The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Cyber Warfare

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 05-25-2015, 10:05 AM
The Patriot's Avatar
The Patriot The Patriot is offline
Senior Member
 

Join Date: Jun 2002
Posts: 1,386,283
Default SB15-145: Vulnerability Summary for the Week of May 18, 2015

SB15-145: Vulnerability Summary for the Week of May 18, 2015

05-25-2015 04:19 AM

Original release date: May 25, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.



High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- unified_communications_managerCisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.2015-05-167.2CVE-2015-0717
CISCOdell -- sonicwall_analyzerThe GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.2015-05-209.0CVE-2015-3990
CONFIRM
MISCdocker -- dockerLibcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.2015-05-187.2CVE-2015-3627
CONFIRM
FULLDISC
MISCdocker -- libcontainerLibcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.2015-05-187.2CVE-2015-3629
CONFIRM
FULLDISC
MISCdocker -- dockerDocker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.2015-05-187.2CVE-2015-3630
CONFIRM
FULLDISC
MISCgns3 -- gns3Untrusted search path vulnerability in GNS3 before 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory.2015-05-187.2CVE-2015-2667
MISCgoogle -- chromecommon/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions.2015-05-207.5CVE-2015-1252
CONFIRM
CONFIRM
CONFIRMgoogle -- chromecore/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.2015-05-207.5CVE-2015-1253
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeUse-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element.2015-05-207.5CVE-2015-1256
CONFIRM
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeplatform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.2015-05-207.5CVE-2015-1257
CONFIRM
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeGoogle Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.2015-05-207.5CVE-2015-1258
CONFIRM
CONFIRM
CONFIRMgoogle -- chromePDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.2015-05-207.5CVE-2015-1259
CONFIRM
CONFIRMgoogle -- chromeMultiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request.2015-05-207.5CVE-2015-1260
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeplatform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text.2015-05-207.5CVE-2015-1262
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeMultiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2015-05-207.5CVE-2015-1265
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeMultiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2015-05-207.5CVE-2015-3910
CONFIRMhancom -- hanword_viewer_2007Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly "influence the program's execution flow" via a document with a large paragraph size, which triggers heap corruption.2015-05-157.5CVE-2015-2810
BUGTRAQhuawei -- e587_mobile_wifi_firmwareHuawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors.2015-05-219.0CVE-2015-3911
BID
CONFIRMibm -- dominoStack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.2015-05-2010.0CVE-2015-1902
CONFIRMibm -- dominoStack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.2015-05-2010.0CVE-2015-1903
CONFIRMibm -- websphere_application_serverIBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.2015-05-1910.0CVE-2015-1920
CONFIRM
AIXAPARinfocus -- in3128hd_firmwareThe InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html.2015-05-1810.0CVE-2014-8383
MISC
FULLDISC
MISCinfocus -- in3128hd_firmwareThe InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request.2015-05-189.4CVE-2014-8384
MISC
FULLDISC
MISCkcodes -- netusbStack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005.2015-05-2010.0CVE-2015-3036
CERT-VN
MISC
MISClibuv_project -- libuvlibuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.2015-05-1810.0CVE-2015-0278
FEDORA
CONFIRM
CONFIRM
CONFIRM
MANDRIVA
CONFIRMmodule-signature_project -- module-signatureModule::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.2015-05-1910.0CVE-2015-3408
CONFIRM
CONFIRM
MLIST
MLIST
UBUNTUmodule-signature_project -- module-signatureUntrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.2015-05-197.2CVE-2015-3409
CONFIRM
CONFIRM
MLIST
MLIST
UBUNTUoscmax -- oscmaxMultiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.2015-05-207.5CVE-2012-1665
MISC
OSVDB
OSVDB
OSVDB
CONFIRM
CONFIRM
BUGTRAQpowerdns -- authoritativeThe label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.2015-05-187.8CVE-2015-1868
SECTRACK
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORAproftpd -- proftpdThe mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.2015-05-1810.0CVE-2015-3306
EXPLOIT-DB
EXPLOIT-DB
FEDORA
FEDORA
FEDORAswisscom -- centro_grande_(adb)_dsl_firmwareThe certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors.2015-05-2010.0CVE-2015-1188
FULLDISCunzoo -- unzooBuffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors.2015-05-1910.0CVE-2015-1845
MISC
MLISTunzoo -- unzoounzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling.2015-05-197.8CVE-2015-1846
MISC
MLISTwpsymposium -- wp_symposiumSQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.2015-05-157.5CVE-2015-3325
MISCBack to top


Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- safariThe TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.2015-05-204.3CVE-2015-4000
CONFIRM
CONFIRM
MISC
MISC
MISC
MLISTcacti -- cactiSQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.2015-05-216.5CVE-2015-0916
MISC
JVNDB
JVNcisco -- wireless_lan_controller_softwareThe wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269.2015-05-166.1CVE-2015-0723
CISCOcisco -- wireless_lan_controller_softwareThe web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252.2015-05-166.8CVE-2015-0726
CISCOcisco -- secure_access_control_serverCross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005.2015-05-164.3CVE-2015-0729
CISCOcisco -- wide_area_application_servicesThe SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645.2015-05-165.0CVE-2015-0730
CISCOcisco -- iosThe ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890.2015-05-156.1CVE-2015-0731
CISCOcisco -- unified_customer_voice_portalCross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970.2015-05-166.8CVE-2015-0735
CISCOcisco -- mediasenseCross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728.2015-05-156.8CVE-2015-0736
CISCOcisco -- web_security_applianceCross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008.2015-05-164.3CVE-2015-0738
CISCOcisco -- firesight_system_softwareThe Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938.2015-05-184.0CVE-2015-0739
CISCOcisco -- unified_intelligence_centerCross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.2015-05-196.8CVE-2015-0740
CISCOcisco -- hosted_collaboration_solutionMultiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.2015-05-216.8CVE-2015-0741
CISCOcisco -- adaptive_security_appliance_softwareThe Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398.2015-05-215.0CVE-2015-0742
CISCOcisco -- secure_access_control_serverThe REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.2015-05-215.0CVE-2015-0746
CISCOconcrete5 -- concrete5Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index.php/dashboard/reports/logs/view, (3) accessType parameter to index.php/tools/required/permissions/access_entity, (4) msCountry parameter to index.php/dashboard/system/multilingual/setup/load_icon, arHandle parameter to (5) design/submit or (6) design in index.php/ccm/system/dialogs/area/design/submit, (7) pageURL to index.php/dashboard/pages/single, (8) SEARCH_INDEX_AREA_METHOD parameter to index.php/dashboard/system/seo/searchindex/updated, (9) unit parameter to index.php/dashboard/system/optimization/jobs/job_scheduled, (10) register_notification_email parameter to index.php/dashboard/system/registration/open/1, or (11) PATH_INFO to index.php/dashboard/extend/connect/.2015-05-154.3CVE-2015-2250
CONFIRM
MISC
BUGTRAQ
FULLDISC
MISCconcrete5 -- concrete5Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.2015-05-154.3CVE-2015-3989
CONFIRMdcraw_project -- dcrawInteger overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.2015-05-194.3CVE-2015-3885
MISC
CONFIRM
CONFIRM
BID
BUGTRAQfeedwordpress_project -- feedwordpressSQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.2015-05-216.5CVE-2015-4018
CONFIRM
FULLDISCgoogle -- chromeUse-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document.2015-05-206.8CVE-2015-1251
CONFIRM
CONFIRM
MISCgoogle -- chromecore/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.2015-05-205.0CVE-2015-1254
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeUse-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track.2015-05-206.8CVE-2015-1255
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeandroid/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.2015-05-205.0CVE-2015-1261
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeThe Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.2015-05-204.3CVE-2015-1263
CONFIRM
CONFIRM
CONFIRMgoogle -- chromeCross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature.2015-05-204.3CVE-2015-1264
CONFIRM
CONFIRMhuawei -- seq_analystXML external entity (XXE) in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.2015-05-184.0CVE-2015-2346
FULLDISChuawei -- webuiHuawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.2015-05-215.0CVE-2015-3912
BID
CONFIRMibm -- license_metric_toolThe server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2015-05-206.4CVE-2014-8924
CONFIRMibm -- websphere_mqThe cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records.2015-05-204.0CVE-2015-0189
CONFIRM
AIXAPARmodule-signature_project -- module-signatureModule::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.2015-05-195.0CVE-2015-3407
CONFIRM
CONFIRM
MLIST
MLIST
UBUNTUoscmax -- oscmaxMultiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php.2015-05-204.3CVE-2012-1664
CONFIRM
MISC
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
CONFIRM
BUGTRAQoscmax -- oscmaxMultiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php.2015-05-206.8CVE-2012-6691
MISC
CONFIRM
BUGTRAQrakus -- maildealerCross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.2015-05-214.3CVE-2015-0915
CONFIRM
JVNDB
JVNrealmd_project -- realmdrealmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.2015-05-185.0CVE-2015-2704
CONFIRM
FEDORArockwell -- automation_rslinx_classicStack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file.2015-05-166.9CVE-2014-9204
MISC
MISCseogento -- seogentoCross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2015-05-204.3CVE-2012-3243
BIDsimple_php_agenda_project -- simple_php_agendaMultiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.2015-05-216.8CVE-2012-1978
MISC
MISC
MISC
OSVDBsynametrics -- xeamsMultiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an SMTP domain or (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.2015-05-206.8CVE-2015-3141
EXPLOIT-DB
MISC
OSVDBtemplate_cms_project -- template_cmsCross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter an add_template action to admin/index.php.2015-05-204.3CVE-2012-4901
MISC
BID
OSVDBtemplate_cms_project -- template_cmsMultiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.2015-05-206.8CVE-2012-4902
MISC
BID
OSVDBvalve -- steamThe client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet.2015-05-205.0CVE-2015-4016
CONFIRM
MISCwppa.opajaap -- wp-photo-album-plusMultiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.2015-05-214.3CVE-2015-3647
CONFIRM
MISC
BUGTRAQBack to top


Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infodocker -- dockerDocker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.2015-05-183.6CVE-2015-3631
CONFIRM
FULLDISC
MISCibm -- license_metric_toolIBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.2015-05-202.1CVE-2014-4776
CONFIRMibm -- websphere_commerceThe command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file.2015-05-192.1CVE-2014-6211
CONFIRM
AIXAPAR
AIXAPARopenstack -- horizonMultiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.2015-05-193.5CVE-2015-3988
BID
MLIST
MLISTpiriform -- ccleanerPiriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.2015-05-202.1CVE-2015-3999
BID
FULLDISCredhat -- kexec-toolsThe Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.2015-05-193.6CVE-2015-0267
REDHATsquid-cache -- squidSquid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, does not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.2015-05-182.6CVE-2015-3455
CONFIRM
SECTRACK
MANDRIVA
CONFIRMBack to top
This product is provided subject to this Notification and this Privacy & Use policy.




More...
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 02:07 PM.


Powered by vBulletin, Jelsoft Enterprises Ltd.