Weekly Vulnerabilities Reports > January 5 to 11, 2015

Overview

98 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 94 products from 59 vendors including Cisco, Debian, Opensuse, Openssl, and Wireshark. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "Information Exposure", "Permissions, Privileges, and Access Controls", and "SQL Injection".

  • 93 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 85 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Schneider Electric has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-01-10 CVE-2014-9495 Apple
Libpng
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

10.0
2015-01-10 CVE-2014-9190 Schneider Electric Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric Wonderware Intouch Access Anywhere Server 10.6/11.0

Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.

10.0
2015-01-08 CVE-2014-9583 T Mobile
Asus
Permissions, Privileges, and Access Controls vulnerability in multiple products

common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999.

10.0
2015-01-10 CVE-2014-6158 IBM Path Traversal vulnerability in IBM Pureapplication System and Workload Deployer

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

9.0

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-01-07 CVE-2015-0361 XEN
Opensuse
Use After Free Denial of Service vulnerability in Xen

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.

7.8
2015-01-08 CVE-2015-0919 Sefrengo SQL Injection vulnerability in Sefrengo 1.6.0

Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.

7.5
2015-01-08 CVE-2012-5853 Ajax Search Project SQL Injection vulnerability in Ajax Search Project Ajax Search 1.0/1.1/1.2

SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.

7.5
2015-01-08 CVE-2014-9473 Deliciousdays File-Upload vulnerability in Deliciousdays Cformsii 14.7

Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory.

7.5
2015-01-07 CVE-2014-9567 Projectsend Code Injection vulnerability in Projectsend

Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.

7.5
2015-01-06 CVE-2014-9528 Humhub SQL Injection vulnerability in Humhub 0.10.0

SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php.

7.5
2015-01-06 CVE-2014-7209 Debian Command Injection vulnerability in Debian Mime-Support

run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.

7.5
2015-01-05 CVE-2014-9521 Infinitewp Code Injection vulnerability in Infinitewp 2.4.2/2.4.3

Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename.

7.5
2015-01-05 CVE-2014-9520 Infinitewp SQL Injection vulnerability in Infinitewp 2.4.2/2.4.3

SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.

7.5
2015-01-05 CVE-2014-9519 Infinitewp SQL Injection vulnerability in Infinitewp 2.4.2

SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.

7.5
2015-01-05 CVE-2014-9389 Sonatype Path Traversal vulnerability in Sonatype Nexus 2.11.0

Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.

7.5
2015-01-05 CVE-2014-8084 Osclass Path Traversal vulnerability in Osclass

Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2015-01-05 CVE-2014-8083 Osclass SQL Injection vulnerability in Osclass

SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.

7.5

71 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-01-09 CVE-2014-9529 Linux
Redhat
Opensuse
Fedoraproject
Debian
Canonical
Race Condition vulnerability in Linux Kernel

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

6.9
2015-01-09 CVE-2014-9510 TP Link Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Wr840N Firmware 3.13.27

Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.

6.8
2015-01-09 CVE-2014-8031 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456.

6.8
2015-01-08 CVE-2015-0920 Banner Effect Header Project Cross-Site Request Forgery (CSRF) vulnerability in Banner Effect Header Project Banner Effect Header 1.2.6

Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.

6.8
2015-01-07 CVE-2014-4636 EMC Cross-Site Request Forgery (CSRF) vulnerability in EMC Documentum WDK 6.7

Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.

6.8
2015-01-05 CVE-2014-9525 Timed Popup Project Cross-Site Request Forgery (CSRF) vulnerability in Timed Popup Project Timed Popup 1.3

Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php.

6.8
2015-01-05 CVE-2014-9524 Facebook Like BOX Project Cross-Site Request Forgery (CSRF) vulnerability in Facebook Like BOX Project Facebook Like BOX 2.8.2

Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php.

6.8
2015-01-05 CVE-2014-9523 Smartcat Cross-Site Request Forgery (CSRF) vulnerability in Smartcat OUR Team Showcase 1.2

Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php.

6.8
2015-01-05 CVE-2014-8085 Osclass Unspecified vulnerability in Osclass

Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.

6.8
2015-01-05 CVE-2014-2598 Quick Page Post Redirect Project Cross-Site Request Forgery (CSRF) vulnerability in Quick Page/Post Redirect Project Quick Page/Post Redirect 5.0.4

Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php.

6.8
2015-01-09 CVE-2014-8027 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System

The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.

6.5
2015-01-08 CVE-2014-9575 Vdgsecurity Permissions, Privileges, and Access Controls vulnerability in Vdgsecurity VDG Sense 2.3.13/2.3.14

VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header.

6.4
2015-01-07 CVE-2014-4637 EMC URL Redirection vulnerability in EMC Documentum WDK 6.7

Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.

