Weekly Vulnerabilities Reports > March 2 to 8, 2015

Overview

57 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 83 products from 37 vendors including Siemens, Opensuse, Cisco, Debian, and Oracle. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Information Exposure", "Numeric Errors", and "SQL Injection".

  • 49 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 48 reported vulnerabilities are exploitable by an anonymous user.
  • Siemens has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-06 CVE-2014-8891 IBM Remote Privilege Escalation vulnerability in IBM Java SDK

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.

10.0

8 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-07 CVE-2015-2177 Siemens Improper Input Validation vulnerability in Siemens Simatic S7-300 CPU and Simatic S7-300 CPU Firmware

Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.

7.8
2015-03-07 CVE-2014-9369 Siemens Improper Input Validation vulnerability in Siemens products

Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets.

7.8
2015-03-06 CVE-2014-8892 IBM Remote Information Disclosure vulnerability in IBM Java SDK

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.

7.8
2015-03-06 CVE-2015-1483 Symantec
Linux
Improper Input Validation vulnerability in Symantec Netbackup Opscenter

Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors.

7.5
2015-03-05 CVE-2014-9688 Ninjaforms Remote Security vulnerability in Ninja Forms

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.

7.5
2015-03-05 CVE-2015-2216 Photocati Media SQL Injection vulnerability in Photocati Media Photocrati 4.07

SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter.

7.5
2015-03-03 CVE-2015-2196 WEB Dorado SQL Injection vulnerability in Web-Dorado Spider Calendar 1.4.9

SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.

7.5
2015-03-06 CVE-2015-1170 Nvidia Permissions, Privileges, and Access Controls vulnerability in Nvidia products

The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API calls.

7.2

41 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-07 CVE-2015-1594 Siemens Unspecified vulnerability in Siemens products

Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file.

6.9
2015-03-07 CVE-2015-1597 Siemens Code Injection vulnerability in Siemens Spcanywhere

The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream.

6.8
2015-03-07 CVE-2015-0895 Tips AND Tricks HQ Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ ALL in ONE Wordpress Security and Firewall 3.8.2/3.8.7/3.8.9

Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.

6.8
2015-03-06 CVE-2015-0598 Cisco Data Processing Errors vulnerability in Cisco IOS and IOS XE

The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693.

6.8
2015-03-06 CVE-2014-2130 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System

Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189.

6.5
2015-03-04 CVE-2015-0934 Sharelatex Command Injection vulnerability in Sharelatex 0.1.2

Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename.

6.5
2015-03-03 CVE-2015-2199 Wonderplugin SQL Injection vulnerability in Wonderplugin Audio Player 2.0

Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.

6.5
2015-03-03 CVE-2015-2194 Digitalnature Unspecified vulnerability in Digitalnature Fusion 3.1

Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors.

6.5
2015-03-07 CVE-2015-0894 Tips AND Tricks HQ SQL Injection vulnerability in Tips and Tricks HQ ALL in ONE Wordpress Security and Firewall 3.8.2/3.8.7

SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

6.0
2015-03-07 CVE-2015-1596 Siemens Cryptographic Issues vulnerability in Siemens Spcanywhere

The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2015-03-05 CVE-2015-2215 Services Single Sign ON Server Helper Project Unspecified vulnerability in Services Single Sign-On Server Helper Project Services Single Sign-On Server Helper

Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.

5.8
2015-03-08 CVE-2015-2192 Wireshark
Opensuse
Numeric Errors vulnerability in multiple products

Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.

5.0
2015-03-08 CVE-2015-2191 Debian
Mageia
Wireshark
Opensuse
Numeric Errors vulnerability in multiple products

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.

5.0
2015-03-08 CVE-2015-2190 Opensuse
Wireshark
Oracle
Data Processing Errors vulnerability in multiple products

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.

5.0
2015-03-08 CVE-2015-2189 Wireshark
Oracle
Opensuse
Debian
Mageia
Numeric Errors vulnerability in multiple products

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

5.0
2015-03-08 CVE-2015-2188 Wireshark
Mageia
Opensuse
Debian
Oracle
Data Processing Errors vulnerability in multiple products

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.

5.0
2015-03-08 CVE-2015-2187 Opensuse
Wireshark
Improper Input Validation vulnerability in multiple products

The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.

5.0
2015-03-08 CVE-2015-0228 Apache
Canonical
Apple
Opensuse
Improper Input Validation vulnerability in multiple products

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

5.0
2015-03-06 CVE-2015-0659 Cisco Security vulnerability in Cisco IOS Autonomic Networking Infrastructure

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157.

