Weekly Vulnerabilities Reports > December 22 to 28, 2014

Overview

104 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 69 products from 50 vendors including IBM, Cisco, Videolan, Google, and Microfocus. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", and "Permissions, Privileges, and Access Controls".

  • 89 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 79 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • Schneider Electric has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-27 CVE-2014-8511 Schneider Electric Buffer Errors vulnerability in Schneider-Electric Proclima 6.0.1

Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512.

10.0
2014-12-24 CVE-2014-9223 Allegrosoft Buffer Errors vulnerability in Allegrosoft Rompager 4.07

Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.

10.0
2014-12-24 CVE-2014-9222 Allegrosoft Code vulnerability in Allegrosoft Rompager 4.07

AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.

10.0
2014-12-23 CVE-2014-6119 IBM Code Injection vulnerability in IBM Security Appscan and Security Appscan Source

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive.

9.3
2014-12-27 CVE-2014-9188 Schneider Electric Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider Electric Proclima

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514.

9.0

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-28 CVE-2011-4722 Ipswitch Path Traversal vulnerability in Ipswitch Tftp Server 1.0.0.24

Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a ..

7.8
2014-12-24 CVE-2014-7999 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565.

7.7
2014-12-28 CVE-2014-6228 Facebook Numeric Errors vulnerability in Facebook Hiphop Virtual Machine

Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function.

7.5
2014-12-28 CVE-2014-2208 Facebook Code Injection vulnerability in Facebook Hiphop Virtual Machine

CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

7.5
2014-12-28 CVE-2013-4663 Redmine Command Injection vulnerability in Redmine GIT Hosting Plugin

git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function.

7.5
2014-12-27 CVE-2013-6227 Ajaxplorer
Pydio
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
7.5
2014-12-27 CVE-2013-6041 Softaculous OS Command Injection vulnerability in Softaculous Webuzo

index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.

7.5
2014-12-27 CVE-2013-4793 Umbraco Improper Authentication vulnerability in Umbraco CMS

The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.

7.5
2014-12-27 CVE-2014-8514 Schneider Electric Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider Electric Proclima

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188.

7.5
2014-12-27 CVE-2014-8513 Schneider Electric Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider Electric Proclima

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188.

7.5
2014-12-27 CVE-2014-8512 Schneider Electric Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider Electric Proclima

Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511.

7.5
2014-12-26 CVE-2011-3623 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c.

7.5
2014-12-26 CVE-2010-2062 Videolan Numeric Errors vulnerability in Videolan VLC Media Player

Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.

7.5
2014-12-26 CVE-2010-1445 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.

7.5
2014-12-26 CVE-2010-1444 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.

7.5
2014-12-26 CVE-2010-1442 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.

7.5
2014-12-26 CVE-2010-1441 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.

7.5
2014-12-26 CVE-2011-1798 Google Improper Input Validation vulnerability in Google Chrome

rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown other impact via a crafted text element in an SVG document.

7.5
2014-12-26 CVE-2011-1796 Google Denial-Of-Service vulnerability in Chrome

Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that calls the removeChild method during interaction with a FRAME element.

7.5
2014-12-26 CVE-2011-1795 Google Numeric Errors vulnerability in Google Chrome

Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document containing a FORM element.

7.5
2014-12-26 CVE-2011-1794 Google Numeric Errors vulnerability in Google Chrome

Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted dimensions.

7.5
2014-12-26 CVE-2011-1793 Google Improper Input Validation vulnerability in Google Chrome

rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."

7.5
2014-12-25 CVE-2014-2217 Telerik Path Traversal vulnerability in Telerik UI FOR Asp.Net Ajax

Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.

7.5
2014-12-24 CVE-2014-8138 Redhat
Jasper Project
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

7.5
2014-12-24 CVE-2004-2771 Oracle
Redhat
BSD Mailx Project
Heirloom
Improper Input Validation vulnerability in multiple products

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

7.5
2014-12-23 CVE-2014-9115 Piwigo SQL Injection vulnerability in Piwigo

SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.

7.5
2014-12-22 CVE-2014-5208 Yokogawa Improper Access Control vulnerability in Yokogawa Centum CS 3000, Centum VP and Exaopc

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.

7.5
2014-12-27 CVE-2014-0748 Cray Improper Input Validation vulnerability in Cray Linux Environment 5.1

apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.

7.2
2014-12-25 CVE-2014-7300 Gnome
Redhat
Resource Management Errors vulnerability in multiple products

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.

7.2
2014-12-24 CVE-2014-4322 Linux Out-Of-Bounds Write vulnerability in Linux Kernel

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.

7.2
2014-12-24 CVE-2014-7995 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077.

7.2
2014-12-22 CVE-2014-7286 Symantec
Microsoft
Buffer Errors vulnerability in Symantec Deployment Solution 6.9

Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

7.2

49 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-28 CVE-2012-1415 Dflabs Cross-Site Request Forgery (CSRF) vulnerability in Dflabs PTK 1.0.5

Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout.

