Weekly Vulnerabilities Reports > July 28 to August 3, 2014

Overview

74 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 98 products from 40 vendors including IBM, Moodle, Cisco, Canonical, and SAP. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Permissions, Privileges, and Access Controls", "Path Traversal", and "Link Following".

  • 65 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities have public exploit available.
  • 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 51 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Yealink has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-03 CVE-2013-5758 Yealink OS Command Injection vulnerability in Yealink Sip-T38G

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.

9.0

8 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-07-28 CVE-2013-4840 H3C
HP
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.
7.8
2014-07-31 CVE-2014-5175 SAP Improper Authentication vulnerability in SAP Solution Manager 7.1

The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.

7.5
2014-07-29 CVE-2014-3055 IBM SQL Injection vulnerability in IBM products

SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-07-29 CVE-2014-5114 Webidsupport Remote Security vulnerability in Webidsupport Webid 1.1.1

WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.

7.5
2014-07-29 CVE-2014-3541 Moodle Code Injection vulnerability in Moodle

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.

7.5
2014-07-28 CVE-2014-5112 Netfortris Code Injection vulnerability in Netfortris Trixbox

maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.

7.5
2014-07-28 CVE-2014-5104 OL Commerce Project SQL Injection vulnerability in Ol-Commerce Project Ol-Commerce 2.1.1

Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.

7.5
2014-08-01 CVE-2014-0972 Codeaurora Permissions, Privileges, and Access Controls vulnerability in Codeaurora Android-Msm

The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.

7.2

49 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-07-29 CVE-2014-3020 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

6.9
2014-07-31 CVE-2014-3554 Libndp Classic Buffer Overflow vulnerability in Libndp

Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

6.8
2014-07-29 CVE-2014-3896 Seeds Cross-Site Request Forgery (CSRF) vulnerability in Seeds Acmailer

Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization.

6.8
2014-07-29 CVE-2014-4909 Canonical
Fedoraproject
Gentoo
Transmissionbt
Numeric Errors vulnerability in multiple products

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

6.8
2014-07-29 CVE-2014-0475 GNU Path Traversal vulnerability in GNU Glibc

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a ..

6.8
2014-07-28 CVE-2014-3120 Elasticsearch Improper Access Control vulnerability in Elasticsearch 1.1.1

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search.

6.8
2014-07-28 CVE-2014-2974 Silver Peak Cross-Site Request Forgery (CSRF) vulnerability in Silver-Peak VX 6.2.2.047968/6.2.4

Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

6.8
2014-07-29 CVE-2014-3895 Iodata Improper Authentication vulnerability in Iodata products

The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors.

6.4
2014-07-31 CVE-2014-5176 SAP Unspecified vulnerability in SAP FI Manager Self-Service

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.

6.0
2014-07-30 CVE-2014-0948 IBM Arbitrary File Upload vulnerability in IBM products

Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

6.0
2014-07-30 CVE-2014-0947 IBM Security vulnerability in IBM Rational Software Architect Design Manager 4.0.6

Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

6.0
2014-07-29 CVE-2014-3552 Moodle Improper Authentication vulnerability in Moodle

The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction.

6.0
2014-07-29 CVE-2014-3545 Moodle Code Injection vulnerability in Moodle

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.

6.0
2014-08-01 CVE-2014-3302 Cisco Cryptographic Issues vulnerability in Cisco Webex Meetings Server

user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

5.8
2014-07-30 CVE-2014-5117 Torproject RELAY_EARLY Security vulnerability in Tor

Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.

5.8
2014-07-29 CVE-2014-3054 IBM Open Redirection vulnerability in IBM products

Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2014-08-01 CVE-2014-2627 HP Security vulnerability in HP NonStop NetBatch

Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.

5.2
2014-07-31 CVE-2014-3488 Netty Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netty

The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

5.0
2014-07-31 CVE-2012-6651 Vitamin Plugin Project Path Traversal vulnerability in Vitamin Plugin Project Vitamin 1.0.0

Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a ..

5.0
2014-07-30 CVE-2014-2356 Innominate Information Exposure vulnerability in Innominate Mguard Firmware

Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.

5.0
2014-07-29 CVE-2014-3056 IBM Information Exposure vulnerability in IBM products

The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors.

5.0
2014-07-29 CVE-2014-5116 Cairographics Denial-Of-Service vulnerability in Cairographics Cairo 1.10.2

The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.

5.0
2014-07-29 CVE-2014-5115 Dirphp Project Path Traversal vulnerability in Dirphp Project Dirphp 1.0

Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.

5.0
2014-07-29 CVE-2014-5031 Apple
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

5.0
2014-07-29 CVE-2014-3546 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.

5.0
2014-07-28 CVE-2014-3304 Cisco Information Exposure vulnerability in Cisco Webex Meetings Server

The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722.

5.0
2014-07-28 CVE-2014-5111 Netfortris Path Traversal vulnerability in Netfortris Trixbox

Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a ..

