Vulnerability Summary for the Week of December 29, 2014 Summary for th… · cray_linux_environment...
22
Vulnerability Summary for the Week of December 29, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID. • The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Product Description Date Published CVSS Score The CVE Identity ajaxplorer -- ajaxplorer Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation. 2014-12-27 7.5 CVE-2013-6227 MISC (link is external) cray -- cray_linux_environment apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912. 2014-12-26 7.2 CVE-2014-0748 MISC (link is external) easewe_software -- easewe_ftp_ocx_activex_ control The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the 2014-12-31 7.5 CVE-2011-5292 MISC (link is external)
Transcript of Vulnerability Summary for the Week of December 29, 2014 Summary for th… · cray_linux_environment...
Vulnerability Summary for the Week of December 29, 2014Please Note:
• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.
• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can
search the status of that particular vulnerability using that ID.
• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the
severity of the vulnerability.
High Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published
CVSS Score
The CVE Identity
ajaxplorer -- ajaxplorer Unrestricted file upload vulnerability in
plugins/editor.zoho/agent/save_zoho.php in the
Zoho plugin in Pydio (formerly AjaXplorer)
before 5.0.4 allows remote attackers to execute
arbitrary code by uploading an executable file,
and then accessing this file at a location
specified by the format parameter of a move
operation.
2014-12-27 7.5 CVE-2013-6227MISC (link is external)
cray --
cray_linux_environment
apinit on Cray devices with CLE before 4.2.UP02
and 5.x before 5.1.UP00 does not use alpsauth
data to validate the UID in a launch message,
which allows local users to gain privileges via a
modified aprun program, aka ID FN5912.
2014-12-26 7.2 CVE-2014-0748MISC (link is external)
easewe_software --
easewe_ftp_ocx_activex_
control
The EaseWeFtp.FtpLibrary ActiveX control in
EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does
not restrict access to certain methods, which
allows remote attackers to execute arbitrary files
via a pathname in the first argument to the (1)
Execute or (2) Run method, (3) write to arbitrary
files via a pathname in the argument to the
2014-12-31 7.5 CVE-2011-5292MISC (link is external)
CreateLocalFile method, (4) create arbitrary
directories via a pathname in the argument to
the CreateLocalFolder method, or (5) delete
arbitrary files via a pathname in the argument to
the DeleteLocalFile method.
exponentcms --
exponent_cms
Directory traversal vulnerability in
install/popup.php in Exponent CMS before 2.2.0
RC1 allows remote attackers to include and
execute arbitrary local files via a .. (dot dot) in
the page parameter.
2014-12-29 7.5 CVE-2013-3295MISC (link is external)
facebook --
hiphop_virtual_machine
CRLF injection vulnerability in the LightProcess
protocol implementation in hphp/util/light-
process.cpp in Facebook HipHop Virtual Machine
(HHVM) before 2.4.2 allows remote attackers to
execute arbitrary commands by entering a \n
(newline) character before the end of a string.
2014-12-28 7.5 CVE-2014-2208CONFIRM (linkis external)
facebook --
hiphop_virtual_machine
Integer overflow in the string_chunk_split
function in hphp/runtime/base/zend-string.cpp
in Facebook HipHop Virtual Machine (HHVM)
before 3.3.0 allows remote attackers to cause a
denial of service (application crash) or possibly
have unspecified other impact via crafted
arguments to the chunk_split function.
2014-12-28 7.5 CVE-2014-6228CONFIRM (linkis external)
gogago --
gogago_youtube_video_c
onverter
Buffer overflow in the Download method in a
certain ActiveX control in MDIEEx.dll in Gogago
YouTube Video Converter 1.1.6 allows remote
attackers to execute arbitrary code via a long
argument.
2015-01-01 9.3 CVE-2011-5295MISC (link is external)
ipswitch -- tftp_server Directory traversal vulnerability in the TFTP
Server 1.0.0.24 in Ipswitch WhatsUp Gold allows
remote attackers to read arbitrary files via a ..
(dot dot) in the Filename field of an RRQ
operation.
2014-12-27 7.8 CVE-2011-4722XF (link is external)OSVDBEXPLOIT-DB (link is external)SECTRACK (link is external)SECUNIA (link is external)MISC
minibb -- minibb bb_func_unsub.php in MiniBB 3.1 before
20141127 uses an incorrect regular expression,
2014-12-31 7.5 CVE-2014-9254MISC (link is
which allows remote attackers to conduct SQl
injection attacks via the code parameter in an
unsubscribe action to index.php.
external)SECUNIA (link is external)
nakahira -- cdnvote Multiple SQL injection vulnerabilities in cdnvote-
post.php in the cdnvote plugin before 0.4.2 for
WordPress allow remote attackers to execute
arbitrary SQL commands via the (1)
cdnvote_post_id or (2) cdnvote_point
parameter.
2015-01-01 7.5 CVE-2011-5308MISC (link is external)CONFIRMCONFIRM (linkis external)
openbsd -- libressl Double free vulnerability in the
ssl_parse_clienthello_use_srtp_ext function in
d1_srtp.c in LibreSSL before 2.1.2 allows remote
attackers to cause a denial of service or possibly
have unspecified other impact by triggering a
certain length-verification error during
processing of a DTLS handshake.
2014-12-28 7.5 CVE-2014-9424CONFIRM (linkis external)MISC (link is external)
php -- php Double free vulnerability in the
zend_ts_hash_graceful_destroy function in
zend_ts_hash.c in the Zend Engine in PHP
through 5.5.20 and 5.6.x through 5.6.4 allows
remote attackers to cause a denial of service or
possibly have unspecified other impact via
unknown vectors.
