Weekly Vulnerabilities Reports > September 1 to 7, 2014
Overview
52 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 48 products from 35 vendors including IBM, Linux, Google, Microsoft, and Apache. Vulnerabilities are notably categorized as "Information Exposure", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".
- 45 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 39 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-05 | CVE-2014-0610 | Novell Microsoft | Untrusted Pointer Dereference Remote Code Execution vulnerability in GroupWise The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. | 10.0 |
2014-09-03 | CVE-2014-1554 | Mozilla | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2014-09-02 | CVE-2014-5340 | Check MK Project | Code Injection vulnerability in Check MK Project Check MK The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL. | 9.3 |
7 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-04 | CVE-2014-3094 | IBM Linux Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement. | 8.5 |
2014-09-05 | CVE-2014-2378 | Sensysnetworks | Code Injection vulnerability in Sensysnetworks products Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update. | 7.6 |
2014-09-04 | CVE-2014-5504 | Solarwinds | Credentials Management vulnerability in Solarwinds LOG and Event Manager SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL. | 7.5 |
2014-09-04 | CVE-2014-2685 | Zend | Improper Authentication vulnerability in Zend Framework and Zendopenid The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. | 7.5 |
2014-09-04 | CVE-2014-5285 | Tibco | Remote Privilege Escalation vulnerability in TIBCO Spotfire Server Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors. | 7.5 |
2014-09-02 | CVE-2014-0485 | S3Ql Project | Code Injection vulnerability in S3Ql Project S3Ql S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/. | 7.5 |
2014-09-04 | CVE-2014-3353 | Cisco | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165. | 7.1 |
36 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-05 | CVE-2014-3909 | Falconsc | Session Fixation vulnerability in WisePoint Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
2014-09-04 | CVE-2014-5506 | SAP | Remote Code Execution vulnerability in SAP Crystal Reports Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | 6.8 |
2014-09-04 | CVE-2014-5505 | SAP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Crystal Reports Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | 6.8 |
2014-09-04 | CVE-2014-2957 | Exim | Improper Input Validation vulnerability in Exim The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function. | 6.8 |
2014-09-05 | CVE-2014-6252 | SAP | Buffer Errors vulnerability in SAP Netweaver 7.0/7.20 Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | 6.5 |
2014-09-02 | CVE-2014-5521 | Xrms CRM Project | SQL Injection vulnerability in Xrms CRM Project Xrms CRM 1.99.2 plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. | 6.5 |
2014-09-02 | CVE-2014-6041 | Permissions, Privileges, and Access Controls vulnerability in Google Android Browser 4.2.1 The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser. | 5.8 | |
2014-09-05 | CVE-2014-2379 | Sensysnetworks | Cryptographic Issues vulnerability in Sensysnetworks products Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network. | 5.4 |
2014-09-05 | CVE-2014-5256 | Nodejs | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nodejs Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack. | 5.0 |
2014-09-05 | CVE-2014-4863 | Arris | Information Exposure vulnerability in Arris Touchstone Dg950A and Touchstone Dg950A Software The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. | 5.0 |
2014-09-05 | CVE-2014-4862 | Netmaster | Information Exposure vulnerability in Netmaster Cbw700 Software and Netmaster Cbw700N The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request. | 5.0 |
2014-09-05 | CVE-2014-0877 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Cognos TM1 10.2.0.2/10.2.2.0 IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link. | 5.0 |
2014-09-04 | CVE-2014-5377 | Manageengine | Information Exposure vulnerability in Manageengine Device Expert ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. | 5.0 |
2014-09-04 | CVE-2014-5269 | Plack Project | Permissions, Privileges, and Access Controls vulnerability in Plack Project Plack Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static. | 5.0 |
2014-09-03 | CVE-2014-5465 | Werdswords | Path Traversal vulnerability in Werdswords Download Shortcode Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-09-02 | CVE-2014-5137 | III | Information Exposure vulnerability in III Sierra 1.23 Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule. | 5.0 |
