Weekly Vulnerabilities Reports > February 16 to 22, 2015

Overview

96 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 112 products from 61 vendors including Cisco, IBM, MIT, Redhat, and Mcafee. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 81 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 31 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 74 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • MIT has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-02-21 CVE-2015-0331 Adobe
Apple
Microsoft
Linux
Use After Free Remote Code Execution vulnerability in Adobe Flash Player

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

10.0
2015-02-20 CVE-2015-2033 Infoblox Improper Authentication vulnerability in Infoblox Netmri

Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request.

10.0
2015-02-19 CVE-2014-8165 Powerpc Utils Project Insufficient Verification of Data Authenticity vulnerability in Powerpc-Utils Project Powerpc-Utils

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.

10.0
2015-02-16 CVE-2015-1498 Persistent Systems Permissions, Privileges, and Access Controls vulnerability in Persistent Systems Radia Client Automation

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.

10.0
2015-02-16 CVE-2015-1497 Persistent Systems Code Injection vulnerability in Persistent Systems Radia Client Automation

radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.

10.0
2015-02-16 CVE-2015-1474 Google Numeric Errors vulnerability in Google Android

Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.

10.0
2015-02-19 CVE-2014-9421 MIT Remote Code Execution vulnerability in MIT Kerberos 5 'kadmind' Daemon

The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.

9.0
2015-02-19 CVE-2014-5352 MIT Double Free Remote Code Execution vulnerability in MIT krb5 kadmind

The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.

9.0
2015-02-16 CVE-2014-9375 Lexmark Path Traversal vulnerability in Lexmark Markvision Enterprise

Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a ..

9.0

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-02-16 CVE-2015-1499 Samsung Permissions, Privileges, and Access Controls vulnerability in Samsung Security Manager 1.30

The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request.

8.5
2015-02-17 CVE-2014-8757 LG Improper Access Control vulnerability in LG On-Screen Phone 4.3.009

LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request.

8.3
2015-02-18 CVE-2015-0621 Cisco Data Processing Errors vulnerability in Cisco Telepresence MCU 4500 Series Software 4.5(1.45)

Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an unspecified series of TCP packets, aka Bug ID CSCur50347.

7.8
2015-02-20 CVE-2014-3682 Redhat Remote Security vulnerability in Jbpm-Designer 6.0.0/6.0.1/6.2.0

XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file.

7.5
2015-02-19 CVE-2015-1592 Debian
Sixapart
Injection vulnerability in multiple products

Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.

7.5
2015-02-19 CVE-2015-1587 Maarch Arbitrary File Upload vulnerability in Maarch Gec/Ged and Letterbox

Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.

7.5
2015-02-17 CVE-2015-1427 Elasticsearch Improper Access Control vulnerability in Elasticsearch

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

7.5
2015-02-22 CVE-2014-6184 IBM
Apple
HP
Linux
Oracle
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.

7.2
2015-02-20 CVE-2015-0584 Cisco Improper Input Validation vulnerability in Cisco Desktop Collaboration Experience Dx650

The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947.

7.2
2015-02-19 CVE-2015-1515 Softsphere Permissions, Privileges, and Access Controls vulnerability in Softsphere Defensewall Personal Firewall 3.24

The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call.

7.2
2015-02-16 CVE-2015-1496 Motorola Permissions, Privileges, and Access Controls vulnerability in Motorola Scanner SDK

Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.

7.2
2015-02-21 CVE-2015-0631 Cisco Race Condition vulnerability in Cisco IPS Sensor Software 7.2(1)E4/7.2(2)E4

Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections during the key-regeneration phase of an upgrade, aka Bug ID CSCui25688.

7.1
2015-02-21 CVE-2015-0618 Cisco Data Processing Errors vulnerability in Cisco Carrier Routing System and IOS XR

Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID CSCuq95241.

7.1
2015-02-19 CVE-2015-0622 Cisco Improper Input Validation vulnerability in Cisco Wireless LAN Controller

The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861.

7.1
2015-02-16 CVE-2015-0609 Cisco Race Condition vulnerability in Cisco IOS

Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752.

7.1

61 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-02-20 CVE-2015-2039 Acobot Live Chat Contact Form Project Cross-Site Request Forgery (CSRF) vulnerability in Acobot Live Chat & Contact Form Project Acobot Live Chat & Contact Form 2.0

Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or (2) conduct cross-site scripting (XSS) attacks via the acobot_token parameter in the acobot page to wp-admin/options-general.php.

6.8
2015-02-20 CVE-2014-8114 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Uberfire

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.

6.8
2015-02-20 CVE-2015-0880 Crear NE JP Buffer Errors vulnerability in Crear.Ne.Jp Al-Mail32 1.13

Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment.

6.8
2015-02-19 CVE-2015-1614 Image Metadata Cruncher Project Cross-Site Request Forgery (CSRF) vulnerability in Image Metadata Cruncher Project Image Metadata Cruncher

Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher[caption] parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page.

