ECI Blog @WordPress

Latest news from the ECI Networks Group

(SB15-033) Vulnerability Summary for the Week of January 26, 2015

Original release date: February 02, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — flash_player Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. 2015-01-23 10.0 CVE-2015-0310
adobe — flash_player Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. 2015-01-23 10.0 CVE-2015-0311
adobe — flash_player Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. 2015-01-28 10.0 CVE-2015-0312
catbot_project — catbot SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. 2015-01-27 7.5 CVE-2015-1367
XF (link is external)
MISC (link is external)
BUGTRAQ (link is external)
FULLDISC
MISC (link is external)
cisco — prime_service_catalog The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880. 2015-01-28 7.5 CVE-2015-0581
cisco — ios The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR process hang) via IPv4 packets, aka Bug ID CSCuo73682. 2015-01-28 7.8 CVE-2015-0586
ferretcms_project — ferretcms Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/. 2015-01-27 7.5 CVE-2015-1371
CONFIRM (link is external)
BID (link is external)
MLIST (link is external)
MISC (link is external)
FULLDISC
ferretcms_project — ferretcms SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. 2015-01-27 7.5 CVE-2015-1372
CONFIRM (link is external)
BID (link is external)
MLIST (link is external)
MISC (link is external)
FULLDISC
freereprintables — articlefr SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/. 2015-01-27 7.5 CVE-2015-1364
MISC (link is external)
EXPLOIT-DB (link is external)
FULLDISC
gnome — vala The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow. 2015-01-27 7.5 CVE-2014-8154
MISC (link is external)
SUSE
gnu — glibc Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka “GHOST.” 2015-01-28 10.0 CVE-2015-0235
MISC (link is external)
BUGTRAQ
BUGTRAQ
google — chrome Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205. 2015-01-27 7.5 CVE-2015-1360
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
ibm — i_access Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors. 2015-01-28 7.2 CVE-2014-8920
XF (link is external)
jasper_project — jasper Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. 2015-01-26 7.5 CVE-2014-8157
CONFIRM (link is external)
REDHAT (link is external)
mantisbt — mantisbt MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4. 2015-01-26 7.5 CVE-2014-9572
CONFIRM
MISC (link is external)
XF (link is external)
MLIST
midgard-project — midgard2 The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges. 2015-01-26 7.2 CVE-2014-8148
MLIST (link is external)
SUSE
php — php Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. 2015-01-27 7.5 CVE-2015-0231
CONFIRM (link is external)
CONFIRM (link is external)
pixabay_images_project — pixabay_images pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files. 2015-01-28 7.5 CVE-2015-1375
CONFIRM
BUGTRAQ (link is external)
OSVDB
MLIST (link is external)
EXPLOIT-DB (link is external)
FULLDISC
MISC (link is external)
polarssl — polarssl The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate. 2015-01-27 7.5 CVE-2015-1182
SECUNIA (link is external)
SECUNIA (link is external)
schneider-electric — tsxetg3000 The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. 2015-01-27 7.8 CVE-2014-9197
schneider-electric — tsxetg3000 The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. 2015-01-27 10.0 CVE-2014-9198
sequelize_project — sequelize SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter. 2015-01-27 7.5 CVE-2015-1369
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
two_pilots — exif_pilot Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file. 2015-01-27 7.5 CVE-2015-1362
EXPLOIT-DB (link is external)
MISC (link is external)

