ECI Blog @WordPress

Latest news from the ECI Networks Group

(SB15-047) Vulnerability Summary for the Week of February 9, 2015

Original release date: February 16, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
aas9 — zerocms SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034. 2015-02-06 7.5 CVE-2015-1442
BID (link is external)
MISC (link is external)
MISC (link is external)
MISC (link is external)
MLIST
MLIST
FULLDISC
MISC (link is external)
advantech — eki-1200_gateway_series_firmware Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors. 2015-02-12 10.0 CVE-2014-8385
apereo — central_authentication_service Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication. 2015-02-10 7.5 CVE-2015-1169
CONFIRM
CONFIRM (link is external)
CONFIRM (link is external)
FULLDISC
MISC (link is external)
attachmate — reflection_ftp_client The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE-2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher. 2015-02-06 10.0 CVE-2014-0603
MISC (link is external)
MISC (link is external)
attachmate — reflection_ftp_client Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog method. 2015-02-06 10.0 CVE-2014-0604
MISC (link is external)
attachmate — reflection_ftp_client Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the SaveSettings method. 2015-02-06 10.0 CVE-2014-0605
MISC (link is external)
bullguard — bdagent.sys bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call. 2015-02-06 7.2 CVE-2014-9642
OSVDB
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
cisco — webex_meetings_server The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460. 2015-02-07 9.0 CVE-2015-0589
XF (link is external)
SECTRACK (link is external)
BID (link is external)
SECUNIA (link is external)
cisco — ios The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672. 2015-02-11 7.8 CVE-2015-0592
cisco — ios The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003. 2015-02-12 7.1 CVE-2015-0593
cisco — ios Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736. 2015-02-11 7.1 CVE-2015-0608
fancyfon — famoc Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php. 2015-02-06 7.5 CVE-2015-1514
MISC (link is external)
BUGTRAQ (link is external)
MISC (link is external)
fork-cms — fork_cms Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index. 2015-02-06 7.5 CVE-2015-1467
XF (link is external)
BUGTRAQ (link is external)
MISC (link is external)
freetype — freetype The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. 2015-02-08 7.5 CVE-2014-9656
CONFIRM
MISC (link is external)
freetype — freetype The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. 2015-02-08 7.5 CVE-2014-9657
CONFIRM
MISC (link is external)
freetype — freetype The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. 2015-02-08 7.5 CVE-2014-9658
CONFIRM
MISC (link is external)
freetype — freetype cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. 2015-02-08 7.5 CVE-2014-9659
CONFIRM
MISC (link is external)
freetype — freetype The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. 2015-02-08 7.5 CVE-2014-9660
CONFIRM
MISC (link is external)
freetype — freetype type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. 2015-02-08 7.5 CVE-2014-9661
CONFIRM
CONFIRM
MISC (link is external)
freetype — freetype cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. 2015-02-08 7.5 CVE-2014-9662
CONFIRM
MISC (link is external)
freetype — freetype The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field’s value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. 2015-02-08 7.5 CVE-2014-9663
CONFIRM
MISC (link is external)
freetype — freetype FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. 2015-02-08 7.5 CVE-2014-9664
CONFIRM
CONFIRM
MISC (link is external)
freetype — freetype The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. 2015-02-08 7.5 CVE-2014-9665
CONFIRM
CONFIRM
MISC (link is external)
freetype — freetype The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. 2015-02-08 7.5 CVE-2014-9666
CONFIRM
MISC (link is external)
freetype — freetype sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. 2015-02-08 7.5 CVE-2014-9667
CONFIRM
MISC (link is external)
freetype — freetype The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. 2015-02-08 7.5 CVE-2014-9668
CONFIRM
MISC (link is external)
freetype — freetype Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. 2015-02-08 7.5 CVE-2014-9669
CONFIRM
MISC (link is external)
freetype — freetype Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. 2015-02-08 7.5 CVE-2014-9673
CONFIRM
MISC (link is external)
freetype — freetype The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. 2015-02-08 7.5 CVE-2014-9674
