Weekly Vulnerabilities Reports > February 23 to March 1, 2015

Overview

86 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 113 products from 62 vendors including Mozilla, Canonical, Opensuse, Cisco, and D Link. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Resource Management Errors", and "SQL Injection".

  • 79 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 29 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 79 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • D Link has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-02-28 CVE-2014-9682 DNS Sync Project Command Injection vulnerability in Dns-Sync Project Dns-Sync 0.1.0

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

10.0
2015-02-27 CVE-2015-0977 Network Vision OS Command Injection vulnerability in Network Vision Intravue 2.3.0A11

Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.

10.0
2015-02-24 CVE-2015-0240 Redhat
Samba
Novell
Canonical
Code vulnerability in multiple products

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

10.0
2015-02-23 CVE-2015-2052 D Link Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dir-645 Firmware 1.03/1.04

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev.

10.0
2015-02-23 CVE-2015-2051 D Link Command Injection vulnerability in D-Link Dir-645 Firmware 1.03/1.04

The D-Link DIR-645 Wired/Wireless Router Rev.

10.0
2015-02-23 CVE-2015-2050 D Link Remote Command Injection vulnerability in D-Link Dap-1320 Firmware 1.11

D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors.

10.0
2015-02-23 CVE-2015-2049 D Link Unspecified vulnerability in D-Link Dcs-931L Firmware 1.04

Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

9.0

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-02-27 CVE-2015-1414 Netgate
Debian
Freebsd
Remote Denial of Service vulnerability in FreeBSD

Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10.

7.8
2015-02-24 CVE-2014-9402 GNU
Canonical
Opensuse
Resource Management Errors vulnerability in multiple products

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

7.8
2015-02-23 CVE-2015-2055 Zhone Technologies Improper Input Validation vulnerability in Zhone Technologies Gpon 2520 Firmware R4.0.2.566B

Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter.

7.8
2015-02-28 CVE-2015-0889 Kent WEB Security Bypass vulnerability in Kent-Web Joyful Note 2.8/5.21/5.3

KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article.

7.5
2015-02-27 CVE-2015-2102 Clip Bucket SQL Injection vulnerability in Clip-Bucket Clipbucket 2.7

SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.

7.5
2015-02-26 CVE-2015-2090 Sympies SQL Injection vulnerability in Sympies Wordpress Survey and Poll 1.1.7

SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.

7.5
2015-02-25 CVE-2015-0836 Mozilla Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5
2015-02-25 CVE-2015-0835 Mozilla Memory Corruption vulnerability in Mozilla Firefox/Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5
2015-02-25 CVE-2015-0823 Canonical
Opentype Sanitiser Project
Mozilla
Opensuse
Use After Free Denial of Service vulnerability in Mozilla Firefox

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function.

7.5
2015-02-24 CVE-2015-2070 Etouch SQL Injection vulnerability in Etouch Samepage 4.4.0.0.239

SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.

7.5
2015-02-24 CVE-2015-2066 Dlguard SQL Injection vulnerability in Dlguard 4.5

SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.

7.5
2015-02-24 CVE-2015-2065 Apptha SQL Injection vulnerability in Apptha Wordpress Video Gallery 2.7

SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.

7.5
2015-02-24 CVE-2015-1605 Dell SQL Injection vulnerability in Dell Asset Manager 9.0.0

Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx.

7.5
2015-02-23 CVE-2015-1315 Canonical
Info ZIP
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.

7.5
2015-02-28 CVE-2015-0887 IIJ Resource Management Errors vulnerability in IIJ products

npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.70 allows remote attackers to cause a denial of service (infinite loop and device hang) via a crafted SSTP packet.

7.1

59 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-02-28 CVE-2015-0884 Toshiba
Microsoft
Unspecified vulnerability in Toshiba Bluetooth Stack and Service Station

Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

6.9
2015-02-25 CVE-2015-0833 Opensuse
Mozilla
Microsoft
DLL Loading Arbitrary Code Execution vulnerability in Mozilla Firefox Firefox ESR and Thunderbird

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll.

6.9
2015-02-28 CVE-2014-9676 Ffmpeg Denial-Of-Service vulnerability in FFmpeg

The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

6.8
2015-02-27 CVE-2015-0883 Synck Graphica Remote Code Execution vulnerability in Synck Graphica Mailform PRO CGI 4.1.4/4.1.5

SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5, when the mailauth module is enabled, does not properly send e-mail messages, which allows remote attackers to execute arbitrary code via unspecified vectors.

6.8
2015-02-27 CVE-2015-0651 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Application Networking Manager

Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753.