5.0
2015-03-06 CVE-2015-0657 Cisco Improper Input Validation vulnerability in Cisco IOS XR

Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192.

5.0
2015-03-05 CVE-2015-2214 Netcat Information Exposure vulnerability in Netcat

NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php.

5.0
2015-03-04 CVE-2015-2209 Dlguard Information Exposure vulnerability in Dlguard 4.5

DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.

5.0
2015-03-03 CVE-2015-0890 Bestwebsoft Unspecified vulnerability in Bestwebsoft Google Captcha 1.12

The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

5.0
2015-03-03 CVE-2014-9283 Bestwebsoft Unspecified vulnerability in Bestwebsoft Captcha 4.0.6

The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

5.0
2015-03-02 CVE-2014-8160 Linux
Opensuse
Suse
Redhat
Debian
Canonical
Improper Input Validation vulnerability in Linux Kernel

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

5.0
2015-03-02 CVE-2015-0239 Linux
Canonical
Debian
Oracle
Redhat
Improper Privilege Management vulnerability in Linux Kernel

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.

4.4
2015-03-07 CVE-2015-1595 Siemens Information Exposure vulnerability in Siemens Spcanywhere 1.4/1.4.1

The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream.

4.3
2015-03-06 CVE-2015-1637 Microsoft Cryptographic Issues vulnerability in Microsoft products

Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.

4.3
2015-03-06 CVE-2015-0607 Cisco Improper Authentication vulnerability in Cisco IOS

The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.

4.3
2015-03-05 CVE-2015-2220 Ninjaforms Cross-Site Scripting vulnerability in Ninjaforms Ninja Forms

Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.

4.3
2015-03-05 CVE-2015-2218 Magic Hills Cross-Site Scripting vulnerability in Magic Hills Wonderplugin Audio Player 2.0

Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.

4.3
2015-03-05 CVE-2015-0893 Maroyaka Relay Novel Project Cross-Site Scripting vulnerability in Maroyaka Relay Novel Project Maroyaka Relay Novel

Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-03-05 CVE-2015-0892 Maroyaka Image Album Project Cross-Site Scripting vulnerability in Maroyaka Image Album Project Maroyaka Image Album

Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-03-05 CVE-2015-0891 Maroyaka Simple Board Project Cross-Site Scripting vulnerability in Maroyaka Simple Board Project Maroyaka Simple Board

Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-03-04 CVE-2014-8617 Fortinet Cross-Site Scripting vulnerability in Fortinet Fortimail

Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol.

4.3
2015-03-04 CVE-2015-0656 Cisco Cross-Site Scripting vulnerability in Cisco Network Analysis Module Firmware 6.0(2)

Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269.

4.3
2015-03-03 CVE-2015-2198 Beehive Forum Cross-Site Scripting vulnerability in Beehive Forum Beehive Forum 1.4.4

Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message.

4.3
2015-03-03 CVE-2015-2195 WP Media Cleaner Project Cross-Site Scripting vulnerability in WP Media Cleaner Project WP Media Cleaner 2.2.6

Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php.

4.3
2015-03-03 CVE-2014-7896 HP Cross-Site Scripting vulnerability in HP products

Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-03-02 CVE-2014-8921 IBM Information Exposure vulnerability in IBM Notes Traveler Companion 1.0/1.1

The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message.

4.3
2015-03-06 CVE-2015-0661 Cisco Improper Input Validation vulnerability in Cisco IOS XR

The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-03 CVE-2014-9683 Canonical
Linux
Numeric Errors vulnerability in multiple products

Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

3.6
2015-03-04 CVE-2015-0933 Sharelatex Path Traversal vulnerability in Sharelatex 0.1.2

Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.

3.5
2015-03-03 CVE-2015-2197 Entity API Project Cross-Site Scripting vulnerability in Entity API Project Entity API

Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.

3.5
2015-03-07 CVE-2015-1599 Siemens Permissions, Privileges, and Access Controls vulnerability in Siemens Spcanywhere

The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.

2.1
2015-03-07 CVE-2015-1598 Siemens Information Exposure vulnerability in Siemens Spcanywhere

The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem.

2.1
2015-03-02 CVE-2014-9644 Linux
Debian
Canonical
Oracle
Improper Privilege Management vulnerability in Linux Kernel

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.

2.1
2015-03-02 CVE-2013-7421 Canonical
Debian
Linux
Oracle
Improper Privilege Management vulnerability in multiple products

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

2.1