Weekly Vulnerabilities Reports > April 21 to 27, 2014

Overview

115 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 123 products from 69 vendors including Cisco, Apple, Microsoft, Debian, and Opensuse. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Information Exposure".

  • 98 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 27 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 98 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-04-27 CVE-2014-3007 Python
Pythonware
OS Command Injection vulnerability in multiple products

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.

10.0
2014-04-27 CVE-2014-1764 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

10.0
2014-04-27 CVE-2014-1763 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11/9

Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

10.0
2014-04-27 CVE-2014-2994 Acunetix Buffer Errors vulnerability in Acunetix web vulnerability Scanner 8

Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).

10.0
2014-04-23 CVE-2014-0474 Canonical
Djangoproject
Resource Management Errors vulnerability in multiple products

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

10.0
2014-04-23 CVE-2014-1318 Apple Improper Input Validation vulnerability in Apple mac OS X

The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.

10.0
2014-04-23 CVE-2014-1314 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.

10.0
2014-04-27 CVE-2014-1776 Microsoft Use After Free vulnerability in Microsoft Internet Explorer

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014.

9.8
2014-04-25 CVE-2014-0780 Indusoft Path Traversal vulnerability in Indusoft web Studio 7.1

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.

9.8
2014-04-27 CVE-2014-1766 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.

9.3
2014-04-25 CVE-2013-5660 Powersoftware Buffer Errors vulnerability in Powersoftware Winarchiver 3.2

Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file.

9.3
2014-04-25 CVE-2014-0769 Softmotion3D
Festo
3S Software
Improper Authentication vulnerability in multiple products

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.

9.3
2014-04-25 CVE-2014-0760 3S Software
Festo
Softmotion3D
Improper Authentication vulnerability in multiple products

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

9.3

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-04-22 CVE-2013-5948 T Mobile
Asus
OS Command Injection vulnerability in multiple products

The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).

8.5
2014-04-24 CVE-2014-2601 HP Remote Denial of Service vulnerability in HP Integrated Lights-Out

The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.

7.8
2014-04-27 CVE-2014-1765 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.

7.6
2014-04-25 CVE-2014-2579 Xcloner Cross-Site Request Forgery (CSRF) vulnerability in Xcloner 3.5

Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php.

7.6
2014-04-27 CVE-2014-1762 Microsoft Remote Code Execution vulnerability in Microsoft Internet Explorer

Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014.

7.5
2014-04-24 CVE-2014-2736 Modx SQL Injection vulnerability in Modx Revolution

Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.

7.5
2014-04-23 CVE-2014-2888 Herry Unspecified vulnerability in Herry Sfpagent

lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.

7.5
2014-04-23 CVE-2014-2709 Cacti
Debian
Security vulnerability in Cacti 'rrd.php'

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

7.5
2014-04-22 CVE-2014-2892 Libmms Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libmms Project Libmms

Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.

7.5
2014-04-22 CVE-2014-2737 Knowledgetree SQL Injection vulnerability in Knowledgetree

SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.

7.5
2014-04-22 CVE-2014-1216 Fitnesse Remote Code Execution vulnerability in Fitnesse

FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.

7.5
2014-04-21 CVE-2014-2921 Pimcore Code Injection vulnerability in Pimcore

The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a Zend_Pdf_ElementFactory_Proxy object and a pathname with a trailing \0 character.

7.5
2014-04-25 CVE-2014-2996 Xcloner Code Injection vulnerability in Xcloner 3.5

XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php.

7.1
2014-04-22 CVE-2013-7338 Python
Apple
Improper Input Validation vulnerability in multiple products

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.

7.1

76 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-04-25 CVE-2013-4726 Ddsn Cross-Site Request Forgery (CSRF) vulnerability in Ddsn CM3 Acora Content Management System

Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2014-04-25 CVE-2013-4565 Debian Buffer Errors vulnerability in Debian Ppthtml 0.5.1

Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.