6.8
2015-02-19 CVE-2015-1585 Fatfreecrm Cross-Site Request Forgery (CSRF) vulnerability in Fatfreecrm FAT Free CRM

Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account.

6.8
2015-02-19 CVE-2014-9679 Apple
Canonical
Fedoraproject
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Cups

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.

6.8
2015-02-16 CVE-2015-1501 Solarwinds Code Injection vulnerability in Solarwinds Server and Application Monitor

The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary.

6.8
2015-02-16 CVE-2015-1500 Solarwinds Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Server and Application Monitor

Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load.

6.8
2015-02-16 CVE-2015-1495 Motorola Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Motorola Scanner SDK

Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx.

6.8
2015-02-20 CVE-2015-2035 Piwigo SQL Injection vulnerability in Piwigo

SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.

6.5
2015-02-20 CVE-2014-8115 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat KIE Workbench 6.0.0/6.0.1

The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors.

6.5
2015-02-19 CVE-2015-1604 Adminsystems CMS Project Improper Input Validation vulnerability in Adminsystems CMS Project Adminsystems CMS 4.0.0

Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/.

6.5
2015-02-17 CVE-2015-1616 Mcafee SQL Injection vulnerability in Mcafee Data Loss Prevention Endpoint

SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors.

6.5
2015-02-16 CVE-2015-1434 Mylittleforum SQL Injection vulnerability in Mylittleforum MY Little Forum

Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.

6.5
2015-02-19 CVE-2014-5286 Tibco Permissions, Privileges, and Access Controls vulnerability in Tibco products

The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors.

6.4
2015-02-16 CVE-2014-0227 Apache Data Processing Errors vulnerability in Apache Tomcat

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

6.4
2015-02-19 CVE-2014-9422 MIT Improper Access Control vulnerability in MIT Kerberos 5

The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.

6.1
2015-02-20 CVE-2015-1517 Piwigo SQL Injection vulnerability in Piwigo

SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.

6.0
2015-02-20 CVE-2015-0878 Almail Path Traversal vulnerability in Almail Al-Mail32

Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment.

5.8
2015-02-19 CVE-2015-1349 ISC Resource Management Errors vulnerability in ISC Bind

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

5.4
2015-02-20 CVE-2014-5355 MIT Denial of Service vulnerability in MIT Kerberos 5

MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.

5.0
2015-02-20 CVE-2015-0628 Cisco Information Exposure vulnerability in Cisco web Security Appliance

The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174.

5.0
2015-02-19 CVE-2014-3578 Pivotal Software Path Traversal vulnerability in Pivotal Software Spring Framework

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

5.0
2015-02-19 CVE-2014-9465 Fedoraproject
Zarafa
Resource Management Errors vulnerability in multiple products

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.

5.0
2015-02-19 CVE-2012-6687 Fastcgi Improper Input Validation vulnerability in Fastcgi Fcgi 2.4.0

FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections.

5.0
2015-02-19 CVE-2014-9423 MIT Information Exposure vulnerability in MIT Kerberos 5

The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.

5.0
2015-02-19 CVE-2014-6304 Pnmsoft Information Exposure vulnerability in Pnmsoft Sequence Kinetics 7.5

The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors.

5.0
2015-02-19 CVE-2014-6303 Pnmsoft Resource Management Errors vulnerability in Pnmsoft Sequence Kinetics 7.5

The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 do not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

5.0
2015-02-19 CVE-2014-6302 Pnmsoft Remote Security vulnerability in Pnmsoft Sequence Kinetics 7.5

The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.0
2015-02-18 CVE-2015-1358 Siemens Cryptographic Issues vulnerability in Siemens Wincc 13.0

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack.

5.0
2015-02-18 CVE-2015-0617 Cisco Resource Management Errors vulnerability in Cisco ASR 5000 Series Software

Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13393.

5.0
2015-02-16 CVE-2015-0268 XEN Improper Input Validation vulnerability in XEN 4.5.0

The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register.

4.9
2015-02-17 CVE-2015-0247 E2Fsprogs Project
Debian
Canonical
Fedoraproject
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

4.6
2015-02-18 CVE-2015-1356 Siemens Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.

4.4
2015-02-21 CVE-2015-0624 Cisco Improper Input Validation vulnerability in Cisco products

The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639.

4.3
2015-02-20 CVE-2015-2040 Cfdbplugin Cross-Site Scripting vulnerability in Cfdbplugin Contact Form DB 2.8.26

Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php.

4.3
2015-02-20 CVE-2015-2034 Piwigo Cross-Site Scripting vulnerability in Piwigo

Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.

4.3
2015-02-20 CVE-2015-0167 Textangular Cross-Site Scripting vulnerability in Textangular 1.3.6

Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in textAngular before 1.3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the editor.