6.4
2015-01-09 CVE-2014-8029 Cisco Open Redirection vulnerability in Cisco Secure Access Control Server

Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150.

5.8
2015-01-07 CVE-2014-9493 Redhat
Openstack
Permissions, Privileges, and Access Controls vulnerability in multiple products

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

5.5
2015-01-10 CVE-2015-0582 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129.

5.0
2015-01-10 CVE-2015-0564 Wireshark
Oracle
Debian
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.

5.0
2015-01-10 CVE-2015-0563 Opensuse
Wireshark
Improper Input Validation vulnerability in multiple products

epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.0
2015-01-10 CVE-2015-0562 Wireshark Remote Denial of Service vulnerability in Wireshark DEC DNA Routing Protocol Dissector

Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.

5.0
2015-01-10 CVE-2015-0561 Wireshark
Opensuse
Oracle
Improper Input Validation vulnerability in multiple products

asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.

5.0
2015-01-10 CVE-2015-0560 Wireshark
Opensuse
Data Processing Errors vulnerability in multiple products

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.0
2015-01-10 CVE-2015-0559 Opensuse
Wireshark
Remote Denial of Service vulnerability in Wireshark WCCP Dissector

Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.

5.0
2015-01-10 CVE-2014-8036 Cisco Improper Input Validation vulnerability in Cisco Webex Meetings Server

The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254.

5.0
2015-01-10 CVE-2014-8035 Cisco Information Exposure vulnerability in Cisco Webex Meetings Server

The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247.

5.0
2015-01-10 CVE-2014-8020 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager

Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276.

5.0
2015-01-10 CVE-2014-6199 IBM Resource Management Errors vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request.

5.0
2015-01-09 CVE-2015-0922 Mcafee Information Exposure vulnerability in Mcafee Epolicy Orchestrator

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.

5.0
2015-01-09 CVE-2015-0206 Openssl Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openssl

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.

5.0
2015-01-09 CVE-2015-0205 Openssl Cryptographic Issues vulnerability in Openssl

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.

5.0
2015-01-09 CVE-2014-8275 Openssl Cryptographic Issues vulnerability in Openssl

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.

5.0
2015-01-09 CVE-2014-8033 Cisco Improper Authentication vulnerability in Cisco Webex Meetings Server

The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421.

5.0
2015-01-09 CVE-2014-3572 Openssl Cryptographic Issues vulnerability in Openssl

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

5.0
2015-01-09 CVE-2014-3571 Openssl Remote Security vulnerability in RETIRED: Oracle E-Business Suite

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.

5.0
2015-01-09 CVE-2014-3570 Openssl Cryptographic Issues vulnerability in Openssl

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

5.0
2015-01-08 CVE-2014-9581 Codiad Path Traversal vulnerability in Codiad 2.4.3

Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a ..

5.0
2015-01-08 CVE-2014-9579 Vdgsecurity Information Exposure vulnerability in Vdgsecurity VDG Sense 2.3.13

VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files.

5.0
2015-01-08 CVE-2014-9578 Vdgsecurity Improper Authentication vulnerability in Vdgsecurity VDG Sense 2.3.13

VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password hash.

5.0
2015-01-08 CVE-2014-9576 Vdgsecurity Information Exposure vulnerability in Vdgsecurity VDG Sense 2.3.13

VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access.

5.0
2015-01-07 CVE-2014-9221 Strongswan
Opensuse
Canonical
Fedoraproject
Debian
Data Processing Errors vulnerability in multiple products

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

5.0
2015-01-07 CVE-2014-4639 EMC Numeric Errors vulnerability in EMC Documentum WDK 6.7

EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.

5.0
2015-01-07 CVE-2014-4638 EMC Information Exposure vulnerability in EMC Documentum WDK 6.7

EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors.

5.0
2015-01-06 CVE-2014-9527 Fedoraproject
Apache
Resource Management Errors vulnerability in multiple products

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

5.0
2015-01-09 CVE-2014-9500 Moip Project Cross-Site Scripting vulnerability in Moip Project Moip

Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback.

4.3
2015-01-09 CVE-2014-9272 Debian
Mantisbt
Cross-Site Scripting vulnerability in multiple products

The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.

4.3
2015-01-09 CVE-2014-9271 Debian
Mantisbt
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.

4.3
2015-01-09 CVE-2013-7419 Joomlaskin Cross-Site Scripting vulnerability in Joomlaskin JS Multi Hotel 2.2.1

Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the roomid parameter.

4.3
2015-01-09 CVE-2015-0204 Openssl Cryptographic Issues vulnerability in Openssl

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue.

