|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Search | Today's Posts | Mark Forums Read | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
SB15-145: Vulnerability Summary for the Week of May 18, 2015
SB15-145: Vulnerability Summary for the Week of May 18, 2015
05-25-2015 04:19 AM Original release date: May 25, 2015 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- unified_communications_managerCisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.2015-05-167.2CVE-2015-0717 CISCOdell -- sonicwall_analyzerThe GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.2015-05-209.0CVE-2015-3990 CONFIRM MISCdocker -- dockerLibcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.2015-05-187.2CVE-2015-3627 CONFIRM FULLDISC MISCdocker -- libcontainerLibcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.2015-05-187.2CVE-2015-3629 CONFIRM FULLDISC MISCdocker -- dockerDocker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.2015-05-187.2CVE-2015-3630 CONFIRM FULLDISC MISCgns3 -- gns3Untrusted search path vulnerability in GNS3 before 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory.2015-05-187.2CVE-2015-2667 MISCgoogle -- chromecommon/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions.2015-05-207.5CVE-2015-1252 CONFIRM CONFIRM CONFIRMgoogle -- chromecore/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.2015-05-207.5CVE-2015-1253 CONFIRM CONFIRM CONFIRMgoogle -- chromeUse-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element.2015-05-207.5CVE-2015-1256 CONFIRM CONFIRM CONFIRM CONFIRMgoogle -- chromeplatform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.2015-05-207.5CVE-2015-1257 CONFIRM CONFIRM CONFIRM CONFIRMgoogle -- chromeGoogle Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.2015-05-207.5CVE-2015-1258 CONFIRM CONFIRM CONFIRMgoogle -- chromePDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.2015-05-207.5CVE-2015-1259 CONFIRM CONFIRMgoogle -- chromeMultiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request.2015-05-207.5CVE-2015-1260 CONFIRM CONFIRM CONFIRMgoogle -- chromeplatform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text.2015-05-207.5CVE-2015-1262 CONFIRM CONFIRM CONFIRMgoogle -- chromeMultiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2015-05-207.5CVE-2015-1265 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMgoogle -- chromeMultiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2015-05-207.5CVE-2015-3910 CONFIRMhancom -- hanword_viewer_2007Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly "influence the program's execution flow" via a document with a large paragraph size, which triggers heap corruption.2015-05-157.5CVE-2015-2810 BUGTRAQhuawei -- e587_mobile_wifi_firmwareHuawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors.2015-05-219.0CVE-2015-3911 BID CONFIRMibm -- dominoStack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.2015-05-2010.0CVE-2015-1902 CONFIRMibm -- dominoStack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.2015-05-2010.0CVE-2015-1903 CONFIRMibm -- websphere_application_serverIBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.2015-05-1910.0CVE-2015-1920 CONFIRM AIXAPARinfocus -- in3128hd_firmwareThe InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html.2015-05-1810.0CVE-2014-8383 MISC FULLDISC MISCinfocus -- in3128hd_firmwareThe InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request.2015-05-189.4CVE-2014-8384 MISC FULLDISC MISCkcodes -- netusbStack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005.2015-05-2010.0CVE-2015-3036 CERT-VN MISC MISClibuv_project -- libuvlibuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.2015-05-1810.0CVE-2015-0278 FEDORA CONFIRM CONFIRM CONFIRM MANDRIVA CONFIRMmodule-signature_project -- module-signatureModule::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.2015-05-1910.0CVE-2015-3408 CONFIRM CONFIRM MLIST MLIST UBUNTUmodule-signature_project -- module-signatureUntrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.2015-05-197.2CVE-2015-3409 CONFIRM CONFIRM MLIST MLIST UBUNTUoscmax -- oscmaxMultiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.2015-05-207.5CVE-2012-1665 MISC OSVDB OSVDB OSVDB CONFIRM CONFIRM BUGTRAQpowerdns -- authoritativeThe label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.2015-05-187.8CVE-2015-1868 SECTRACK FEDORA FEDORA FEDORA FEDORA FEDORA FEDORAproftpd -- proftpdThe mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.2015-05-1810.0CVE-2015-3306 EXPLOIT-DB EXPLOIT-DB FEDORA FEDORA FEDORAswisscom -- centro_grande_(adb)_dsl_firmwareThe certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors.2015-05-2010.0CVE-2015-1188 FULLDISCunzoo -- unzooBuffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors.2015-05-1910.0CVE-2015-1845 MISC MLISTunzoo -- unzoounzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling.2015-05-197.8CVE-2015-1846 MISC MLISTwpsymposium -- wp_symposiumSQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.2015-05-157.5CVE-2015-3325 MISCBack to top Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapple -- safariThe TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.2015-05-204.3CVE-2015-4000 CONFIRM CONFIRM MISC MISC MISC MLISTcacti -- cactiSQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.2015-05-216.5CVE-2015-0916 MISC JVNDB JVNcisco -- wireless_lan_controller_softwareThe wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269.2015-05-166.1CVE-2015-0723 CISCOcisco -- wireless_lan_controller_softwareThe web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252.2015-05-166.8CVE-2015-0726 CISCOcisco -- secure_access_control_serverCross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005.2015-05-164.3CVE-2015-0729 CISCOcisco -- wide_area_application_servicesThe SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645.2015-05-165.0CVE-2015-0730 CISCOcisco -- iosThe ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890.2015-05-156.1CVE-2015-0731 CISCOcisco -- unified_customer_voice_portalCross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970.2015-05-166.8CVE-2015-0735 CISCOcisco -- mediasenseCross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728.2015-05-156.8CVE-2015-0736 CISCOcisco -- web_security_applianceCross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008.2015-05-164.3CVE-2015-0738 