRM
MISC
xen -- xen The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall. 2014-07-09 2.7 CVE-2014-4022
SECTRACK
BID
SECUNIA
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110 Powered by GovDelivery

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux