Weekly Vulnerabilities Reports > July 7 to 13, 2014

Overview

138 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 26 high severity vulnerabilities. This weekly summary report vulnerabilities in 157 products from 61 vendors including Microsoft, IBM, Cisco, Redhat, and PHP. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Information Exposure".

  • 126 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 119 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 30 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 22 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

30 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-07-07 CVE-2014-2967 Autodesk OS Command Injection vulnerability in Autodesk Vred 2014

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.

10.0
2014-07-07 CVE-2014-2617 HP Multiple Security vulnerability in HP Universal Configuration Management Database 10.01/10.10

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.

10.0
2014-07-07 CVE-2014-2198 Cisco Credentials Management vulnerability in Cisco products

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a binary file found in a different installation of the product, aka Bug ID CSCud41130.

10.0
2014-07-09 CVE-2012-4988 Xnview Buffer Errors vulnerability in Xnview 1.99/1.99.1

Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.

9.3
2014-07-08 CVE-2014-2813 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2786 and CVE-2014-2792.

9.3
2014-07-08 CVE-2014-2809 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2807.

9.3
2014-07-08 CVE-2014-2807 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2809.

9.3
2014-07-08 CVE-2014-2806 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2802.

9.3
2014-07-08 CVE-2014-2804 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2798.

9.3
2014-07-08 CVE-2014-2803 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/8/9

Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-07-08 CVE-2014-2802 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2806.

9.3
2014-07-08 CVE-2014-2801 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-07-08 CVE-2014-2800 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2807 and CVE-2014-2809.

9.3
2014-07-08 CVE-2014-2798 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2804.

9.3
2014-07-08 CVE-2014-2797 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 6/7/8

Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-07-08 CVE-2014-2795 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2798, and CVE-2014-2804.

9.3
2014-07-08 CVE-2014-2794 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 6/7

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2788.

9.3
2014-07-08 CVE-2014-2792 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2786 and CVE-2014-2813.

9.3
2014-07-08 CVE-2014-2791 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 9

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-07-08 CVE-2014-2790 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2802, and CVE-2014-2806.

9.3
2014-07-08 CVE-2014-2789 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2795, CVE-2014-2798, and CVE-2014-2804.

9.3
2014-07-08 CVE-2014-2788 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 6/7

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2794.

9.3
2014-07-08 CVE-2014-2787 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806.

9.3
2014-07-08 CVE-2014-2786 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2792 and CVE-2014-2813.

9.3
2014-07-08 CVE-2014-2785 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 7

Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-07-08 CVE-2014-1824 Microsoft Code Injection vulnerability in Microsoft products

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted Journal (aka .JNT) file, aka "Windows Journal Remote Code Execution Vulnerability."

9.3
2014-07-08 CVE-2014-2956 AVG Permissions, Privileges, and Access Controls vulnerability in AVG Safeguard and Secure Search Toolbar

ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site.

9.3
2014-07-07 CVE-2014-3113 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer

Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.

9.3
2014-07-11 CVE-2014-3816 Juniper Permissions, Privileges, and Access Controls vulnerability in Juniper Junos

Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2, and 14.1 before 14.1R1 allows remote authenticated users to gain privileges via unspecified combinations of CLI commands and arguments.

9.0
2014-07-07 CVE-2014-2197 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.

9.0

26 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-07-10 CVE-2014-3888 Yokogawa Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yokogawa products

Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.

8.3
2014-07-07 CVE-2014-2969 Netgear Credentials Management vulnerability in Netgear Gs108Pe and Gs108Pe Firmware

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.

8.3
2014-07-08 CVE-2014-2514 EMC Improper Input Validation vulnerability in EMC Documentum Content Server

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors.

8.2
2014-07-08 CVE-2014-2513 EMC Improper Input Validation vulnerability in EMC Documentum Content Server

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.

