Weekly Vulnerabilities Reports > June 8 to 14, 2015

Overview

155 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 34 high severity vulnerabilities. This weekly summary report vulnerabilities in 143 products from 45 vendors including Microsoft, Apple, Adobe, Google, and Linux. Vulnerabilities are notably categorized as "Resource Management Errors", "Information Exposure", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".

  • 130 reported vulnerabilities are remotely exploitables.
  • 17 reported vulnerabilities have public exploit available.
  • 27 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 143 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 63 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 31 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

33 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-06-10 CVE-2015-3107 Adobe
Google
Opensuse
Apple
Microsoft
Linux
Use After Free vulnerability in multiple products

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106.

10.0
2015-06-10 CVE-2015-3106 Adobe
Apple
Microsoft
Linux
Google
Remote Code Execution vulnerability in Adobe Flash Player and AIR

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107.

10.0
2015-06-10 CVE-2015-3105 Adobe
Linux
Apple
Microsoft
Google
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2015-06-10 CVE-2015-3104 Adobe
Google
Apple
Microsoft
Linux
Numeric Errors vulnerability in multiple products

Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.

10.0
2015-06-10 CVE-2015-3103 Adobe
Apple
Microsoft
Google
Linux
Remote Code Execution vulnerability in Adobe Flash Player and AIR

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3106 and CVE-2015-3107.

10.0
2015-06-10 CVE-2015-3100 Adobe
Linux
Apple
Microsoft
Google
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.

10.0
2015-06-09 CVE-2015-4335 Redislabs
Debian
Code vulnerability in multiple products

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

10.0
2015-06-10 CVE-2015-1770 Microsoft Data Processing Errors vulnerability in Microsoft Office 2013 RT

Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."

9.3
2015-06-10 CVE-2015-1766 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1745.

9.3
2015-06-10 CVE-2015-1760 Microsoft Data Processing Errors vulnerability in Microsoft Office and Office Compatibility Pack

Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2015-06-10 CVE-2015-1759 Microsoft Data Processing Errors vulnerability in Microsoft Office Compatibility Pack

Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

9.3
2015-06-10 CVE-2015-1756 Microsoft Use After Free vulnerability in Microsoft products

Use-after-free vulnerability in Microsoft Common Controls in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted web site that is accessed with the F12 Developer Tools feature of Internet Explorer, aka "Microsoft Common Control Use After Free Vulnerability." CWE-416: Use After Free https://cwe.mitre.org/data/definitions/416.html

9.3
2015-06-10 CVE-2015-1755 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1737.

9.3
2015-06-10 CVE-2015-1754 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 8

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2015-06-10 CVE-2015-1753 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1750.

9.3
2015-06-10 CVE-2015-1752 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1741.

9.3
2015-06-10 CVE-2015-1751 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2015-06-10 CVE-2015-1750 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1753.

9.3
2015-06-10 CVE-2015-1747 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1750, and CVE-2015-1753.

9.3
2015-06-10 CVE-2015-1745 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1766.

9.3
2015-06-10 CVE-2015-1744 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1745, and CVE-2015-1766.

9.3
2015-06-10 CVE-2015-1742 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753.

9.3
2015-06-10 CVE-2015-1741 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1752.

9.3
2015-06-10 CVE-2015-1740 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766.

9.3
2015-06-10 CVE-2015-1737 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1755.

9.3
2015-06-10 CVE-2015-1736 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1737, and CVE-2015-1755.

9.3
2015-06-10 CVE-2015-1735 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1740, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766.

9.3
2015-06-10 CVE-2015-1732 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1742, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753.

9.3
2015-06-10 CVE-2015-1731 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1736, CVE-2015-1737, and CVE-2015-1755.

9.3
2015-06-10 CVE-2015-1730 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 9

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2015-06-10 CVE-2015-1728 Microsoft Code vulnerability in Microsoft Windows Media Player

Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability."

9.3
2015-06-10 CVE-2015-1687 Microsoft Data Processing Errors vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2015-06-08 CVE-2015-4051 Beckhoff Improper Access Control vulnerability in Beckhoff IPC Diagnostics

Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi.

9.0

34 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-06-13 CVE-2012-4716 N Tron Cryptographic Issues vulnerability in N-Tron 702W Industrial Wireless Access Point

N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.

8.8
2015-06-08 CVE-2015-2996 Sysaid Path Traversal vulnerability in Sysaid

Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a ..