6.8
2014-04-25 CVE-2013-5954 Revive Adserver
Openx
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.

6.8
2014-04-23 CVE-2014-2327 Cacti
Debian
Opensuse
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.

6.8
2014-04-23 CVE-2014-1319 Apple Buffer Errors vulnerability in Apple mac OS X 10.9/10.9.1/10.9.2

Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.

6.8
2014-04-23 CVE-2014-1315 Apple USE of Externally-Controlled Format String vulnerability in Apple mac OS X 10.9/10.9.1/10.9.2

Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.

6.8
2014-04-23 CVE-2014-1295 Apple Improper Authentication vulnerability in Apple Iphone OS, mac OS X and Tvos

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

6.8
2014-04-23 CVE-2012-5422 Cisco Denial-Of-Service vulnerability in Cisco IOS

Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009.

6.8
2014-04-23 CVE-2012-5036 Cisco Resource Management Errors vulnerability in Cisco IOS

Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662.

6.8
2014-04-23 CVE-2012-5017 Cisco Improper Input Validation vulnerability in Cisco products

Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268.

6.8
2014-04-22 CVE-2014-2659 Papercut Cross-Site Request Forgery (CSRF) vulnerability in Papercut MF and Papercut NG

Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

6.8
2014-04-22 CVE-2014-1615 Carbonblack Cross-Site Request Forgery (CSRF) vulnerability in Carbonblack Carbon Black 4.0.3/4.1.0

Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user.

6.8
2014-04-22 CVE-2014-2341 Cubecart Improper Authentication vulnerability in Cubecart

Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

6.8
2014-04-23 CVE-2014-2328 Cacti
Fedoraproject
Opensuse
Debian
Remote Command Execution vulnerability in Cacti

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

6.5
2014-04-22 CVE-2014-2654 Mobfox SQL Injection vulnerability in Mobfox Madserve 2.0

Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/.

6.5
2014-04-27 CVE-2013-6887 Uclouvain Improper Input Validation vulnerability in Uclouvain Openjpeg 1.5.1

OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.

6.4
2014-04-27 CVE-2011-3152 Canonical Cryptographic Issues vulnerability in Canonical Ubuntu Linux and Update-Manager

DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.

6.4
2014-04-26 CVE-2014-2993 Birebin Cryptographic Issues vulnerability in Birebin Birebin.Com APP

The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

6.4
2014-04-26 CVE-2014-2992 Misli Cryptographic Issues vulnerability in Misli Misli.Com APP

The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

6.4
2014-04-26 CVE-2014-0350 Pocoproject Cryptographic Issues vulnerability in Pocoproject Poco C++ Libraries 1.4.5/1.4.6

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.

6.4
2014-04-23 CVE-2012-5032 Cisco Improper Authentication vulnerability in Cisco IOS

The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641.

6.4
2014-04-22 CVE-2014-2269 Vtiger Improper Input Validation vulnerability in Vtiger CRM 6.0.0

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.

6.4
2014-04-21 CVE-2014-2922 Pimcore Improper Input Validation vulnerability in Pimcore 1.4.9/1.5.0/2.1.0

The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors involving a Zend_Http_Response_Stream object.

6.4
2014-04-23 CVE-2012-5014 Cisco Denial-Of-Service vulnerability in IOS

Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into a (1) slow or (2) idle state, aka Bug ID CSCto87436.

6.3
2014-04-22 CVE-2014-2719 Asus
T Mobile
Information Exposure vulnerability in multiple products

Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.

6.3
2014-04-24 CVE-2012-5723 Cisco Improper Input Validation vulnerability in Cisco products

Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

6.1
2014-04-23 CVE-2012-1366 Cisco Improper Input Validation vulnerability in Cisco products

Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

6.1
2014-04-25 CVE-2013-4723 Ddsn Improper Input Validation vulnerability in Ddsn CM3 Acora Content Management System

Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.

5.8
2014-04-25 CVE-2014-2909 Siemens Code Injection vulnerability in Siemens products

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.