8.2
2014-07-11 CVE-2014-3819 Juniper Improper Input Validation vulnerability in Juniper Junos

Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4, 13.3 before 13.3R2, and 14.1 before 14.1R1, when Auto-RP is enabled, allows remote attackers to cause a denial of service (RDP routing process crash and restart) via a malformed PIM packet.

7.8
2014-07-11 CVE-2014-3817 Juniper Improper Input Validation vulnerability in Juniper products

Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote attackers to cause a denial of service (flowd hang or crash) via a crafted packet.

7.8
2014-07-11 CVE-2014-3815 Juniper Improper Input Validation vulnerability in Juniper products

Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.

7.8
2014-07-08 CVE-2014-2781 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the exchange of keyboard and mouse data between programs at different integrity levels, which allows attackers to bypass intended access restrictions by leveraging control over a low-integrity process to launch the On-Screen Keyboard (OSK) and then upload a crafted application, aka "On-Screen Keyboard Elevation of Privilege Vulnerability."

7.6
2014-07-11 CVE-2014-4938 WP RSS Poster Plugin Project SQL Injection vulnerability in WP RSS Poster Plugin Project Wp-Rss-Poster 1.0.0

SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.

7.5
2014-07-11 CVE-2013-6117 Dahuasecurity Improper Authentication vulnerability in Dahuasecurity DVR Firmware 2.608.0000.0/2.608.Gv00.0

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

7.5
2014-07-10 CVE-2014-4852 Thedigitalcraft SQL Injection vulnerability in Thedigitalcraft Atomcms 2.0

SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2014-07-10 CVE-2014-4850 Foecms SQL Injection vulnerability in Foecms

SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter.

7.5
2014-07-09 CVE-2014-4741 Artifectx SQL Injection vulnerability in Artifectx Xclassified 1.2

SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2014-07-09 CVE-2014-4194 Aas9 SQL Injection vulnerability in Aas9 Zerocms 1.0

SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action.

7.5
2014-07-09 CVE-2014-3515 PHP Unspecified vulnerability in PHP

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.

7.5
2014-07-09 CVE-2014-0539 Adobe
Linux
Apple
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537.

7.5
2014-07-09 CVE-2014-0537 Adobe
Apple
Microsoft
Linux
Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539.

7.5
2014-07-07 CVE-2014-3483 Rubyonrails SQL Injection vulnerability in Rubyonrails Rails

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.

7.5
2014-07-07 CVE-2014-3482 Rubyonrails SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

7.5
2014-07-07 CVE-2014-3300 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041.

7.5
2014-07-07 CVE-2014-2616 HP Multiple Security vulnerability in HP Universal Configuration Management Database 10.01/10.10

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091.

7.5
2014-07-07 CVE-2014-2615 HP Multiple Security vulnerability in HP Universal Configuration Management Database 10.01/10.10

Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083.

7.5
2014-07-07 CVE-2014-2614 HP Improper Authentication vulnerability in HP Sitescope

Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.

7.5
2014-07-07 CVE-2014-0602 Netiq Code Injection vulnerability in Netiq Security Manager 6.0.0.194/6.5.3.149

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3460.

7.5
2014-07-11 CVE-2014-3499 Docker
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in multiple products

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

7.2
2014-07-08 CVE-2014-1767 Microsoft Double Free vulnerability in Microsoft products

Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." <a href="http://cwe.mitre.org/data/definitions/415.html" target="_blank">CWE-415: Double Free</a>

7.2

77 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-07-09 CVE-2014-4699 Linux
Debian
Canonical
Race Condition vulnerability in multiple products

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.

6.9
2014-07-09 CVE-2014-3312 Cisco Improper Authentication vulnerability in Cisco products

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.

6.9
2014-07-08 CVE-2014-2780 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow Elevation of Privilege Vulnerability."

6.9
2014-07-07 CVE-2014-3486 Redhat Link Following vulnerability in Redhat Cloudforms 3.0 Management Engine

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.

6.9
2014-07-09 CVE-2014-3891 Rimarts Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rimarts Becky! Internet Mail

Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows remote POP3 servers to execute arbitrary code via a crafted response.

