Weekly Vulnerabilities Reports > March 24 to 30, 2014

Overview

103 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 106 products from 54 vendors including IBM, Moodle, Cisco, Opensuse, and Siemens. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".

  • 92 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 30 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 77 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-03-27 CVE-2014-0512 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Acrobat Reader 11.0.6

Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

10.0
2014-03-27 CVE-2014-0511 Adobe Buffer Errors vulnerability in Adobe Acrobat Reader 11.0.6

Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

10.0
2014-03-27 CVE-2014-0510 Adobe Buffer Errors vulnerability in Adobe Flash Player 12.0.0.77

Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014.

10.0
2014-03-27 CVE-2014-0506 Adobe
Microsoft
Resource Management Errors vulnerability in Adobe Flash Player 12.0.0.77

Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

10.0
2014-03-26 CVE-2014-1303 Apple Buffer Errors vulnerability in Apple Safari 7.0.2

Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.

10.0
2014-03-26 CVE-2014-1300 Apple Memory Corruption vulnerability in Apple Safari 7.0.2

Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.

10.0
2014-03-24 CVE-2012-4886 Kingsoft Buffer Errors vulnerability in Kingsoft Office 2012 8.1.0.3238

Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.

10.0
2014-03-24 CVE-2014-2523 Linux
Canonical
Improper Input Validation vulnerability in multiple products

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

10.0
2014-03-27 CVE-2013-3481 B E Soft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in B-E-Soft Artweaver Free and Artweaver Plus

Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 allows remote attackers to execute arbitrary code via a crafted JPG image file.

9.3
2014-03-27 CVE-2013-0732 Nuance Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nuance PDF Reader 6.0/7.0

Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before 8.1 allows remote attackers to execute arbitrary code via crafted font table directory values in a TTF file, related to naming table entries.

9.3
2014-03-25 CVE-2014-1761 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.

9.3

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-03-24 CVE-2014-2250 Siemens Cryptographic Issues vulnerability in Siemens products

The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.

8.3
2014-03-29 CVE-2013-6211 HP Remote Unauthorized Access vulnerability in HP StoreOnce Appliances

Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance (VSA) before 3.7.2, StoreOnce 26xx and 4210 iSCSI Backup System before 3.9.0, StoreOnce 4210 FC Backup System before 3.9.0, and StoreOnce 4xxx Backup System before 3.9.0 allows remote attackers to obtain sensitive information or cause a denial of service via unknown vectors.

7.8
2014-03-27 CVE-2014-2113 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540.

7.8
2014-03-27 CVE-2014-2112 Cisco Improper Input Validation vulnerability in Cisco IOS

The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.

7.8
2014-03-27 CVE-2014-2109 Cisco Improper Input Validation vulnerability in Cisco IOS

The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.

7.8
2014-03-27 CVE-2014-2108 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.

7.8
2014-03-27 CVE-2014-2106 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898.

7.8
2014-03-24 CVE-2014-2258 Siemens Resource Management Errors vulnerability in Siemens products

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.

7.8
2014-03-24 CVE-2014-2256 Siemens Resource Management Errors vulnerability in Siemens products

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.

7.8
2014-03-24 CVE-2014-2254 Siemens Resource Management Errors vulnerability in Siemens products

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.

7.8
2014-03-26 CVE-2014-0904 IBM Improper Input Validation vulnerability in IBM Security Appscan

The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.

7.6
2014-03-29 CVE-2014-1645 Symantec SQL Injection vulnerability in Symantec Liveupdate Administrator

SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-03-29 CVE-2014-1644 Symantec Credentials Management vulnerability in Symantec Liveupdate Administrator

The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.

7.5
2014-03-29 CVE-2014-0880 IBM Denial-Of-Service vulnerability in San Volume Controller Software

IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrative IP address.

7.5
2014-03-28 CVE-2014-0133 Nginx
Opensuse
Out-Of-Bounds Write vulnerability in multiple products

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

7.5
2014-03-25 CVE-2013-1605 Maygion Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Maygion IP Camera Firmware

Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request.

7.5
2014-03-27 CVE-2014-2111 Cisco Improper Input Validation vulnerability in Cisco IOS

The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.

7.1
2014-03-27 CVE-2014-2107 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789.

7.1
2014-03-25 CVE-2014-0887 IBM OS Command Injection vulnerability in IBM Lotus Protector for Mail Security 2.8/2.8.1

The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.

7.1
2014-03-25 CVE-2014-0886 IBM OS Command Injection vulnerability in IBM Lotus Protector for Mail Security 2.8/2.8.1

The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors.

7.1

59 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-03-28 CVE-2014-2525 Pyyaml
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

6.8
2014-03-27 CVE-2013-7346 Getsymphony Cross-Site Request Forgery (CSRF) vulnerability in Getsymphony Symphony

Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.