CONFIRM
CONFIRM
MISC (link is external)
google — chrome Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. 2015-02-06 7.5 CVE-2015-1209
CONFIRM
CONFIRM (link is external)
XF (link is external)
UBUNTU (link is external)
SECTRACK (link is external)
BID (link is external)
SECUNIA (link is external)
SECUNIA (link is external)
REDHAT (link is external)
google — chrome The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. 2015-02-06 7.5 CVE-2015-1211
CONFIRM (link is external)
XF (link is external)
UBUNTU (link is external)
SECTRACK (link is external)
BID (link is external)
SECUNIA (link is external)
SECUNIA (link is external)
REDHAT (link is external)
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-02-06 7.5 CVE-2015-1212
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
XF (link is external)
UBUNTU (link is external)
SECTRACK (link is external)
BID (link is external)
SECUNIA (link is external)
SECUNIA (link is external)
REDHAT (link is external)
holding_pattern_project — holding_pattern Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. 2015-02-11 7.5 CVE-2015-1172
BID (link is external)
MISC (link is external)
ibm — tivoli_storage_manager dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file. 2015-02-12 7.2 CVE-2014-6185
XF (link is external)
AIXAPAR (link is external)
k7computing — anti-virus_plus K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call. 2015-02-06 7.2 CVE-2014-9643
OSVDB
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
microsoft — windows_2003_server The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka “Group Policy Remote Code Execution Vulnerability.” 2015-02-10 8.3 CVE-2015-0008
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0017
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0037, CVE-2015-0040, and CVE-2015-0066. 2015-02-10 9.3 CVE-2015-0018
microsoft — internet_explorer Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-02-10 9.3 CVE-2015-0019
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0017, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0020
microsoft — internet_explorer Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-02-10 9.3 CVE-2015-0021
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0022
microsoft — internet_explorer Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0025. 2015-02-10 9.3 CVE-2015-0023
microsoft — internet_explorer Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0023. 2015-02-10 9.3 CVE-2015-0025
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0026
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0035, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068. 2015-02-10 9.3 CVE-2015-0027
microsoft — internet_explorer Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0048. 2015-02-10 9.3 CVE-2015-0028
microsoft — internet_explorer Microsoft Internet Explorer 6 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-02-10 9.3 CVE-2015-0029
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0030
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0036, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0031
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0027, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068. 2015-02-10 9.3 CVE-2015-0035
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0041. 2015-02-10 9.3 CVE-2015-0036
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0018, CVE-2015-0040, and CVE-2015-0066. 2015-02-10 9.3 CVE-2015-0037
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0042 and CVE-2015-0046. 2015-02-10 9.3 CVE-2015-0038
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0052, and CVE-2015-0068. 2015-02-10 9.3 CVE-2015-0039
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0066. 2015-02-10 9.3 CVE-2015-0040
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0036. 2015-02-10 9.3 CVE-2015-0041
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0038 and CVE-2015-0046. 2015-02-10 9.3 CVE-2015-0042
microsoft — internet_explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-02-10 9.3 CVE-2015-0043
microsoft — internet_explorer Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-8967 and CVE-2015-0050. 2015-02-10 9.3 CVE-2015-0044
microsoft — internet_explorer Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0053. 2015-02-10 9.3 CVE-2015-0045
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0038 and CVE-2015-0042. 2015-02-10 9.3 CVE-2015-0046
microsoft — internet_explorer Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0028. 2015-02-10 9.3 CVE-2015-0048
microsoft — internet_explorer Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-02-10 9.3 CVE-2015-0049