6.8
2015-02-26 CVE-2015-2089 Crossslide Jquery Project Cross-Site Request Forgery (CSRF) vulnerability in Crossslide Jquery Project Crossslide Jquery 2.0.5

Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) csj_width, (3) csj_height, (4) csj_sleep, (5) csj_fade, or (6) upload_image parameter in the thisismyurl_csj.php page to wp-admin/options-general.php.

6.8
2015-02-26 CVE-2015-0633 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876.

6.8
2015-02-25 CVE-2015-2084 Cybernetikz Cross-Site Request Forgery (CSRF) vulnerability in Cybernetikz Easy Social Icons 1.2.2

Cross-site request forgery (CSRF) vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the image_file parameter in an edit action in the cnss_social_icon_add page to wp-admin/admin.php.

6.8
2015-02-25 CVE-2015-2083 Ilch Cross-Site Request Forgery (CSRF) vulnerability in Ilch CMS

Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php.

6.8
2015-02-25 CVE-2015-0831 Mozilla
Canonical
Redhat
Use After Free Denial of Service vulnerability in Mozilla Firefox and Thunderbird

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.

6.8
2015-02-25 CVE-2015-0829 Canonical
Opensuse
Mozilla
Oracle
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

6.8
2015-02-25 CVE-2015-0828 Oracle
Mozilla
Opensuse
Double Free Memory Corruption vulnerability in Mozilla Firefox

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data.

6.8
2015-02-25 CVE-2015-0826 Mozilla
Opensuse
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation.

6.8
2015-02-25 CVE-2015-0821 Mozilla
Opensuse
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.

6.8
2015-02-24 CVE-2015-0555 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Ipolis Device Manager 1.12.2

Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.

6.8
2015-02-23 CVE-2015-2048 D Link Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dcs-931L Firmware 1.04

Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2015-02-26 CVE-2015-2087 Avatar Uploader Project Unspecified vulnerability in Avatar Uploader Project Avatar Uploader 6.X1.0/6.X1.1/6.X1.2

Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.

6.5
2015-02-28 CVE-2015-0888 Kent WEB Arbitrary File Deletion vulnerability in Kent-Web Clip Board 2.91/4.02/4.1

KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors.

6.4
2015-02-27 CVE-2015-0632 Cisco Race Condition vulnerability in Cisco IOS and IOS XE

Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.

5.7
2015-02-28 CVE-2015-0886 Mindrot
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

5.0
2015-02-28 CVE-2015-0885 Debian
Checkpw Project
Resource Management Errors vulnerability in multiple products

checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

5.0
2015-02-27 CVE-2015-2076 SAP Information Exposure vulnerability in SAP Businessobjects Edge 4.0

The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.

5.0
2015-02-27 CVE-2015-2075 SAP Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects Edge 4.0

SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.

5.0
2015-02-25 CVE-2015-0832 Opensuse
Canonical
Mozilla
7PK - Security Features vulnerability in multiple products

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing .

5.0
2015-02-25 CVE-2015-0830 Canonical
Mozilla
Opensuse
Resource Management Errors vulnerability in multiple products

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.

5.0
2015-02-25 CVE-2015-0824 Opensuse
Canonical
Mozilla
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.

5.0
2015-02-24 CVE-2015-2078 Komodia Cryptographic Issues vulnerability in Komodia Redirector SDK

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc.

5.0
2015-02-24 CVE-2015-2077 Komodia Information Exposure vulnerability in Komodia Redirector SDK

The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc.

5.0
2015-02-24 CVE-2014-9282 Speed Software Path Traversal vulnerability in Speed Software Explorer and Root Explorer

Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename.

5.0
2015-02-24 CVE-2014-6115 IBM Information Exposure vulnerability in IBM Rational Insight 1.1.1.5

IBM Rational Insight 1.1.1.5 allows remote attackers to bypass authentication and obtain sensitive information via a crafted request to a Jazz Reporting Service (JRS) report URL.

5.0
2015-02-24 CVE-2015-2067 Magmi Path Traversal vulnerability in Magmi Project Magmi

Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a ..

5.0
2015-02-24 CVE-2013-7423 Redhat
Opensuse
Canonical
GNU
Code vulnerability in multiple products

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

5.0
2015-02-23 CVE-2015-1589 Archmage Project Path Traversal vulnerability in Archmage Project Archmage 0.2.4

Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a ..

5.0
2015-02-24 CVE-2015-1572 E2Fsprogs Project
Debian
Canonical
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty.

4.6
2015-02-28 CVE-2015-0655 Cisco Cross-site Scripting vulnerability in Cisco Unified web and E-Mail Interaction Manager

Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

4.3
2015-02-27 CVE-2015-2103 Cosmoshop Cross-site Scripting vulnerability in Cosmoshop

Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter).

