Weekly Vulnerabilities Reports > August 4 to 10, 2014
Overview
41 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 33 products from 31 vendors including Pyplate, Teampass, Sphider, Status2K, and Canonical. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Code Injection", and "Permissions, Privileges, and Access Controls".
- 37 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 32 reported vulnerabilities are exploitable by an anonymous user.
- Pyplate has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Splunk has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-08-07 | CVE-2014-3914 | Rocketsoftware | Path Traversal vulnerability in Rocketsoftware Rocket Servergraph 1.2 Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. | 10.0 |
2014-08-07 | CVE-2013-6771 | Splunk | Path Traversal vulnerability in Splunk Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. | 9.3 |
2014-08-07 | CVE-2013-7394 | Splunk | Code Injection vulnerability in Splunk The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. | 9.0 |
9 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-08-07 | CVE-2014-5192 | Sphider | SQL Injection vulnerability in Sphider 1.3.6 SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter. | 7.5 |
2014-08-07 | CVE-2014-5189 | Leadoctopus | SQL Injection vulnerability in Leadoctopus Lead Octopus SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2014-08-07 | CVE-2014-3773 | Teampass | SQL Injection vulnerability in Teampass Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/. | 7.5 |
2014-08-07 | CVE-2014-3772 | Teampass | Permissions, Privileges, and Access Controls vulnerability in Teampass TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php. | 7.5 |
2014-08-07 | CVE-2014-3771 | Teampass | Permissions, Privileges, and Access Controls vulnerability in Teampass TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. | 7.5 |
2014-08-06 | CVE-2012-6653 | ALL Video Gallery Plugin Project | Security vulnerability in ALL Video Gallery Plugin Project ALL Video Gallery Plugin 1.0.0/1.1.0 Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors. | 7.5 |
2014-08-06 | CVE-2014-5089 | Status2K | SQL Injection vulnerability in Status2K SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | 7.5 |
2014-08-06 | CVE-2014-5082 | Sphider | SQL Injection vulnerability in Sphider Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter. | 7.5 |
2014-08-07 | CVE-2014-5195 | Ayatana Project Canonical | Race Condition vulnerability in Ayatana Project Unity Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension. | 7.2 |
27 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-08-06 | CVE-2014-3434 | Symantec | Buffer Errors vulnerability in Symantec Endpoint Protection 11.0/12.0/12.1 Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. | 6.9 |
2014-08-07 | CVE-2014-4647 | Embarcadero | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Embarcadero Er/Studio Data Architect Stack-based buffer overflow in the loadExtensionFactory method in the TSVisualization ActiveX control in Embarcadero ER/Studio Data Architect allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
2014-08-07 | CVE-2014-3854 | Pyplate | Cross-Site Request Forgery (CSRF) vulnerability in Pyplate 0.08 Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter. | 6.8 |
2014-08-07 | CVE-2014-3459 | Solarwinds | Buffer Errors vulnerability in Solarwinds Network Configuration Manager 7.2.0/7.2.1/7.2.2 Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. | 6.8 |
2014-08-07 | CVE-2014-3429 | Opensuse Ipython Mageia | Code Injection vulnerability in multiple products IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. | 6.8 |
2014-08-06 | CVE-2014-0479 | Canonical Debian | Code Injection vulnerability in multiple products reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py. | 6.8 |
2014-08-07 | CVE-2014-5194 | Sphider | Code Injection vulnerability in Sphider 1.3.6 Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. | 6.5 |
2014-08-06 | CVE-2014-5186 | ALL Video Gallery Plugin Project | SQL Injection vulnerability in ALL Video Gallery Plugin Project All-Video-Gallery 1.2 SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php. | 6.5 |
2014-08-06 | CVE-2014-5184 | Stripshow Plugin Project | SQL Injection vulnerability in Stripshow Plugin Project Stripshow 2.5.2 SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. | 6.5 |
2014-08-06 | CVE-2014-5183 | Simple Retail Menus Plugin Project | SQL Injection vulnerability in Simple Retail Menus Plugin Project Simple-Retail-Menus 4.0/4.0.1 SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php. | 6.5 |
2014-08-06 | CVE-2014-5180 | Hdwplayer | SQL Injection vulnerability in Hdwplayer Hdw-Player-Video-Player-Video-Gallery 2.4.2 SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php. | 6.5 |
2014-08-06 | CVE-2014-5090 | Status2K | Code Injection vulnerability in Status2K admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel. | 6.5 |
2014-08-06 | CVE-2014-5185 | Quartz Plugin Project | SQL Injection vulnerability in Quartz Plugin Project Quartz Plugin 1.01.1 SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php. | 6.0 |
2014-08-06 | CVE-2014-5182 | Ostenta | SQL Injection vulnerability in Ostenta Yawpp 1.2 Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php. | 6.0 |
2014-08-07 | CVE-2014-3855 | Pyplate | Path Traversal vulnerability in Pyplate 0.08 Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-08-07 | CVE-2014-3853 | Pyplate | Information Exposure vulnerability in Pyplate 0.08 Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.0 |
2014-08-07 | CVE-2014-3852 | Pyplate | Information Exposure vulnerability in Pyplate 0.08 Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 5.0 |
2014-08-06 | CVE-2014-5187 | TOM M8Te Plugin Project | Path Traversal vulnerability in TOM M8Te Plugin Project Tom-M8Te Plugin 1.5.3 Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. | 5.0 |
2014-08-06 | CVE-2014-5181 | Last FM Rotation Plugin Project | Path Traversal vulnerability in Last.Fm Rotation Plugin Project Lastfm-Rotation Plugin 1.0 Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-08-07 | CVE-2014-5193 | Sphider | Cross-Site Scripting vulnerability in Sphider 1.3.6 Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. | 4.3 |
2014-08-07 | CVE-2014-5191 | Ckeditor | Cross-Site Scripting vulnerability in Ckeditor Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-08-07 | CVE-2014-5190 | SI Captcha Anti Spam Project | Cross-Site Scripting vulnerability in SI Captcha Anti-Spam Project SI Captcha Anti-Spam 2.7.4 Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/index.php in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
2014-08-07 | CVE-2014-5188 | Lyris | Cross-Site Scripting vulnerability in Lyris List Manager 8.95A Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter. | 4.3 |
2014-08-07 | CVE-2014-3774 | Teampass | Cross-Site Scripting vulnerability in Teampass Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element. | 4.3 |
2014-08-06 | CVE-2014-5179 | Freelinking FOR Case Tracker Project Freelinking Project | Permissions, Privileges, and Access Controls vulnerability in multiple products The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link. | 4.3 |
2014-08-06 | CVE-2014-5178 | Efssoft | Cross-Site Scripting vulnerability in Efssoft Easy File Sharing web Server 6.8 Multiple cross-site scripting (XSS) vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when (1) creating a topic or (2) posting an answer. | 4.3 |
2014-08-06 | CVE-2014-5088 | Status2K | Cross-Site Scripting vulnerability in Status2K Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-08-07 | CVE-2014-3851 | Pyplate | Information Exposure vulnerability in Pyplate 0.08 usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file. | 2.1 |
2014-08-07 | CVE-2014-3800 | Xbmc | Permissions, Privileges, and Access Controls vulnerability in Xbmc 13.0 XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file. | 2.1 |