5.8
2014-04-22 CVE-2014-2900 Yassl Cryptographic Issues vulnerability in Yassl Cyassl

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.

5.8
2014-04-22 CVE-2014-2735 Winscp Improper Input Validation vulnerability in Winscp

WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2014-04-22 CVE-2014-0173 Automattic Permissions, Privileges, and Access Controls vulnerability in Automattic Jetpack

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors.

5.8
2014-04-23 CVE-2012-3062 Cisco Improper Input Validation vulnerability in Cisco IOS 15.1

Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

5.7
2014-04-24 CVE-2014-2915 XEN Permissions, Privileges, and Access Controls vulnerability in XEN 4.4.0

Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.

5.5
2014-04-21 CVE-2013-5459 IBM Security vulnerability in IBM products

Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking.

5.5
2014-04-23 CVE-2012-5044 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS

Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug ID CSCub45809.

5.4
2014-04-23 CVE-2012-1317 Cisco Buffer Errors vulnerability in Cisco IOS 15.1

The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

5.4
2014-04-23 CVE-2014-0472 Djangoproject
Canonical
Code Injection vulnerability in multiple products

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."

5.1
2014-04-27 CVE-2013-6053 Uclouvain Improper Input Validation vulnerability in Uclouvain Openjpeg 1.5.1

OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.

5.0
2014-04-24 CVE-2012-3946 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS

Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

5.0
2014-04-23 CVE-2011-5279 Microsoft Unspecified vulnerability in Microsoft Internet Information Services 4.0/5.0

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

5.0
2014-04-23 CVE-2014-0892 IBM
Linux
Information Exposure vulnerability in IBM Lotus Domino and Lotus Notes

IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W.

5.0
2014-04-23 CVE-2014-2983 Drupal
Debian
Information Exposure vulnerability in multiple products

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

5.0
2014-04-23 CVE-2014-2976 Sixnet Path Traversal vulnerability in Sixnet Sixview Manager 2.4.1

Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a ..

5.0
2014-04-23 CVE-2014-0473 Djangoproject
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.

5.0
2014-04-23 CVE-2014-1316 Apple Improper Input Validation vulnerability in Apple mac OS X

Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.

5.0
2014-04-23 CVE-2012-4658 Cisco Improper Authentication vulnerability in Cisco IOS

The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447.

5.0
2014-04-23 CVE-2012-0360 Cisco Resource Management Errors vulnerability in Cisco IOS 15.1

Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

5.0
2014-04-22 CVE-2014-2899 Yassl Improper Input Validation vulnerability in Yassl Cyassl

wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.

5.0
2014-04-23 CVE-2014-1322 Apple Information Exposure vulnerability in Apple mac OS X

The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.

4.9
2014-04-23 CVE-2014-1320 Apple Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.

4.9
2014-04-23 CVE-2012-4638 Cisco Denial-Of-Service vulnerability in Cisco IOS 15.1

Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318.

4.9
2014-04-23 CVE-2012-5037 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS

The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133.

4.6
2014-04-27 CVE-2013-0296 Zlib Permissions, Privileges, and Access Controls vulnerability in Zlib Pigz

Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.

4.4
2014-04-27 CVE-2011-3603 Litech Improper Input Validation vulnerability in Litech Router Advertisement Daemon

The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact.

4.4
2014-04-27 CVE-2014-2285 NET Snmp Improper Input Validation vulnerability in Net-Snmp

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.

4.3
2014-04-25 CVE-2013-4722 Ddsn Cross-Site Scripting vulnerability in Ddsn CM3 Acora Content Management System

Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter.

4.3
2014-04-25 CVE-2013-2025 Ushahidi Cross-Site Scripting vulnerability in Ushahidi Platform 2.5/2.6/2.6.1

Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-04-25 CVE-2013-5956 Joomlaboat Cross-Site Scripting vulnerability in Joomlaboat COM Youtubegallery 3.4.0

Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter.