6.8
2014-03-25 CVE-2014-0885 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Lotus Protector for Mail Security 2.8/2.8.1

Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

6.8
2014-03-25 CVE-2013-5443 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Express

Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users.

6.8
2014-03-24 CVE-2014-0126 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.

6.8
2014-03-29 CVE-2014-0344 Zohocorp Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Opstor 8.3

Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.

6.5
2014-03-27 CVE-2013-2559 Getsymphony SQL Injection vulnerability in Getsymphony Symphony

SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/.

6.5
2014-03-24 CVE-2013-1408 Wysija Newsletters Project SQL Injection vulnerability in Wysija Newsletters Project Wysija Newsletters

Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php.

6.5
2014-03-24 CVE-2014-2587 Mcafee SQL Injection vulnerability in Mcafee Asset Manager 6.6

SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).

6.5
2014-03-24 CVE-2013-7344 Owncloud Unspecified vulnerability in Owncloud

Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors.

6.5
2014-03-24 CVE-2013-0303 Owncloud Unspecified vulnerability in Owncloud

Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors.

6.5
2014-03-29 CVE-2014-2131 Cisco Resource Management Errors vulnerability in Cisco IOS

The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890.

6.1
2014-03-24 CVE-2014-2252 Siemens Resource Management Errors vulnerability in Siemens products

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.

6.1
2014-03-28 CVE-2013-2694 Wpsymposiumpro Improper Input Validation vulnerability in Wpsymposiumpro WP Symposium 13.04

Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter.

5.8
2014-03-27 CVE-2014-2653 Openbsd Improper Input Validation vulnerability in Openbsd Openssh

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.

5.8
2014-03-24 CVE-2014-0125 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner.

5.8
2014-03-26 CVE-2014-0055 Redhat Denial of Service vulnerability in Redhat Enterprise Linux 6.0

The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.

5.5
2014-03-29 CVE-2014-1516 Mozilla
Google
Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application.

5.0
2014-03-28 CVE-2014-2668 Apache Improper Input Validation vulnerability in Apache Couchdb

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.

5.0
2014-03-25 CVE-2013-5445 IBM Cryptographic Issues vulnerability in IBM Cognos Express

IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key.

5.0
2014-03-25 CVE-2013-5444 IBM Cryptographic Issues vulnerability in IBM Cognos Express

The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors.

5.0
2014-03-25 CVE-2013-1604 Maygion Path Traversal vulnerability in Maygion IP Camera Firmware

Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a ..

5.0
2014-03-25 CVE-2014-2386 Icinga
Opensuse
Numeric Errors vulnerability in multiple products

Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.

5.0
2014-03-25 CVE-2014-0628 EMC Improper Input Validation vulnerability in EMC RSA Bsafe

The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

5.0
2014-03-24 CVE-2014-2284 NET Snmp Improper Input Validation vulnerability in Net-Snmp

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.

5.0
2014-03-24 CVE-2013-7345 Christos Zoulas Permissions, Privileges, and Access Controls vulnerability in Christos Zoulas File

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

5.0
2014-03-28 CVE-2014-2599 XEN Improper Input Validation vulnerability in XEN

The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.

4.9
2014-03-26 CVE-2013-3997 IBM Improper Input Validation vulnerability in IBM Infosphere Biginsights

Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.9
2014-03-25 CVE-2014-0343 Virtualaccess Privilege Escalation vulnerability in Virtual Access GW6110A Router

The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable.

4.9
2014-03-24 CVE-2014-2585 Owncloud Improper Input Validation vulnerability in Owncloud

ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.

4.9
2014-03-24 CVE-2014-0127 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time.

4.9
2014-03-24 CVE-2014-0123 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student.

4.9
2014-03-24 CVE-2014-0122 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator.

4.9
2014-03-24 CVE-2013-7339 Linux Null Pointer Dereference vulnerability in Linux Kernel

The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

4.7
2014-03-28 CVE-2013-2695 Wpsymposiumpro Cross-Site Scripting vulnerability in Wpsymposiumpro WP Symposium

Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter.

4.3
2014-03-28 CVE-2013-0807 Gpeasy Cross-Site Scripting vulnerability in Gpeasy CMS

Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.

4.3
2014-03-28 CVE-2013-0734 Cartpauj
Wordpress
Cross-Site Scripting vulnerability in Cartpauj Mingle-Forum

Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.

4.3
2014-03-27 CVE-2014-2118 Cisco Cross-Site Scripting vulnerability in Cisco Prime Security Manager

Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.

4.3
2014-03-27 CVE-2014-2326 Fedoraproject
Opensuse
Cacti
Debian
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-03-27 CVE-2014-0089 Theforeman Cross-Site Scripting vulnerability in Theforeman Foreman 1.4.0/1.4.1

Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.

