Weekly Vulnerabilities Reports > December 1 to 7, 2014

Overview

118 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 133 products from 87 vendors including Debian, Zohocorp, Redhat, Opensuse, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Information Exposure", "Permissions, Privileges, and Access Controls", and "Path Traversal".

  • 99 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 49 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 105 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-05 CVE-2014-8877 Creative Minds Code Injection vulnerability in Creative Minds CM Download Manager 2.0.0/2.0.1/2.0.2

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.

10.0
2014-12-03 CVE-2014-9134 Huawei Unspecified vulnerability in Huawei products

Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.

10.0
2014-12-02 CVE-2014-9183 ZTE Credentials Management vulnerability in ZTE Zxdsl 831Cii

ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.

10.0
2014-12-06 CVE-2014-6140 IBM Cryptographic Issues vulnerability in IBM Tivoli Endpoint Manager Mobile Device Management 9.0

IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to (1) Enrollment and Apple iOS Management Extender, (2) Self-service portal, (3) Trusted Services provider, or (4) Admin Portal.

9.3
2014-12-06 CVE-2014-4629 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Content Server 6.7/7.0/7.1

EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference.

9.0

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-07 CVE-2014-9303 Entrypass Information Exposure vulnerability in Entrypass N5200 Active Network Control Panel

EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868.

7.8
2014-12-07 CVE-2014-8868 Entrypass Permissions, Privileges, and Access Controls vulnerability in Entrypass N5200 Active Network Control Panel

EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive information, via a request to /4.

7.8
2014-12-05 CVE-2014-7256 IIJ Resource Management Errors vulnerability in IIJ products

The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Internet Initiative Japan Inc.

7.8
2014-12-07 CVE-2014-9304 Plex Permissions, Privileges, and Access Controls vulnerability in Plex Media Server 0.9.9.2

Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.

7.5
2014-12-05 CVE-2014-8990 Debian
Fedoraproject
Lsyncd Project
Command Injection vulnerability in multiple products

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

7.5
2014-12-05 CVE-2014-9215 Pbboard SQL Injection vulnerability in Pbboard 2.1.4/3.0.1

SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php.

7.5
2014-12-05 CVE-2014-9144 Technicolor Command Injection vulnerability in Technicolor Td5130 Router Firmware 2.05.C29Gv

Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).

7.5
2014-12-05 CVE-2014-3997 Zohocorp SQL Injection vulnerability in Zohocorp products

SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.

7.5
2014-12-05 CVE-2014-3996 Manageengine SQL Injection vulnerability in Manageengine Desktop Central, It360 and Password Manager PRO

SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.

7.5
2014-12-04 CVE-2014-7868 Zohocorp SQL Injection vulnerability in Zohocorp products

Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.

7.5
2014-12-04 CVE-2014-7867 Zohocorp SQL Injection vulnerability in Zohocorp products

SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter.

7.5
2014-12-04 CVE-2014-6035 Zohocorp Path Traversal vulnerability in Zohocorp Manageengine Opmanager 11.4

Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a ..

7.5
2014-12-03 CVE-2014-9242 Websitebaker SQL Injection vulnerability in Websitebaker 2.8.3

SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

7.5
2014-12-03 CVE-2014-9240 Mybb SQL Injection vulnerability in Mybb 1.8.0/1.8.1

SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.

7.5
2014-12-03 CVE-2014-9239 Invisionpower
Invisioncommunity
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.

7.5
2014-12-03 CVE-2014-9237 Proticaret SQL Injection vulnerability in Proticaret 3.0

SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.

7.5
2014-12-03 CVE-2014-9157 Debian
Graphviz
USE of Externally-Controlled Format String vulnerability in multiple products

Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

7.5
2014-12-03 CVE-2013-7416 Canto Command Injection vulnerability in Canto Curses 0.8.4/0.9.0

canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.

7.5
2014-12-03 CVE-2014-9220 Fedoraproject
Openvas
Opensuse
SQL Injection vulnerability in multiple products

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.

7.5
2014-12-02 CVE-2014-9178 Smartypantsplugins SQL Injection vulnerability in Smartypantsplugins SP Project & Document Manager 2.4.1

Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.

7.5
2014-12-02 CVE-2014-9175 Wpdatatables SQL Injection vulnerability in Wpdatatables 1.5.3

SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.

7.5
2014-12-02 CVE-2014-9173 Google DOC Embedder Project SQL Injection vulnerability in Google DOC Embedder Project Google DOC Embedder

SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.