2014-12-30 7.5 CVE-2014-9425MLIST (link is external)CONFIRM (linkis external)CONFIRM (linkis external)CONFIRM (linkis external)
php -- php The apprentice_load function in
libmagic/apprentice.c in the Fileinfo component
in PHP through 5.6.4 attempts to perform a free
operation on a stack-based character array,
which allows remote attackers to cause a denial
of service (memory corruption or application
crash) or possibly have unspecified other impact
via unknown vectors.
2014-12-30 7.5 CVE-2014-9426CONFIRM (linkis external)CONFIRM (linkis external)
redaxscript -- redaxscript Multiple SQL injection vulnerabilities in
includes/password.php in Redaxscript 0.3.2
allow remote attackers to execute arbitrary SQL
commands via the (1) id or (2) password
parameter to the password_reset program.
2015-01-01 7.5 CVE-2011-5313MISC (link is external)
redmine --
redmine_git_hosting_plu
git_http_controller.rb in the
redmine_git_hosting plugin for Redmine allows
2014-12-27 7.5 CVE-2013-4663MISC (link is external)
gin remote attackers to execute arbitrary commands
via shell metacharacters in (1) the service
parameter to info/refs, related to the
get_info_refs function or (2) the reqfile
argument to the file_exists function.
schneider_electric --
proclima
Buffer overflow in an ActiveX control in
Atx45.ocx in Schneider Electric ProClima before
6.1.7 allows remote attackers to execute
arbitrary code via unspecified vectors, a different
vulnerability than CVE-2014-8512. NOTE: this
may be clarified later based on details provided
by researchers.
2014-12-27 10.0 CVE-2014-8511CONFIRM (linkis external)
schneider_electric --
proclima
Buffer overflow in an ActiveX control in
Atx45.ocx in Schneider Electric ProClima before
6.1.7 allows remote attackers to execute
arbitrary code via unspecified vectors, a different
vulnerability than CVE-2014-8511. NOTE: this
may be clarified later based on details provided
by researchers.
2014-12-27 7.5 CVE-2014-8512
schneider_electric --
proclima
Buffer overflow in an ActiveX control in
MDraw30.ocx in Schneider Electric ProClima
before 6.1.7 allows remote attackers to execute
arbitrary code via unspecified vectors, a different
vulnerability than CVE-2014-8514 and CVE-2014-
9188. NOTE: this may be clarified later based on
details provided by researchers.
2014-12-27 7.5 CVE-2014-8513
schneider_electric --
proclima
Buffer overflow in an ActiveX control in
MDraw30.ocx in Schneider Electric ProClima
before 6.1.7 allows remote attackers to execute
arbitrary code via unspecified vectors, a different
vulnerability than CVE-2014-8513 and CVE-2014-
9188. NOTE: this may be clarified later based on
details provided by researchers.
2014-12-27 7.5 CVE-2014-8514
schneider_electric --
proclima
Buffer overflow in an ActiveX control in
MDraw30.ocx in Schneider Electric ProClima
before 6.1.7 allows remote attackers to execute
arbitrary code via unspecified vectors, a different
vulnerability than CVE-2014-8513 and CVE-2014-
2014-12-27 9.0 CVE-2014-9188
8514. NOTE: this may be clarified later based on
details provided by researchers.
social_slider_project --
social_slider
SQL injection vulnerability in social-slider-
2/ajax.php in the Social Slider plugin before 7.4.2
for WordPress allows remote attackers to
execute arbitrary SQL commands via the rA array
parameter.
2014-12-31 7.5 CVE-2011-5286MISC (link is external)
softaculous -- webuzo index.php in Softaculous Webuzo before 2.1.4
allows remote attackers to execute arbitrary
commands via shell metacharacters in a
SOFTCookies sid cookie within a login action.
2014-12-27 7.5 CVE-2013-6041MISC
soundexchange --
soundexchange
Multiple heap-based buffer overflows in Sound
eXchange (SoX) 14.4.1 and earlier allow remote
attackers to have unspecified impact via a
crafted WAV file to the (1) start_read or (2)
AdpcmReadBlock function.
2014-12-31 7.5 CVE-2014-8145BID (link is external)MISC (link is external)
threediffy --
threedify_designer
The cmdSave method in the
ThreeDify.ThreeDifyDesigner.1 ActiveX control in
ActiveSolid.dll in ThreeDify Designer 5.0.2 allows
remote attackers to write to arbitrary files via a
pathname in the argument.
2014-12-31 9.3 CVE-2011-5293MISC (link is external)
threedify --
threedify_designer
Multiple buffer overflows in the
ThreeDify.ThreeDifyDesigner.1 ActiveX control in
ActiveSolid.dll in ThreeDify Designer 5.0.2 allow
remote attackers to execute arbitrary code via a
long argument to the (1) cmdExport, (2)
cmdImport, (3) cmdOpen, or (4) cmdSave
method.
2014-12-31 9.3 CVE-2011-5288MISC (link is external)
umbraco -- umbraco_cms The update function in
umbraco.webservices/templates/templateServic
e.cs in the TemplateService component in
Umbraco CMS before 6.0.4 does not require
authentication, which allows remote attackers to
execute arbitrary ASP.NET code via a crafted
SOAP request.
2014-12-27 7.5 CVE-2013-4793MISC (link is external)
videolan --
vlc_media_player
Multiple heap-based buffer overflows in
VideoLAN VLC media player before 1.0.6 allow
remote attackers to cause a denial of service
2014-12-26 7.5 CVE-2010-1441MLIST (link is external)
(application crash) or possibly execute arbitrary
code via a crafted byte stream to the (1) A/52, (2)
DTS, or (3) MPEG Audio decoder.
videolan --
vlc_media_player
VideoLAN VLC media player before 1.0.6 allows
remote attackers to cause a denial of service
(invalid memory access and application crash) or
possibly execute arbitrary code via a crafted byte
stream to the (1) AVI, (2) ASF, or (3) Matroska
(aka MKV) demuxer.
