Weekly Vulnerabilities Reports > June 16 to 22, 2014

Overview

105 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 125 products from 71 vendors including IBM, Symantec, HP, Digium, and EMC. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", "SQL Injection", and "Cryptographic Issues".

  • 93 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities have public exploit available.
  • 50 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 87 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-06-21 CVE-2014-3073 IBM Remote Code Execution vulnerability in IBM Security Access Manager

Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2014-06-20 CVE-2012-5106 Freefloat Buffer Errors vulnerability in Freefloat FTP Server 1.0

Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.

10.0
2014-06-20 CVE-2014-3496 Redhat Code Injection vulnerability in Redhat Openshift and Openshift Origin

cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.

10.0
2014-06-19 CVE-2014-2609 HP Improper Authentication vulnerability in HP Executive Scorecard 9.40/9.41

The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.

10.0
2014-06-18 CVE-2014-4152 Alienvault Code Injection vulnerability in Alienvault Open Source Security Information Management

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.

10.0
2014-06-18 CVE-2014-4151 Alienvault Code Injection vulnerability in Alienvault Open Source Security Information Management

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.

10.0
2014-06-18 CVE-2014-0598 Novell Path Traversal vulnerability in Novell Open Enterprise Server 11.0

Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors.

10.0
2014-06-18 CVE-2013-6221 HP Path Traversal vulnerability in HP Service Virtualization 3.0

Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.

10.0
2014-06-19 CVE-2012-2052 Adobe Buffer Errors vulnerability in Adobe Photoshop CS5 and Photoshop Cs5.1

Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element.

9.3
2014-06-19 CVE-2014-2782 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.

9.3
2014-06-18 CVE-2014-4174 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet.

9.3
2014-06-18 CVE-2011-2592 Citrix Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Citrix Access Gateway Plug-In

Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header.

9.3
2014-06-19 CVE-2014-2611 HP Path Traversal vulnerability in HP Executive Scorecard 9.40/9.41

Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120.

9.0

12 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-06-21 CVE-2014-3053 IBM Improper Authentication vulnerability in IBM products

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.

8.0
2014-06-18 CVE-2013-5017 Symantec Remote Command Injection vulnerability in Symantec Web Gateway

SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.

7.9
2014-06-19 CVE-2014-2962 Belkin Path Traversal vulnerability in Belkin N150 F9K1009 and N150 F9K1009 Firmware

Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.

7.8
2014-06-18 CVE-2014-4153 Alienvault Information Exposure vulnerability in Alienvault Open Source Security Information Management

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.

7.8
2014-06-17 CVE-2014-4190 Huawei Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Huawei products

Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.

7.8
2014-06-16 CVE-2014-2003 Justsystems Improper Input Validation vulnerability in Justsystems Ichitaro and Just Online Update

JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.

7.6
2014-06-20 CVE-2014-0007 Theforeman Unspecified vulnerability in Theforeman Foreman

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.

7.5
2014-06-20 CVE-2012-0273 Hans Alshoff Buffer Errors vulnerability in Hans Alshoff Minalic 2.0.0

Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c.

7.5
2014-06-19 CVE-2014-4334 UBI Buffer Errors vulnerability in UBI Rayman Legends 1.0.95278/1.1.100477/1.2.103716

Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001.

7.5
2014-06-18 CVE-2014-4307 Webtitan SQL Injection vulnerability in Webtitan 4.01

SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.

7.5
2014-06-18 CVE-2014-4305 Nice SQL Injection vulnerability in Nice Recording Express 6.3.5/6.5.7

Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-06-19 CVE-2014-2610 HP Path Traversal vulnerability in HP Executive Scorecard 9.40/9.41

Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117.

7.1

70 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-06-21 CVE-2014-3883 Webmin OS Command Injection vulnerability in Webmin Usermin

Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.

6.8
2014-06-19 CVE-2014-4333 Boonex Cross-Site Request Forgery (CSRF) vulnerability in Boonex Dolphin

Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.

6.8
2014-06-19 CVE-2014-4155 ZTE Cross-Site Request Forgery (CSRF) vulnerability in ZTE Zxv10 W300 and Zxv10 W300 Firmware

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.

6.8
2014-06-19 CVE-2014-3778 Commscope Cross-Site Request Forgery (CSRF) vulnerability in Commscope Arris Sbg901

Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter.

