Weekly Vulnerabilities Reports > June 1 to 7, 2015

Overview

82 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 78 products from 32 vendors including Moodle, Cisco, SAP, Apache, and IBM. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Information Exposure", "Improper Input Validation", and "Path Traversal".

  • 74 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 22 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 52 reported vulnerabilities are exploitable by an anonymous user.
  • Moodle has the most reported vulnerabilities, with 25 reported vulnerabilities.
  • Novell has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-06-07 CVE-2015-0779 Novell Path Traversal vulnerability in Novell Zenworks Configuration Management

Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.

10.0
2015-06-07 CVE-2010-5324 Novell Path Traversal vulnerability in Novell Zenworks Configuration Management 10.0/10.1/10.2

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323.

10.0
2015-06-07 CVE-2010-5323 Novell Path Traversal vulnerability in Novell Zenworks Configuration Management 10.0/10.1/10.2

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324.

10.0
2015-06-02 CVE-2015-0850 Fusionforge Improper Input Validation vulnerability in Fusionforge 6.0

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.

10.0
2015-06-07 CVE-2015-4002 Linux Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel

drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.

9.0
2015-06-07 CVE-2015-4001 Linux Numeric Errors vulnerability in Linux Kernel

Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.

9.0

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-06-07 CVE-2015-4004 Canonical
Linux
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.

8.5
2015-06-07 CVE-2015-4003 Linux Numeric Errors vulnerability in Linux Kernel

The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.

7.8
2015-06-07 CVE-2014-0230 Apache
Oracle
Resource Management Errors vulnerability in multiple products

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

7.8
2015-06-03 CVE-2015-4104 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.

7.8
2015-06-02 CVE-2015-4161 SAP Permissions, Privileges, and Access Controls vulnerability in SAP Afaria

SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.

7.5
2015-06-02 CVE-2015-4160 SAP SQL Injection vulnerability in SAP ASE Database Platform

SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278.

7.5
2015-06-02 CVE-2015-4159 SAP SQL Injection vulnerability in SAP Hana Web-Based Development Workbench

SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892.

7.5
2015-06-02 CVE-2015-2282 SAP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products

Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.

7.5
2015-06-07 CVE-2015-0767 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Edge 340 Firmware 1.0.0/1.1.0

Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132.

7.2
2015-06-05 CVE-2015-2124 HP Local Security vulnerability in HP Smart Zero Core and Thinpro Linux

Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors.

7.2
2015-06-04 CVE-2015-0761 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790.

7.2

54 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-06-05 CVE-2015-3950 Xzeres Cross-Site Request Forgery (CSRF) vulnerability in Xzeres 442Sr OS

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request.

6.8
2015-06-05 CVE-2015-1000 Moxa Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa Softcms 1.2

Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter.

6.8
2015-06-05 CVE-2015-0541 RSA Cross-Site Request Forgery (CSRF) vulnerability in RSA web Threat Detection

Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users.

6.8
2015-06-02 CVE-2015-0759 Cisco Improper Input Validation vulnerability in Cisco Headend Digital Broadband Delivery System

Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.

6.8
2015-06-01 CVE-2015-2268 Moodle Resource Management Errors vulnerability in Moodle

filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.

6.8
2015-06-01 CVE-2015-1493 Moodle Path Traversal vulnerability in Moodle

Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a ..

6.8
2015-06-01 CVE-2015-0218 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.

6.8
2015-06-01 CVE-2015-0217 Moodle Resource Management Errors vulnerability in Moodle

filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.

6.8
2015-06-01 CVE-2015-0213 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.

6.8
2015-06-03 CVE-2015-4038 Wpmembership Permissions, Privileges, and Access Controls vulnerability in Wpmembership 1.2.3

The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.

6.5
2015-06-02 CVE-2015-1945 IBM Remote Privilege Escalation vulnerability in IBM InfoSphere Reference Data Management

Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.

6.5
2015-06-05 CVE-2015-2950 Open Explorer Beta Project Path Traversal vulnerability in Open Explorer Beta Project Open Explorer Beta 0.253

Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename.

6.4
2015-06-05 CVE-2014-9201 Beckwithelectric Improper Input Validation vulnerability in Beckwithelectric products

Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

6.4
2015-06-02 CVE-2015-4094 Thycotic Cryptographic Issues vulnerability in Thycotic Secret Server 2.3

The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2015-06-01 CVE-2015-3175 Moodle Unspecified vulnerability in Moodle

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.

5.8
2015-06-07 CVE-2014-7810 Debian
Apache
HP
Improper Access Control vulnerability in multiple products

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.

5.0
2015-06-07 CVE-2015-0770 Cisco Improper Input Validation vulnerability in Cisco Telepresence TC Software

CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341.

5.0
2015-06-05 CVE-2015-2951 F21 Improper Input Validation vulnerability in F21 JWT

JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens.

5.0
2015-06-04 CVE-2015-0765 Cisco Resource Management Errors vulnerability in Cisco ONS 15454 System Software 10.30/10.301

Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263.

5.0
2015-06-04 CVE-2015-0764 Cisco Information Exposure vulnerability in Cisco Unified Meetingplace 8.6(1.9)

Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603.