2014-12-26 7.5 CVE-2010-1442MLIST (link is external)
videolan --
vlc_media_player
The ZIP archive decompressor in VideoLAN VLC
media player before 1.0.6 allows remote
attackers to cause a denial of service (invalid
memory access and application crash) or
possibly execute arbitrary code via a crafted
archive.
2014-12-26 7.5 CVE-2010-1444MLIST (link is external)CONFIRM
videolan --
vlc_media_player
Heap-based buffer overflow in VideoLAN VLC
media player before 1.0.6 allows remote
attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a
crafted byte stream in an RTMP session.
2014-12-26 7.5 CVE-2010-1445MLIST (link is external)
videolan --
vlc_media_player
Integer underflow in the real_get_rdt_chunk
function in real.c, as used in
modules/access/rtsp/real.c in VideoLAN VLC
media player before 1.0.1 and
stream/realrtsp/real.c in MPlayer before r29447,
allows remote attackers to execute arbitrary
code via a crafted length value in an RDT chunk
header.
2014-12-26 7.5 CVE-2010-2062MISC (link is external)FULLDISCMLIST (link is external)CONFIRM
videolan --
vlc_media_player
Multiple stack-based buffer overflows in
VideoLAN VLC media player before 1.0.2 allow
remote attackers to execute arbitrary code via
(1) a crafted ASF file, related to the
ASF_ObjectDumpDebug function in
modules/demux/asf/libasf.c; (2) a crafted AVI file,
related to the AVI_ChunkDumpDebug_level
function in modules/demux/avi/libavi.c; or (3) a
crafted MP4 file, related to the
__MP4_BoxDumpStructure function in
2014-12-26 7.5 CVE-2011-3623CONFIRMMLIST (link is external)CONFIRMCONFIRMCONFIRM
modules/demux/mp4/libmp4.c.
videowhisper --
videowhisper_live_stream
ing_integration
Unrestricted file upload vulnerability in
ls/vw_snapshots.php in the VideoWhisper Live
Streaming Integration plugin before 4.29.5 for
WordPress allows remote attackers to execute
arbitrary PHP code by uploading a file with a
double extension, and then accessing the file via
a direct request to a wp-
content/plugins/videowhisper-live-streaming-
integration/ls/snapshots/ pathname, as
demonstrated by a .php.jpg filename.
2014-12-29 10.0 CVE-2014-1905MISC (link is external)
Medium Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published CVSSScore
The CVE Identity
amcharts -- flash Multiple cross-site scripting (XSS) vulnerabilities in
amCharts Flash 1 allow remote attackers to inject
arbitrary web script or HTML via the (1) data_file or
(2) settings_file parameter to ampie.swf; the
message element in the chart_data parameter to
(3) amcolumn.swf, (4) amline.swf, (5) amradar.swf,
or (6) amxy.sw; or (7) the settings_file parameter to
amstock.swf.
2014-12-27 4.3 CVE-2012-1303MISC (link is external)
ammap_project --
ammap
Multiple cross-site scripting (XSS) vulnerabilities in
amMap 2.6.3 allow remote attackers to inject
arbitrary web script or HTML via the (1) data_file or
(2) settings_file parameter to ammap.swf, or (3) the
data_file parameter to amtimeline.swf.
2014-12-27 4.3 CVE-2012-1302MISC (link is external)
apache --
http_server
mod_lua.c in the mod_lua module in the Apache
HTTP Server 2.3.x and 2.4.x through 2.4.10 does not
support an httpd configuration in which the same
Lua authorization provider is used with different
arguments within different contexts, which allows
remote attackers to bypass intended access
restrictions in opportunistic circumstances by
leveraging multiple Require directives, as
demonstrated by a configuration that specifies
authorization for one group to access a certain
directory, and authorization for a second group to
access a second directory.
2014-12-29 4.3 CVE-2014-8109CONFIRMCONFIRM (linkis external)CONFIRM (linkis external)MLIST (link is external)
ashampoo_gmbh_
&_co. --
ashampoo_3d_cad_
professional_3
The SaveData method in the
Cygnicon.ViewControl.1 ActiveX control in
CyViewer.ocx in Ashampoo 3D CAD Professional 3.x
before 3.0.2 allows remote attackers to write to
arbitrary files via a pathname in the first argument.
2014-12-31 6.4 CVE-2011-5291MISC (link is external)
bugfree -- bugfree Multiple cross-site scripting (XSS) vulnerabilities in
BugFree 2.1.3 allow remote attackers to inject
arbitrary web script or HTML via (1) the ActionType
parameter to Bug.php, the ReportMode parameter
to (2) Report.php or (3) ReportLeft.php, or the
PATH_INFO to (4) AdminProjectList.php, (5)
AdminGroupList.php, or (6) AdminUserLogList.php.
2014-12-31 4.3 CVE-2011-5285MISC (link is external)
cambio_project --
cambio
Cross-site request forgery (CSRF) vulnerability in
admin/index.php in Cambio 0.5a nightly r37 allows
remote attackers to hijack the authentication of
administrators for requests that modify credentials
via a user save action.
2015-01-01 6.8 CVE-2011-5316MISC (link is external)
cherry-design --
wikipad
Cross-site scripting (XSS) vulnerability in pages.php
in Wikipad 1.6.0 allows remote attackers to inject
arbitrary web script or HTML via the id parameter.
2015-01-01 4.3 CVE-2011-5309MISC (link is external)
cherry-design --
wikipad
Directory traversal vulnerability in pages.php in
Wikipad 1.6.0 allows remote attackers to read
arbitrary files via a .. (dot dot) in the id parameter.