7.5
2014-12-02 CVE-2014-8728 Subex SQL Injection vulnerability in Subex ROC Fraud Management System

SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter.

7.5
2014-12-01 CVE-2014-9152 Services Project Credentials Management vulnerability in Services Project Services

The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack.

7.5
2014-12-01 CVE-2014-9151 Services Project Improper Access Control vulnerability in Services Project Services 7.X3.9

The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

7.5
2014-12-01 CVE-2014-9087 Mageia
Debian
Libksba Project
Canonical
Gnupg
Numeric Errors vulnerability in multiple products

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

7.5
2014-12-06 CVE-2014-8651 KDE Permissions, Privileges, and Access Controls vulnerability in KDE Kde-Workspace and Plasma-Desktop

The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.

7.2
2014-12-05 CVE-2014-7253 Fujitsu OS Command Injection vulnerability in Fujitsu products

FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors.

7.2
2014-12-05 CVE-2014-2273 Huawei Permissions, Privileges, and Access Controls vulnerability in Huawei P2-6011 Firmware V100R001C00B042

The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors.

7.2
2014-12-03 CVE-2014-9141 Thomsonreuters Permissions, Privileges, and Access Controls vulnerability in Thomsonreuters Fixed Assets CS

The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.

7.2
2014-12-02 CVE-2014-9113 Cchgroup Permissions, Privileges, and Access Controls vulnerability in Cchgroup Prosystem FX Engagement

CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file.

7.2
2014-12-02 CVE-2014-5284 Ossec Permissions, Privileges, and Access Controls vulnerability in Ossec

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.

7.2

72 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-02 CVE-2014-3065 IBM Code Injection vulnerability in IBM Java

Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.

6.9
2014-12-07 CVE-2014-9300 Alfresco Cross-Site Request Forgery (CSRF) vulnerability in Alfresco 4.2.F/5.0.A

Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter.

6.8
2014-12-05 CVE-2014-9129 Creative Minds Cross-Site Request Forgery (CSRF) vulnerability in Creative Minds CM Download Manager 2.0.6

Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php.

6.8
2014-12-03 CVE-2014-8773 Modx Cross-Site Request Forgery (CSRF) vulnerability in Modx Revolution

MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.

6.8
2014-12-03 CVE-2014-8771 X3Cms Cross-Site Request Forgery (CSRF) vulnerability in X3Cms X3 CMS 0.5.1/0.5.1.1

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors.

6.8
2014-12-03 CVE-2014-8104 Mageia
Debian
Opensuse
Openvpn
Canonical
Resource Management Errors vulnerability in multiple products

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

6.8
2014-12-03 CVE-2014-9235 Zoph SQL Injection vulnerability in Zoph

Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.

6.5
2014-12-02 CVE-2014-8789 Gleamtech Improper Input Validation vulnerability in Gleamtech Filevista

GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction.

6.5
2014-12-07 CVE-2014-9301 Alfresco Remote Security vulnerability in Alfresco 4.2.F

Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.

6.4
2014-12-04 CVE-2014-6036 Zohocorp Path Traversal vulnerability in Zohocorp products

Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a ..

6.4
2014-12-02 CVE-2014-3068 IBM Credentials Management vulnerability in IBM Java

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.

6.4
2014-12-02 CVE-2014-8791 Enalean Code Injection vulnerability in Enalean Tuleap 7.6

project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.

6.0
2014-12-05 CVE-2014-9292 Jrss Widget Project Remote Security vulnerability in Jrss Widget

Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter.

5.8
2014-12-02 CVE-2014-8754 AD Manager Project Unspecified vulnerability in Ad-Manager Project Ad-Manager 1.1.2

Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the out parameter.

5.8
2014-12-01 CVE-2014-5268 Fasttoggle Project Permissions, Privileges, and Access Controls vulnerability in Fasttoggle Project Fasttoggle 7.X1.3/7.X1.4

The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link.

5.8
2014-12-07 CVE-2014-9302 Alfresco Remote Security vulnerability in Community Edition

Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter.

5.0
2014-12-06 CVE-2014-9117 Mantisbt Improper Access Control vulnerability in Mantisbt

MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0.

5.0
2014-12-06 CVE-2014-5429 Elipse Resource Management Errors vulnerability in Elipse E3, Power and Scada

DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets.

5.0
2014-12-05 CVE-2014-7259 Square Enix CO LTD Information Exposure vulnerability in Square Enix CO LTD Kaku SAN SEI Million Aruthur

SQUARE ENIX Co., Ltd.