8.5
2015-06-13 CVE-2015-2341 Vmware Improper Input Validation vulnerability in VMWare Fusion, Player and Workstation

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command.

7.8
2015-06-12 CVE-2015-0769 Cisco Resource Management Errors vulnerability in Cisco IOS XR Software

Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allows remote attackers to cause a denial of service (NPU ASIC scan and line-card reload) via crafted IPv6 extension headers, aka Bug ID CSCtx03546.

7.8
2015-06-08 CVE-2015-3000 Sysaid Resource Management Errors vulnerability in Sysaid

SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack.

7.8
2015-06-09 CVE-2014-9284 Buffalotech OS Command Injection vulnerability in Buffalotech products

The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

7.7
2015-06-13 CVE-2015-2962 CGI Rescue Improper Input Validation vulnerability in CGI Rescue Blobee

CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

7.5
2015-06-13 CVE-2015-2956 Igreks SQL Injection vulnerability in Igreks products

SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2015-06-13 CVE-2015-2955 Igreks OS Command Injection vulnerability in Igreks products

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

7.5
2015-06-12 CVE-2014-8176 Openssl Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openssl

The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.

7.5
2015-06-09 CVE-2015-4147 Redhat
Apple
PHP
Data Processing Errors vulnerability in multiple products

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.

7.5
2015-06-09 CVE-2015-4026 Redhat
PHP
Apple
Data Processing Errors vulnerability in multiple products

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument.

7.5
2015-06-09 CVE-2015-4025 Apple
PHP
Redhat
Data Processing Errors vulnerability in multiple products

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink.

7.5
2015-06-09 CVE-2015-4022 Redhat
PHP
Apple
Numeric Errors vulnerability in multiple products

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

7.5
2015-06-09 CVE-2015-3329 Apple
Redhat
Oracle
PHP
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

7.5
2015-06-09 CVE-2015-3307 Redhat
Apple
PHP
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.

7.5
2015-06-09 CVE-2015-4109 Usersultra SQL Injection vulnerability in Usersultra

Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php.

7.5
2015-06-09 CVE-2015-3648 Montala Path Traversal vulnerability in Montala Resourcespace

Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2015-06-09 CVE-2015-2959 Zohocorp Improper Access Control vulnerability in Zohocorp Manageengine Netflow Analyzer

Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.

7.5
2015-06-08 CVE-2015-3905 Canonical
T1Utils Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

7.5
2015-06-08 CVE-2015-2993 Sysaid Permissions, Privileges, and Access Controls vulnerability in Sysaid

SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.

7.5
2015-06-08 CVE-2014-6284 Sybase Permissions, Privileges, and Access Controls vulnerability in Sybase Adaptive Server Enterprise 16.0

SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995.

7.5
2015-06-10 CVE-2015-2360 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

7.2
2015-06-10 CVE-2015-1768 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 2003 Server and Windows Server 2003

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability."

7.2
2015-06-10 CVE-2015-1727 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Pool Buffer Overflow Vulnerability."

7.2
2015-06-10 CVE-2015-1726 Microsoft Use After Free vulnerability in Microsoft products

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Brush Object Use After Free Vulnerability."

7.2
2015-06-10 CVE-2015-1725 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Buffer Overflow Vulnerability."

7.2
2015-06-10 CVE-2015-1724 Microsoft Use After Free vulnerability in Microsoft products

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Object Use After Free Vulnerability." CWE-416: Use After Free

7.2
2015-06-10 CVE-2015-1723 Microsoft Use After Free vulnerability in Microsoft products

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Station Use After Free Vulnerability." CWE-416: Use After Free

7.2
2015-06-10 CVE-2015-1722 Microsoft Use After Free vulnerability in Microsoft products

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability." CWE-416: Use After Free

7.2
2015-06-10 CVE-2015-1721 Microsoft NULL Pointer Dereference vulnerability in Microsoft products

The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability."

7.2
2015-06-10 CVE-2015-1720 Microsoft Use After Free vulnerability in Microsoft products

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability."

7.2
2015-06-09 CVE-2014-7872 Comodo Permissions, Privileges, and Access Controls vulnerability in Comodo Geekbuddy 4.18.120

Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.

7.2
2015-06-12 CVE-2015-0772 Cisco Resource Management Errors vulnerability in Cisco Telepresence Video Communication Server Software X8.5

Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in an SDP session during a SIP connection, aka Bug ID CSCut42422.