6.8
2014-07-08 CVE-2014-2510 EMC Information Exposure vulnerability in EMC products

The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

6.8
2014-07-07 CVE-2014-4646 Foxitsoftware Buffer Errors vulnerability in Foxitsoftware Foxit PDF SDK DLL 3.1.1.2927

Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK DLL before 3.1.1.5005 allows context-dependent attackers to execute arbitrary code via unspecified vectors.

6.8
2014-07-07 CVE-2014-0248 Redhat Code Injection vulnerability in Redhat products

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.

6.8
2014-07-07 CVE-2014-0864 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Algo Credit Limits 4.5.0/4.7.0

Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document.

6.8
2014-07-11 CVE-2014-4939 ENL Newsletter Plugin Project SQL Injection vulnerability in ENL Newsletter Plugin Project Enl-Newsletter 1.0.1

SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.

6.5
2014-07-11 CVE-2014-3992 Dolibarr SQL Injection vulnerability in Dolibarr 3.5.3

Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.

6.5
2014-07-08 CVE-2014-2783 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability."

6.4
2014-07-07 CVE-2014-3308 Cisco Improper Input Validation vulnerability in Cisco products

Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.

6.4
2014-07-10 CVE-2014-4851 Foecms Unspecified vulnerability in Foecms

Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter.

5.8
2014-07-07 CVE-2014-0867 IBM Security Bypass vulnerability in IBM Algo Credit Limits

rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string.

5.8
2014-07-11 CVE-2014-3822 Juniper Improper Input Validation vulnerability in Juniper products

Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4.

5.4
2014-07-10 CVE-2014-3311 Cisco Buffer Errors vulnerability in Cisco Webex Meeting Center and Webex Meetings Server

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

5.1
2014-07-11 CVE-2014-4942 Levelfourdevelopment Information Exposure vulnerability in Levelfourdevelopment Wp-Easycart

The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.

5.0
2014-07-11 CVE-2014-4941 Cross RSS Plugin Project Path Traversal vulnerability in Cross-Rss Plugin Project Wp-Cross-Rss 1.7

Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.

5.0
2014-07-11 CVE-2014-4940 Tera Charts Plugin Project Path Traversal vulnerability in Tera Charts Plugin Project Tera-Charts 0.1

Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a ..

5.0
2014-07-11 CVE-2014-4937 Bookx Plugin Project Path Traversal vulnerability in Bookx Plugin Project Bookx 1.7

Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2014-07-11 CVE-2014-3503 Apache Cryptographic Issues vulnerability in Apache Syncope

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

5.0
2014-07-09 CVE-2014-3478 Christos Zoulas
PHP
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.

5.0
2014-07-09 CVE-2014-3309 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS and IOS XE

The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

5.0
2014-07-07 CVE-2014-3481 Redhat Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.

5.0
2014-07-07 CVE-2014-0180 Redhat Resource Management Errors vulnerability in Redhat Cloudforms 3.0 Management Engine

The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors.

5.0
2014-07-07 CVE-2014-0860 IBM Cryptographic Issues vulnerability in IBM products

The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.

5.0
2014-07-07 CVE-2013-5423 IBM Information Exposure vulnerability in IBM Flex System Manager

IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows remote attackers to enumerate user accounts via unspecified vectors.

5.0
2014-07-11 CVE-2014-4700 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix Xendesktop

Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.

4.9
2014-07-07 CVE-2014-0184 Redhat Credentials Management vulnerability in Redhat Cloudforms 3.0 Management Engine

Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.

4.9
2014-07-07 CVE-2014-0868 IBM Improper Input Validation vulnerability in IBM Algo Credit Limits and Algorithmics

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data.

4.9
2014-07-07 CVE-2014-0865 IBM Improper Input Validation vulnerability in IBM Algo Credit Limits and Algorithmics

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via crafted serialized objects, as demonstrated by limit manipulations.

