ECI Blog @WordPress

Latest news from the ECI Networks Group

(SB15-054) Vulnerability Summary for the Week of February 16, 2015

Original release date: February 23, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — desktop_collaboration_experience_dx650 The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947. 2015-02-19 7.2 CVE-2015-0584
cisco — ios Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752. 2015-02-15 7.1 CVE-2015-0609
XF (link is external)
SECTRACK (link is external)
BID (link is external)
cisco — telepresence_mcu_4500_series_software Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an unspecified series of TCP packets, aka Bug ID CSCur50347. 2015-02-17 7.8 CVE-2015-0621
XF (link is external)
SECTRACK (link is external)
BID (link is external)
cisco — wireless_lan_controller The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861. 2015-02-18 7.1 CVE-2015-0622
elasticsearch — elasticsearch The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. 2015-02-17 7.5 CVE-2015-1427
XF (link is external)
BID (link is external)
BUGTRAQ (link is external)
MISC (link is external)
emc — documentum_d2 The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions. 2015-02-14 9.0 CVE-2015-0518
XF (link is external)
SECTRACK (link is external)
BID (link is external)
BUGTRAQ (link is external)
google — android Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values. 2015-02-15 10.0 CVE-2015-1474
CONFIRM (link is external)
infoblox — netmri Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request. 2015-02-20 10.0 CVE-2015-2033
MISC (link is external)
MISC (link is external)
lexmark — markvision_enterprise Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. 2015-02-16 9.0 CVE-2014-9375
MISC (link is external)
lg — on-screen_phone LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. 2015-02-17 8.3 CVE-2014-8757
XF (link is external)
BID (link is external)
BID (link is external)
BUGTRAQ (link is external)
FULLDISC
MISC (link is external)
maarch — gec/ged Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/. 2015-02-19 7.5 CVE-2015-1587
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
MISC (link is external)
mit — kerberos The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind. 2015-02-19 9.0 CVE-2014-5352
CONFIRM (link is external)
CONFIRM (link is external)
mit — kerberos The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind. 2015-02-19 9.0 CVE-2014-9421
CONFIRM (link is external)
CONFIRM (link is external)
motorola — motorola_scanner_sdk Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. 2015-02-16 7.2 CVE-2015-1496
MISC (link is external)
MISC (link is external)
MISC (link is external)
persistent_systems — radia_client_automation radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465. 2015-02-16 10.0 CVE-2015-1497
MISC (link is external)
persistent_systems — radia_client_automation Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via a addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or other unspecified impact. 2015-02-16 10.0 CVE-2015-1498
MISC (link is external)
powerpc-utils_project — powerpc-utils scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. 2015-02-19 10.0 CVE-2014-8165
CONFIRM (link is external)
XF (link is external)
BID (link is external)
MLIST (link is external)
samsung — samsung_security_manager The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. 2015-02-16 8.5 CVE-2015-1499
XF (link is external)
MISC (link is external)
sixapart — movabletype Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors. 2015-02-19 7.5 CVE-2015-1592
XF (link is external)
BID (link is external)
MLIST (link is external)
MLIST (link is external)
softsphere — defensewall_personal_firewall The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call. 2015-02-19 7.2 CVE-2015-1515
OSVDB
EXPLOIT-DB (link is external)