2015-01-01 5.0 CVE-2011-5310MISC (link is external)
cherry-design --
wikipad
Cross-site request forgery (CSRF) vulnerability in
pages.php in Wikipad 1.6.0 allows remote attackers
to hijack the authentication of administrators for
requests that modify pages via the data[text]
parameter.
2015-01-01 6.8 CVE-2011-5311MISC (link is external)
clausmuus -- spitfire Cross-site scripting (XSS) vulnerability in Spitfire
CMS 1.0.436 allows remote attackers to inject
arbitrary web script or HTML via a cms_username
cookie.
2015-01-01 4.3 CVE-2011-5303MISC (link is external)
db_backup_project
-- db_backup
Directory traversal vulnerability in download.php in
the DB Backup plugin 4.5 and earlier for Wordpress
allows remote attackers to read arbitrary files via a ..
(dot dot) in the file parameter.
2014-12-31 5.0 CVE-2014-9119MISC (link is external)XF (link is external)MLIST
dflabs -- ptk Cross-site request forgery (CSRF) vulnerability in
lib/logout.php in DFLabs PTK 1.0.5 and earlier
allows remote attackers to hijack the authentication
of administrators or investigators for requests that
trigger a logout.
2014-12-27 6.8 CVE-2012-1415EXPLOIT-DB (link is external)
diafan -- diafan.cms Multiple cross-site request forgery (CSRF) 2015-01-01 6.8 CVE-2011-5318
vulnerabilities in diafan.CMS before 5.1 allow
remote attackers to hijack the authentication of
administrators for requests that (1) modify articles
via a save_post action to
admin/news/saveNEWS_ID/, (2) modify settings via
a save_post action to admin/site/save2/, or (3)
modify credentials via a save_post action to
admin/usersite/save2/.
MISC (link is external)
diego_uscanga --
atube_catcher
The SaveDecrypted method in the
ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in
ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows
remote attackers to write to arbitrary files via a
pathname in the argument.
2014-12-31 6.4 CVE-2011-5289MISC (link is external)
doorkeeper_project
-- doorkeeper
Cross-site request forgery (CSRF) vulnerability in
doorkeeper before 1.4.1 allows remote attackers to
hijack the authentication of unspecified victims for
requests that read a user OAuth authorization code
via unknown vectors.
2014-12-31 6.8 CVE-2014-8144CONFIRM (linkis external)XF (link is external)MLIST
emc -- rsa_bsafe EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x
before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do
not ensure that a server's X.509 certificate is the
same during renegotiation as it was before
renegotiation, which allows man-in-the-middle
attackers to obtain sensitive information or modify
TLS session data via a "triple handshake attack."
2014-12-30 4.3 CVE-2014-4630MISC (link is external)BUGTRAQ (link is external)
emc -- appsync Unquoted Windows search path vulnerability in
EMC Replication Manager through 5.5.2 and
AppSync before 2.1.0 allows local users to gain
privileges via a Trojan horse application with a
name composed of an initial substring of a path
that contains a space character.
2014-12-30 4.6 CVE-2014-4634BUGTRAQ (link is external)
eucalyptus --
eucalyptus
The cloud controller (aka CLC) component in
Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the
dns.recursive.enabled setting is used, allows
remote attackers to cause a denial of service (traffic
amplification) via spoofed DNS queries.
2014-12-26 4.3 CVE-2013-4769
facebook --
hiphop_virtual_mac
Facebook HipHop Virtual Machine (HHVM) before
3.1.0 does not drop supplemental group
2014-12-28 5.0 CVE-2014-2209CONFIRM (linkis external)
hine memberships within hphp/util/capability.cpp and
hphp/util/light-process.cpp, which allows remote
attackers to bypass intended access restrictions by
leveraging group permissions for a file or directory.
facebook --
hiphop_virtual_mac
hine
The mcrypt_create_iv function in
hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in
Facebook HipHop Virtual Machine (HHVM) before
3.3.0 does not seed the random number generator,
which makes it easier for remote attackers to defeat
cryptographic protection mechanisms by
leveraging the use of a single initialization vector.
2014-12-28 5.0 CVE-2014-5386CONFIRM (linkis external)
facebook --
hiphop_virtual_mac
hine
The HashContext class in
hphp/runtime/ext/ext_hash.cpp in Facebook
HipHop Virtual Machine (HHVM) before 3.3.0
incorrectly expects that a certain key string uses '\0'
for termination, which allows remote attackers to
obtain sensitive information by leveraging read
access beyond the end of the string, and makes it
easier for remote attackers to defeat cryptographic
protection mechanisms by leveraging truncation of
a string containing an internal '\0' character.
2014-12-28 5.0 CVE-2014-6229CONFIRM (linkis external)
gollos -- gollos Multiple cross-site scripting (XSS) vulnerabilities in
Gollos 2.8 allow remote attackers to inject arbitrary
web script or HTML via the returnurl parameter to
(1) register.aspx, (2) publication/info.aspx, or (3)
user/add.aspx, or (4) the q parameter to
product/list.aspx.
2015-01-01 4.3 CVE-2011-5312MISC (link is external)
gslideshow_project
-- gslideshow
Multiple cross-site request forgery (CSRF)
vulnerabilities in the gSlideShow plugin 0.1 and
earlier for WordPress allow remote attackers to
hijack the authentication of administrators for
requests that conduct cross-site scripting (XSS)
attacks via the (1) rss, (2) display_time or (3)
transistion_time parameter in the gslideshow.php
page to wp-admin/options-general.php.