7.1

81 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-06-13 CVE-2015-4185 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS 15.2(4)M6/15.2M

The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.

6.9
2015-06-10 CVE-2015-1758 Microsoft Remote Privilege Escalation vulnerability in Microsoft Windows LoadLibrary

Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, aka "Windows LoadLibrary EoP Vulnerability." CWE-426: Untrusted Search Path https://cwe.mitre.org/data/definitions/426.html

6.9
2015-06-13 CVE-2015-2954 Igreks Cross-Site Request Forgery (CSRF) vulnerability in Igreks products

Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users.

6.8
2015-06-12 CVE-2015-1791 Openssl Race Condition vulnerability in Openssl

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

6.8
2015-06-11 CVE-2015-4472 Libmspack Project Numeric Errors vulnerability in Libmspack Project Libmspack 0.4/0.43

Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.

6.8
2015-06-10 CVE-2015-4108 Wftpserver Cross-Site Request Forgery (CSRF) vulnerability in Wftpserver Wing FTP Server

Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html.

6.8
2015-06-10 CVE-2015-3096 Adobe
Google
Apple
Microsoft
Linux
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass a CVE-2014-5333 protection mechanism via unspecified vectors.

6.8
2015-06-10 CVE-2015-1771 Microsoft Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Exchange Server 2013

Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."

6.8
2015-06-10 CVE-2015-1748 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1743.

6.8
2015-06-10 CVE-2015-1743 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748.

6.8
2015-06-10 CVE-2015-1739 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."

6.8
2015-06-09 CVE-2015-3330 Oracle
Apple
Redhat
PHP
Improper Input Validation vulnerability in multiple products

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."

6.8
2015-06-09 CVE-2015-4080 Kankun Cryptographic Issues vulnerability in Kankun Smartsocket

The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2) obtain access to the device by encrypting messages.

6.8
2015-06-09 CVE-2015-4010 Everybit Cross-Site Request Forgery (CSRF) vulnerability in Everybit Encrypted Contact Form

Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php.

6.8
2015-06-09 CVE-2015-2961 Zohocorp Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Netflow Analyzer

Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.

6.8
2015-06-08 CVE-2015-2995 Sysaid Path Traversal vulnerability in Sysaid

The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.

6.8
2015-06-09 CVE-2015-3436 Zarafa Link Following vulnerability in Zarafa Collaboration Platform

provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.

6.6
2015-06-13 CVE-2015-2952 Igreks Improper Access Control vulnerability in Igreks products

The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.

6.5
2015-06-13 CVE-2015-3993 Actian SQL Injection vulnerability in Actian Matrix 5.1.1/5.1.2/5.2.0

Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table.

6.5
2015-06-12 CVE-2015-0768 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Network Control System 2.1(0.0.85)/2.2(0.0.58)/2.2(0.0.69)

The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371.

6.5
2015-06-10 CVE-2014-8603 Xcloner Improper Input Validation vulnerability in Xcloner 3.1.1/3.5.1

cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG['tarcompress'], (5) $_CONFIG['filename'], (6) $_CONFIG['exfile_tar'], (7) $_CONFIG[sqldump], (8) $_CONFIG['mysql_host'], (9) $_CONFIG['mysql_pass'], (10) $_CONFIG['mysql_user'], (11) $database_name, or (12) $sqlfile variable.

6.5
2015-06-08 CVE-2015-2999 Sysaid SQL Injection vulnerability in Sysaid

Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp.

6.5
2015-06-08 CVE-2015-2994 Sysaid Multiple Security vulnerability in SysAid

Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.

6.5
2015-06-13 CVE-2015-2958 Igreks Permissions, Privileges, and Access Controls vulnerability in Igreks products

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953.

6.4
2015-06-12 CVE-2015-0771 Cisco Resource Management Errors vulnerability in Cisco IOS 12.2(33)Sxj8/12.2Sxj

The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505.

6.3
2015-06-13 CVE-2015-2340 Vmware
Microsoft
Resource Management Errors vulnerability in VMWare products

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors.

6.1
2015-06-13 CVE-2015-2339 Vmware
Microsoft
Resource Management Errors vulnerability in VMWare products

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2338.

6.1
2015-06-13 CVE-2015-2338 Vmware
Microsoft
Resource Management Errors vulnerability in VMWare products

TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2339.

6.1
2015-06-13 CVE-2015-2337 Vmware
Microsoft
Resource Management Errors vulnerability in VMWare products

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.