6.8
2014-06-17 CVE-2014-4188 Hitachi Cross-Site Request Forgery (CSRF) vulnerability in Hitachi products

Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2014-06-16 CVE-2014-4163 Featured Comments Plugin Project Cross-Site Request Forgery (CSRF) vulnerability in Featured Comments Plugin Project Featured Comments 1.2.1

Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.

6.8
2014-06-16 CVE-2014-4162 Zyxel Cross-Site Request Forgery (CSRF) vulnerability in Zyxel P-660Hw T1

Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1.

6.8
2014-06-16 CVE-2010-5111 Echoping Project Buffer Errors vulnerability in Echoping Project Echoping 6.0.2

Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted reply in the (1) TLS_readline or (2) SSL_readline function, related to the EchoPingHttps Smokeping probe.

6.8
2014-06-19 CVE-2014-3810 Boonex SQL Injection vulnerability in Boonex Dolphin

SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter.

6.5
2014-06-18 CVE-2014-2949 F5 SQL Injection vulnerability in F5 ARX Data Manager 3.0.0/3.1.0

SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2014-06-17 CVE-2014-4046 Digium Remote Privilege Escalation vulnerability in Multiple Asterisk Products

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

6.5
2014-06-20 CVE-2014-4507 Theforeman Path Traversal vulnerability in Theforeman Foreman

Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a ..

6.4
2014-06-17 CVE-2014-3476 Openstack
Suse
Improper Privilege Management vulnerability in multiple products

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.

6.0
2014-06-22 CVE-2014-4336 Linuxfoundation Command Injection vulnerability in Linuxfoundation Cups-Filters

The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name.

5.8
2014-06-19 CVE-2014-2001 Jreast Cryptographic Issues vulnerability in Jreast JR East Japan 1.0

The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.

5.8
2014-06-18 CVE-2014-1651 Symantec SQL Injection vulnerability in Symantec web Gateway

SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

5.8
2014-06-17 CVE-2013-6078 EMC Cryptographic Issues vulnerability in EMC RSA Bsafe Toolkits and RSA Data Protection Manager

The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue.

5.8
2014-06-18 CVE-2014-1650 Symantec SQL Injection vulnerability in Symantec web Gateway

SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

5.2
2014-06-18 CVE-2014-4049 Opensuse
PHP
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.

5.1
2014-06-20 CVE-2011-4821 D Link Path Traversal vulnerability in D-Link Dir-601 and Dir-601 Firmware

Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2014-06-19 CVE-2013-1068 Canonical Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 13.10/14.04

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.

5.0
2014-06-19 CVE-2011-4367 Apache Path Traversal vulnerability in Apache Myfaces

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a ..

5.0
2014-06-18 CVE-2014-4306 Webtitan Path Traversal vulnerability in Webtitan 4.01

Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a ..

5.0
2014-06-17 CVE-2014-4193 EMC Cryptographic Issues vulnerability in EMC RSA Bsafe-Java Toolkits

The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755.

5.0
2014-06-17 CVE-2014-4192 EMC Cryptographic Issues vulnerability in EMC RSA Bsafe-C Toolkits

The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.

5.0
2014-06-17 CVE-2014-4191 EMC Cryptographic Issues vulnerability in EMC RSA Bsafe-C Toolkits

The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.

5.0
2014-06-17 CVE-2014-4040 Powerpc Utils Project Cryptographic Issues vulnerability in Powerpc-Utils Project Powerpc-Utils 1.2.20

snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

5.0
2014-06-17 CVE-2014-4047 Digium Unspecified vulnerability in Digium Asterisk and Certified Asterisk

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.

5.0
2014-06-17 CVE-2014-4044 Openafs Buffer Errors vulnerability in Openafs 1.6.8

OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests.

5.0
2014-06-17 CVE-2014-3249 Puppet Information Exposure vulnerability in Puppet Enterprise

Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain sensitive information via vectors involving hiding and unhiding nodes.

5.0
2014-06-16 CVE-2014-2004 IIJ Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IIJ products

The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 through 3.10, SEIL/X1 routers 1.00 through 4.50, SEIL/X2 routers 1.00 through 4.50, SEIL/B1 routers 1.00 through 4.50, SEIL/Turbo routers 1.80 through 2.17, and SEIL/neu 2FE Plus routers 1.80 through 2.17 allows remote attackers to cause a denial of service (session termination or concentrator outage) via a crafted TCP packet.