2014-12-31 6.8 CVE-2014-9391MISC (link is external)
hesk -- hesk Multiple cross-site scripting (XSS) vulnerabilities in
HESK before 2.4.1 allow remote attackers to inject
arbitrary web script or HTML via the (1)
2014-12-31 4.3 CVE-2011-5287MISC (link is external)
hesk_settings[tmp_title] or (2)
hesklang[ENCODING] parameter to
inc/header.inc.php; the hesklang[attempt]
parameter to (3) inc/assignment_search.inc.php, (4)
inc/attachments.inc.php, (5) inc/common.inc.php,
(6) inc/database.inc.php, (7)
inc/prepare_ticket_search.inc.php, (8)
inc/print_tickets.inc.php, (9)
inc/show_admin_nav.inc.php, (10)
inc/show_search_form.inc.php, or (11)
inc/ticket_list.inc.php; or (12) the PATH_INFO to
language/en/text.php.
hillstone_software
-- hs_tftp_server
Hillstone HS TFTP Server 1.3.2 allows remote
attackers to cause a denial of service (daemon
crash) via a long filename in a (1) RRQ or (2) WRQ
operation.
2014-12-27 5.0 CVE-2011-4720MISC
ibm --
security_identity_m
anager
Cross-site request forgery (CSRF) vulnerability in
IBM Security Identity Manager 5.1 before 5.1.0.15
IF0056 allows remote authenticated users to hijack
the authentication of arbitrary users for requests
that insert XSS sequences.
2014-12-28 6.0 CVE-2014-6168XF (link is external)
idrive_inc --
idrive_online_back
up
The SaveToFile method in the
UniBasicPack.UniTextBox ActiveX control in
UniBasic100_EDA1811C.ocx in IDrive Online Backup
3.4.0 allows remote attackers to write to arbitrary
files via a pathname in the first argument.
2014-12-31 6.4 CVE-2011-5290MISC (link is external)
jce-tech --
video_niche_script
Multiple cross-site scripting (XSS) vulnerabilities in
view.php in JCE-Tech PHP Video Script (aka Video
Niche Script) 4.0 allow remote attackers to inject
arbitrary web script or HTML via the (1) video or (2)
title parameter.
2014-12-31 4.3 CVE-2014-8752BID (link is external)MISC (link is external)FULLDISC
kofax -- kofax_e-
transactions_sender
_sendbox
The SaveMessage method in the
LEADeMail.LEADSmtp.20 ActiveX control in
LTCML14n.dll 14.0.0.34 in Kofax e-Transactions
Sender Sendbox 2.5.0.933 allows remote attackers
to write to arbitrary files via a pathname in the first
argument.
2015-01-01 6.4 CVE-2011-5294MISC (link is external)
kubelabs -- phpdug Multiple cross-site scripting (XSS) vulnerabilities in 2015-01-01 4.3 CVE-2011-5301
PHPDug 2.0.0 allow remote attackers to inject
arbitrary web script or HTML via (1) the story_url
parameter to add_story.php, (2) the email
parameter to editprofile.php, (3) the title parameter
to adm/content_add.php, or (4) the username
parameter to adm/admin_edit.php.
MISC (link is external)
kubelabs -- phpdug Cross-site request forgery (CSRF) vulnerability in
adm/admin_edit.php in PHPDug 2.0.0 allows
remote attackers to hijack the authentication of
administrators for requests that modify credentials.
2015-01-01 6.8 CVE-2011-5302MISC (link is external)
libssh -- libssh Double free vulnerability in the ssh_packet_kexinit
function in kex.c in libssh 0.5.x and 0.6.x before
0.6.4 allows remote attackers to cause a denial of
service via a crafted kexinit packet.
2014-12-28 5.0 CVE-2014-8132CONFIRM (linkis external)
nginx -- nginx The STARTTLS implementation in
mail/ngx_mail_smtp_handler.c in the SMTP proxy
in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before
1.7.4 does not properly restrict I/O buffering, which
allows man-in-the-middle attackers to insert
commands into encrypted SMTP sessions by
sending a cleartext command that is processed
after TLS is in place, related to a "plaintext
command injection" attack, a similar issue to CVE-
2011-0411.
2014-12-29 4.3 CVE-2014-3556CONFIRM (linkis external)CONFIRM
open-xchange --
open-
xchange_appsuite
The Birthday widget in the backend in Open-
Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and
7.4.x before 7.4.0-rev14, in certain user-id sharing
scenarios, does not properly construct a SQL
statement for next-year birthdays, which allows
remote authenticated users to obtain sensitive
birthday, displayname, firstname, and surname
information via a birthdays action to api/contacts,
aka bug 29315.
2014-12-27 4.0 CVE-2013-6241CONFIRM (linkis external)BUGTRAQ (link is external)
photosmash_projec
t -- photosmash
Cross-site scripting (XSS) vulnerability in index.php
in the PhotoSmash plugin 1.0.1 for WordPress
allows remote attackers to inject arbitrary web
script or HTML via the action parameter.
2015-01-01 4.3 CVE-2011-5307MISC (link is external)
phpthumb_project The default configuration of phpThumb before 2014-12-27 4.3 CVE-2013-6919
-- phpthumb 1.7.12 has a false value for the disable_debug
option, which allows remote attackers to conduct
Server-Side Request Forgery (SSRF) attacks via the
src parameter.
CONFIRM (linkis external)MISC (link is external)
pictobrowser_proje
ct -- pictobrowser
Cross-site request forgery (CSRF) vulnerability in the
PictoBrowser (pictobrowser-gallery) plugin 0.3.1
and earlier for WordPress allows remote attackers
to hijack the authentication of administrators for
requests that conduct cross-site scripting (XSS)
attacks via the pictoBrowserFlickrUser parameter in
the options-page.php page to wp-admin/options-
general.php.
2014-12-31 6.8 CVE-2014-9392MISC (link is external)
plogger -- plogger Plogger 1.0 RC1 and earlier, when the Lucid theme
is used, does not assign new values for certain
codes, which makes it easier for remote attackers to
bypass the CAPTCHA protection mechanism via a
series of form submissions.