CISCOcisco -- firesight_system_softwareThe Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938.2015-05-184.0CVE-2015-0739 CISCOcisco -- unified_intelligence_centerCross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.2015-05-196.8CVE-2015-0740 CISCOcisco -- hosted_collaboration_solutionMultiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.2015-05-216.8CVE-2015-0741 CISCOcisco -- adaptive_security_appliance_softwareThe Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398.2015-05-215.0CVE-2015-0742 CISCOcisco -- secure_access_control_serverThe REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.2015-05-215.0CVE-2015-0746 CISCOconcrete5 -- concrete5Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index.php/dashboard/reports/logs/view, (3) accessType parameter to index.php/tools/required/permissions/access_entity, (4) msCountry parameter to index.php/dashboard/system/multilingual/setup/load_icon, arHandle parameter to (5) design/submit or (6) design in index.php/ccm/system/dialogs/area/design/submit, (7) pageURL to index.php/dashboard/pages/single, (8) SEARCH_INDEX_AREA_METHOD parameter to index.php/dashboard/system/seo/searchindex/updated, (9) unit parameter to index.php/dashboard/system/optimization/jobs/job_scheduled, (10) register_notification_email parameter to index.php/dashboard/system/registration/open/1, or (11) PATH_INFO to index.php/dashboard/extend/connect/.2015-05-154.3CVE-2015-2250 CONFIRM MISC BUGTRAQ FULLDISC MISCconcrete5 -- concrete5Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.2015-05-154.3CVE-2015-3989 CONFIRMdcraw_project -- dcrawInteger overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.2015-05-194.3CVE-2015-3885 MISC CONFIRM CONFIRM BID BUGTRAQfeedwordpress_project -- feedwordpressSQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.2015-05-216.5CVE-2015-4018 CONFIRM FULLDISCgoogle -- chromeUse-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document.2015-05-206.8CVE-2015-1251 CONFIRM CONFIRM MISCgoogle -- chromecore/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.2015-05-205.0CVE-2015-1254 CONFIRM CONFIRM CONFIRMgoogle -- chromeUse-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track.2015-05-206.8CVE-2015-1255 CONFIRM CONFIRM CONFIRMgoogle -- chromeandroid/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.2015-05-205.0CVE-2015-1261 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRMgoogle -- chromeThe Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.2015-05-204.3CVE-2015-1263 CONFIRM CONFIRM CONFIRMgoogle -- chromeCross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature.2015-05-204.3CVE-2015-1264 CONFIRM CONFIRMhuawei -- seq_analystXML external entity (XXE) in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.2015-05-184.0CVE-2015-2346 FULLDISChuawei -- webuiHuawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.2015-05-215.0CVE-2015-3912 BID CONFIRMibm -- license_metric_toolThe server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2015-05-206.4CVE-2014-8924 CONFIRMibm -- websphere_mqThe cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records.2015-05-204.0CVE-2015-0189 CONFIRM AIXAPARmodule-signature_project -- module-signatureModule::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.2015-05-195.0CVE-2015-3407 CONFIRM CONFIRM MLIST MLIST UBUNTUoscmax -- oscmaxMultiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php.2015-05-204.3CVE-2012-1664 CONFIRM MISC OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB CONFIRM BUGTRAQoscmax -- oscmaxMultiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php.2015-05-206.8CVE-2012-6691 MISC CONFIRM BUGTRAQrakus -- maildealerCross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.2015-05-214.3CVE-2015-0915 CONFIRM JVNDB JVNrealmd_project -- realmdrealmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.2015-05-185.0CVE-2015-2704 CONFIRM FEDORArockwell -- automation_rslinx_classicStack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file.2015-05-166.9CVE-2014-9204 MISC MISCseogento -- seogentoCross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2015-05-204.3CVE-2012-3243 BIDsimple_php_agenda_project -- simple_php_agendaMultiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.2015-05-216.8CVE-2012-1978 MISC MISC MISC OSVDBsynametrics -- xeamsMultiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an SMTP domain or (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.2015-05-206.8CVE-2015-3141 EXPLOIT-DB MISC OSVDBtemplate_cms_project -- template_cmsCross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter an add_template action to admin/index.php.2015-05-204.3CVE-2012-4901 MISC BID OSVDBtemplate_cms_project -- template_cmsMultiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.2015-05-206.8CVE-2012-4902 MISC BID OSVDBvalve -- steamThe client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet.2015-05-205.0CVE-2015-4016 CONFIRM MISCwppa.opajaap -- wp-photo-album-plusMultiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.2015-05-214.3CVE-2015-3647 CONFIRM MISC BUGTRAQBack to top Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infodocker -- dockerDocker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.2015-05-183.6CVE-2015-3631 CONFIRM FULLDISC MISCibm -- license_metric_toolIBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.2015-05-202.1CVE-2014-4776 CONFIRMibm -- websphere_commerceThe command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file.2015-05-192.1CVE-2014-6211 CONFIRM AIXAPAR AIXAPARopenstack -- horizonMultiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.2015-05-193.5CVE-2015-3988 BID MLIST MLISTpiriform -- ccleanerPiriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.2015-05-202.1CVE-2015-3999 BID FULLDISCredhat -- kexec-toolsThe Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.2015-05-193.6CVE-2015-0267 REDHATsquid-cache -- squidSquid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, does not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.2015-05-182.6CVE-2015-3455 CONFIRM SECTRACK MANDRIVA CONFIRMBack to top This product is provided subject to this Notification and this Privacy & Use policy. More... |
Sponsored Links |
Thread Tools | |
Display Modes | |
|
|
|