5.0
2014-07-28 CVE-2014-5107 Concretecms
Concrete5
Information Exposure vulnerability in multiple products

concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php, (10) system/seo/view.php, (11) view.php, (12) users/attributes.php, (13) scrapbook/view.php, (14) pages/attributes.php, (15) files/attributes.php, or (16) files/search.php in single_pages/dashboard/.

5.0
2014-07-29 CVE-2014-3553 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.

4.9
2014-07-31 CVE-2014-5172 SAP Cross-Site Scripting vulnerability in SAP Hana

Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-07-29 CVE-2014-3897 Homepage Decorator Perlmailer Project Cross-Site Scripting vulnerability in Homepage Decorator Perlmailer Project Homepage Decorator Perlmailer 3.10

Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-07-29 CVE-2014-3329 Cisco Cross-Site Scripting vulnerability in Cisco Prime Data Center Network Manager

Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620.

4.3
2014-07-29 CVE-2014-3057 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2014-07-29 CVE-2014-0889 IBM Cross-Site Scripting vulnerability in IBM products

Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2014-07-29 CVE-2014-4710 Aas9 Cross-Site Scripting vulnerability in Aas9 Zerocms 1.0

Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field.

4.3
2014-07-29 CVE-2014-3550 Moodle Cross-Site Scripting vulnerability in Moodle 2.7.0

Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task.

4.3
2014-07-29 CVE-2014-3549 Moodle Cross-Site Scripting vulnerability in Moodle 2.7.0

Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.

4.3
2014-07-29 CVE-2014-3548 Moodle Cross-Site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.

4.3
2014-07-29 CVE-2014-3547 Moodle Cross-Site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.

4.3
2014-07-29 CVE-2014-3543 Moodle Information Exposure vulnerability in Moodle

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.

4.3
2014-07-29 CVE-2014-3542 Moodle Information Exposure vulnerability in Moodle

mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.3
2014-07-28 CVE-2014-2975 Silver Peak Cross-Site Scripting vulnerability in Silver-Peak VX 6.2.2.047968/6.2.4

Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

4.3
2014-07-28 CVE-2014-5113 Visualware Cross-Site Scripting vulnerability in Visualware Myconnection Server 9.7I

Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter.

4.3
2014-07-28 CVE-2014-5108 Concrete5
Concretecms
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.

4.3
2014-07-28 CVE-2014-5106 Invisionpower
Invisioncommunity
Cross-Site Scripting vulnerability in Invisioncommunity Invision Power Board

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.

4.3
2014-07-28 CVE-2014-5105 OL Commerce Project Cross-Site Scripting vulnerability in Ol-Commerce Project Ol-Commerce 2.1.1

Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php.

4.3
2014-08-03 CVE-2013-5757 Yealink Path Traversal vulnerability in Yealink Sip-T38G

Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.

4.0
2014-08-03 CVE-2013-5756 Yealink Path Traversal vulnerability in Yealink Sip-T38G

Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a ..

4.0
2014-07-28 CVE-2014-3303 Cisco Information Exposure vulnerability in Cisco Webex Meetings Server

The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713.

4.0

16 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-01 CVE-2014-3009 IBM Improper Input Validation vulnerability in IBM products

The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site.

3.5
2014-07-31 CVE-2014-5174 SAP Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver Business Warehouse

The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

3.5
2014-07-30 CVE-2014-3025 IBM Cross-Site Scripting vulnerability in IBM products

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.

3.5
2014-07-30 CVE-2014-0915 IBM Cross-Site Scripting vulnerability in IBM products

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.

3.5
2014-07-30 CVE-2014-0914 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.

3.5
2014-07-29 CVE-2014-3050 IBM Information Exposure vulnerability in IBM Rational Team Concert

IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors.

3.5
2014-07-29 CVE-2014-3026 IBM Remote Security vulnerability in SmartCloud Control Desk

CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

3.5
2014-07-29 CVE-2014-3551 Moodle Cross-Site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.

3.5
2014-07-29 CVE-2014-3544 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.

3.5
2014-07-29 CVE-2014-2226 UI Credentials Management vulnerability in UI Unifi Controller

Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

2.6
2014-07-28 CVE-2013-7393 Apache Link Following vulnerability in Apache Subversion 1.8.0/1.8.1

The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used.

2.4
2014-07-28 CVE-2013-4262 Apache Link Following vulnerability in Apache Subversion 1.8.0/1.8.1/1.8.2

svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file.

2.4
2014-07-29 CVE-2014-0103 Zarafa
Fedoraproject
Cryptographic Issues vulnerability in multiple products

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

2.1
2014-07-29 CVE-2014-5030 Canonical
Apple
Link Following vulnerability in multiple products

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.

1.9
2014-07-29 CVE-2014-5029 Apple
Canonical
Link Following vulnerability in multiple products

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null.

1.5
2014-08-03 CVE-2014-5177 Redhat
Opensuse
Improper Input Validation vulnerability in multiple products

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue.

1.2