5.0
2014-06-21 CVE-2014-4509 Netiq Local Command Injection vulnerability in Netiq Identity Manager 4.0.2

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters.

4.6
2014-06-17 CVE-2014-4038 Suse
Ppc64 Diag Project
Redhat
Link Following vulnerability in multiple products

ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.

4.4
2014-06-22 CVE-2014-4337 Linuxfoundation Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linuxfoundation Cups-Filters

The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.

4.3
2014-06-21 CVE-2014-3431 Symantec
Apple
Permissions, Privileges, and Access Controls vulnerability in Symantec Encryption Desktop and PGP Desktop

Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.

4.3
2014-06-20 CVE-2014-4505 Roger Padilla Camacho Cross-Site Scripting vulnerability in Roger Padilla Camacho Easy Breadcrumb

Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-06-20 CVE-2012-2591 Emailarchitect Cross-Site Scripting vulnerability in Emailarchitect Email Server 10.0/10.0.0.3

Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.

4.3
2014-06-20 CVE-2012-2580 Postieplugin Cross-Site Scripting vulnerability in Postieplugin Postie

Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email.

4.3
2014-06-20 CVE-2012-2579 WP Simplemail Project Cross-Site Scripting vulnerability in WP Simplemail Project WP Simplemail 1.0.6

Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email.

4.3
2014-06-19 CVE-2014-4335 Barracudadrive Cross-Site Scripting vulnerability in Barracudadrive 6.7.2

Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) host or (2) password parameter to rtl/protected/admin/ddns/.

4.3
2014-06-19 CVE-2012-2572 Mindreantre Cross-Site Scripting vulnerability in Mindreantre Threewp Email Reflector

Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.

4.3
2014-06-19 CVE-2012-2569 Synametrics Cross-Site Scripting vulnerability in Synametrics Xeams 4.4

Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email.

4.3
2014-06-19 CVE-2012-1621 Apache Cross-Site Scripting vulnerability in Apache Ofbiz 10.04.01

Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request.

4.3
2014-06-19 CVE-2014-4329 Ntop Cross-Site Scripting vulnerability in Ntop Ntopng 1.1

Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

4.3
2014-06-18 CVE-2012-2592 Axigen Cross-Site Scripting vulnerability in Axigen Mail Server 8.0.1

Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.

4.3
2014-06-18 CVE-2014-0599 Novell Cross-Site Scripting vulnerability in Novell Open Enterprise Server 11.0

Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-06-18 CVE-2014-4020 Wireshark Numeric Errors vulnerability in Wireshark

The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2014-06-18 CVE-2014-2779 Microsoft Improper Input Validation vulnerability in Microsoft Malware Protection Engine 1.1.10600.0

mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file.

4.3
2014-06-18 CVE-2014-4309 Openfiler Cross-Site Scripting vulnerability in Openfiler 2.99

Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenticated users to inject arbitrary web script or HTML via the (2) MaxInstances, (3) PassivePorts, (4) Port, (5) ServerName, (6) TimeoutLogin, (7) TimeoutNoTransfer, or (8) TimeoutStalled parameter to admin/services_ftp.html; the (9) dns1 or (10) dns2 parameter to admin/system.html; the (11) newTgtName parameter to admin/volumes_iscsi_targets.html; the User-Agent HTTP header to (12) language.html, (13) login.html, or (14) password.html in account/; or the User-Agent HTTP header to (15) account_groups.html, (16) account_users.html, (17) services.html, (18) services_ftp.html, (19) services_iscsi_target.html, (20) services_rsync.html, (21) system_clock.html, (22) system_info.html, (23) system_ups.html, (24) volumes_editpartitions.html, or (25) volumes_iscsi_targets.html in admin/.

4.3
2014-06-18 CVE-2014-4308 Nice Cross-Site Scripting vulnerability in Nice Recording Express 6.3.5

Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame parameter to (2) iframe.picker.statchannels.asp, (3) iframe.picker.channelgroups.asp, (4) iframe.picker.extensions.asp, (5) iframe.picker.licenseusergroups.asp, (6) iframe.picker.licenseusers.asp, (7) iframe.picker.lookup.asp, or (8) iframe.picker.marks.asp in _ifr/.