5.8
2015-06-13 CVE-2015-2336 Vmware
Microsoft
Resource Management Errors vulnerability in VMWare products

TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a different vulnerability than CVE-2012-0897.

5.8
2015-06-09 CVE-2015-2783 PHP
Redhat
Apple
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.

5.8
2015-06-09 CVE-2015-3624 Ektron Cross-Site Request Forgery (CSRF) vulnerability in Ektron Content Management System 8.7.0/9.1

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.

5.8
2015-06-12 CVE-2015-4182 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software

The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.

5.5
2015-06-12 CVE-2015-0773 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software 5.3.1.1/6.0.0

Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.

5.5
2015-06-13 CVE-2015-3951 RLE Information Exposure vulnerability in RLE Nova-Wind Turbine HMI Firmware

RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2015-06-13 CVE-2015-2953 Igreks Permissions, Privileges, and Access Controls vulnerability in Igreks products

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2958.

5.0
2015-06-13 CVE-2015-4184 Cisco Improper Input Validation vulnerability in Cisco Email Security Appliance 3.33109/7.5.1Gpl022/8.5.6074

The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.

5.0
2015-06-12 CVE-2015-1792 Openssl Resource Management Errors vulnerability in Openssl

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.

5.0
2015-06-12 CVE-2015-1790 Openssl Unspecified vulnerability in Openssl

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.

5.0
2015-06-12 CVE-2015-0776 Cisco Resource Management Errors vulnerability in Cisco IOS XR 5.0.1

telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566.

5.0
2015-06-12 CVE-2015-0775 Cisco Resource Management Errors vulnerability in Cisco MDS 9000 Nx-Os, Nexus 1000V and Nx-Os

The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498, CSCuu77170, and CSCuu77182.

5.0
2015-06-10 CVE-2015-4153 Zanematthew Path Traversal vulnerability in Zanematthew ZM Ajax Login & Register 1.0.9

Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.

5.0
2015-06-10 CVE-2015-3923 Coppermine Gallery Information Exposure vulnerability in Coppermine-Gallery Coppermine Photo Gallery

Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php.

5.0
2015-06-10 CVE-2014-8605 Xcloner Permissions, Privileges, and Access Controls vulnerability in Xcloner 3.1.1/3.5.1

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/.

5.0
2015-06-10 CVE-2014-8604 Xcloner Information Exposure vulnerability in Xcloner 3.1.1/3.5.1

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2015-06-10 CVE-2015-4415 Magnifica Webscripts Path Traversal vulnerability in Magnifica Webscripts Anima Gallery 2.6

Multiple directory traversal vulnerabilities in func.php in Magnifica Webscripts Anima Gallery 2.6 allow remote attackers to include and execute arbitrary local files via a ..

5.0
2015-06-10 CVE-2015-3108 Adobe
Linux
Google
Apple
Microsoft
Information Exposure vulnerability in multiple products

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.

5.0
2015-06-10 CVE-2015-3102 Adobe
Google
Apple
Microsoft
Linux
Information Exposure vulnerability in multiple products

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3099.

5.0
2015-06-10 CVE-2015-3099 Adobe
Apple
Microsoft
Linux
Google
Information Exposure vulnerability in multiple products

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3102.

5.0
2015-06-10 CVE-2015-3098 Adobe
Apple
Microsoft
Google
Linux
Information Exposure vulnerability in multiple products

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3099 and CVE-2015-3102.

5.0
2015-06-10 CVE-2015-3097 Adobe
Microsoft
Information Exposure vulnerability in multiple products

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.

5.0
2015-06-09 CVE-2015-4148 Apple
Redhat
PHP
Improper Input Validation vulnerability in multiple products

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.

5.0
2015-06-09 CVE-2015-4024 Redhat
Apple
PHP
HP
Oracle
Resource Management Errors vulnerability in multiple products

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

5.0
2015-06-09 CVE-2015-4021 Redhat
Apple
PHP
Numeric Errors vulnerability in multiple products

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.

5.0
2015-06-09 CVE-2015-3200 Lighttpd
HP
Oracle
Injection vulnerability in multiple products

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

5.0
2015-06-09 CVE-2015-4418 Zohocorp Improper Access Control vulnerability in Zohocorp Manageengine Netflow Analyzer

Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

5.0
2015-06-08 CVE-2015-3001 Sysaid Credentials Management vulnerability in Sysaid

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

5.0
2015-06-08 CVE-2015-2998 Sysaid Information Exposure vulnerability in Sysaid

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.