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ansible — tower Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/. 2015-01-27 4.3 CVE-2015-1368
MISC (link is external)
XF (link is external)
BID (link is external)
BUGTRAQ (link is external)
EXPLOIT-DB (link is external)
FULLDISC
MISC (link is external)
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
apple — apple_tv The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app. 2015-01-30 5.0 CVE-2014-4496
apple — mac_os_x The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. 2015-01-30 4.3 CVE-2014-8838
apple — mac_os_x Spotlight in Apple OS X before 10.10.2 does not enforce the Mail “Load remote content in messages” configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP requests for this image’s URL. 2015-01-30 5.0 CVE-2014-8839
MISC (link is external)
SECTRACK (link is external)
MISC (link is external)
apple — iphone_os The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. 2015-01-30 6.8 CVE-2014-8840
MISC (link is external)
attachmate — reflection_ftp_client Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response. 2015-01-27 6.8 CVE-2014-5211
MISC (link is external)
SECUNIA (link is external)
beasts — vsftpd Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. 2015-01-28 5.0 CVE-2015-1419
SECUNIA (link is external)
eventsentry — eventsentry Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet. 2015-01-23 4.3 CVE-2015-1180
BUGTRAQ (link is external)
MISC (link is external)
ferretcms_project — ferretcms Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properly handled when logging the event, or (3) page title in an insert action. 2015-01-27 4.3 CVE-2015-1373
CONFIRM (link is external)
BID (link is external)
MLIST (link is external)
MISC (link is external)
FULLDISC
ferretcms_project — ferretcms Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks. 2015-01-27 6.8 CVE-2015-1374
MISC (link is external)
MLIST (link is external)
freereprintables — articlefr Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/. 2015-01-27 4.3 CVE-2015-1363
MISC (link is external)
FULLDISC
MISC (link is external)
genetechsolutions — pie_register The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action. 2015-01-23 5.0 CVE-2014-8802
MISC (link is external)
SECUNIA (link is external)
google — chrome Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205. 2015-01-27 4.6 CVE-2014-9646
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205. 2015-01-27 6.8 CVE-2014-9647
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205. 2015-01-27 4.3 CVE-2014-9648
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an “intra-object-overflow” issue, a different vulnerability than CVE-2015-1205. 2015-01-27 6.8 CVE-2015-1359
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
google — chrome platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205. 2015-01-27 6.8 CVE-2015-1361
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM
ibm — tririga_application_platform Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter. 2015-01-28 4.9 CVE-2014-8894
XF (link is external)
ibm — tririga_application_platform IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL. 2015-01-28 4.3 CVE-2014-8895
XF (link is external)
ibm — social_media_analytics Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-01-28 4.3 CVE-2014-8917
XF (link is external)
infinite_automation_systems — mango_automation Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter. 2015-01-26 4.3 CVE-2015-1179
BUGTRAQ (link is external)
MISC (link is external)
jakweb — gecko_cms Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php. 2015-01-29 6.5 CVE-2015-1423
XF (link is external)
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
jakweb — gecko_cms Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php. 2015-01-29 6.8 CVE-2015-1424
XF (link is external)
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
jasper_project — jasper Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. 2015-01-26 6.8 CVE-2014-8158
REDHAT (link is external)
kde — plasma-workspace plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package. 2015-01-26 4.3 CVE-2015-1307
BID (link is external)
MLIST (link is external)
kde — kde-workspace kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked. 2015-01-26 4.3 CVE-2015-1308
CONFIRM
BID (link is external)
MLIST (link is external)
SECUNIA (link is external)
mantisbt — mantisbt Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter. 2015-01-26 4.3 CVE-2014-9571
CONFIRM
MISC (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
XF (link is external)
MLIST
mantisbt — mantisbt SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie. 2015-01-26 6.0 CVE-2014-9573
CONFIRM
CONFIRM
MISC (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
XF (link is external)
MLIST
marked_project — marked Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. 2015-01-27 4.3 CVE-2015-1370
MISC (link is external)
MISC (link is external)
MISC (link is external)
MLIST (link is external)
openstack — image_registry_and_delivery_service_(glance) OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state. 2015-01-23 4.0 CVE-2014-9623
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
SECUNIA (link is external)
osticket — osticket Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action. 2015-01-23 4.3 CVE-2015-1176
CONFIRM (link is external)
CONFIRM (link is external)
BID (link is external)
BUGTRAQ (link is external)
MISC (link is external)
osticket — osticket Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. 2015-01-23 4.3 CVE-2015-1347
CONFIRM (link is external)
CONFIRM (link is external)
php — php The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. 2015-01-27 6.8 CVE-2015-0232
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
pivotal_software — rabbitmq Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message. 2015-01-27 4.3 CVE-2014-9649
CONFIRM (link is external)
MLIST (link is external)
pivotal_software — rabbitmq CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions. 2015-01-27 5.0 CVE-2014-9650
CONFIRM (link is external)
MLIST (link is external)
pixabay_images_project — pixabay_images Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter. 2015-01-27 5.0 CVE-2015-1365
MISC (link is external)
CONFIRM
XF (link is external)
BUGTRAQ (link is external)
MLIST (link is external)
EXPLOIT-DB (link is external)
FULLDISC
MISC (link is external)
OSVDB
pixabay_images_project — pixabay_images Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter. 2015-01-27 4.3 CVE-2015-1366
MISC (link is external)
CONFIRM
XF (link is external)
BUGTRAQ (link is external)
MLIST (link is external)
EXPLOIT-DB (link is external)
FULLDISC
MISC (link is external)
OSVDB
pixabay_images_project — pixabay_images pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com. 2015-01-28 4.0 CVE-2015-1376
CONFIRM
BUGTRAQ (link is external)
MLIST (link is external)
EXPLOIT-DB (link is external)
FULLDISC
MISC (link is external)
qualiteam — x-cart Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter. 2015-01-26 4.3 CVE-2015-1178
BID (link is external)
BUGTRAQ (link is external)
MISC (link is external)
xiph — vorbis-tools oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. 2015-01-23 5.0 CVE-2014-9638
MISC
MLIST (link is external)
MLIST (link is external)
FULLDISC
xiph — vorbis-tools Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. 2015-01-23 5.0 CVE-2014-9639
MISC
MLIST (link is external)
MLIST (link is external)
FULLDISC
xiph — vorbis-tools oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. 2015-01-23 5.0 CVE-2014-9640
CONFIRM
CONFIRM
MLIST (link is external)
MLIST (link is external)

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — tririga_application_platform Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-01-28 3.5 CVE-2014-8893
XF (link is external)
pxz_project — pxz Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions. 2015-01-23 2.1 CVE-2015-1200
XF (link is external)
BID (link is external)
MLIST

(SB15-033) Vulnerability Summary for the Week of January 26, 2015 was originally published on Blogg'n @ ECI

February 14, 2015 - Posted by | IT Security, Security Alerts, Security Issues, US-CERT | , , , , , , , , , , , ,

Sorry, the comment form is closed at this time.