Weekly Vulnerabilities Reports > May 18 to 24, 2015

Overview

47 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 80 products from 40 vendors including IBM, Cisco, Canonical, Huawei, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Access Control".

  • 41 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 14 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 39 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

10 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-05-21 CVE-2015-3036 Kcodes Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kcodes Netusb

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005.

10.0
2015-05-20 CVE-2015-1903 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.

10.0
2015-05-20 CVE-2015-1902 IBM Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.

10.0
2015-05-20 CVE-2015-1920 IBM Improper Access Control vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.

10.0
2015-05-19 CVE-2015-3408 Module Signature Project
Canonical
Command Injection vulnerability in multiple products

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

10.0
2015-05-19 CVE-2015-1845 Unzoo Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unzoo

Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors.

10.0
2015-05-18 CVE-2015-3306 Proftpd Improper Access Control vulnerability in Proftpd 1.3.5

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

10.0
2015-05-18 CVE-2014-8383 Infocus Authentication Bypass vulnerability in Infocus In3128Hd Firmware 0.26

The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html.

10.0
2015-05-18 CVE-2014-8384 Infocus Authentication Bypass vulnerability in Infocus In3128Hd Firmware 0.26

The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request.

9.4
2015-05-21 CVE-2015-3911 Huawei Improper Access Control vulnerability in Huawei E587 Mobile Wifi Firmware

Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors.

9.0

7 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-05-19 CVE-2015-1846 Unzoo Resource Management Errors vulnerability in Unzoo

unzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling.

7.8
2015-05-18 CVE-2015-3629 Docker
Opensuse
Link Following vulnerability in multiple products

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

7.8
2015-05-18 CVE-2015-1868 Powerdns
Fedoraproject
Resource Management Errors vulnerability in multiple products

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

7.8
2015-05-20 CVE-2015-1188 Swisscom Unspecified vulnerability in Swisscom Centro Grande Firmware 6.12.02

The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors.

7.5
2015-05-20 CVE-2012-1665 Oscmax SQL Injection vulnerability in Oscmax 2.5.0

Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.

7.5
2015-05-19 CVE-2015-3409 Module Signature Project
Canonical
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
7.2
2015-05-18 CVE-2015-2667 Gns3 Search Path Local Privilege Escalation vulnerability in Gns3 1.2.3

Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory.

7.2

24 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-05-21 CVE-2012-1978 Simple PHP Agenda Project Cross-Site Request Forgery (CSRF) vulnerability in Simple PHP Agenda Project Simple PHP Agenda 2.2.8

Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.

6.8
2015-05-21 CVE-2015-0741 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hosted Collaboration Solution

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

6.8
2015-05-20 CVE-2015-3141 Synametrics Cross-Site Request Forgery (CSRF) vulnerability in Synametrics Xeams 4.4

Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.

6.8
2015-05-20 CVE-2012-4902 Template CMS Project Cross-Site Request Forgery (CSRF) vulnerability in Template CMS Project Template CMS

Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.

6.8
2015-05-20 CVE-2012-6691 Oscmax Cross-Site Request Forgery (CSRF) vulnerability in Oscmax 2.5.0

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php.

6.8
2015-05-20 CVE-2015-0740 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1)

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.

6.8
2015-05-23 CVE-2015-0750 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Hosted Collaboration Solution

The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786.

6.5
2015-05-22 CVE-2015-0916 Cacti SQL Injection vulnerability in Cacti

SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.

6.5
2015-05-21 CVE-2015-4018 Feedwordpress Project SQL Injection vulnerability in Feedwordpress Project Feedwordpress 2014.0805

SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.

6.5
2015-05-20 CVE-2014-8924 IBM XML External Entity Information Disclosure vulnerability in IBM products

The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

6.4
2015-05-22 CVE-2015-0746 Cisco 7PK - Security Features vulnerability in Cisco Secure Access Control Server 5.5(0.46.2)

The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.

5.0
2015-05-21 CVE-2015-3912 Huawei Information Exposure vulnerability in Huawei E355S Mobile Wifi Firmware and Webui

Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.

5.0
2015-05-20 CVE-2015-4016 Valvesoftware Improper Input Validation vulnerability in Valvesoftware Steam Client 2.10.91.91

The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet.

5.0
2015-05-19 CVE-2015-3407 Canonical
Module Signature Project
Improper Access Control vulnerability in multiple products

Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.

5.0
2015-05-18 CVE-2015-2704 Realmd Project Injection vulnerability in Realmd Project Realmd 15.2

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.

5.0
2015-05-22 CVE-2015-0915 Rakus Cross-site Scripting vulnerability in Rakus Maildealer

Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.

4.3
2015-05-21 CVE-2015-3647 Wppa Opajaap Cross-site Scripting vulnerability in Wppa.Opajaap Wp-Photo-Album-Plus 6.1.2

Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.

4.3
2015-05-20 CVE-2012-4901 Template CMS Project Cross-site Scripting vulnerability in Template CMS Project Template CMS

Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php.

4.3
2015-05-20 CVE-2012-3243 Seogento Cross-site Scripting vulnerability in Seogento

Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2015-05-20 CVE-2012-1664 Oscmax Cross-site Scripting vulnerability in Oscmax 2.5.0

Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php.

4.3
2015-05-19 CVE-2015-3885 Dcraw Project
Fedoraproject
Numeric Errors vulnerability in multiple products

Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

4.3
2015-05-20 CVE-2015-0189 IBM Resource Management Errors vulnerability in IBM Websphere MQ

The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records.

4.0
2015-05-19 CVE-2015-0739 Cisco Improper Input Validation vulnerability in Cisco Firesight System Software 5.3.0

The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938.

4.0
2015-05-18 CVE-2015-2346 Huawei Unspecified vulnerability in Huawei SEQ Analyst

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-05-21 CVE-2015-4000 Openssl
Canonical
HP
IBM
Oracle
Debian
Suse
Apple
Mozilla
Opera
Microsoft
Google
Cryptographic Issues vulnerability in multiple products

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

3.7
2015-05-19 CVE-2015-3988 Openstack
Oracle
Cross-site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.

3.5
2015-05-18 CVE-2015-3455 Oracle
Squid Cache
Fedoraproject
Improper Input Validation vulnerability in multiple products

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

2.6
2015-05-20 CVE-2015-3999 Piriform Information Exposure vulnerability in Piriform Ccleaner

Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.

2.1
2015-05-20 CVE-2014-4776 IBM Information Exposure vulnerability in IBM License Metric Tool 9.0/9.0.1/9.1.0.1

IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

2.1
2015-05-20 CVE-2014-6211 IBM Information Exposure vulnerability in IBM Websphere Commerce

The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file.

2.1