2014-12-29 5.0 CVE-2014-2224MISC (link is external)
pommo -- pommo-
ardvark
Multiple cross-site scripting (XSS) vulnerabilities in
poMMo Aardvark PR16.1 allow remote attackers to
inject arbitrary web script or HTML via (1) the
referer parameter to index.php, (2) the site_name
parameter to admin/setup/config/general.php, (3)
the group_name parameter to
admin/subscribers/subscribers_groups.php, or (4)
the field_name parameter to
admin/setup/setup_fields.php.
2015-01-01 4.3 CVE-2011-5299MISC (link is external)
pommo -- pommo-
ardvark
Cross-site request forgery (CSRF) vulnerability in
admin/setup/config/users.php in poMMo Aardvark
PR16.1 allows remote attackers to hijack the
authentication of administrators for requests that
modify credentials via certain admin_ parameters.
2015-01-01 6.8 CVE-2011-5300MISC (link is external)
post_to_twitter_pr
oject --
post_to_twitter
Multiple cross-site request forgery (CSRF)
vulnerabilities in the Post to Twitter plugin 0.7 and
earlier for WordPress allow remote attackers to
hijack the authentication of administrators for
requests that conduct cross-site scripting (XSS)
attacks via the (1) idptt_twitter_username or (2)
idptt_tweet_prefix parameter to wp-
2014-12-31 6.8 CVE-2014-9393MISC (link is external)
admin/options-general.php.
pwgrandom_projec
t -- pwgrandom
Multiple cross-site request forgery (CSRF)
vulnerabilities in the PWGRandom plugin 1.11 and
earlier for WordPress allow remote attackers to
hijack the authentication of administrators for
requests that conduct cross-site scripting (XSS)
attacks via the (1) pwgrandom_title or (2)
pwgrandom_category parameter in the
pwgrandom page to wp-admin/options-
general.php.
2014-12-31 6.8 CVE-2014-9394MISC (link is external)
redaxscript --
redaxscript
templates/default/index.php in Redaxscript 0.3.2
allows remote attackers to obtain sensitive
information via a direct request, which reveals the
full path in an error message.
2015-01-01 5.0 CVE-2011-5314MISC (link is external)
s9y -- serendipity Multiple cross-site scripting (XSS) vulnerabilities in
templates/2k11/admin/overview.inc.tpl in
Serendipity before 2.0-rc2 allow remote attackers to
inject arbitrary web script or HTML via a blog
comment in the QUERY_STRING to
serendipity/index.php.
2014-12-31 4.3 CVE-2014-9432CONFIRM (linkis external)BUGTRAQ (link is external)MISC (link is external)FULLDISC
sensiolabs --
symfony
The Security component in Symfony 2.0.x before
2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and
2.3.x before 2.3.6 allows remote attackers to cause a
denial of service (CPU consumption) via a long
password that triggers an expensive hash
computation, as demonstrated by a PBKDF2
computation, a similar issue to CVE-2013-5750.
2014-12-27 5.0 CVE-2013-5958
simpleflickr_project
-- simpleflickr
Multiple cross-site request forgery (CSRF)
vulnerabilities in the SimpleFlickr plugin 3.0.3 and
earlier for WordPress allow remote attackers to
hijack the authentication of administrators for
requests that conduct cross-site scripting (XSS)
attacks via the (1) simpleflickr_width, (2)
simpleflickr_bgcolor, or (3)
simpleflickr_xmldatapath parameter in the
simpleFlickr.php page to wp-admin/options-
general.php.
2014-12-31 6.8 CVE-2014-9396MISC (link is external)
simplelife_project -- Multiple cross-site request forgery (CSRF) 2014-12-31 6.8 CVE-2014-9395
simplelife vulnerabilities in the Simplelife plugin 1.2 and
earlier for WordPress allow remote attackers to
hijack the authentication of administrators for
requests that conduct cross-site scripting (XSS)
attacks via the (1) simplehoverback, (2)
simplehovertext, (3) flickrback, or (4) simple_flimit
parameter in the simplelife.php page to wp-
admin/options-general.php.
MISC (link is external)
smoothwall --
smoothwall
Cross-site scripting (XSS) vulnerability in the web
management interface in httpd/cgi-bin/ipinfo.cgi in
Smoothwall Express 3.1 and 3.0 SP3 and earlier
allows remote attackers to inject arbitrary web
script or HTML via the IP parameter in a Run action.
2014-12-31 4.3 CVE-2011-5283EXPLOIT-DB (link is external)MISC (link is external)OSVDB
smoothwall --
smoothwall
Cross-site request forgery (CSRF) vulnerability in the
web management interface in httpd/cgi-
bin/shutdown.cgi in Smoothwall Express 3.1 and
3.0 SP3 and earlier allows remote attackers to hijack
the authentication of administrators for requests
that perform a reboot via a request to cgi-
bin/shutdown.cgi.
2014-12-31 6.8 CVE-2011-5284EXPLOIT-DB (link is external)MISC (link is external)OSVDB
smoothwall --
smoothwall
Multiple cross-site scripting (XSS) vulnerabilities in
Smoothwall Express 3.1 and 3.0 SP3 allow remote
attackers to inject arbitrary web script or HTML via
the (1) PROFILENAME parameter in a Save action to
httpd/cgi-bin/pppsetup.cgi or (2) COMMENT
parameter in an Add action to httpd/cgi-
bin/ddns.cgi.
2014-12-31 4.3 CVE-2014-9429MISC (link is external)
smoothwall --
smoothwall
Cross-site scripting (XSS) vulnerability in httpd/cgi-
bin/vpn.cgi/vpnconfig.dat in Smoothwall Express
3.0 SP3 allows remote attackers to inject arbitrary
web script or HTML via the COMMENT parameter in
an Add action.