4.3
2014-04-25 CVE-2012-4230 Tinymce Permissions, Privileges, and Access Controls vulnerability in Tinymce 3.5.8

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element.

4.3
2014-04-25 CVE-2014-2908 Siemens Cross-Site Scripting vulnerability in Siemens products

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-04-24 CVE-2013-6738 IBM Cross-Site Scripting vulnerability in IBM Smartcloud Analytics LOG Analysis 1.1.0/1.2.0

Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

4.3
2014-04-24 CVE-2014-2393 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.

4.3
2014-04-24 CVE-2014-2392 Open Xchange Information Exposure vulnerability in Open-Xchange Appsuite

The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

4.3
2014-04-24 CVE-2014-2391 Open Xchange Information Exposure vulnerability in Open-Xchange Appsuite

The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.

4.3
2014-04-23 CVE-2014-2554 Opensuse
Otrs
Improper Input Validation vulnerability in multiple products

OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.

4.3
2014-04-23 CVE-2014-1648 Symantec Cross-Site Scripting vulnerability in Symantec Messaging Gateway

Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.

4.3
2014-04-23 CVE-2014-1296 Apple Permissions, Privileges, and Access Controls vulnerability in Apple products

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.

4.3
2014-04-23 CVE-2012-5039 Cisco Resource Management Errors vulnerability in Cisco IOS

The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.

4.3
2014-04-23 CVE-2012-4651 Cisco Numeric Errors vulnerability in Cisco IOS

Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451.

4.3
2014-04-23 CVE-2012-3918 Cisco Denial-Of-Service vulnerability in Cisco IOS

Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

4.3
2014-04-22 CVE-2014-2890 Siege Cross-Site Scripting vulnerability in Siege PHPmyid 0.9

Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error message.

4.3
2014-04-22 CVE-2013-2187 Apache Cross-Site Scripting vulnerability in Apache Archiva

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

4.3
2014-04-22 CVE-2013-1421 Webcalendar Project Cross-Site Scripting vulnerability in Webcalendar Project Webcalendar

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

4.3
2014-04-22 CVE-2014-2925 T Mobile
Asus
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.

4.3
2014-04-23 CVE-2012-5427 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518.

4.0

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-04-25 CVE-2013-3069 Netgear Cross-Site Scripting vulnerability in Netgear Wndr4700 and Wndr4700 Firmware

Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.

3.5
2014-04-25 CVE-2014-2729 Ektron Cross-Site Scripting vulnerability in Ektron Content Management System 8.7.0

Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.

3.5
2014-04-21 CVE-2014-0932 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-04-23 CVE-2014-1321 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.9/10.9.1/10.9.2

Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.

3.3
2014-04-22 CVE-2013-4472 Freedesktop Link Following vulnerability in Freedesktop Poppler

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

3.3
2014-04-22 CVE-2013-4116 Npmjs Link Following vulnerability in Npmjs Node Packaged Modules 1.3.2

lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

3.3
2014-04-22 CVE-2013-2105 Jonathan Leung Link Following vulnerability in Jonathan Leung Show in Browser 0.0.3

The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

3.3
2014-04-21 CVE-2014-0361 Toshibacommerce Cryptographic Issues vulnerability in Toshibacommerce 4690 Point of Sale Operating System 6.2/6.3/6.4

The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified cryptanalysis of an ADXCSOUF.DAT file.

3.0
2014-04-23 CVE-2014-1647 Symantec Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Encryption Desktop and PGP Desktop

Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.

2.6
2014-04-23 CVE-2014-1646 Symantec Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Encryption Desktop and PGP Desktop

Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.

2.6
2014-04-27 CVE-2014-0181 Linux
Opensuse
Redhat
Suse
Permissions, Privileges, and Access Controls vulnerability in multiple products

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.

2.1
2014-04-23 CVE-2014-2893 Opensuse
Llvm
Link Following vulnerability in multiple products

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.

1.9