Weekly Vulnerabilities Reports > July 28 to August 3, 2014
Overview
74 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 98 products from 40 vendors including IBM, Moodle, Cisco, Canonical, and SAP. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Permissions, Privileges, and Access Controls", "Path Traversal", and "Link Following".
- 65 reported vulnerabilities are remotely exploitables.
- 9 reported vulnerabilities have public exploit available.
- 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 51 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 14 reported vulnerabilities.
- Yealink has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-08-03 | CVE-2013-5758 | Yealink | OS Command Injection vulnerability in Yealink Sip-T38G cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files. | 9.0 |
8 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-07-28 | CVE-2013-4840 | H3C HP | Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
2014-07-31 | CVE-2014-5175 | SAP | Improper Authentication vulnerability in SAP Solution Manager 7.1 The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | 7.5 |
2014-07-29 | CVE-2014-3055 | IBM | SQL Injection vulnerability in IBM products SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-07-29 | CVE-2014-5114 | Webidsupport | Remote Security vulnerability in Webidsupport Webid 1.1.1 WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter. | 7.5 |
2014-07-29 | CVE-2014-3541 | Moodle | Code Injection vulnerability in Moodle The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on. | 7.5 |
2014-07-28 | CVE-2014-5112 | Netfortris | Code Injection vulnerability in Netfortris Trixbox maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. | 7.5 |
2014-07-28 | CVE-2014-5104 | OL Commerce Project | SQL Injection vulnerability in Ol-Commerce Project Ol-Commerce 2.1.1 Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php. | 7.5 |
2014-08-01 | CVE-2014-0972 | Codeaurora | Permissions, Privileges, and Access Controls vulnerability in Codeaurora Android-Msm The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register. | 7.2 |
49 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-07-29 | CVE-2014-3020 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM products install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program. | 6.9 |
2014-07-31 | CVE-2014-3554 | Libndp | Classic Buffer Overflow vulnerability in Libndp Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement. | 6.8 |
2014-07-29 | CVE-2014-3896 | Seeds | Cross-Site Request Forgery (CSRF) vulnerability in Seeds Acmailer Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization. | 6.8 |
2014-07-29 | CVE-2014-4909 | Canonical Fedoraproject Gentoo Transmissionbt | Numeric Errors vulnerability in multiple products Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. | 6.8 |
2014-07-29 | CVE-2014-0475 | GNU | Path Traversal vulnerability in GNU Glibc Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. | 6.8 |
2014-07-28 | CVE-2014-3120 | Elasticsearch | Improper Access Control vulnerability in Elasticsearch 1.1.1 The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. | 6.8 |
2014-07-28 | CVE-2014-2974 | Silver Peak | Cross-Site Request Forgery (CSRF) vulnerability in Silver-Peak VX 6.2.2.047968/6.2.4 Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | 6.8 |
2014-07-29 | CVE-2014-3895 | Iodata | Improper Authentication vulnerability in Iodata products The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. | 6.4 |
2014-07-31 | CVE-2014-5176 | SAP | Unspecified vulnerability in SAP FI Manager Self-Service SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors. | 6.0 |
2014-07-30 | CVE-2014-0948 | IBM | Arbitrary File Upload vulnerability in IBM products Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive. | 6.0 |
2014-07-30 | CVE-2014-0947 | IBM | Security vulnerability in IBM Rational Software Architect Design Manager 4.0.6 Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site. | 6.0 |
2014-07-29 | CVE-2014-3552 | Moodle | Improper Authentication vulnerability in Moodle The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. | 6.0 |
2014-07-29 | CVE-2014-3545 | Moodle | Code Injection vulnerability in Moodle Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz. | 6.0 |
2014-08-01 | CVE-2014-3302 | Cisco | Cryptographic Issues vulnerability in Cisco Webex Meetings Server user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708. | 5.8 |
2014-07-30 | CVE-2014-5117 | Torproject | RELAY_EARLY Security vulnerability in Tor Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names. | 5.8 |
2014-07-29 | CVE-2014-3054 | IBM | Open Redirection vulnerability in IBM products Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2014-08-01 | CVE-2014-2627 | HP | Security vulnerability in HP NonStop NetBatch Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors. | 5.2 |
2014-07-31 | CVE-2014-3488 | Netty | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netty The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message. | 5.0 |
2014-07-31 | CVE-2012-6651 | Vitamin Plugin Project | Path Traversal vulnerability in Vitamin Plugin Project Vitamin 1.0.0 Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. | 5.0 |
2014-07-30 | CVE-2014-2356 | Innominate | Information Exposure vulnerability in Innominate Mguard Firmware Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request. | 5.0 |
2014-07-29 | CVE-2014-3056 | IBM | Information Exposure vulnerability in IBM products The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors. | 5.0 |
2014-07-29 | CVE-2014-5116 | Cairographics | Denial-Of-Service vulnerability in Cairographics Cairo 1.10.2 The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. | 5.0 |
2014-07-29 | CVE-2014-5115 | Dirphp Project | Path Traversal vulnerability in Dirphp Project Dirphp 1.0 Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php. | 5.0 |
2014-07-29 | CVE-2014-5031 | Apple Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. | 5.0 |
2014-07-29 | CVE-2014-3546 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL. | 5.0 |