5.0
2015-06-04 CVE-2015-0763 Cisco Information Exposure vulnerability in Cisco Unified Meetingplace 8.6(1.2)

Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338.

5.0
2015-06-03 CVE-2015-0264 Apache Unspecified vulnerability in Apache Camel

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

5.0
2015-06-03 CVE-2015-0263 Apache Unspecified vulnerability in Apache Camel

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.

5.0
2015-06-02 CVE-2015-4158 SAP Denial of Service vulnerability in SAP products

SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661.

5.0
2015-06-02 CVE-2015-4157 SAP Denial of Service vulnerability in SAP Content Server

SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995.

5.0
2015-06-02 CVE-2015-3982 Djangoproject Unspecified vulnerability in Djangoproject Django 1.8.0/1.8.1

The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.

5.0
2015-06-02 CVE-2015-2278 SAP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products

The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.

5.0
2015-06-02 CVE-2014-0999 Sendio Information Exposure vulnerability in Sendio 7.2.3

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.

5.0
2015-06-03 CVE-2015-4105 XEN Resource Management Errors vulnerability in XEN

Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.

4.9
2015-06-03 CVE-2015-4103 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.

4.9
2015-06-03 CVE-2015-4106 Qemu
Debian
Fedoraproject
Suse
Citrix
Canonical
Incorrect Authorization vulnerability in multiple products

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

4.6
2015-06-04 CVE-2015-0766 Cisco Cross-site Scripting vulnerability in Cisco Firesight System Software 6.0.0

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196.

4.3
2015-06-04 CVE-2015-0762 Cisco Cross-site Scripting vulnerability in Cisco Unified Meetingplace 8.6(1.2)/8.6(1.9)

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400.

4.3
2015-06-03 CVE-2014-9721 Zeromq Improper Input Validation vulnerability in Zeromq

libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.

4.3
2015-06-02 CVE-2015-4050 Sensiolabs Improper Access Control vulnerability in Sensiolabs Symfony

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.

4.3
2015-06-02 CVE-2015-2944 Apache Cross-site Scripting vulnerability in Apache Sling API and Sling Servlets Post

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.

4.3
2015-06-01 CVE-2015-3176 Moodle Information Exposure vulnerability in Moodle

The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.

4.3
2015-06-01 CVE-2015-2270 Moodle Code vulnerability in Moodle

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.

4.3
2015-06-07 CVE-2015-2125 HP XXE vulnerability in HP Webinspect

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.

4.0
2015-06-07 CVE-2015-0112 IBM XML External Entity Injection vulnerability in Multiple IBM Products

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.0
2015-06-07 CVE-2014-8887 IBM Improper Input Validation vulnerability in IBM Marketing Operations

IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via unspecified vectors.

4.0
2015-06-07 CVE-2014-6222 IBM Path Traversal vulnerability in IBM Marketing Operations

Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a ..

4.0
2015-06-04 CVE-2015-0760 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software

The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259.

4.0
2015-06-02 CVE-2015-4162 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Pan-Os

XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data.

4.0
2015-06-02 CVE-2014-8391 Sendio Information Exposure vulnerability in Sendio 7.2.3

The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.

4.0
2015-06-01 CVE-2015-3181 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked.

4.0
2015-06-01 CVE-2015-3180 Moodle Information Exposure vulnerability in Moodle

lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment.

4.0
2015-06-01 CVE-2015-2272 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.

4.0
2015-06-01 CVE-2015-2271 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as inappropriate" feature.

4.0
2015-06-01 CVE-2015-2267 Moodle Improper Access Control vulnerability in Moodle

mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.

4.0
2015-06-01 CVE-2015-2266 Moodle Information Exposure vulnerability in Moodle

message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL.

4.0
2015-06-01 CVE-2015-0215 Moodle Information Exposure vulnerability in Moodle

calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.

4.0
2015-06-01 CVE-2015-0214 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.

4.0
2015-06-01 CVE-2015-0211 Moodle Information Exposure vulnerability in Moodle

mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-06-02 CVE-2015-4156 Opensuse
GNU
Link Following vulnerability in multiple products

GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.

3.6
2015-06-02 CVE-2015-4155 GNU Link Following vulnerability in GNU Parallel

GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.

3.6
2015-06-07 CVE-2014-6175 IBM Cross-site Scripting vulnerability in IBM Marketing Operations

Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2015-06-01 CVE-2015-3179 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.

3.5
2015-06-01 CVE-2015-3178 Moodle Cross-site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.

3.5
2015-06-01 CVE-2015-3177 Moodle Code vulnerability in Moodle

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.

3.5
2015-06-01 CVE-2015-3174 Moodle Cross-site Scripting vulnerability in Moodle

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.

3.5
2015-06-01 CVE-2015-2273 Moodle Cross-site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response.

3.5
2015-06-01 CVE-2015-2269 Moodle Cross-site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.

3.5
2015-06-01 CVE-2015-0216 Moodle Cross-site Scripting vulnerability in Moodle 2.8.0/2.8.1

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.

3.5
2015-06-01 CVE-2015-0212 Moodle Cross-site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.

3.5