4.9
2014-07-10 CVE-2014-4698 PHP Unspecified vulnerability in PHP

Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.

4.6
2014-07-10 CVE-2014-4670 PHP Unspecified vulnerability in PHP

Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.

4.6
2014-07-11 CVE-2014-4738 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortiweb

Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg.

4.3
2014-07-11 CVE-2014-3821 Juniper Cross-Site Scripting vulnerability in Juniper Junos

Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-07-11 CVE-2014-3991 Dolibarr Cross-Site Scripting vulnerability in Dolibarr 3.5.3

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php.

4.3
2014-07-11 CVE-2014-0174 Redhat Information Exposure vulnerability in Redhat Enterprise MRG 2.5

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

4.3
2014-07-11 CVE-2014-4908 Pnp4Nagios Cross-Site Scripting vulnerability in Pnp4Nagios

Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php, leading to improper handling within an http-equiv="refresh" META element.

4.3
2014-07-11 CVE-2014-4907 OP5
Pnp4Nagios
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.

4.3
2014-07-10 CVE-2014-4856 Polldaddy Polls Ratings Plugin Project Cross-Site Scripting vulnerability in Polldaddy Polls & Ratings Plugin Project Polldaddy Polls & Ratings 2.0.24

Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID.

4.3
2014-07-10 CVE-2014-4855 Polylang Plugin Project Cross-Site Scripting vulnerability in Polylang Plugin Project Polylang 1.5/1.5.1

Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description.

4.3
2014-07-10 CVE-2014-4854 Smartcatdesign Cross-Site Scripting vulnerability in Smartcatdesign WP Contruction Mode 1.8

Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php.

4.3
2014-07-10 CVE-2014-4853 Opendocman Cross-Site Scripting vulnerability in Opendocman

Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.

4.3
2014-07-10 CVE-2014-4849 Foecms Cross-Site Scripting vulnerability in Foecms

Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the (1) e or (2) r parameter.

4.3
2014-07-10 CVE-2014-4848 Blogstand Banner Plugin Project Cross-Site Scripting vulnerability in Blogstand Banner Plugin Project Blogstand-Smart-Banner 1.0

Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id parameter to wp-admin/options-general.php.

4.3
2014-07-10 CVE-2014-4847 Buffercode Cross-Site Scripting vulnerability in Buffercode Random Banner 1.1.2.1

Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercode_RBanner_url_banner1 parameter in an update action to wp-admin/options.php.

4.3
2014-07-10 CVE-2014-4846 Matchalabs Cross-Site Scripting vulnerability in Matchalabs Metaslider 2.5

Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php.

4.3
2014-07-10 CVE-2014-4845 Stillbreathing Cross-Site Scripting vulnerability in Stillbreathing Bannerman 0.2.4

Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/options-general.php.

4.3
2014-07-10 CVE-2014-3315 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager 10.0(1)Base

Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

4.3
2014-07-10 CVE-2014-3310 Cisco Improper Input Validation vulnerability in Cisco Webex Meeting Center and Webex Meetings Server

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

4.3
2014-07-10 CVE-2014-2963 Liferay Cross-Site Scripting vulnerability in Liferay Portal 6.1.2Cega3/6.1.Xee/6.2.Xee

Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

4.3
2014-07-09 CVE-2014-4744 Enhancesoft
Osticket
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.

4.3
2014-07-09 CVE-2014-4743 Kajona Cross-Site Scripting vulnerability in Kajona

Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2014-07-09 CVE-2014-4742 Kajona Cross-Site Scripting vulnerability in Kajona

Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php.

4.3
2014-07-09 CVE-2014-3487 Christos Zoulas
PHP
Improper Input Validation vulnerability in multiple products

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

4.3
2014-07-09 CVE-2014-3480 Christos Zoulas
PHP
Improper Input Validation vulnerability in multiple products

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.

4.3
2014-07-09 CVE-2014-3479 Christos Zoulas
PHP
Numeric Errors vulnerability in multiple products

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.