microsoft — internet_explorer Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-8967 and CVE-2015-0044. 2015-02-10 9.3 CVE-2015-0050
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0068. 2015-02-10 9.3 CVE-2015-0052
microsoft — internet_explorer Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0045. 2015-02-10 9.3 CVE-2015-0053
microsoft — windows_2003_server win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” 2015-02-10 7.2 CVE-2015-0057
microsoft — windows_8.1 Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka “Windows Cursor Object Double Free Vulnerability.” 2015-02-10 7.2 CVE-2015-0058
microsoft — windows_2003_server Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka “Windows Create Process Elevation of Privilege Vulnerability.” 2015-02-10 7.2 CVE-2015-0062
microsoft — excel Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Excel Remote Code Execution Vulnerability.” 2015-02-10 9.3 CVE-2015-0063
microsoft — office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “Office Remote Code Execution Vulnerability.” 2015-02-10 9.3 CVE-2015-0064
microsoft — word Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “OneTableDocumentStream Remote Code Execution Vulnerability.” 2015-02-10 9.3 CVE-2015-0065
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0040. 2015-02-10 9.3 CVE-2015-0066
microsoft — internet_explorer Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-02-10 9.3 CVE-2015-0067
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0052. 2015-02-10 9.3 CVE-2015-0068
pragyan_cms_project — pragyan_cms SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. 2015-02-12 7.5 CVE-2015-1471
MISC (link is external)
CONFIRM (link is external)
MISC (link is external)
MISC (link is external)
MLIST
FULLDISC
MISC (link is external)
privoxy — privoxy Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) “two additional unconfirmed use-after-free complaints made by Coverity scan.” NOTE: some of these details are obtained from third party information. 2015-02-10 7.5 CVE-2015-1031
MLIST (link is external)
redaxscript — redaxscript SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. 2015-02-11 7.5 CVE-2015-1518
BUGTRAQ (link is external)
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
siphon — siphone_enterprise_pbx SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. 2015-02-06 7.5 CVE-2015-1513
XF (link is external)
MISC (link is external)
trendmicro — tmeext.sys The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call. 2015-02-06 7.2 CVE-2014-9641
OSVDB
MISC (link is external)
EXPLOIT-DB (link is external)
yuba — u5cms Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php. 2015-02-11 7.5 CVE-2015-1576
MISC (link is external)
MISC (link is external)

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acme — mini_httpd mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. 2015-02-10 5.0 CVE-2015-1548
MISC (link is external)
apache — activemq Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-12 4.3 CVE-2014-8110
XF (link is external)
BID (link is external)
MLIST
apache — wss4j Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to “wrapping attacks.” 2015-02-12 5.0 CVE-2015-0227
BID (link is external)
cisco — adaptive_security_appliance_software The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577. 2015-02-06 6.3 CVE-2013-5557
cisco — prime_infrastructure The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a “cross-frame scripting (XFS)” issue, aka Bug ID CSCuj42444. 2015-02-11 4.3 CVE-2014-2147
cisco — prime_infrastructure Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. 2015-02-11 6.8 CVE-2014-2152
cisco — prime_infrastructure Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869. 2015-02-11 4.3 CVE-2014-2153
cisco — prime_security_manager Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808. 2015-02-11 4.3 CVE-2014-3365
cisco — secure_access_control_system Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. 2015-02-11 6.5 CVE-2015-0580
cisco — unified_ip_phones_9900_series_firmware The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. 2015-02-07 5.0 CVE-2015-0600
XF (link is external)
BID (link is external)
cisco — unified_ip_phones_9900_series_firmware Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790. 2015-02-06 4.6 CVE-2015-0601
XF (link is external)
BID (link is external)
cisco — unified_ip_phones_9900_series_firmware The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. 2015-02-07 5.0 CVE-2015-0602
XF (link is external)
BID (link is external)
cisco — unified_ip_phones_9900_series_firmware Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone’s filesystem, aka Bug ID CSCup90474. 2015-02-06 4.6 CVE-2015-0603
XF (link is external)
