ECI Blog @WordPress

Latest news from the ECI Networks Group

SB15-005: Vulnerability Summary for the Week of December 29, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ajaxplorer — ajaxplorer Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation. 2014-12-27 7.5 CVE-2013-6227
MISC (link is external)
cray — cray_linux_environment apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912. 2014-12-26 7.2 CVE-2014-0748
MISC (link is external)
easewe_software — easewe_ftp_ocx_activex_control The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method. 2014-12-31 7.5 CVE-2011-5292
MISC (link is external)
exponentcms — exponent_cms Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. 2014-12-29 7.5 CVE-2013-3295
MISC (link is external)
facebook — hiphop_virtual_machine CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a n (newline) character before the end of a string. 2014-12-28 7.5 CVE-2014-2208
CONFIRM (link is external)
facebook — hiphop_virtual_machine Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function. 2014-12-28 7.5 CVE-2014-6228
CONFIRM (link is external)
gogago — gogago_youtube_video_converter Buffer overflow in the Download method in a certain ActiveX control in MDIEEx.dll in Gogago YouTube Video Converter 1.1.6 allows remote attackers to execute arbitrary code via a long argument. 2015-01-01 9.3 CVE-2011-5295
MISC (link is external)
ipswitch — tftp_server Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation. 2014-12-27 7.8 CVE-2011-4722
XF (link is external)
OSVDB
EXPLOIT-DB (link is external)
SECTRACK (link is external)
SECUNIA (link is external)
MISC
minibb — minibb bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php. 2014-12-31 7.5 CVE-2014-9254
MISC (link is external)
SECUNIA (link is external)
nakahira — cdnvote Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter. 2015-01-01 7.5 CVE-2011-5308
MISC (link is external)
CONFIRM
CONFIRM (link is external)
openbsd — libressl Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake. 2014-12-28 7.5 CVE-2014-9424
CONFIRM (link is external)
MISC (link is external)
php — php Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2014-12-30 7.5 CVE-2014-9425
MLIST (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
php — php The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. 2014-12-30 7.5 CVE-2014-9426
CONFIRM (link is external)
CONFIRM (link is external)
redaxscript — redaxscript Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. 2015-01-01 7.5 CVE-2011-5313
MISC (link is external)
redmine — redmine_git_hosting_plugin git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. 2014-12-27 7.5 CVE-2013-4663
MISC (link is external)
schneider_electric — proclima Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers. 2014-12-27 10.0 CVE-2014-8511
CONFIRM (link is external)
schneider_electric — proclima Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers. 2014-12-27 7.5 CVE-2014-8512
schneider_electric — proclima Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. 2014-12-27 7.5 CVE-2014-8513
schneider_electric — proclima Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers. 2014-12-27 7.5 CVE-2014-8514
schneider_electric — proclima Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers. 2014-12-27 9.0 CVE-2014-9188
social_slider_project — social_slider SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter. 2014-12-31 7.5 CVE-2011-5286
MISC (link is external)
softaculous — webuzo index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. 2014-12-27 7.5 CVE-2013-6041
MISC
soundexchange — soundexchange Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. 2014-12-31 7.5 CVE-2014-8145
BID (link is external)
MISC (link is external)
threediffy — threedify_designer The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allows remote attackers to write to arbitrary files via a pathname in the argument. 2014-12-31 9.3 CVE-2011-5293
MISC (link is external)
threedify — threedify_designer Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allow remote attackers to execute arbitrary code via a long argument to the (1) cmdExport, (2) cmdImport, (3) cmdOpen, or (4) cmdSave method. 2014-12-31 9.3 CVE-2011-5288
MISC (link is external)
umbraco — umbraco_cms The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request. 2014-12-27 7.5 CVE-2013-4793
MISC (link is external)
videolan — vlc_media_player Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder. 2014-12-26 7.5 CVE-2010-1441
MLIST (link is external)
videolan — vlc_media_player VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer. 2014-12-26 7.5 CVE-2010-1442
MLIST (link is external)
videolan — vlc_media_player The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive. 2014-12-26 7.5 CVE-2010-1444
MLIST (link is external)
CONFIRM
videolan — vlc_media_player Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session. 2014-12-26 7.5 CVE-2010-1445
MLIST (link is external)
videolan — vlc_media_player Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header. 2014-12-26 7.5 CVE-2010-2062
MISC (link is external)
FULLDISC
MLIST (link is external)
CONFIRM
videolan — vlc_media_player Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c. 2014-12-26 7.5 CVE-2011-3623
CONFIRM
MLIST (link is external)
CONFIRM
CONFIRM
CONFIRM
videowhisper — videowhisper_live_streaming_integration Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. 2014-12-29 10.0 CVE-2014-1905
MISC (link is external)