2014-12-31 4.3 CVE-2014-9430MISC (link is external)
smoothwall --
smoothwall
Multiple cross-site request forgery (CSRF)
vulnerabilities in Smoothwall Express 3.1 and 3.0
SP3 allow remote attackers to hijack the
authentication of administrators for requests that
change the (1) admin or (2) dial password via a
request to httpd/cgi-bin/changepw.cgi.
2014-12-31 6.8 CVE-2014-9431MISC (link is external)
sodahead --
sodahead_polls
Multiple cross-site scripting (XSS) vulnerabilities in
the Sodahead Polls plugin before 2.0.4 for
WordPress allow remote attackers to inject arbitrary
web script or HTML via (1) the poll_id parameter to
customizer.php or (2) the customize parameter to
poll.php.
2015-01-01 4.3 CVE-2011-5304MISC (link is external)MISC (link is external)
softaculous --
webuzo
The login function in Softaculous Webuzo before
2.1.4 provides different error messages for invalid
authentication attempts depending on whether the
user account exists, which allows remote attackers
to enumerate usernames via a series of requests.
2014-12-27 5.0 CVE-2013-6043MISCCONFIRM (linkis external)
syndeocms --
syndeocms
Cross-site request forgery (CSRF) vulnerability in
starnet/index.php in SyndeoCMS 3.0 and earlier
allows remote attackers to hijack the authentication
of administrators for requests that add user
accounts via a save_user action.
2014-12-27 6.8 CVE-2012-1203EXPLOIT-DB (link is external)
tribal -- tribiq_cms The (1) templatewrap/templatefoot.php, (2)
cmsjs/plugin.js.php, and (3)
cmsincludes/cms_plugin_api_link.inc.php scripts in
Tribal Tribiq CMS before 5.2.7c allow remote
attackers to obtain sensitive information via a direct
request, which reveals the full path in an error
message.
2014-12-29 4.3 CVE-2011-2727MISC (link is external)
ttfreeware --
tigertoms_chat_roo
m
Multiple cross-site scripting (XSS) vulnerabilities in
TTChat 1.0.4 allow remote attackers to inject
arbitrary web script or HTML via (1) the msg
parameter to default.php or (2) the username
parameter to chat_form.php.
2015-01-01 4.3 CVE-2011-5297MISC (link is external)
tuttophp --
happy_chat
Cross-site scripting (XSS) vulnerability in profilo.php
in Happy Chat 1.0 allows remote attackers to inject
arbitrary web script or HTML via the nick parameter.
2015-01-01 4.3 CVE-2011-5296MISC (link is external)
tweetscribe_project
-- tweetscribe
Cross-site request forgery (CSRF) vulnerability in the
TweetScribe plugin 1.1 and earlier for WordPress
allows remote attackers to hijack the authentication
of administrators for requests that conduct cross-
site scripting (XSS) attacks via the
tweetscribe_username parameter in a save action
in the tweetscribe.php page to wp-admin/options-
2014-12-31 6.8 CVE-2014-9399MISC (link is external)
general.php.
twiki -- twiki Multiple cross-site scripting (XSS) vulnerabilities in
TWiki 6.0.1 allow remote attackers to inject
arbitrary web script or HTML via the (1)
QUERYSTRING variable in lib/TWiki.pm or (2)
QUERYPARAMSTRING variable in
lib/TWiki/UI/View.pm, as demonstrated by the
QUERY_STRING to do/view/Main/TWikiPreferences.
2014-12-31 4.3 CVE-2014-9325SECTRACK (link is external)FULLDISCMISC (link is external)
twiki -- twiki Incomplete blacklist vulnerability in the urlEncode
function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1
allows remote attackers to conduct cross-site
scripting (XSS) attacks via a "'" (single quote) in the
scope parameter to do/view/TWiki/WebSearch.
2014-12-31 4.3 CVE-2014-9367SECTRACK (link is external)FULLDISCMISC (link is external)
twimp-wp_project
-- twimp-wp
Cross-site request forgery (CSRF) vulnerability in the
twimp-wp plugin for WordPress allows remote
attackers to hijack the authentication of
administrators for requests that conduct cross-site
scripting (XSS) attacks via the message_format
parameter in the twimp-wp.php page to wp-
admin/options-general.php.
2014-12-31 6.8 CVE-2014-9397MISC (link is external)
twitter_liveblog_pr
oject --
twitter_liveblog
Cross-site request forgery (CSRF) vulnerability in the
Twitter LiveBlog plugin 1.1.2 and earlier for
WordPress allows remote attackers to hijack the
authentication of administrators for requests that
conduct cross-site scripting (XSS) attacks via the
mashtlb_twitter_username parameter in the
twitter-liveblog.php page to wp-admin/options-
general.php.
2014-12-31 6.8 CVE-2014-9398MISC (link is external)
videolan --
vlc_media_player
The parse_track_node function in
modules/demux/playlist/xspf.c in the XSPF playlist
parser in VideoLAN VLC media player before 1.0.6
allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash)
via an empty location element in an XML Shareable
Playlist Format (XSPF) document.
2014-12-26 5.0 CVE-2010-1443MLIST (link is external)CONFIRM
videowhisper --
videowhisper_live_
streaming_integrati
The error-handling feature in (1) bp.php, (2)
videowhisper_streaming.php, and (3)
ls/rtmp.inc.php in the VideoWhisper Live Streaming
2014-12-29 5.0 CVE-2014-1908MISC (link is external)
on Integration plugin before 4.29.5 for WordPress
allows remote attackers to obtain sensitive
information via a direct request, which reveals the
full path in an error message.
viralheat --
argyle_social
Multiple cross-site request forgery (CSRF)
vulnerabilities in Argyle Social 2011-04-26 allow
remote attackers to hijack the authentication of
administrators for requests that (1) modify
credentials via the role parameter to users/create/,
(2) modify rules via the terms field in
stream_filter_rule JSON data to settings-
ajax/stream_filter_rules/create, or (3) modify efforts
via the title field in effort JSON data to publish-
ajax/efforts/create.