BID (link is external)
cisco — unified_ip_phones_9900_series_firmware The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone’s filesystem via crafted HTTP requests, aka Bug ID CSCup90424. 2015-02-06 5.0 CVE-2015-0604
XF (link is external)
BID (link is external)
SECUNIA (link is external)
cisco — asyncos The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. 2015-02-06 4.3 CVE-2015-0605
XF (link is external)
BID (link is external)
SECUNIA (link is external)
cisco — ios The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. 2015-02-11 4.9 CVE-2015-0606
cisco — ios Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCun21071. 2015-02-11 4.3 CVE-2015-0610
cisco — telepresence_system_software_ix The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account’s access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. 2015-02-11 6.5 CVE-2015-0611
cisco — adaptive_security_appliance_software Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL outage) via multiple crafted HTTP requests, aka Bug ID CSCue05458. 2015-02-11 5.0 CVE-2015-0619
dotnetnuke — dotnetnuke Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-09 4.3 CVE-2015-1566
elegant_themes — divi Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. 2015-02-11 5.0 CVE-2015-1579
EXPLOIT-DB (link is external)
epignosis — efront Multiple cross-site request forgery (CSRF) vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that (1) delete modules via the delete_module parameter, (2) deactivate modules via the deactivate_module parameter, (3) activate modules via the activate_module parameter, (4) delete users via the delete_user parameter, (5) deactivate users via the deactivate_user parameter, (6) activate users via the activate_user parameter, (7) activate themes via the set_theme parameter, (8) deactivate themes via the set_theme parameter, (9) delete themes via the delete parameter, (10) deactivate events (user registration or email activation) via the deactivate_notification parameter, (11) activate events via the activate_notification parameter, (12) delete events via the delete_notification parameter, (13) deactivate language settings via the deactivate_language parameter, (14) activate language settings via the activate_language parameter, (15) delete language settings via the delete_language parameter, or (16) activate or deactivate the autologin feature for a user via a crafted maintenance request. 2015-02-10 6.8 CVE-2015-1559
XF (link is external)
BID (link is external)
MISC (link is external)
MLIST
MLIST
FULLDISC
fancyfon — famoc Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the (1) LoginForm[username] to ui/system/login or the (2) order or (3) myorgs to index.php. 2015-02-06 4.3 CVE-2015-1512
MISC (link is external)
XF (link is external)
MISC (link is external)
fli4l — fli4l Multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary web script or HTML via the (1) conntrack.cgi, (2) index.cgi, (3) log_syslog.cgi, (4) problems.cgi, (5) status.cgi, (6) status_network.cgi, or (7) status_system.cgi script in admin/. 2015-02-06 4.3 CVE-2015-1444
XF (link is external)
MLIST
MLIST
fortinet — forticlient Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate. 2015-02-10 4.3 CVE-2015-1569
MISC (link is external)
FULLDISC
fortinet — forticlient The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate. 2015-02-10 4.3 CVE-2015-1570
MISC (link is external)
FULLDISC
fortinet — fortios The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers’ installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. 2015-02-10 4.3 CVE-2015-1571
MISC (link is external)
FULLDISC
freetype — freetype Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. 2015-02-08 5.0 CVE-2014-9670
CONFIRM
MISC (link is external)
freetype — freetype Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. 2015-02-08 5.0 CVE-2014-9671
CONFIRM
MISC (link is external)
freetype — freetype Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file. 2015-02-08 6.4 CVE-2014-9672
CONFIRM
MISC (link is external)
freetype — freetype bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font. 2015-02-08 5.0 CVE-2014-9675
CONFIRM
MISC (link is external)
ge — 12400_level_transmitter_device_type_manager Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. 2015-02-07 5.0 CVE-2014-9203
google — chrome The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. 2015-02-06 5.0 CVE-2015-1210
CONFIRM
CONFIRM (link is external)
XF (link is external)
UBUNTU (link is external)
SECTRACK (link is external)
BID (link is external)
SECUNIA (link is external)
SECUNIA (link is external)
REDHAT (link is external)
hitachi — compute_systems_manager Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-09 4.3 CVE-2015-1565