4.3
2014-07-09 CVE-2014-3313 Cisco Cross-Site Scripting vulnerability in Cisco products

Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.

4.3
2014-07-09 CVE-2014-0207 Christos Zoulas
PHP
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

4.3
2014-07-09 CVE-2014-4671 Adobe
Linux
Apple
Microsoft
Cross-Site Request Forgery (CSRF) vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.

4.3
2014-07-07 CVE-2014-4724 Custom Banners Project Cross-Site Scripting vulnerability in Custom Banners Project Custom Banners 1.2.2.2

Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name parameter to wp-admin/options.php.

4.3
2014-07-07 CVE-2014-4723 Easy Banners Plugin Project Cross-Site Scripting vulnerability in Easy Banners Plugin Project Easy Banners 1.4

Cross-site scripting (XSS) vulnerability in the Easy Banners plugin 1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter to wp-admin/options-general.php.

4.3
2014-07-07 CVE-2014-4722 Ocsinventory NG Cross-Site Scripting vulnerability in Ocsinventory-Ng Ocsinventory NG

Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-07-07 CVE-2014-3489 Redhat Credentials Management vulnerability in Redhat Cloudforms 3.0 Management Engine

lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 uses a hard-coded salt, which makes it easier for remote attackers to guess passwords via a brute force attack.

4.3
2014-07-07 CVE-2014-0176 Redhat Cross-Site Scripting vulnerability in Redhat Cloudforms 3.0 Management Engine

Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-07-07 CVE-2014-0035 Apache
Redhat
Cryptographic Issues vulnerability in multiple products

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

4.3
2014-07-07 CVE-2014-0034 Apache
Redhat
Improper Input Validation vulnerability in multiple products

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

4.3
2014-07-07 CVE-2013-7389 D Link Cross-Site Scripting vulnerability in D-Link Dir-645 and Dir-645 Firmware

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev.

4.3
2014-07-07 CVE-2014-0871 IBM Information Exposure vulnerability in IBM Algo Credit Limits and Algorithmics

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character.

4.3
2014-07-07 CVE-2014-0870 IBM Cross-Site Scripting vulnerability in IBM Algo Credit Limits and Algorithmics

Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrary web script or HTML via (1) the Message parameter to rcore6/main/showerror.jsp, (2) the ButtonsetClass parameter to rcore6/main/buttonset.jsp, (3) the MBName parameter to rcore6/frameset.jsp, (4) the Init parameter to algopds/rcore6/main/browse.jsp, or the (5) Name, (6) StoreName, or (7) STYLESHEET parameter to algopds/rcore6/main/ibrowseheader.jsp.

4.3
2014-07-07 CVE-2014-0869 IBM Cryptographic Issues vulnerability in IBM Algo Credit Limits and Algorithmics

The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function.

4.3
2014-07-07 CVE-2014-0866 IBM Cryptographic Issues vulnerability in IBM Algo Credit Limits and Algorithmics

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.

4.3
2014-07-11 CVE-2014-3485 Redhat Information Exposure vulnerability in Redhat Enterprise Virtualization 3.4

The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

4.0
2014-07-10 CVE-2014-3318 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager 10.0(1)Base

Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.

4.0
2014-07-10 CVE-2014-3316 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager 10.0(1)Base

The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

4.0
2014-07-08 CVE-2014-2814 Microsoft Remote Denial of Service vulnerability in Microsoft Service BUS 1.1

Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP messages, aka "Service Bus Denial of Service Vulnerability."

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-07-11 CVE-2014-4167 Openstack
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.

3.5
2014-07-07 CVE-2014-0894 IBM Information Exposure vulnerability in IBM Algo Credit Limits and Algorithmics

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.

3.5
2014-07-07 CVE-2014-0875 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.

3.5
2014-07-07 CVE-2013-3993 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Biginsights

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.

3.5
2014-07-09 CVE-2014-4022 XEN Information Exposure vulnerability in XEN 4.4.0

The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall.

2.7