2015-01-01 6.8 CVE-2011-5298MISC (link is external)
whcms_project --
whcms
Cross-site request forgery (CSRF) vulnerability in
admin/index.php in whCMS 0.115 alpha allows
remote attackers to hijack the authentication of
administrators for requests that modify credentials
via a user save action.
2015-01-01 6.8 CVE-2011-5315MISC (link is external)
wondercms --
wondercms
Cross-site scripting (XSS) vulnerability in
editText.php in WonderCMS before 0.4 allows
remote attackers to inject arbitrary web script or
HTML via the content parameter.
2015-01-01 4.3 CVE-2011-5317MISC (link is external)
wp_limit_posts_aut
omatically_project
--
wp_limit_posts_aut
omatically
Cross-site request forgery (CSRF) vulnerability in the
WP Limit Posts Automatically plugin 0.7 and earlier
for WordPress allows remote attackers to hijack the
authentication of administrators for requests that
conduct cross-site scripting (XSS) attacks via the
lpa_post_letters parameter in the wp-limit-posts-
automatically.php page to wp-admin/options-
general.php.
2014-12-31 6.8 CVE-2014-9401MISC (link is external)
wp_unique_article_
header_image_proj
ect --
wp_unique_article_
header_image
Multiple cross-site request forgery (CSRF)
vulnerabilities in the Wp Unique Article Header
Image plugin 1.0 and earlier for WordPress allow
remote attackers to hijack the authentication of
administrators for requests that conduct cross-site
scripting (XSS) attacks via the (1) gt_default_header
or (2) gt_homepage_header parameter in the wp-
2014-12-31 6.8 CVE-2014-9400MISC (link is external)
http://packetstormsecurity.com/files/129647/WordPress-WP-Limit-Posts-Automatically-0.7-CSRF-XSS.html
unique-header.php page to wp-admin/options-
general.php.
zaunz_gmbh --
cosmoshop
Multiple cross-site scripting (XSS) vulnerabilities in
CosmoShop ePRO 10.05.00 allow remote attackers
to inject arbitrary web script or HTML via (1) the
rcopy parameter to cgi-bin/admin/rubrikadmin.cgi,
(2) the typ parameter to cgi-
bin/admin/artikeladmin.cgi, or (3) the suchbegriff
parameter to cgi-bin/admin/shophilfe_suche.cgi.
2015-01-01 4.3 CVE-2011-5305MISC (link is external)
zaunz_gmbh --
cosmoshop
Cross-site request forgery (CSRF) vulnerability in
cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO
10.05.00 allows remote attackers to hijack the
authentication of administrators for requests that
modify settings via a setup action.
2015-01-01 6.8 CVE-2011-5306MISC (link is external)
Low Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published CVSSScore
The CVE Identity
avast! -- avast!
_internet_security
Integer overflow in aswFW.sys 5.0.594.0 in Avast!
Internet Security 5.0 Korean Trial allows local users
to cause a denial of service (memory corruption and
panic) via a crafted
IOCTL_ASWFW_COMM_PIDINFO_RESULTS
DeviceIoControl request to \\.\aswFW.
2014-12-27 2.1 CVE-2010-5075MISCMISC (link is external)MISC (link is external)BID (link is external)
claroline -- claroline Multiple cross-site scripting (XSS) vulnerabilities in
Claroline 1.11.9 and earlier allow remote
authenticated users to inject arbitrary web script or
HTML via (1) the Search field in an inbox action to
messaging/messagebox.php, (2) the "First name"
field to auth/profile.php, or (3) the Speakers field in
an rqAdd action to calendar/agenda.php.
2014-12-26 3.5 CVE-2013-4753MISC (link is external)
contenido --
contendio
Multiple cross-site scripting (XSS) vulnerabilities in
cms/front_content.php in Contenido before 4.9.6,
when advanced mod rewrite (AMR) is disabled, allow
remote attackers to inject arbitrary web script or
HTML via the (1) idart, (2) lang, or (3) idcat
parameter.
2014-12-31 2.6 CVE-2014-9433BUGTRAQ (link is external)MISC (link is external)SECUNIA (link is external)FULLDISC
ibm --
rational_appscan_s
ource
IBM Rational AppScan Source 8.0 through 8.0.0.2
and 8.5 through 8.5.0.1 and Security AppScan Source
8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0
through 9.0.0.1, and 9.0.1 allow local users to obtain
sensitive credential information by reading
installation logs.
2014-12-28 2.1 CVE-2014-6123XF (link is external)
ibm --
websphere_service
_registry_and_repo
sitory
IBM WebSphere Service Registry and Repository
(WSRR) 8.5 before 8.5.0.1, when Chrome and
WebSEAL are used, does not properly process
ServiceRegistryDashboard logout actions, which
allows remote attackers to bypass intended access
restrictions by leveraging an unattended
workstation.
2014-12-28 2.1 CVE-2014-6160XF (link is external)AIXAPAR (link is external)
owl --
intranet_knowledg
ebase
Multiple cross-site scripting (XSS) vulnerabilities in
Owl Intranet Knowledgebase 1.10 allow remote
authenticated users to inject arbitrary web script or
HTML via (1) the Search field to browse.php or (2)
the Title field to prefs.php.
2014-12-26 3.5 CVE-2013-4754MISC (link is external)
• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which
contains a database of every vulnerability that has ever been published).
Uganda Communications Commission – UGCERTEmail: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911
Website www.ug-cert.ug Face book / Twitter: UGCERT