5.0
2014-12-05 CVE-2014-7255 IIJ Resource Exhaustion vulnerability in IIJ products

Internet Initiative Japan Inc.

5.0
2014-12-05 CVE-2014-7243 LG Information Exposure vulnerability in LG L-03E, L-04D and L-09C

LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2014-12-05 CVE-2014-9140 Redhat Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat Tcpdump

Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.

5.0
2014-12-05 CVE-2014-8123 Antiword Project Buffer Errors vulnerability in Antiword Project Antiword 0.37

Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document.

5.0
2014-12-05 CVE-2014-6040 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Glibc

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

5.0
2014-12-05 CVE-2014-3627 Apache Link Following vulnerability in Apache Hadoop

The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.

5.0
2014-12-05 CVE-2012-6656 Debian
Canonical
GNU
Improper Input Validation vulnerability in multiple products

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.

5.0
2014-12-04 CVE-2014-6034 Zohocorp Path Traversal vulnerability in Zohocorp products

Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a ..

5.0
2014-12-04 CVE-2014-5446 Zohocorp Path Traversal vulnerability in Zohocorp Manageengine It360 and Manageengine Netflow Analyzer

Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a ..

5.0
2014-12-04 CVE-2014-5445 Zohocorp Path Traversal vulnerability in Zohocorp Manageengine It360 and Manageengine Netflow Analyzer

Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.

5.0
2014-12-03 CVE-2014-9238 D Link Path Traversal vulnerability in D-Link Dcs-2103 HD Cube Network Camera Firmware 1.0.0

D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character.

5.0
2014-12-03 CVE-2014-9234 D Link Path Traversal vulnerability in D-Link Dcs-2103 HD Cube Network Camera Firmware 1.0.0

Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a ..

5.0
2014-12-03 CVE-2014-9018 Icecast Information Exposure vulnerability in Icecast

Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.

5.0
2014-12-03 CVE-2014-8775 Modx Information Exposure vulnerability in Modx Revolution

MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5.0
2014-12-02 CVE-2014-9184 ZTE Improper Authentication vulnerability in ZTE Zxdsl 831Cii

ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.

5.0
2014-12-02 CVE-2014-9181 Plex Path Traversal vulnerability in Plex Media Server 0.9.9.2

Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a ..

5.0
2014-12-02 CVE-2014-9180 Eleanor CMS Unspecified vulnerability in Eleanor-Cms Eleanor CMS

Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.

5.0
2014-12-02 CVE-2014-9177 Svnlabs Information Exposure vulnerability in Svnlabs Html5 MP3 Player With Playlist Free 2.6

The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php.

5.0
2014-12-02 CVE-2014-9116 Suse
Mutt
Debian
Mageia
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

5.0
2014-12-02 CVE-2014-9112 GNU
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.

5.0
2014-12-02 CVE-2014-8874 Kennziffer Information Exposure vulnerability in Kennziffer KE Questionnaire

The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request.

5.0
2014-12-02 CVE-2014-3703 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Packstack 2012.2.1

OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions.

5.0
2014-12-01 CVE-2014-9050 Clamav Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clamav

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.

5.0
2014-12-01 CVE-2014-8749 AIT PRO Unspecified vulnerability in Ait-Pro Bulletproof Security

Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.

5.0
2014-12-01 CVE-2014-7816 Redhat
Microsoft
Path Traversal vulnerability in Redhat Undertow

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a ..

5.0
2014-12-01 CVE-2014-2233 Infoware Cross-Site Request Forgery vulnerability in MapSuite MapAPI

Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors.

5.0
2014-12-01 CVE-2014-2232 Infoware Pathname Traversal and Equivalence Errors vulnerability in Infoware Mapsuite

Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2014-12-01 CVE-2014-8867 Redhat
XEN
Debian
Opensuse
Code vulnerability in multiple products

The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.

4.9
2014-12-01 CVE-2014-8866 Debian
XEN
Opensuse
Code vulnerability in multiple products

The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.

4.7
2014-12-05 CVE-2014-7254 Fujitsu Local Information Disclosure vulnerability in ARROWS Me F-11D

Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors.

4.6
2014-12-05 CVE-2014-7252 Disney Interactive
Fujitsu
Sharp
LG
Multiple Security vulnerability in OMAP Mobile Processors Syslink Driver

Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and "improper data validation."

4.6
2014-12-05 CVE-2014-7258 Kent WEB Cross-Site Scripting vulnerability in Kent-Web Clip Board 2.91

Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-12-05 CVE-2014-9212 Altitude Cross-Site Scripting vulnerability in Altitude Unified Customer Interaction 7.5

Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section.