6.8
2014-12-28 CVE-2012-1203 Syndeocms Cross-Site Request Forgery (CSRF) vulnerability in Syndeocms

Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.

6.8
2014-12-24 CVE-2014-9414 W3Edge Cross-Site Request Forgery (CSRF) vulnerability in W3Edge Total Cache 0.9.4

The W3 Total Cache plugin before 0.9.4.1 for WordPress does not properly handle empty nonces, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and hijack the authentication of administrators for requests that change the mobile site redirect URI via the mobile_groups[*][redirect] parameter and an empty _wpnonce parameter in the w3tc_mobile page to wp-admin/admin.php.

6.8
2014-12-24 CVE-2014-9413 IP BAN Project Cross-Site Request Forgery (CSRF) vulnerability in IP BAN Project IP BAN 1.2.3

Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ip_list, (2) user_agent_list, or (3) redirect_url parameter in the simple-ip-ban page to wp-admin/options-general.php.

6.8
2014-12-24 CVE-2014-9334 Bird Feeder Project Cross-Site Request Forgery (CSRF) vulnerability in Bird Feeder Project Bird Feeder 1.2.3

Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird Feeder plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) user or (2) password parameter in the bird-feeder page to wp-admin/options-general.php.

6.8
2014-12-24 CVE-2014-8137 Jasper Project
Redhat
Double Free Remote Code Execution vulnerability in JasPer

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.

6.8
2014-12-23 CVE-2014-5217 Microfocus Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Access Manager 4.0/4.0.1

Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.

6.8
2014-12-24 CVE-2014-8810 Wpsymposiumpro SQL Injection vulnerability in Wpsymposiumpro WP Symposium

SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.

6.5
2014-12-24 CVE-2014-6187 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Service Registry and Repository

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

6.0
2014-12-25 CVE-2014-7193 Hapijs Improper Access Control vulnerability in Hapijs Crumb 2.2.0

The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site that is visited by an application consumer.

5.8
2014-12-23 CVE-2014-6122 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Security Appscan and Security Appscan Source

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument.

5.5
2014-12-24 CVE-2014-7994 Cisco Improper Input Validation vulnerability in Cisco products

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991.

5.4
2014-12-28 CVE-2014-6229 Facebook Information Exposure vulnerability in Facebook Hiphop Virtual Machine

The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character.

5.0
2014-12-28 CVE-2014-5386 Facebook Cryptographic Issues vulnerability in Facebook Hiphop Virtual Machine

The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector.

5.0
2014-12-28 CVE-2014-2209 Facebook Permissions, Privileges, and Access Controls vulnerability in Facebook Hiphop Virtual Machine

Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

5.0
2014-12-28 CVE-2011-4720 Hillstone Software Improper Input Validation vulnerability in Hillstone Software HS Tftp Server 1.3.2

Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.

5.0
2014-12-27 CVE-2013-6043 Softaculous Information Exposure vulnerability in Softaculous Webuzo

The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.

5.0
2014-12-27 CVE-2013-5958 Sensiolabs Resource Management Errors vulnerability in Sensiolabs Symfony

The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.

5.0
2014-12-26 CVE-2010-1443 Videolan Denial-Of-Service vulnerability in VLC media player

The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.

5.0
2014-12-25 CVE-2014-1449 Maxthon Improper Access Control vulnerability in Maxthon Cloud Browser 4.1.5.2000

The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

5.0
2014-12-25 CVE-2014-3971 Mongodb Improper Input Validation vulnerability in Mongodb 2.6.0/2.6.1

The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

5.0
2014-12-24 CVE-2014-3569 Openssl Denial of Service vulnerability in Openssl 1.0.1J

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling.

5.0
2014-12-22 CVE-2014-8017 Cisco Information Exposure vulnerability in Cisco Identity Services Engine Software

The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

5.0
2014-12-26 CVE-2014-9420 Linux Resource Management Errors vulnerability in Linux Kernel

The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.

4.9
2014-12-24 CVE-2014-9416 Huawei DLL Loading Multiple Local Code Execution vulnerability in Huawei eSpace Desktop

Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll.

4.4
2014-12-28 CVE-2012-1303 Amcharts Cross-Site Scripting vulnerability in Amcharts Flash 1.0

Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf; the message element in the chart_data parameter to (3) amcolumn.swf, (4) amline.swf, (5) amradar.swf, or (6) amxy.sw; or (7) the settings_file parameter to amstock.swf.

4.3
2014-12-28 CVE-2012-1302 Ammap Project Cross-Site Scripting vulnerability in Ammap Project Ammap 2.6.3

Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf.

4.3
2014-12-27 CVE-2013-6919 Phpthumb Project Remote Security vulnerability in PHPthumb Project PHPthumb 1.7.11

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.