4.3
2015-01-09 CVE-2014-8030 Cisco Cross-Site Scripting vulnerability in Cisco Webex Meetings Server

Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.

4.3
2015-01-09 CVE-2014-8028 Cisco Cross-Site Scripting vulnerability in Cisco Secure Access Control System

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019.

4.3
2015-01-08 CVE-2014-9582 Codiad Cross-Site Scripting vulnerability in Codiad 2.4.3

Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action.

4.3
2015-01-08 CVE-2014-9580 Projectsend Cross-Site Scripting vulnerability in Projectsend 561

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload.

4.3
2015-01-08 CVE-2015-0918 Sefrengo Cross-Site Scripting vulnerability in Sefrengo 1.6.0

Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php.

4.3
2015-01-08 CVE-2015-0917 Kajona Cross-Site Scripting vulnerability in Kajona

Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.

4.3
2015-01-08 CVE-2012-6684 Redcloth
Debian
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.

4.3
2015-01-07 CVE-2014-9569 SAP Cross-Site Scripting vulnerability in SAP Netweaver Business Client for Html 3.0

Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.

4.3
2015-01-07 CVE-2014-8993 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.

4.3
2015-01-07 CVE-2014-3779 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.

4.3
2015-01-07 CVE-2014-4635 EMC Cross-Site Scripting vulnerability in EMC Documentum WDK 6.7

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-01-06 CVE-2014-3764 Paloaltonetworks Cross-Site Scripting vulnerability in Paloaltonetworks Pan-Os

Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.

4.3
2015-01-06 CVE-2014-3628 Apache Cross-Site Scripting vulnerability in Apache Solr

Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.

4.3
2015-01-05 CVE-2014-9526 Concrete5
Concretecms
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php.

4.3
2015-01-05 CVE-2014-9522 Papoo Cross-Site Scripting vulnerability in Papoo CMS Papoo Light 6.0.0

Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.

4.3
2015-01-05 CVE-2014-9518 D Link Cross-Site Scripting vulnerability in D-Link Dir-655 and Dir-655 Firmware

Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.

4.3
2015-01-05 CVE-2014-9517 D Link Cross-Site Scripting vulnerability in D-Link products

Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.

4.3
2015-01-05 CVE-2014-9516 Social Microblogging PRO Project Cross-Site Scripting vulnerability in Social Microblogging PRO Project Social Microblogging PRO 1.5

Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.

4.3
2015-01-05 CVE-2014-1679 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.

4.3
2015-01-10 CVE-2014-6212 IBM XML External Entity Information Disclosure vulnerability in Multiple IBM Products

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.0
2015-01-09 CVE-2015-0921 Mcafee Unspecified vulnerability in Mcafee Epolicy Orchestrator

XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.

4.0
2015-01-09 CVE-2014-8032 Cisco Information Exposure vulnerability in Cisco Webex Meetings Server

The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449.

4.0
2015-01-08 CVE-2014-9577 Vdgsecurity Information Exposure vulnerability in Vdgsecurity VDG Sense 2.3.13

VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response.

4.0
2015-01-06 CVE-2014-8131 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-01-10 CVE-2014-3096 IBM Cross-Site Scripting vulnerability in IBM Curam Social Program Management

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2015-01-09 CVE-2014-9505 School Administration Project Cross-Site Scripting vulnerability in School Administration Project School Administration

Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title.

3.5
2015-01-09 CVE-2014-9501 Poll Chart Block Project Cross-Site Scripting vulnerability in Poll Chart Block Project Poll Chart Block 7.X1.0/7.X1.1

Cross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title.

3.5
2015-01-09 CVE-2014-9499 Godwin S LAW Project Cross-Site Scripting vulnerability in Godwin'S LAW Project Godwin'S LAW 7.X1.1

Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message.

3.5
2015-01-09 CVE-2014-9498 Webform Invitation Project Cross-Site Scripting vulnerability in Webform Invitation Project Webform Invitation

Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web script or HTML via a node title.

3.5
2015-01-09 CVE-2014-9269 Mantisbt
Debian
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.

2.6
2015-01-10 CVE-2014-9191 Codewrights Resource Management Errors vulnerability in Codewrights Hart Device Type Manager 1.0.44

The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 mA current loop.

2.1
2015-01-09 CVE-2014-9585 Linux
Redhat
Opensuse
Suse
Fedoraproject
Debian
Canonical
Local Security Bypass vulnerability in Linux Kernel 'vdso_addr()' Function

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

2.1
2015-01-09 CVE-2014-9584 Linux
Redhat
Opensuse
Suse
Debian
Canonical
Oracle
Improper Input Validation vulnerability in Linux Kernel

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

2.1
2015-01-07 CVE-2014-1425 Linuxcontainers
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.

2.1