Weekly Vulnerabilities Reports > May 18 to 24, 2015
Overview
47 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 80 products from 40 vendors including IBM, Cisco, Canonical, Huawei, and Fedoraproject. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Access Control".
- 41 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 14 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 39 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 8 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
10 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-05-21 | CVE-2015-3036 | Kcodes | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kcodes Netusb Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005. | 10.0 |
2015-05-20 | CVE-2015-1903 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y. | 10.0 |
2015-05-20 | CVE-2015-1902 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA. | 10.0 |
2015-05-20 | CVE-2015-1920 | IBM | Improper Access Control vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session. | 10.0 |
2015-05-19 | CVE-2015-3408 | Module Signature Project Canonical | Command Injection vulnerability in multiple products Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. | 10.0 |
2015-05-19 | CVE-2015-1845 | Unzoo | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unzoo Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2015-05-18 | CVE-2015-3306 | Proftpd | Improper Access Control vulnerability in Proftpd 1.3.5 The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. | 10.0 |
2015-05-18 | CVE-2014-8383 | Infocus | Authentication Bypass vulnerability in Infocus In3128Hd Firmware 0.26 The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html. | 10.0 |
2015-05-18 | CVE-2014-8384 | Infocus | Authentication Bypass vulnerability in Infocus In3128Hd Firmware 0.26 The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request. | 9.4 |
2015-05-21 | CVE-2015-3911 | Huawei | Improper Access Control vulnerability in Huawei E587 Mobile Wifi Firmware Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors. | 9.0 |
7 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-05-19 | CVE-2015-1846 | Unzoo | Resource Management Errors vulnerability in Unzoo unzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling. | 7.8 |
2015-05-18 | CVE-2015-3629 | Docker Opensuse | Link Following vulnerability in multiple products Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. | 7.8 |
2015-05-18 | CVE-2015-1868 | Powerdns Fedoraproject | Resource Management Errors vulnerability in multiple products The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. | 7.8 |
2015-05-20 | CVE-2015-1188 | Swisscom | Unspecified vulnerability in Swisscom Centro Grande Firmware 6.12.02 The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors. | 7.5 |
2015-05-20 | CVE-2012-1665 | Oscmax | SQL Injection vulnerability in Oscmax 2.5.0 Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php. | 7.5 |
2015-05-19 | CVE-2015-3409 | Module Signature Project Canonical | Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module. | 7.2 |
2015-05-18 | CVE-2015-2667 | Gns3 | Search Path Local Privilege Escalation vulnerability in Gns3 1.2.3 Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory. | 7.2 |
24 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-05-21 | CVE-2012-1978 | Simple PHP Agenda Project | Cross-Site Request Forgery (CSRF) vulnerability in Simple PHP Agenda Project Simple PHP Agenda 2.2.8 Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/. | 6.8 |
2015-05-21 | CVE-2015-0741 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hosted Collaboration Solution Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596. | 6.8 |
2015-05-20 | CVE-2015-3141 | Synametrics | Cross-Site Request Forgery (CSRF) vulnerability in Synametrics Xeams 4.4 Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration. | 6.8 |
2015-05-20 | CVE-2012-4902 | Template CMS Project | Cross-Site Request Forgery (CSRF) vulnerability in Template CMS Project Template CMS Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php. | 6.8 |
2015-05-20 | CVE-2012-6691 | Oscmax | Cross-Site Request Forgery (CSRF) vulnerability in Oscmax 2.5.0 Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php. | 6.8 |
2015-05-20 | CVE-2015-0740 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. | 6.8 |
2015-05-23 | CVE-2015-0750 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Hosted Collaboration Solution The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786. | 6.5 |
2015-05-22 | CVE-2015-0916 | Cacti | SQL Injection vulnerability in Cacti SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. | 6.5 |
2015-05-21 | CVE-2015-4018 | Feedwordpress Project | SQL Injection vulnerability in Feedwordpress Project Feedwordpress 2014.0805 SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php. | 6.5 |
2015-05-20 | CVE-2014-8924 | IBM | XML External Entity Information Disclosure vulnerability in IBM products The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 6.4 |
2015-05-22 | CVE-2015-0746 | Cisco | 7PK - Security Features vulnerability in Cisco Secure Access Control Server 5.5(0.46.2) The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. | 5.0 |
2015-05-21 | CVE-2015-3912 | Huawei | Information Exposure vulnerability in Huawei E355S Mobile Wifi Firmware and Webui Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. | 5.0 |
2015-05-20 | CVE-2015-4016 | Valvesoftware | Improper Input Validation vulnerability in Valvesoftware Steam Client 2.10.91.91 The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. | 5.0 |
2015-05-19 | CVE-2015-3407 | Canonical Module Signature Project | Improper Access Control vulnerability in multiple products Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. | 5.0 |
2015-05-18 | CVE-2015-2704 | Realmd Project | Injection vulnerability in Realmd Project Realmd 15.2 realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. | 5.0 |
2015-05-22 | CVE-2015-0915 | Rakus | Cross-site Scripting vulnerability in Rakus Maildealer Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename. | 4.3 |
2015-05-21 | CVE-2015-3647 | Wppa Opajaap | Cross-site Scripting vulnerability in Wppa.Opajaap Wp-Photo-Album-Plus 6.1.2 Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action. | 4.3 |
2015-05-20 | CVE-2012-4901 | Template CMS Project | Cross-site Scripting vulnerability in Template CMS Project Template CMS Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php. | 4.3 |
2015-05-20 | CVE-2012-3243 | Seogento | Cross-site Scripting vulnerability in Seogento Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2015-05-20 | CVE-2012-1664 | Oscmax | Cross-site Scripting vulnerability in Oscmax 2.5.0 Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php. | 4.3 |
2015-05-19 | CVE-2015-3885 | Dcraw Project Fedoraproject | Numeric Errors vulnerability in multiple products Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. | 4.3 |
2015-05-20 | CVE-2015-0189 | IBM | Resource Management Errors vulnerability in IBM Websphere MQ The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records. | 4.0 |
2015-05-19 | CVE-2015-0739 | Cisco | Improper Input Validation vulnerability in Cisco Firesight System Software 5.3.0 The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938. | 4.0 |
2015-05-18 | CVE-2015-2346 | Huawei | Unspecified vulnerability in Huawei SEQ Analyst XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-05-21 | CVE-2015-4000 | Openssl Canonical HP IBM Oracle Debian Suse Apple Mozilla Opera Microsoft | Cryptographic Issues vulnerability in multiple products The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | 3.7 |
2015-05-19 | CVE-2015-3988 | Openstack Oracle | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. | 3.5 |
2015-05-18 | CVE-2015-3455 | Oracle Squid Cache Fedoraproject | Improper Input Validation vulnerability in multiple products Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. | 2.6 |
2015-05-20 | CVE-2015-3999 | Piriform | Information Exposure vulnerability in Piriform Ccleaner Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space. | 2.1 |
2015-05-20 | CVE-2014-4776 | IBM | Information Exposure vulnerability in IBM License Metric Tool 9.0/9.0.1/9.1.0.1 IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 2.1 |
2015-05-20 | CVE-2014-6211 | IBM | Information Exposure vulnerability in IBM Websphere Commerce The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file. | 2.1 |