4.3
2015-02-27 CVE-2015-2101 Impliedbydesign Cross-site Scripting vulnerability in Impliedbydesign Navigate 6.X1.0/7.X1.0

Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-02-27 CVE-2015-2072 SAP Cross-site Scripting vulnerability in SAP Hana 1.00.73.00.389160/1.00.80.00.391861

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676.

4.3
2015-02-27 CVE-2015-0882 ZEN Cart Cross-site Scripting vulnerability in Zen-Cart ZEN Cart

Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php.

4.3
2015-02-27 CVE-2015-0594 Cisco Cross-site Scripting vulnerability in Cisco Prime LAN Management Solution and Security Manager

Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263.

4.3
2015-02-26 CVE-2015-2088 Term Queue Project Cross-site Scripting vulnerability in Term Queue Project Term Queue 6.X1.0

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2015-02-25 CVE-2015-2082 Unit4 Cross-site Scripting vulnerability in Unit4 Prosoft Hrms 8.14.230.47

Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to inject arbitrary web script or HTML via the txtUserID parameter.

4.3
2015-02-25 CVE-2015-2043 Visualware Cross-site Scripting vulnerability in Visualware Myconnection Server 8.2B

Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the (1) bt, (2) variable, or (3) et parameter to myspeed/db/historyitem.

4.3
2015-02-25 CVE-2014-9685 Vanillaforums Cross-site Scripting vulnerability in Vanillaforums Vanilla and Vanilla Forums

Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-02-25 CVE-2015-0834 Canonical
Opensuse
Mozilla
Information Exposure vulnerability in multiple products

The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window.

4.3
2015-02-25 CVE-2015-0827 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.

4.3
2015-02-25 CVE-2015-0825 Canonical
Opensuse
Mozilla
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.

4.3
2015-02-25 CVE-2015-0822 Mozilla Information Exposure vulnerability in Mozilla Firefox and Thunderbird

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

4.3
2015-02-25 CVE-2015-0819 Mozilla
Opensuse
Canonical
Data Processing Errors vulnerability in multiple products

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site.

4.3
2015-02-24 CVE-2015-2069 Woothemes Cross-site Scripting vulnerability in Woothemes Woocommerce 2.2.10

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php.

4.3
2015-02-24 CVE-2015-2068 Magmi Cross-site Scripting vulnerability in Magmi Project Magmi

Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.

4.3
2015-02-24 CVE-2015-2064 Dlguard Cross-site Scripting vulnerability in Dlguard 4.5/4.6/5.0

Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) c, or (3) redirect parameter to index.php or (4) search field (searchTerm parameter) in the main page.

4.3
2015-02-23 CVE-2015-2054 Sierra Wireless Unspecified vulnerability in Sierra Wireless products

CRLF injection vulnerability in export.cfg in the web-based administrative console for Sierra Wireless AirCard 760S, 762S, and 763S allows remote attackers to inject arbitrary headers via CRLF sequences in the save parameter.

4.3
2015-02-23 CVE-2015-2053 Mcafee Improper Input Validation vulnerability in Mcafee Agent 4.8.0/5.0.0

The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability.

4.3
2015-02-23 CVE-2014-7922 Google Permissions, Privileges, and Access Controls vulnerability in Google Play Services SDK

The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument.

4.3
2015-02-24 CVE-2015-2071 Etouch Path Traversal vulnerability in Etouch Samepage 4.4.0.0.239

Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a ..

4.0
2015-02-24 CVE-2015-1881 Openstack Resource Management Errors vulnerability in Openstack Image Registry and Delivery Service (Glance) 2014.2/2014.2.1/2014.2.2

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684.

4.0
2015-02-24 CVE-2014-9684 Openstack Resource Management Errors vulnerability in Openstack Image Registry and Delivery Service (Glance) 2014.2/2014.2.1/2014.2.2

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

4.0
2015-02-24 CVE-2014-8487 Kony Information Exposure vulnerability in Kony Enterprise Mobile Management 1.2

Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earlier allows remote authenticated users to read (1) arbitrary messages via the messageId parameter to selfservice/managedevice/getMessageBody or (2) requests via the requestId parameter to selfservice/devicemgmt/getDeviceInfoTab.htm.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-02-26 CVE-2015-2086 Panopoly Magic Project Cross-site Scripting vulnerability in Panopoly Magic Project Panopoly Magic 7.X1.16

Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.

3.5
2015-02-25 CVE-2015-0820 Opensuse
Mozilla
Canonical
Improper Access Control vulnerability in multiple products

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.

2.6
2015-02-23 CVE-2015-2047 Typo3
Debian
Improper Authentication vulnerability in multiple products

The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.

2.6
2015-02-24 CVE-2014-4818 IBM Information Exposure vulnerability in IBM Tivoli Storage Manager

dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors.

2.1
2015-02-23 CVE-2015-1426 Puppet
Puppetlabs
Information Exposure vulnerability in multiple products

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

2.1