2014-09-05 | CVE-2014-6029 | Torrentflux Project | Improper Input Validation vulnerability in Torrentflux Project Torrentflux 2.4 TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php. | 4.9 |
2014-09-02 | CVE-2014-5339 | Check MK Project | Arbitrary File Overwrite vulnerability in Check_MK Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections. | 4.9 |
2014-09-04 | CVE-2014-2972 | Exim | Numeric Errors vulnerability in Exim expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. | 4.6 |
2014-09-05 | CVE-2014-3910 | Emurasoft | Code Injection vulnerability in Emurasoft Emftp Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension. | 4.4 |
2014-09-04 | CVE-2014-3574 | Apache | Denial Of Service vulnerability in Apache POI Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack. | 4.3 |
2014-09-04 | CVE-2014-3529 | Apache | Remote Security vulnerability in RETIRED: POI The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 4.3 |
2014-09-04 | CVE-2012-6153 | Apache | Improper Input Validation vulnerability in Apache Commons-Httpclient http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. | 4.3 |
2014-09-04 | CVE-2012-4768 | Mikejolley | Cross-Site Scripting vulnerability in Mikejolley Download Monitor 3.3.5.7 Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. | 4.3 |
2014-09-03 | CVE-2012-4226 | QPW Famvanakkeren | Cross-Site Scripting vulnerability in Qpw.Famvanakkeren Quick Post Widget 1.9.1 Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Title, (2) Content, or (3) New category field to wordpress/ or (4) query string to wordpress/. | 4.3 |
2014-09-03 | CVE-2014-1566 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. | 4.3 |
2014-09-02 | CVE-2014-5136 | III | Cross-Site Scripting vulnerability in III Sierra 1.23 Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
2014-09-02 | CVE-2014-5452 | HL7 | Cross-Site Scripting vulnerability in HL7 C-Cda 1.1 CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that is improperly handled during unrestricted xsl:copy operations. | 4.3 |
2014-09-02 | CVE-2014-5076 | Labanquepostale | Information Exposure vulnerability in Labanquepostale 3.2 The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework. | 4.3 |
2014-09-02 | CVE-2014-3862 | HL7 | Information Exposure vulnerability in HL7 C-Cda 1.1 CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log. | 4.3 |
2014-09-02 | CVE-2014-3861 | HL7 | Cross-Site Scripting vulnerability in HL7 C-Cda 1.1 Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element. | 4.3 |
2014-09-05 | CVE-2014-6028 | Torrentflux Project | Improper Input Validation vulnerability in Torrentflux Project Torrentflux 2.4 TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php. | 4.0 |
2014-09-05 | CVE-2014-0863 | IBM | Credentials Management vulnerability in IBM Cognos TM1 The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1, 10.2.0.2 before IF1, and 10.2.2.0 before IF1 stores obfuscated passwords in memory, which allows remote authenticated users to obtain sensitive cleartext information via an unspecified security tool. | 4.0 |
2014-09-04 | CVE-2014-4759 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager 8.5.0.0/8.5.0.1/8.5.5.0 An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results. | 4.0 |
2014-09-04 | CVE-2014-4758 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL. | 4.0 |
2014-09-02 | CVE-2014-6064 | Mcafee | Information Exposure vulnerability in Mcafee web Gateway The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-05 | CVE-2014-5508 | Srvx | Numeric Errors vulnerability in Srvx 1.3.1 Multiple integer overflows in the HelpServ module (mod-helpserv.c) in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service (infinite loop) via a large value in the EmptyInterval parameter or certain other interval configurations. | 3.5 |
2014-09-04 | CVE-2014-3095 | IBM Linux Microsoft | Improper Input Validation vulnerability in IBM DB2 The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement. | 3.5 |
2014-09-04 | CVE-2014-3075 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file. | 3.5 |
2014-09-04 | CVE-2014-6060 | Dhcpcd Project | Resource Management Errors vulnerability in multiple products The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. | 3.3 |
2014-09-04 | CVE-2014-4805 | IBM Linux | Information Exposure vulnerability in IBM DB2 IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. | 2.1 |
2014-09-05 | CVE-2014-5036 | Eucalyptus | Information Exposure vulnerability in Eucalyptus 3.4.2/3.4.3/4.0.0 The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs. | 1.9 |