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
amcharts — flash Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf; the message element in the chart_data parameter to (3) amcolumn.swf, (4) amline.swf, (5) amradar.swf, or (6) amxy.sw; or (7) the settings_file parameter to amstock.swf. 2014-12-27 4.3 CVE-2012-1303
MISC (link is external)
ammap_project — ammap Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf. 2014-12-27 4.3 CVE-2012-1302
MISC (link is external)
apache — http_server mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. 2014-12-29 4.3 CVE-2014-8109
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
ashampoo_gmbh_&_co. — ashampoo_3d_cad_professional_3 The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in CyViewer.ocx in Ashampoo 3D CAD Professional 3.x before 3.0.2 allows remote attackers to write to arbitrary files via a pathname in the first argument. 2014-12-31 6.4 CVE-2011-5291
MISC (link is external)
bugfree — bugfree Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the ActionType parameter to Bug.php, the ReportMode parameter to (2) Report.php or (3) ReportLeft.php, or the PATH_INFO to (4) AdminProjectList.php, (5) AdminGroupList.php, or (6) AdminUserLogList.php. 2014-12-31 4.3 CVE-2011-5285
MISC (link is external)
cambio_project — cambio Cross-site request forgery (CSRF) vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action. 2015-01-01 6.8 CVE-2011-5316
MISC (link is external)
cherry-design — wikipad Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. 2015-01-01 4.3 CVE-2011-5309
MISC (link is external)
cherry-design — wikipad Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. 2015-01-01 5.0 CVE-2011-5310
MISC (link is external)
cherry-design — wikipad Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] parameter. 2015-01-01 6.8 CVE-2011-5311
MISC (link is external)
clausmuus — spitfire Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 allows remote attackers to inject arbitrary web script or HTML via a cms_username cookie. 2015-01-01 4.3 CVE-2011-5303
MISC (link is external)
db_backup_project — db_backup Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. 2014-12-31 5.0 CVE-2014-9119
MISC (link is external)
XF (link is external)
MLIST
dflabs — ptk Cross-site request forgery (CSRF) vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout. 2014-12-27 6.8 CVE-2012-1415
EXPLOIT-DB (link is external)
diafan — diafan.cms Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/. 2015-01-01 6.8 CVE-2011-5318
MISC (link is external)
diego_uscanga — atube_catcher The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows remote attackers to write to arbitrary files via a pathname in the argument. 2014-12-31 6.4 CVE-2011-5289
MISC (link is external)
doorkeeper_project — doorkeeper Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors. 2014-12-31 6.8 CVE-2014-8144
CONFIRM (link is external)
XF (link is external)
MLIST
emc — rsa_bsafe EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server’s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a “triple handshake attack.” 2014-12-30 4.3 CVE-2014-4630
MISC (link is external)
BUGTRAQ (link is external)
emc — appsync Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. 2014-12-30 4.6 CVE-2014-4634
BUGTRAQ (link is external)
eucalyptus — eucalyptus The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic amplification) via spoofed DNS queries. 2014-12-26 4.3 CVE-2013-4769
facebook — hiphop_virtual_machine Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory. 2014-12-28 5.0 CVE-2014-2209
CONFIRM (link is external)
facebook — hiphop_virtual_machine The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector. 2014-12-28 5.0 CVE-2014-5386
CONFIRM (link is external)
facebook — hiphop_virtual_machine The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses ‘�’ for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal ‘�’ character. 2014-12-28 5.0 CVE-2014-6229
CONFIRM (link is external)
gollos — gollos Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to (1) register.aspx, (2) publication/info.aspx, or (3) user/add.aspx, or (4) the q parameter to product/list.aspx. 2015-01-01 4.3 CVE-2011-5312
MISC (link is external)
gslideshow_project — gslideshow Multiple cross-site request forgery (CSRF) vulnerabilities in the gSlideShow plugin 0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) rss, (2) display_time or (3) transistion_time parameter in the gslideshow.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9391
MISC (link is external)
hesk — hesk Multiple cross-site scripting (XSS) vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the hesklang[attempt] parameter to (3) inc/assignment_search.inc.php, (4) inc/attachments.inc.php, (5) inc/common.inc.php, (6) inc/database.inc.php, (7) inc/prepare_ticket_search.inc.php, (8) inc/print_tickets.inc.php, (9) inc/show_admin_nav.inc.php, (10) inc/show_search_form.inc.php, or (11) inc/ticket_list.inc.php; or (12) the PATH_INFO to language/en/text.php. 2014-12-31 4.3 CVE-2011-5287
MISC (link is external)
hillstone_software — hs_tftp_server Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation. 2014-12-27 5.0 CVE-2011-4720
MISC
ibm — security_identity_manager Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2014-12-28 6.0 CVE-2014-6168
XF (link is external)
idrive_inc — idrive_online_backup The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control in UniBasic100_EDA1811C.ocx in IDrive Online Backup 3.4.0 allows remote attackers to write to arbitrary files via a pathname in the first argument. 2014-12-31 6.4 CVE-2011-5290
MISC (link is external)
jce-tech — video_niche_script Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE-Tech PHP Video Script (aka Video Niche Script) 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) video or (2) title parameter. 2014-12-31 4.3 CVE-2014-8752
BID (link is external)
MISC (link is external)
FULLDISC
kofax — kofax_e-transactions_sender_sendbox The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kofax e-Transactions Sender Sendbox 2.5.0.933 allows remote attackers to write to arbitrary files via a pathname in the first argument. 2015-01-01 6.4 CVE-2011-5294
MISC (link is external)
kubelabs — phpdug Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the story_url parameter to add_story.php, (2) the email parameter to editprofile.php, (3) the title parameter to adm/content_add.php, or (4) the username parameter to adm/admin_edit.php. 2015-01-01 4.3 CVE-2011-5301
MISC (link is external)
kubelabs — phpdug Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote attackers to hijack the authentication of administrators for requests that modify credentials. 2015-01-01 6.8 CVE-2011-5302
MISC (link is external)
libssh — libssh Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. 2014-12-28 5.0 CVE-2014-8132
CONFIRM (link is external)
nginx — nginx The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a “plaintext command injection” attack, a similar issue to CVE-2011-0411. 2014-12-29 4.3 CVE-2014-3556
CONFIRM (link is external)
CONFIRM
open-xchange — open-xchange_appsuite The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315. 2014-12-27 4.0 CVE-2013-6241
CONFIRM (link is external)
BUGTRAQ (link is external)
photosmash_project — photosmash Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. 2015-01-01 4.3 CVE-2011-5307
MISC (link is external)
phpthumb_project — phpthumb The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter. 2014-12-27 4.3 CVE-2013-6919
CONFIRM (link is external)
MISC (link is external)
