Weekly Vulnerabilities Reports > March 2 to 8, 2015
Overview
45 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 62 products from 27 vendors including Siemens, Cisco, IBM, Ninjaforms, and Bestwebsoft. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Improper Input Validation", "SQL Injection", and "Permissions, Privileges, and Access Controls".
- 41 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 36 reported vulnerabilities are exploitable by an anonymous user.
- Siemens has the most reported vulnerabilities, with 8 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-03-06 | CVE-2014-8891 | IBM | Remote Privilege Escalation vulnerability in IBM Java SDK Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. | 10.0 |
8 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-03-07 | CVE-2015-2177 | Siemens | Improper Input Validation vulnerability in Siemens Simatic S7-300 CPU and Simatic S7-300 CPU Firmware Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. | 7.8 |
2015-03-07 | CVE-2014-9369 | Siemens | Improper Input Validation vulnerability in Siemens products Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets. | 7.8 |
2015-03-06 | CVE-2014-8892 | IBM | Remote Information Disclosure vulnerability in IBM Java SDK Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager. | 7.8 |
2015-03-06 | CVE-2015-1483 | Symantec Linux | Improper Input Validation vulnerability in Symantec Netbackup Opscenter Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | 7.5 |
2015-03-05 | CVE-2014-9688 | Ninjaforms | Remote Security vulnerability in Ninja Forms Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. | 7.5 |
2015-03-05 | CVE-2015-2216 | Photocati Media | SQL Injection vulnerability in Photocati Media Photocrati 4.07 SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. | 7.5 |
2015-03-03 | CVE-2015-2196 | WEB Dorado | SQL Injection vulnerability in Web-Dorado Spider Calendar 1.4.9 SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. | 7.5 |
2015-03-06 | CVE-2015-1170 | Nvidia | Permissions, Privileges, and Access Controls vulnerability in Nvidia products The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API calls. | 7.2 |
32 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-03-07 | CVE-2015-1594 | Siemens | Unspecified vulnerability in Siemens products Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file. | 6.9 |
2015-03-07 | CVE-2015-1597 | Siemens | Code Injection vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream. | 6.8 |
2015-03-07 | CVE-2015-0895 | Tips AND Tricks HQ | Cross-Site Request Forgery (CSRF) vulnerability in ONE Wordpress Security and Firewall 3.8.2/3.8.7/3.8.9 Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes. | 6.8 |
2015-03-06 | CVE-2015-0598 | Cisco | Data Processing Errors vulnerability in Cisco IOS and IOS XE The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. | 6.8 |
2015-03-06 | CVE-2014-2130 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. | 6.5 |
2015-03-04 | CVE-2015-0934 | Sharelatex | Command Injection vulnerability in Sharelatex 0.1.2 Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | 6.5 |
2015-03-03 | CVE-2015-2199 | Wonderplugin | SQL Injection vulnerability in Wonderplugin Audio Player 2.0 Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. | 6.5 |
2015-03-03 | CVE-2015-2194 | Digitalnature | Unspecified vulnerability in Digitalnature Fusion 3.1 Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors. | 6.5 |
2015-03-07 | CVE-2015-0894 | Tips AND Tricks HQ | SQL Injection vulnerability in ONE Wordpress Security and Firewall 3.8.2/3.8.7 SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 6.0 |
2015-03-07 | CVE-2015-1596 | Siemens | Cryptographic Issues vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2015-03-05 | CVE-2015-2215 | Services Single Sign ON Server Helper Project | Unspecified vulnerability in Services Single Sign-On Server Helper Project Services Single Sign-On Server Helper Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | 5.8 |
2015-03-06 | CVE-2015-0659 | Cisco | Security vulnerability in Cisco IOS Autonomic Networking Infrastructure The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157. | 5.0 |
2015-03-06 | CVE-2015-0657 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. | 5.0 |
2015-03-05 | CVE-2015-2214 | Netcat | Information Exposure vulnerability in Netcat NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php. | 5.0 |
2015-03-04 | CVE-2015-2209 | Dlguard | Information Exposure vulnerability in Dlguard 4.5 DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php. | 5.0 |
2015-03-03 | CVE-2015-0890 | Bestwebsoft | Unspecified vulnerability in Bestwebsoft Google Captcha 1.12 The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. | 5.0 |
2015-03-03 | CVE-2014-9283 | Bestwebsoft | Unspecified vulnerability in Bestwebsoft Captcha 4.0.6 The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. | 5.0 |
2015-03-07 | CVE-2015-1595 | Siemens | Information Exposure vulnerability in Siemens Spcanywhere 1.4/1.4.1 The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream. | 4.3 |
2015-03-06 | CVE-2015-1637 | Microsoft | Cryptographic Issues vulnerability in Microsoft products Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067. | 4.3 |
2015-03-06 | CVE-2015-0607 | Cisco | Improper Authentication vulnerability in Cisco IOS The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. | 4.3 |
2015-03-05 | CVE-2015-2220 | Ninjaforms | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php. | 4.3 |
2015-03-05 | CVE-2015-2218 | Magic Hills | Cross-site Scripting vulnerability in Magic Hills Wonderplugin Audio Player 2.0 Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. | 4.3 |
2015-03-05 | CVE-2015-0893 | Maroyaka Relay Novel Project | Cross-site Scripting vulnerability in Maroyaka Relay Novel Project Maroyaka Relay Novel Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-03-05 | CVE-2015-0892 | Maroyaka Image Album Project | Cross-site Scripting vulnerability in Maroyaka Image Album Project Maroyaka Image Album Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-03-05 | CVE-2015-0891 | Maroyaka Simple Board Project | Cross-site Scripting vulnerability in Maroyaka Simple Board Project Maroyaka Simple Board Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-03-04 | CVE-2014-8617 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortimail Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. | 4.3 |
2015-03-04 | CVE-2015-0656 | Cisco | Cross-site Scripting vulnerability in Cisco Network Analysis Module Firmware 6.0(2) Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. | 4.3 |
2015-03-03 | CVE-2015-2198 | Beehive Forum | Cross-site Scripting vulnerability in Beehive Forum Beehive Forum 1.4.4 Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message. | 4.3 |
2015-03-03 | CVE-2015-2195 | WP Media Cleaner Project | Cross-site Scripting vulnerability in WP Media Cleaner Project WP Media Cleaner 2.2.6 Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php. | 4.3 |
2015-03-03 | CVE-2014-7896 | HP | Cross-site Scripting vulnerability in HP products Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-03-02 | CVE-2014-8921 | IBM | Information Exposure vulnerability in IBM Notes Traveler Companion 1.0/1.1 The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message. | 4.3 |
2015-03-06 | CVE-2015-0661 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-03-04 | CVE-2015-0933 | Sharelatex | Path Traversal vulnerability in Sharelatex 0.1.2 Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command. | 3.5 |
2015-03-03 | CVE-2015-2197 | Entity API Project | Cross-site Scripting vulnerability in Entity API Project Entity API Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API. | 3.5 |
2015-03-07 | CVE-2015-1599 | Siemens | Permissions, Privileges, and Access Controls vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. | 2.1 |
2015-03-07 | CVE-2015-1598 | Siemens | Information Exposure vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem. | 2.1 |