4.3
2014-12-05 CVE-2014-9143 Technicolor Code vulnerability in Technicolor Td5130 Router Firmware 2.05.C29Gv

Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.

4.3
2014-12-05 CVE-2014-9142 Technicolor Cross-Site Scripting vulnerability in Technicolor Td5130 Router Firmware 2.05.C29Gv

Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.

4.3
2014-12-05 CVE-2014-8800 Nextendweb Cross-Site Scripting vulnerability in Nextendweb Nextend Facebook Connect 1.5.0

Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action.

4.3
2014-12-03 CVE-2014-9243 Websitebaker Cross-Site Scripting vulnerability in Websitebaker 2.8.3

Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/.

4.3
2014-12-03 CVE-2014-9241 Mybb Cross-Site Scripting vulnerability in Mybb 1.8.0/1.8.1

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.

4.3
2014-12-03 CVE-2014-9236 Zoph Cross-Site Scripting vulnerability in Zoph

Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter.

4.3
2014-12-03 CVE-2014-8774 Modx Cross-Site Scripting vulnerability in Modx Revolution

Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.

4.3
2014-12-03 CVE-2014-3988 Sunhater Cross-Site Scripting vulnerability in Sunhater Kcfinder

Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file.

4.3
2014-12-02 CVE-2014-9182 Anchorcms Cross-Site Scripting vulnerability in Anchorcms Anchor CMS 0.9.1

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.

4.3
2014-12-02 CVE-2014-9176 Instasqueeze Cross-Site Scripting vulnerability in Instasqueeze Sexy Squeeze Pages

Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.

4.3
2014-12-02 CVE-2014-9174 Yoast Cross-Site Scripting vulnerability in Yoast Google Analytics 5.1/5.1.1

Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" (manual_ua_code_field) field in the General Settings.

4.3
2014-12-01 CVE-2014-9153 Services Project Cross-Site Scripting vulnerability in Services Project Services 7.X3.9

Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response.

4.3
2014-12-01 CVE-2014-7291 Springshare Cross-Site Scripting vulnerability in Springshare Libcal 2.0

Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter.

4.3
2014-12-01 CVE-2014-5237 Open Xchange Cross-Site Request Forgery vulnerability in Open-Xchange APP Suite 7.4.2/7.6.0

Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.

4.3
2014-12-06 CVE-2014-9278 Openbsd
Redhat
Improper Authentication vulnerability in Openbsd Openssh

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

4.0
2014-12-02 CVE-2014-9179 Supportezzy Ticket System Project Cross-Site Scripting vulnerability in Supportezzy Ticket System Project Supportezzy Ticket System 1.2.5

Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket.

4.0
2014-12-02 CVE-2014-8788 Gleamtech Information Exposure vulnerability in Gleamtech Filevista

GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.

4.0
2014-12-01 CVE-2014-9156 Filefield Project Information Exposure vulnerability in Filefield Project Filefield 6.X3.12

The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.

4.0
2014-12-01 CVE-2014-9155 Avatar Uploader Project Path Traversal vulnerability in Avatar Uploader Project Avatar Uploader

Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a ..

4.0
2014-12-01 CVE-2014-9154 Notify Project Information Exposure vulnerability in Notify Project Notify 7.X1.0

The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-03 CVE-2014-8772 X3Cms Cross-Site Scripting vulnerability in X3Cms X3 CMS 0.5.1/0.5.1.1

Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter.

3.5
2014-12-06 CVE-2014-7251 Yokogawa Improper Input Validation vulnerability in Yokogawa Fast/Tools

XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.

3.2
2014-12-06 CVE-2014-3099 IBM Security vulnerability in IBM Systems Director

Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors.

2.1
2014-12-05 CVE-2014-4703 Nagios Link Following vulnerability in Nagios 2.0.2

lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag.

2.1
2014-12-05 CVE-2014-4702 Nagios Information Exposure vulnerability in Nagios 2.0.1

The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.

2.1
2014-12-05 CVE-2014-4701 Nagios Information Exposure vulnerability in Nagios 2.0.1

The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.

2.1
2014-12-05 CVE-2014-3561 Redhat Information Exposure vulnerability in Redhat Enterprise Virtualization 3.4

The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.

2.1
2014-12-02 CVE-2013-6494 Fedup Project
Fedoraproject
Code vulnerability in Fedup Project Fedup 0.9.0

fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).

2.1
2014-12-01 CVE-2013-6497 Clamav Code vulnerability in Clamav

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.

2.1