pictobrowser_project — pictobrowser Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (pictobrowser-gallery) plugin 0.3.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the pictoBrowserFlickrUser parameter in the options-page.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9392
MISC (link is external)
plogger — plogger Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions. 2014-12-29 5.0 CVE-2014-2224
MISC (link is external)
pommo — pommo-ardvark Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter to admin/setup/config/general.php, (3) the group_name parameter to admin/subscribers/subscribers_groups.php, or (4) the field_name parameter to admin/setup/setup_fields.php. 2015-01-01 4.3 CVE-2011-5299
MISC (link is external)
pommo — pommo-ardvark Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin_ parameters. 2015-01-01 6.8 CVE-2011-5300
MISC (link is external)
post_to_twitter_project — post_to_twitter Multiple cross-site request forgery (CSRF) vulnerabilities in the Post to Twitter plugin 0.7 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) idptt_twitter_username or (2) idptt_tweet_prefix parameter to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9393
MISC (link is external)
pwgrandom_project — pwgrandom Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGRandom plugin 1.11 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) pwgrandom_title or (2) pwgrandom_category parameter in the pwgrandom page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9394
MISC (link is external)
redaxscript — redaxscript templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. 2015-01-01 5.0 CVE-2011-5314
MISC (link is external)
s9y — serendipity Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php. 2014-12-31 4.3 CVE-2014-9432
CONFIRM (link is external)
BUGTRAQ (link is external)
MISC (link is external)
FULLDISC
sensiolabs — symfony The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750. 2014-12-27 5.0 CVE-2013-5958
simpleflickr_project — simpleflickr Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleFlickr plugin 3.0.3 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simpleflickr_width, (2) simpleflickr_bgcolor, or (3) simpleflickr_xmldatapath parameter in the simpleFlickr.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9396
MISC (link is external)
simplelife_project — simplelife Multiple cross-site request forgery (CSRF) vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) simplehoverback, (2) simplehovertext, (3) flickrback, or (4) simple_flimit parameter in the simplelife.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9395
MISC (link is external)
smoothwall — smoothwall Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action. 2014-12-31 4.3 CVE-2011-5283
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
smoothwall — smoothwall Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi. 2014-12-31 6.8 CVE-2011-5284
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
smoothwall — smoothwall Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi. 2014-12-31 4.3 CVE-2014-9429
MISC (link is external)
smoothwall — smoothwall Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action. 2014-12-31 4.3 CVE-2014-9430
MISC (link is external)
smoothwall — smoothwall Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi. 2014-12-31 6.8 CVE-2014-9431
MISC (link is external)
sodahead — sodahead_polls Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) the poll_id parameter to customizer.php or (2) the customize parameter to poll.php. 2015-01-01 4.3 CVE-2011-5304
MISC (link is external)
MISC (link is external)
softaculous — webuzo The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests. 2014-12-27 5.0 CVE-2013-6043
MISC
CONFIRM (link is external)
syndeocms — syndeocms Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action. 2014-12-27 6.8 CVE-2012-1203
EXPLOIT-DB (link is external)
tribal — tribiq_cms The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3) cmsincludes/cms_plugin_api_link.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. 2014-12-29 4.3 CVE-2011-2727
MISC (link is external)
ttfreeware — tigertoms_chat_room Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter to default.php or (2) the username parameter to chat_form.php. 2015-01-01 4.3 CVE-2011-5297
MISC (link is external)
tuttophp — happy_chat Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. 2015-01-01 4.3 CVE-2011-5296
MISC (link is external)
tweetscribe_project — tweetscribe Cross-site request forgery (CSRF) vulnerability in the TweetScribe plugin 1.1 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the tweetscribe_username parameter in a save action in the tweetscribe.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9399
MISC (link is external)
twiki — twiki Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences. 2014-12-31 4.3 CVE-2014-9325
SECTRACK (link is external)
FULLDISC
MISC (link is external)
twiki — twiki Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a “‘” (single quote) in the scope parameter to do/view/TWiki/WebSearch. 2014-12-31 4.3 CVE-2014-9367
SECTRACK (link is external)
FULLDISC
MISC (link is external)
twimp-wp_project — twimp-wp Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the message_format parameter in the twimp-wp.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9397
MISC (link is external)
twitter_liveblog_project — twitter_liveblog Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlog plugin 1.1.2 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the mashtlb_twitter_username parameter in the twitter-liveblog.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9398
MISC (link is external)
videolan — vlc_media_player The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document. 2014-12-26 5.0 CVE-2010-1443
MLIST (link is external)
CONFIRM
videowhisper — videowhisper_live_streaming_integration The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. 2014-12-29 5.0 CVE-2014-1908
MISC (link is external)
viralheat — argyle_social Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that (1) modify credentials via the role parameter to users/create/, (2) modify rules via the terms field in stream_filter_rule JSON data to settings-ajax/stream_filter_rules/create, or (3) modify efforts via the title field in effort JSON data to publish-ajax/efforts/create. 2015-01-01 6.8 CVE-2011-5298
MISC (link is external)
whcms_project — whcms Cross-site request forgery (CSRF) vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action. 2015-01-01 6.8 CVE-2011-5315
MISC (link is external)
wondercms — wondercms Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter. 2015-01-01 4.3 CVE-2011-5317
MISC (link is external)
wp_limit_posts_automatically_project — wp_limit_posts_automatically Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the lpa_post_letters parameter in the wp-limit-posts-automatically.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9401
MISC (link is external)
wp_unique_article_header_image_project — wp_unique_article_header_image Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp Unique Article Header Image plugin 1.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) gt_default_header or (2) gt_homepage_header parameter in the wp-unique-header.php page to wp-admin/options-general.php. 2014-12-31 6.8 CVE-2014-9400
MISC (link is external)
zaunz_gmbh — cosmoshop Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via (1) the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, (2) the typ parameter to cgi-bin/admin/artikeladmin.cgi, or (3) the suchbegriff parameter to cgi-bin/admin/shophilfe_suche.cgi. 2015-01-01 4.3 CVE-2011-5305
MISC (link is external)
zaunz_gmbh — cosmoshop Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action. 2015-01-01 6.8 CVE-2011-5306
MISC (link is external)