5.0
2015-06-08 CVE-2015-2997 Sysaid Information Exposure vulnerability in Sysaid

SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.

5.0
2015-06-13 CVE-2015-0344 Adobe Cross-site Scripting vulnerability in Adobe Connect

Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-06-13 CVE-2015-0343 Adobe Cross-site Scripting vulnerability in Adobe Connect

Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2015-06-13 CVE-2015-2957 Igreks Cross-site Scripting vulnerability in Igreks products

Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-06-12 CVE-2015-1789 Openssl
Oracle
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

4.3
2015-06-12 CVE-2015-1788 Openssl Resource Management Errors vulnerability in Openssl

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.

4.3
2015-06-12 CVE-2015-0774 Cisco Cross-site Scripting vulnerability in Cisco Application and Content Networking System Software 5.5(9)

Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650.

4.3
2015-06-12 CVE-2015-0737 Cisco Cross-site Scripting vulnerability in Cisco Firesight System Software 5.3.1.1

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099.

4.3
2015-06-11 CVE-2015-4471 Libmspack Project Numeric Errors vulnerability in Libmspack Project Libmspack 0.4/0.43

Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.

4.3
2015-06-11 CVE-2015-4470 Libmspack Project Numeric Errors vulnerability in Libmspack Project Libmspack 0.4/0.43

Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.

4.3
2015-06-11 CVE-2015-4469 Libmspack Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libmspack Project Libmspack 0.4/0.43

The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.

4.3
2015-06-11 CVE-2015-4468 Libmspack Project Numeric Errors vulnerability in Libmspack Project Libmspack 0.4/0.43

Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.

4.3
2015-06-11 CVE-2015-4467 Libmspack Project Numeric Errors vulnerability in Libmspack Project Libmspack 0.4/0.43

The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.

4.3
2015-06-11 CVE-2014-9732 Libmspack Project Denial of Service vulnerability in Libmspack Project Libmspack 0.4/0.43

The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.

4.3
2015-06-10 CVE-2015-4465 Zanematthew Cross-site Scripting vulnerability in Zanematthew ZM Ajax Login & Register 1.0.9

Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-06-10 CVE-2015-3935 Dolibarr Cross-site Scripting vulnerability in Dolibarr 3.5.0/3.6.0

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php.

4.3
2015-06-10 CVE-2015-3101 Adobe
Google
Apple
Microsoft
Linux
Permissions, Privileges, and Access Controls vulnerability in multiple products

The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, when Internet Explorer is used, allows attackers to perform a transition from Low Integrity to Medium Integrity via unspecified vectors.

4.3
2015-06-10 CVE-2015-2359 Microsoft Cross-site Scripting vulnerability in Microsoft Exchange Server 2013

Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."

4.3
2015-06-10 CVE-2015-1765 Microsoft Information Exposure vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site.

4.3
2015-06-10 CVE-2015-1764 Microsoft Same Origin Policy Security Bypass vulnerability in Microsoft Exchange Server 2013

The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability."

4.3
2015-06-10 CVE-2015-1757 Microsoft Cross-site Scripting vulnerability in Microsoft Active Directory Federation Services 2.0/2.1

Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Elevation of Privilege Vulnerability."

4.3
2015-06-09 CVE-2015-2960 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer

Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-06-10 CVE-2014-8606 Xcloner Path Traversal vulnerability in Xcloner 3.1.1/3.5.1

Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a ..

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-06-09 CVE-2015-4427 Ektron Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1

Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter.

3.5
2015-06-10 CVE-2015-4171 Strongswan
Canonical
Debian
Information Exposure vulnerability in multiple products

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.

2.6
2015-06-13 CVE-2015-3949 Sinapsi Information Exposure vulnerability in Sinapsi Esolar Light Firmware

Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page.

2.1
2015-06-10 CVE-2014-8607 Xcloner Information Exposure vulnerability in Xcloner 3.1.1/3.5.1

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.

2.1
2015-06-10 CVE-2015-1719 Microsoft Information Exposure vulnerability in Microsoft products

The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Information Disclosure Vulnerability."

2.1
2015-06-08 CVE-2015-4053 Ceph Information Exposure vulnerability in Ceph Ceph-Deploy 1.5.22

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.

2.1
2015-06-08 CVE-2015-3201 Redhat Information Exposure vulnerability in Redhat Thermostat 1.4

Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.

2.1