4.3
2014-03-27 CVE-2014-0623 EMC Cross-Site Scripting vulnerability in EMC RSA Authentication Manager 7.1

Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" issue.

4.3
2014-03-26 CVE-2014-1828 Ithoughts Improper Input Validation vulnerability in Ithoughts Ithoughtshd 4.19

The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote attackers to cause a denial of service (disk consumption) by uploading a large file.

4.3
2014-03-26 CVE-2014-1827 Ithoughts Improper Input Validation vulnerability in Ithoughts Ithoughtshd 4.19

The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to upload arbitrary files by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file.

4.3
2014-03-25 CVE-2014-2538 Joshua Peek Cross-Site Scripting vulnerability in Joshua Peek Rack-Ssl

Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.

4.3
2014-03-25 CVE-2014-2526 Barracudadrive Cross-Site Scripting vulnerability in Barracudadrive

Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to Forum/manage/ForumManager.lsp; (3) sHint, (4) sWord, or (5) nId parameter to Forum/manage/hangman.lsp; (6) user parameter to rtl/protected/admin/wizard/setuser.lsp; (7) name or (8) email parameter to feedback.lsp; (9) lname or (10) url parameter to private/manage/PageManager.lsp; (11) cmd parameter to fs; (12) newname, (13) description, (14) firstname, (15) lastname, or (16) id parameter to rtl/protected/mail/manage/list.lsp; or (17) PATH_INFO to fs/.

4.3
2014-03-25 CVE-2014-2016 Oxid Esales Cross-Site Scripting vulnerability in Oxid-Esales Eshop

Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php.

4.3
2014-03-25 CVE-2014-1492 Mozilla Improper Input Validation vulnerability in Mozilla Network Security Services

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

4.3
2014-03-24 CVE-2012-6430 Opensolution Cross-Site Scripting vulnerability in Opensolution Quick Cart and Quick CMS

Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php.

4.3
2014-03-24 CVE-2014-2589 Sonicwall Cross-Site Scripting vulnerability in Sonicwall Network Security Appliance 2400

Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter.

4.3
2014-03-24 CVE-2014-2586 Mcafee Cross-Site Scripting vulnerability in Mcafee Cloud Single Sign ON

Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.

4.3
2014-03-24 CVE-2014-2057 Owncloud Cross-Site Scripting vulnerability in Owncloud

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-03-24 CVE-2014-0016 Stunnel Insufficient Entropy in PRNG vulnerability in Stunnel

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.

4.3
2014-03-24 CVE-2013-7343 Flowplayer Cross-Site Scripting vulnerability in Flowplayer Html5 5.4.3

Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name.

4.3
2014-03-24 CVE-2013-7342 Flowplayer Cross-Site Scripting vulnerability in Flowplayer Html5 5.4.1

Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341.

4.3
2014-03-24 CVE-2013-7341 Flowplayer
Moodle
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.

4.3
2014-03-24 CVE-2014-2588 Mcafee Path Traversal vulnerability in Mcafee Asset Manager 6.6

Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a ..

4.0
2014-03-24 CVE-2014-2572 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle 2.6.0/2.6.1

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.

4.0
2014-03-24 CVE-2014-0129 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.

4.0
2014-03-24 CVE-2014-0124 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.

4.0

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-03-29 CVE-2014-2670 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Opstor 8.3

Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.

3.5
2014-03-26 CVE-2014-0848 IBM Cryptographic Issues vulnerability in IBM Netezza Performance Portal

The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

3.5
2014-03-26 CVE-2013-3998 IBM Code Injection vulnerability in IBM Infosphere Biginsights

CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

3.5
2014-03-25 CVE-2014-0884 IBM Cross-Site Scripting vulnerability in IBM Lotus Protector for Mail Security 2.8/2.8.1

Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-03-24 CVE-2014-2571 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question.

3.5
2014-03-24 CVE-2014-2568 Linux
Canonical
USE After Free vulnerability in Linux Kernel

Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.

2.9
2014-03-24 CVE-2014-0131 Linux
Opensuse
Suse
USE After Free vulnerability in Linux Kernel

Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.

2.9
2014-03-26 CVE-2014-1826 Ithoughts Cross-Site Scripting vulnerability in Ithoughts Ithoughtshd 4.19

Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML via a crafted map name.

2.6
2014-03-25 CVE-2013-5951 Extplorer Cross-Site Scripting vulnerability in Extplorer 2.1.3

Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php, or (6) upload.php in include/.

2.6
2014-03-25 CVE-2014-2573 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Compute 2013.2/2013.2.1/2013.2.2

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.

2.3
2014-03-26 CVE-2013-3976 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore.

2.1
2014-03-25 CVE-2014-1515 Mozilla
Google
Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.

1.9
2014-03-25 CVE-2014-0076 Openssl Cryptographic Issues vulnerability in Openssl

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

1.9