4.3
2015-02-20 CVE-2015-0881 Squid Cache HTTP Header Injection vulnerability in Squid

CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.

4.3
2015-02-20 CVE-2015-0879 Almail Improper Input Validation vulnerability in Almail Al-Mail32

CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment.

4.3
2015-02-19 CVE-2015-1879 Google DOC Embedder Cross-Site Scripting vulnerability in Google DOC Embedder Google DOC Embedder 2.5.18

Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php.

4.3
2015-02-19 CVE-2015-1603 Adminsystems CMS Project Cross-Site Scripting vulnerability in Adminsystems CMS Project Adminsystems CMS 4.0.0

Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php.

4.3
2015-02-19 CVE-2014-9468 Instantasp Cross-Site Scripting vulnerability in Instantasp Instantforum

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the SessionID parameter to (1) Join.aspx or (2) Logon.aspx.

4.3
2015-02-19 CVE-2014-8690 Exponentcms Cross-Site Scripting vulnerability in Exponentcms Exponent CMS

Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) "First Name" or (4) "Last Name" field to users/edituser.

4.3
2015-02-19 CVE-2014-6301 Pnmsoft Cross-Site Scripting vulnerability in Pnmsoft Sequence Kinetics 7.5

Multiple cross-site scripting (XSS) vulnerabilities in the tables-management module in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-02-19 CVE-2015-0626 Cisco Improper Input Validation vulnerability in Cisco Hosted Collaboration Solution

The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114.

4.3
2015-02-19 CVE-2015-0623 Cisco Cross-Site Scripting vulnerability in Cisco web Security Appliance

Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627.

4.3
2015-02-18 CVE-2015-0108 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109.

4.3
2015-02-17 CVE-2015-1494 Fancybox Project Cross-Site Scripting vulnerability in Fancybox Project Fancybox 3.0.2

The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfw[padding] parameter and exploited in the wild in February 2015.

4.3
2015-02-16 CVE-2015-1436 Easing Slider Project Cross-Site Scripting vulnerability in Easing Slider Project Easing Slider

Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php.

4.3
2015-02-16 CVE-2015-1435 Mylittleforum Cross-Site Scripting vulnerability in Mylittleforum MY Little Forum

Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php.

4.3
2015-02-16 CVE-2014-6137 IBM Cross-Site Scripting vulnerability in IBM Tivoli Endpoint Manager

Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-02-16 CVE-2014-6113 IBM Cross-Site Scripting vulnerability in IBM Tivoli Endpoint Manager

Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-02-18 CVE-2015-0620 Cisco Improper Input Validation vulnerability in Cisco Telepresence Management Suite

The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494.

4.0
2015-02-17 CVE-2015-1618 Mcafee Information Exposure vulnerability in Mcafee Data Loss Prevention Endpoint

The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL.

4.0
2015-02-17 CVE-2014-9466 Open Xchange Permissions, Privileges, and Access Controls vulnerability in Open-Xchange Appsuite 7.4.2/7.6.0/7.6.1

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."

4.0
2015-02-17 CVE-2014-8023 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance Software

Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533.

4.0
2015-02-17 CVE-2014-6194 IBM Path Traversal vulnerability in IBM products

Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a ..

4.0
2015-02-16 CVE-2015-1613 Rhodecode Information Exposure vulnerability in Rhodecode Enterprise 2.2.6

RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method.

4.0
2015-02-16 CVE-2015-0260 Kallithea
Rhodecode
Information Exposure vulnerability in multiple products

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.

4.0
2015-02-16 CVE-2015-1608 Topline Systems Permissions, Privileges, and Access Controls vulnerability in Topline Systems Opportunity Form

Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-02-20 CVE-2014-0005 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat products

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.

3.6
2015-02-18 CVE-2015-0109 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108.

3.5
2015-02-17 CVE-2015-1621 Webform Prepopulate Block Project Cross-Site Scripting vulnerability in Webform Prepopulate Block Project Webform Prepopulate Block 7.X3.0

Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2015-02-17 CVE-2015-1619 Mcafee Cross-Site Scripting vulnerability in Mcafee Email Gateway

Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages.

3.5
2015-02-17 CVE-2015-1617 Mcafee Cross-Site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint

Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2015-02-19 CVE-2014-1832 Phusion Incomplete Fix Insecure Temporary File Creation vulnerability in Ruby Phusion Passenger

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.

2.1
2015-02-19 CVE-2014-1831 Phusion Unspecified vulnerability in Phusion Passenger

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.

2.1
2015-02-19 CVE-2014-6147 IBM Information Exposure vulnerability in IBM Flex System Manager

IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors.

2.1
2015-02-18 CVE-2015-1355 Siemens Cryptographic Issues vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.

2.1
2015-02-17 CVE-2014-6102 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.

2.1
2015-02-19 CVE-2015-1197 GNU Directory Traversal vulnerability in GNU Cpio 2.11

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.

1.9