4.3
2014-06-18 CVE-2014-4304 Sqlbuddy Cross-Site Scripting vulnerability in Sqlbuddy SQL Buddy 1.3.3

Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter.

4.3
2014-06-18 CVE-2014-4302 Ham3D Cross-Site Scripting vulnerability in Ham3D Shop Engine

Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

4.3
2014-06-18 CVE-2014-4301 Ajenti Cross-Site Scripting vulnerability in Ajenti

Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.

4.3
2014-06-18 CVE-2014-3877 Ulli Horlacher Unspecified vulnerability in Ulli Horlacher FEX

Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.

4.3
2014-06-18 CVE-2014-3876 Ulli Horlacher Cross-Site Scripting vulnerability in Ulli Horlacher FEX

Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc.

4.3
2014-06-17 CVE-2014-4189 Hitachi Cross-Site Scripting vulnerability in Hitachi products

Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-06-17 CVE-2014-4187 Clip Bucket Cross-Site Scripting vulnerability in Clip-Bucket Clipbucket

Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field.

4.3
2014-06-17 CVE-2014-4048 Digium Denial of Service vulnerability in Asterisk PJSIP Channel Driver

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.

4.3
2014-06-17 CVE-2014-4045 Digium Numeric Errors vulnerability in Digium Asterisk

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.

4.3
2014-06-16 CVE-2014-4166 Shoutcast Cross-Site Scripting vulnerability in Shoutcast Dnas 2.2.1

Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.

4.3
2014-06-16 CVE-2014-4165 Opensuse
Ntop
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.

4.3
2014-06-16 CVE-2014-4164 Algosec Cross-Site Scripting vulnerability in Algosec Fireflow 6.3

Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html.

4.3
2014-06-16 CVE-2014-3995 Reviewboard Cross-Site Scripting vulnerability in Reviewboard Djblets

Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name.

4.3
2014-06-16 CVE-2014-3994 Reviewboard Cross-Site Scripting vulnerability in Reviewboard Djblets and Reviewboard

Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.

4.3
2014-06-16 CVE-2014-3428 Yealink Cross-Site Scripting vulnerability in Yealink Voip Phone and Voip Phone Firmware

Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet.

4.3
2014-06-22 CVE-2014-4338 Linuxfoundation Permissions, Privileges, and Access Controls vulnerability in Linuxfoundation Cups-Filters

cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.

4.0
2014-06-21 CVE-2014-3296 Cisco Information Exposure vulnerability in Cisco Webex Meetings Server

The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527.

4.0
2014-06-21 CVE-2013-6737 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied.

4.0
2014-06-18 CVE-2014-2151 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software

The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520.

4.0
2014-06-17 CVE-2014-0478 Debian Improper Input Validation vulnerability in Debian Advanced Package Tool

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-06-18 CVE-2014-3013 IBM Cross-Site Scripting vulnerability in IBM Curam Social Program Management

Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer.

3.5
2014-06-18 CVE-2014-3012 IBM HTTP Response Splitting vulnerability in IBM Cúram Social Program Management

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs.

3.5
2014-06-18 CVE-2014-0910 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-06-21 CVE-2014-3052 IBM Configuration vulnerability in IBM products

The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.

3.3
2014-06-18 CVE-2014-4021 XEN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.

2.7
2014-06-18 CVE-2014-2000 NTT Information Exposure vulnerability in NTT 050 Plus 4.2.0

The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files.

2.6
2014-06-18 CVE-2014-1652 Symantec Cross-Site Scripting vulnerability in Symantec web Gateway

Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters.

2.3
2014-06-20 CVE-2014-4506 Louis Jimenez Cross-Site Scripting vulnerability in Louis Jimenez Custom Meta

Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer custom meta settings" permission to inject arbitrary web script or HTML via the (1) attribute or (2) content value for a meta tag.

2.1
2014-06-18 CVE-2014-4303 Drupac Cross-Site Scripting vulnerability in Drupac Touch

Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to the (1) Twitter and (2) Facebook username settings.

2.1
2014-06-17 CVE-2014-4039 Redhat
Ppc64 Diag Project
Suse
Permissions, Privileges, and Access Controls vulnerability in multiple products

ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf.

2.1