homepage_decorator — perltreebbs Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-12 4.3 CVE-2015-0873
ibm — infosphere_biginsights The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack. 2015-02-12 5.0 CVE-2014-4781
XF (link is external)
ibm — tivoli_storage_manager Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors. 2015-02-12 6.9 CVE-2014-4813
XF (link is external)
AIXAPAR (link is external)
ibm — business_process_manager The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter. 2015-02-12 4.0 CVE-2014-6139
ibm — optim_performance_manager Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL. 2015-02-12 5.0 CVE-2014-6154
XF (link is external)
info-zip — unzip unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. 2015-02-06 5.0 CVE-2014-9636
UBUNTU (link is external)
BID (link is external)
DEBIAN
MLIST
MLIST
MLIST
MLIST
FEDORA
FEDORA
jython_project — jython Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. 2015-02-13 4.6 CVE-2013-2027
MISC (link is external)
SUSE
mantisbt — mantisbt The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a “:/” (colon slash) separator in the return parameter to login_page.php, a different vulnerability than CVE-2014-6316. 2015-02-10 5.8 CVE-2015-1042
CONFIRM
MLIST (link is external)
MLIST (link is external)
FULLDISC
MISC (link is external)
mcafee — data_loss_prevention_endpoint McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call. 2015-02-06 6.9 CVE-2015-1305
XF (link is external)
OSVDB
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
microsoft — office Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka “Microsoft Office Component Use After Free Vulnerability.” 2015-02-10 4.3 CVE-2014-6362
microsoft — windows_2003_server win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” 2015-02-10 6.9 CVE-2015-0003
microsoft — virtual_machine_manager Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka “Virtual Machine Manager Elevation of Privilege Vulnerability.” 2015-02-10 6.9 CVE-2015-0012
microsoft — internet_explorer Microsoft Internet Explorer 8 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka “Internet Explorer ASLR Bypass Vulnerability.” 2015-02-10 4.3 CVE-2015-0051
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability.” 2015-02-10 4.3 CVE-2015-0054
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability.” 2015-02-10 4.3 CVE-2015-0055
microsoft — windows_2003_server win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted TrueType font, aka “TrueType Font Parsing Remote Code Execution Vulnerability.” 2015-02-10 6.9 CVE-2015-0059
microsoft — windows_2003_server The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka “Windows Font Driver Denial of Service Vulnerability.” 2015-02-10 4.7 CVE-2015-0060
microsoft — windows_2003_server Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka “TIFF Processing Information Disclosure Vulnerability.” 2015-02-10 4.3 CVE-2015-0061
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka “Internet Explorer ASLR Bypass Vulnerability.” 2015-02-10 4.3 CVE-2015-0069
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka “Internet Explorer Cross-domain Information Disclosure Vulnerability.” 2015-02-10 4.3 CVE-2015-0070
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka “Internet Explorer ASLR Bypass Vulnerability.” 2015-02-10 4.3 CVE-2015-0071
microsoft — internet_explorer Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka “Universal XSS (UXSS).” 2015-02-07 4.3 CVE-2015-0072
MISC (link is external)
XF (link is external)
BID (link is external)
BUGTRAQ (link is external)
MISC (link is external)
SECUNIA (link is external)
FULLDISC
MISC (link is external)
MISC (link is external)
MISC (link is external)
mobile_domain_project — mobile_domain Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) domain, (3) text, (4) font, (5) fontcolor, (6) color, or (7) padding parameter in an add-domain action in the mobile-domain page to wp-admin/options-general.php. 2015-02-11 6.8 CVE-2015-1581
MISC (link is external)
netapp — oncommand_balance NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. 2015-02-06 4.0 CVE-2014-9354
openldap — openldap The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. 2015-02-12 5.0 CVE-2015-1545
CONFIRM
BID (link is external)
MLIST (link is external)
CONFIRM
openldap — openldap Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. 2015-02-12 5.0 CVE-2015-1546
CONFIRM
MLIST (link is external)
CONFIRM
ovirt — ovirt Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API request. 2015-02-13 6.8 CVE-2014-0151
CONFIRM (link is external)
REDHAT (link is external)