4.3
2014-12-26 CVE-2013-4769 Eucalyptus Data Processing Errors vulnerability in Eucalyptus

The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic amplification) via spoofed DNS queries.

4.3
2014-12-24 CVE-2014-8809 Wpsymposiumpro Cross-Site Scripting vulnerability in Wpsymposiumpro WP Symposium

Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text parameter in a sendMail action to ajax/mail_functions.php, (3) comment parameter in an add_comment action to ajax/lounge_functions.php, or (4) name parameter in a create_album action to ajax/gallery_functions.php.

4.3
2014-12-24 CVE-2014-6179 IBM Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-12-24 CVE-2014-6153 IBM Cryptographic Issues vulnerability in IBM Websphere Service Registry and Repository

The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

4.3
2014-12-23 CVE-2014-9412 Microfocus Cross-Site Scripting vulnerability in Microfocus Access Manager 4.0/4.0.1

Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216.

4.3
2014-12-23 CVE-2014-5216 Microfocus Cross-Site Scripting vulnerability in Microfocus Access Manager 4.0/4.0.1

Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.

4.3
2014-12-23 CVE-2014-8026 Cisco Cross-Site Scripting vulnerability in Cisco Jabber Guest

Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074.

4.3
2014-12-23 CVE-2014-8025 Cisco Information Exposure vulnerability in Cisco Jabber Guest

The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801.

4.3
2014-12-23 CVE-2014-8024 Cisco Information Exposure vulnerability in Cisco Jabber Guest

The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789.

4.3
2014-12-23 CVE-2014-6135 IBM Improper Input Validation vulnerability in IBM Security Appscan and Security Appscan Source

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

4.3
2014-12-22 CVE-2014-8992 Modx Cross-Site Scripting vulnerability in Modx Revolution 2.3.2

Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

4.3
2014-12-22 CVE-2014-8018 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Domain Manager 8.0

Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661.

4.3
2014-12-27 CVE-2013-6241 Open Xchange Information Exposure vulnerability in Open-Xchange Appsuite

The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.

4.0
2014-12-24 CVE-2014-6186 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Service Registry and Repository

IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.1 allows remote authenticated users to bypass intended object-access restrictions via the datagraph.

4.0
2014-12-24 CVE-2014-6181 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Service Registry and Repository

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2014-12-24 CVE-2014-6177 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Service Registry and Repository

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2014-12-24 CVE-2014-6155 IBM Path Traversal vulnerability in IBM Websphere Service Registry and Repository

Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors.

4.0
2014-12-23 CVE-2014-5215 Microfocus Information Exposure vulnerability in Microfocus Access Manager 4.0/4.0.1

NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.

4.0
2014-12-23 CVE-2014-5214 Microfocus Unspecified vulnerability in Microfocus Access Manager 4.0/4.0.1

nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.0
2014-12-22 CVE-2014-8015 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software

The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.

4.0
2014-12-22 CVE-2014-8896 IBM Improper Authentication vulnerability in IBM products

The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors.

4.0

18 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-12-26 CVE-2013-4754 OWL Cross-Site Scripting vulnerability in OWL Intranet Knowledgebase 1.10

Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php.

3.5
2014-12-26 CVE-2013-4753 Claroline Cross-Site Scripting vulnerability in Claroline

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the "First name" field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php.

3.5
2014-12-26 CVE-2011-3592 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation.

3.5
2014-12-26 CVE-2011-3591 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js.

3.5
2014-12-24 CVE-2014-6188 IBM Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-12-24 CVE-2014-6180 IBM Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header.

3.5
2014-12-24 CVE-2014-6178 IBM Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository

Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-12-24 CVE-2014-6132 IBM Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-12-23 CVE-2014-6121 IBM Cross-Site Scripting vulnerability in IBM Security Appscan and Security Appscan Source

Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-12-22 CVE-2014-8899 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8898.

3.5
2014-12-22 CVE-2014-8898 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8899.

3.5
2014-12-22 CVE-2014-8897 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8898 and CVE-2014-8899.

3.5
2014-12-24 CVE-2014-7993 Cisco Information Exposure vulnerability in Cisco products

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012.

3.3
2014-12-28 CVE-2010-5075 Avast Numeric Errors vulnerability in Avast! Internet Security 5.0

Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.

2.1
2014-12-26 CVE-2014-9419 Linux Information Exposure vulnerability in Linux Kernel

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.

2.1
2014-12-24 CVE-2014-9418 Huawei Buffer Errors vulnerability in Huawei Espace Desktop V100R001C02/V100R001C03/V200R001C03

The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.

2.1
2014-12-24 CVE-2014-9417 Huawei Improper Input Validation vulnerability in Huawei Espace Desktop V100R001C02/V100R001C03

The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.

2.1
2014-12-24 CVE-2014-9415 Huawei Improper Input Validation vulnerability in Huawei Espace Desktop V100R001C02/V100R001C03

Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.

1.9