2014-07-28 | CVE-2014-3304 | Cisco | Information Exposure vulnerability in Cisco Webex Meetings Server The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. | 5.0 |
2014-07-28 | CVE-2014-5111 | Netfortris | Path Traversal vulnerability in Netfortris Trixbox Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. | 5.0 |
2014-07-28 | CVE-2014-5107 | Concretecms Concrete5 | Information Exposure vulnerability in multiple products concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php, (10) system/seo/view.php, (11) view.php, (12) users/attributes.php, (13) scrapbook/view.php, (14) pages/attributes.php, (15) files/attributes.php, or (16) files/search.php in single_pages/dashboard/. | 5.0 |
2014-07-29 | CVE-2014-3553 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships. | 4.9 |
2014-07-31 | CVE-2014-5172 | SAP | Cross-Site Scripting vulnerability in SAP Hana Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-07-29 | CVE-2014-3897 | Homepage Decorator Perlmailer Project | Cross-Site Scripting vulnerability in Homepage Decorator Perlmailer Project Homepage Decorator Perlmailer 3.10 Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-07-29 | CVE-2014-3329 | Cisco | Cross-Site Scripting vulnerability in Cisco Prime Data Center Network Manager Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620. | 4.3 |
2014-07-29 | CVE-2014-3057 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2014-07-29 | CVE-2014-0889 | IBM | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
2014-07-29 | CVE-2014-4710 | Aas9 | Cross-Site Scripting vulnerability in Aas9 Zerocms 1.0 Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field. | 4.3 |
2014-07-29 | CVE-2014-3550 | Moodle | Cross-Site Scripting vulnerability in Moodle 2.7.0 Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task. | 4.3 |
2014-07-29 | CVE-2014-3549 | Moodle | Cross-Site Scripting vulnerability in Moodle 2.7.0 Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt. | 4.3 |
2014-07-29 | CVE-2014-3548 | Moodle | Cross-Site Scripting vulnerability in Moodle Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog. | 4.3 |
2014-07-29 | CVE-2014-3547 | Moodle | Cross-Site Scripting vulnerability in Moodle Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge. | 4.3 |
2014-07-29 | CVE-2014-3543 | Moodle | Information Exposure vulnerability in Moodle mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format. | 4.3 |
2014-07-29 | CVE-2014-3542 | Moodle | Information Exposure vulnerability in Moodle mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 4.3 |
2014-07-28 | CVE-2014-2975 | Silver Peak | Cross-Site Scripting vulnerability in Silver-Peak VX 6.2.2.047968/6.2.4 Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | 4.3 |
2014-07-28 | CVE-2014-5113 | Visualware | Cross-Site Scripting vulnerability in Visualware Myconnection Server 9.7I Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter. | 4.3 |
2014-07-28 | CVE-2014-5108 | Concrete5 Concretecms | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file. | 4.3 |
2014-07-28 | CVE-2014-5106 | Invisionpower Invisioncommunity | Cross-Site Scripting vulnerability in Invisioncommunity Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. | 4.3 |
2014-07-28 | CVE-2014-5105 | OL Commerce Project | Cross-Site Scripting vulnerability in Ol-Commerce Project Ol-Commerce 2.1.1 Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php. | 4.3 |
2014-08-03 | CVE-2013-5757 | Yealink | Path Traversal vulnerability in Yealink Sip-T38G Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx. | 4.0 |
2014-08-03 | CVE-2013-5756 | Yealink | Path Traversal vulnerability in Yealink Sip-T38G Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. | 4.0 |
2014-07-28 | CVE-2014-3303 | Cisco | Information Exposure vulnerability in Cisco Webex Meetings Server The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713. | 4.0 |
16 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-08-01 | CVE-2014-3009 | IBM | Improper Input Validation vulnerability in IBM products The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. | 3.5 |
2014-07-31 | CVE-2014-5174 | SAP | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Business Warehouse The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 3.5 |
2014-07-30 | CVE-2014-3025 | IBM | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/. | 3.5 |
2014-07-30 | CVE-2014-0915 | IBM | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field. | 3.5 |
2014-07-30 | CVE-2014-0914 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field. | 3.5 |
2014-07-29 | CVE-2014-3050 | IBM | Information Exposure vulnerability in IBM Rational Team Concert IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors. | 3.5 |
2014-07-29 | CVE-2014-3026 | IBM | Remote Security vulnerability in SmartCloud Control Desk CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 3.5 |
2014-07-29 | CVE-2014-3551 | Moodle | Cross-Site Scripting vulnerability in Moodle Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric. | 3.5 |
2014-07-29 | CVE-2014-3544 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field. | 3.5 |
2014-07-29 | CVE-2014-2226 | UI | Credentials Management vulnerability in UI Unifi Controller Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | 2.6 |
2014-07-28 | CVE-2013-7393 | Apache | Link Following vulnerability in Apache Subversion 1.8.0/1.8.1 The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. | 2.4 |
2014-07-28 | CVE-2013-4262 | Apache | Link Following vulnerability in Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. | 2.4 |
2014-07-29 | CVE-2014-0103 | Zarafa Fedoraproject | Cryptographic Issues vulnerability in multiple products WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. | 2.1 |
2014-07-29 | CVE-2014-5030 | Canonical Apple | Link Following vulnerability in multiple products CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. | 1.9 |
2014-07-29 | CVE-2014-5029 | Apple Canonical | Link Following vulnerability in multiple products The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. | 1.5 |
2014-08-03 | CVE-2014-5177 | Redhat Opensuse | Improper Input Validation vulnerability in multiple products libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. | 1.2 |