Weekly Vulnerabilities Reports > August 4 to 10, 2014

Overview

45 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 38 products from 35 vendors including Pyplate, Teampass, Sphider, Canonical, and Status2K. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Code Injection", and "Path Traversal".

  • 40 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 35 reported vulnerabilities are exploitable by an anonymous user.
  • Pyplate has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Splunk has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-07 CVE-2014-3914 Rocketsoftware Path Traversal vulnerability in Rocketsoftware Rocket Servergraph 1.2

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a ..

10.0
2014-08-07 CVE-2013-6771 Splunk Path Traversal vulnerability in Splunk

Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a ..

9.3
2014-08-07 CVE-2013-7394 Splunk Code Injection vulnerability in Splunk

The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string.

9.0

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-06 CVE-2014-3560 Canonical
Redhat
Samba
Code Injection vulnerability in multiple products

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

7.9
2014-08-07 CVE-2014-5192 Sphider SQL Injection vulnerability in Sphider 1.3.6

SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.

7.5
2014-08-07 CVE-2014-5189 Leadoctopus SQL Injection vulnerability in Leadoctopus Lead Octopus

SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2014-08-07 CVE-2014-3773 Teampass SQL Injection vulnerability in Teampass

Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/.

7.5
2014-08-07 CVE-2014-3772 Teampass Permissions, Privileges, and Access Controls vulnerability in Teampass

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.

7.5
2014-08-07 CVE-2014-3771 Teampass Permissions, Privileges, and Access Controls vulnerability in Teampass

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php.

7.5
2014-08-06 CVE-2012-6653 ALL Video Gallery Plugin Project Security vulnerability in ALL Video Gallery Plugin Project ALL Video Gallery Plugin 1.0.0/1.1.0

Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors.

7.5
2014-08-06 CVE-2014-5089 Status2K SQL Injection vulnerability in Status2K

SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.

7.5
2014-08-06 CVE-2014-5082 Sphider SQL Injection vulnerability in Sphider

Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.

7.5
2014-08-06 CVE-2013-4159 Ctdb Project
Opensuse
Mageia
Permissions, Privileges, and Access Controls vulnerability in multiple products

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h.

7.5
2014-08-07 CVE-2014-5195 Ayatana Project
Canonical
Race Condition vulnerability in Ayatana Project Unity

Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension.

7.2

28 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-06 CVE-2014-3434 Symantec Buffer Errors vulnerability in Symantec Endpoint Protection 11.0/12.0/12.1

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.

6.9
2014-08-07 CVE-2014-4647 Embarcadero Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Embarcadero Er/Studio Data Architect

Stack-based buffer overflow in the loadExtensionFactory method in the TSVisualization ActiveX control in Embarcadero ER/Studio Data Architect allows remote attackers to execute arbitrary code via unspecified vectors.

6.8
2014-08-07 CVE-2014-3854 Pyplate Cross-Site Request Forgery (CSRF) vulnerability in Pyplate 0.08

Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter.

6.8
2014-08-07 CVE-2014-3459 Solarwinds Buffer Errors vulnerability in Solarwinds Network Configuration Manager 7.2.0/7.2.1/7.2.2

Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.

6.8
2014-08-07 CVE-2014-3429 Opensuse
Ipython
Mageia
Code Injection vulnerability in multiple products

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

6.8
2014-08-06 CVE-2014-0479 Canonical
Debian
Code Injection vulnerability in multiple products

reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.

6.8
2014-08-07 CVE-2014-5194 Sphider Code Injection vulnerability in Sphider 1.3.6

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.

6.5
2014-08-06 CVE-2014-5186 ALL Video Gallery Plugin Project SQL Injection vulnerability in ALL Video Gallery Plugin Project All-Video-Gallery 1.2

SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php.

6.5
2014-08-06 CVE-2014-5184 Stripshow Plugin Project SQL Injection vulnerability in Stripshow Plugin Project Stripshow 2.5.2

SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php.

6.5
2014-08-06 CVE-2014-5183 Simple Retail Menus Plugin Project SQL Injection vulnerability in Simple Retail Menus Plugin Project Simple-Retail-Menus 4.0/4.0.1

SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php.

6.5
2014-08-06 CVE-2014-5180 Hdwplayer SQL Injection vulnerability in Hdwplayer Hdw-Player-Video-Player-Video-Gallery 2.4.2

SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php.

6.5
2014-08-06 CVE-2014-5090 Status2K Code Injection vulnerability in Status2K

admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.

6.5
2014-08-06 CVE-2014-5185 Quartz Plugin Project SQL Injection vulnerability in Quartz Plugin Project Quartz Plugin 1.01.1

SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php.

6.0
2014-08-06 CVE-2014-5182 Ostenta SQL Injection vulnerability in Ostenta Yawpp 1.2

Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.

6.0
2014-08-07 CVE-2014-3855 Pyplate Path Traversal vulnerability in Pyplate 0.08

Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a ..

5.0
2014-08-07 CVE-2014-3853 Pyplate Information Exposure vulnerability in Pyplate 0.08

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

5.0
2014-08-07 CVE-2014-3852 Pyplate Information Exposure vulnerability in Pyplate 0.08

Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5.0
2014-08-06 CVE-2014-5187 TOM M8Te Plugin Project Path Traversal vulnerability in TOM M8Te Plugin Project Tom-M8Te Plugin 1.5.3

Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.

5.0
2014-08-06 CVE-2014-5181 Last FM Rotation Plugin Project Path Traversal vulnerability in Last.Fm Rotation Plugin Project Lastfm-Rotation Plugin 1.0

Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2014-08-07 CVE-2014-5193 Sphider Cross-Site Scripting vulnerability in Sphider 1.3.6

Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter.

4.3
2014-08-07 CVE-2014-5191 Ckeditor Cross-Site Scripting vulnerability in Ckeditor

Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-08-07 CVE-2014-5190 SI Captcha Anti Spam Project Cross-Site Scripting vulnerability in SI Captcha Anti-Spam Project SI Captcha Anti-Spam 2.7.4

Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/index.php in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2014-08-07 CVE-2014-5188 Lyris Cross-Site Scripting vulnerability in Lyris List Manager 8.95A

Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter.

4.3
2014-08-07 CVE-2014-3774 Teampass Cross-Site Scripting vulnerability in Teampass

Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element.

4.3
2014-08-07 CVE-2014-3517 Openstack Information Exposure vulnerability in Openstack Nova

api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.

4.3
2014-08-06 CVE-2014-5179 Freelinking FOR Case Tracker Project
Freelinking Project
Permissions, Privileges, and Access Controls vulnerability in multiple products

The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.

4.3
2014-08-06 CVE-2014-5178 Efssoft Cross-Site Scripting vulnerability in Efssoft Easy File Sharing web Server 6.8

Multiple cross-site scripting (XSS) vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when (1) creating a topic or (2) posting an answer.

4.3
2014-08-06 CVE-2014-5088 Status2K Cross-Site Scripting vulnerability in Status2K

Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-08-06 CVE-2014-3559 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization 3.4

The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.

3.5
2014-08-07 CVE-2014-3851 Pyplate Information Exposure vulnerability in Pyplate 0.08

usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file.

2.1
2014-08-07 CVE-2014-3800 Xbmc Permissions, Privileges, and Access Controls vulnerability in Xbmc 13.0

XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.

2.1