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
avast! — avast!_internet_security Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \.aswFW. 2014-12-27 2.1 CVE-2010-5075
MISC
MISC (link is external)
MISC (link is external)
BID (link is external)
claroline — claroline Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action to messaging/messagebox.php, (2) the “First name” field to auth/profile.php, or (3) the Speakers field in an rqAdd action to calendar/agenda.php. 2014-12-26 3.5 CVE-2013-4753
MISC (link is external)
contenido — contendio Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter. 2014-12-31 2.6 CVE-2014-9433
BUGTRAQ (link is external)
MISC (link is external)
SECUNIA (link is external)
FULLDISC
ibm — rational_appscan_source IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. 2014-12-28 2.1 CVE-2014-6123
XF (link is external)
ibm — websphere_service_registry_and_repository IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. 2014-12-28 2.1 CVE-2014-6160
XF (link is external)
AIXAPAR (link is external)
owl — intranet_knowledgebase Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php. 2014-12-26 3.5 CVE-2013-4754
MISC (link is external)

SB15-005: Vulnerability Summary for the Week of December 29, 2014 was originally published on Blogg'n @ ECI

January 10, 2015 - Posted by | IT Security, NewsUpdate, Security Alerts, Security Issues, US-CERT | , , , , , , , , , , , ,

Sorry, the comment form is closed at this time.