ovirt — ovirt oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. 2015-02-13 5.0 CVE-2014-0154
phpbb — phpbb Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to “Relative Path Overwrite.” 2015-02-10 4.3 CVE-2015-1431
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
XF (link is external)
BID (link is external)
MLIST
phpbb — phpbb The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors. 2015-02-10 6.8 CVE-2015-1432
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
XF (link is external)
BID (link is external)
MLIST
plainblack — webgui Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field. 2015-02-09 4.3 CVE-2015-1564
MISC (link is external)
FULLDISC
redirection_project — redirection Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) source or (3) redir parameter in an add action in the redirection-page to wp-admin/options-general.php. 2015-02-11 6.8 CVE-2015-1580
MISC (link is external)
samba — rsync rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. 2015-02-12 6.4 CVE-2014-9512
CONFIRM
MISC (link is external)
SUSE
saurus — saurus_cms Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to admin/user_management.php, (2) data_search parameter to /admin/profile_data.php, or (3) filter parameter to error_log.php. 2015-02-09 4.3 CVE-2015-1562
CONFIRM (link is external)
MLIST (link is external)
MISC (link is external)
MISC (link is external)
FULLDISC
shiromuku — guestbook Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-07 4.3 CVE-2015-0871
studio.gd — gd_infinite_scroll Cross-site scripting (XSS) vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the “edit gd infinite scroll settings” permission to inject arbitrary web script or HTML via unspecified vectors. 2015-02-09 4.3 CVE-2015-1567
XF (link is external)
studio.gd — gd_infinite_scroll Cross-site request forgery (CSRF) vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the “edit gd infinite scroll settings” permission for requests that delete settings via unspecified vectors. 2015-02-09 6.8 CVE-2015-1568
XF (link is external)
web-dorado — spider_facebook Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to inject arbitrary web script or HTML via the (2) asc_or_desc, (3) order_by, (4) page_number, (5) serch_or_not, or (6) search_events_by_title parameter in (a) the Spider_Facebook_manage page to wp-admin/admin.php or a (b) selectpagesforfacebook or (c) selectpostsforfacebook action to wp-admin/admin-ajax.php. 2015-02-11 4.3 CVE-2015-1582
MISC (link is external)
webmin — webmin The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. 2015-02-10 4.9 CVE-2015-1377
yuba — u5cms Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php. 2015-02-11 4.3 CVE-2015-1575
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
yuba — u5cms Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter. 2015-02-11 6.4 CVE-2015-1577
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
yuba — u5cms Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admin/pidvesa.php or (2) uri parameter to u5admin/meta2.php. 2015-02-11 5.8 CVE-2015-1578
MISC (link is external)
MISC (link is external)

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cloudera — cloudera_manager Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password. 2015-02-10 2.1 CVE-2014-8733
digium — asterisk Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs. 2015-02-09 3.5 CVE-2015-1558
SECTRACK (link is external)
BUGTRAQ (link is external)
FULLDISC
gnu — grep The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. 2015-02-12 2.1 CVE-2015-1345
MLIST (link is external)
SUSE
CONFIRM
CONFIRM
ibm — websphere_mq IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query. 2015-02-12 3.5 CVE-2014-4771
XF (link is external)
AIXAPAR (link is external)
ibm — websphere_portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-02-12 3.5 CVE-2014-8909
XF (link is external)
AIXAPAR (link is external)
microsoft — windows_2003_server The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka “Group Policy Security Feature Bypass Vulnerability.” 2015-02-10 3.3 CVE-2015-0009
microsoft — windows_2003_server The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token’s level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka “CNG Security Feature Bypass Vulnerability” or MSRC ID 20707. 2015-02-10 1.9 CVE-2015-0010
MISC (link is external)
xen — xen The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. 2015-02-09 2.1 CVE-2015-1563
SECTRACK (link is external)
MLIST (link is external)

 

February 16, 2015 - Posted by | Alerts, IT Security, NewsUpdate, Security, Security Alerts, Security Issues, US-CERT | , , , , , , , , , , , , , , , , , , , , , ,

Sorry, the comment form is closed at this time.