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adminsystems_cms_project — adminsystems_cms Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php. 2015-02-19 4.3 CVE-2015-1603
CONFIRM (link is external)
BID (link is external)
MLIST (link is external)
MLIST (link is external)
MLIST (link is external)
MISC (link is external)
MISC (link is external)
FULLDISC
MISC (link is external)
adminsystems_cms_project — adminsystems_cms Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/. 2015-02-19 6.5 CVE-2015-1604
CONFIRM (link is external)
BID (link is external)
MLIST (link is external)
MLIST (link is external)
MLIST (link is external)
MISC (link is external)
FULLDISC
MISC (link is external)
almail — al-mail32 Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment. 2015-02-20 5.8 CVE-2015-0878
almail — al-mail32 CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment. 2015-02-20 4.3 CVE-2015-0879
almail — al-mail32 Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment. 2015-02-20 6.8 CVE-2015-0880
apache — tomcat java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. 2015-02-15 6.4 CVE-2014-0227
CONFIRM
CONFIRM (link is external)
CONFIRM
BUGTRAQ (link is external)
apple — cups Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. 2015-02-19 6.8 CVE-2014-9679
CONFIRM
BID (link is external)
MLIST (link is external)
MLIST (link is external)
cisco — adaptive_security_appliance_software Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533. 2015-02-16 4.0 CVE-2014-8023
XF (link is external)
SECTRACK (link is external)
BID (link is external)
cisco — asr_5000_series_software Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13393. 2015-02-17 5.0 CVE-2015-0617
XF (link is external)
SECTRACK (link is external)
cisco — telepresence_management_suite The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494. 2015-02-17 4.0 CVE-2015-0620
XF (link is external)
SECTRACK (link is external)
cisco — web_security_appliance Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627. 2015-02-18 4.3 CVE-2015-0623
cisco — hosted_collaboration_solution The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114. 2015-02-18 4.3 CVE-2015-0626
cisco — web_security_appliance The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174. 2015-02-19 5.0 CVE-2015-0628
e2fsprogs_project — e2fsprogs Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. 2015-02-17 4.6 CVE-2015-0247
MISC
CONFIRM (link is external)
XF (link is external)
BID (link is external)
BUGTRAQ (link is external)
MANDRIVA (link is external)
MISC (link is external)
FEDORA
CONFIRM
easing_slider — easing_slider Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php. 2015-02-16 4.3 CVE-2015-1436
MISC (link is external)
XF (link is external)
BID (link is external)
BUGTRAQ (link is external)
MISC (link is external)
ektron — ektron_content_management_system The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue. 2015-02-13 5.0 CVE-2015-0923
CERT-VN
ektron — ektron_content_management_system Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a “resource injection” issue. 2015-02-13 6.8 CVE-2015-0931
CERT-VN
emc — documentum_d2 The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. 2015-02-14 4.0 CVE-2015-0517
XF (link is external)
SECTRACK (link is external)
BID (link is external)
BUGTRAQ (link is external)
exponentcms — exponent_cms Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) “First Name” or (4) “Last Name” field to users/edituser. 2015-02-19 4.3 CVE-2014-8690
XF (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
OSVDB
CONFIRM (link is external)
fancybox_project — fancybox The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the mfbfw parameter in an update action to wp-admin/admin-post.php, as exploited in the wild in February 2015. 2015-02-17 4.3 CVE-2015-1494
MISC
CONFIRM
BID (link is external)
MLIST (link is external)
MISC (link is external)
fastcgi — fcgi FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. 2015-02-19 5.0 CVE-2012-6687
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM
XF (link is external)
MLIST (link is external)
MLIST (link is external)
fatfreecrm — fat_free_crm Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account. 2015-02-19 6.8 CVE-2015-1585
CONFIRM (link is external)
XF (link is external)
BUGTRAQ (link is external)
MISC (link is external)
google — email The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a “Content-Disposition: ;” header in an e-mail message. 2015-02-15 5.0 CVE-2015-1574
BUGTRAQ (link is external)
FULLDISC
MISC (link is external)
MLIST (link is external)
MLIST (link is external)
MISC
google_doc_embedder — google_doc_embedder Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php. 2015-02-19 4.3 CVE-2015-1879
BID (link is external)
MISC (link is external)
hp — universal_configuration_management_database HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response. 2015-02-15 5.0 CVE-2014-7883
SECTRACK (link is external)
ibm — curam_social_program_management Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page. 2015-02-13 4.3 CVE-2014-4804
XF (link is external)
ibm — tivoli_endpoint_manager Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-15 4.3 CVE-2014-6113
XF (link is external)
ibm — tivoli_endpoint_manager Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-15 4.3 CVE-2014-6137
XF (link is external)
BID (link is external)
ibm — change_and_configuration_management_database Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname. 2015-02-16 4.0 CVE-2014-6194
XF (link is external)
ibm — content_navigator Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header. 2015-02-13 4.3 CVE-2014-8911
XF (link is external)
ibm — change_and_configuration_management_database Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109. 2015-02-17 4.3 CVE-2015-0108
XF (link is external)
image_metadata_cruncher_project — image_metadata_cruncher Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page. 2015-02-19 6.8 CVE-2015-1614
XF (link is external)
BUGTRAQ (link is external)
BUGTRAQ (link is external)
MISC (link is external)
instantasp — instantforum Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the SessionID parameter to (1) Join.aspx or (2) Logon.aspx. 2015-02-19 4.3 CVE-2014-9468
MISC (link is external)
FULLDISC
isc — bind named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. 2015-02-18 5.4 CVE-2015-1349
kallithea — kallithea RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method. 2015-02-16 4.0 CVE-2015-0260
XF (link is external)
BID (link is external)
MLIST
mcafee — data_loss_prevention_endpoint SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors. 2015-02-17 6.5 CVE-2015-1616
mcafee — data_loss_prevention_endpoint The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. 2015-02-17 4.0 CVE-2015-1618
mit — kerberos MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a ‘′ character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the ‘′ character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. 2015-02-20 5.0 CVE-2014-5355
CONFIRM (link is external)
mit — kerberos The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial “kadmind” substring, as demonstrated by a “ka/x” principal. 2015-02-19 6.1 CVE-2014-9422
CONFIRM (link is external)
CONFIRM (link is external)
mit — kerberos The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field. 2015-02-19 5.0 CVE-2014-9423
CONFIRM (link is external)
CONFIRM (link is external)
motorola — motorola_scanner_sdk Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. 2015-02-16 6.8 CVE-2015-1495
MISC (link is external)
MISC (link is external)
mylittleforum — my_little_forum Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php. 2015-02-16 6.5 CVE-2015-1434
MISC (link is external)
XF (link is external)
BID (link is external)
BUGTRAQ (link is external)
MISC (link is external)
mylittleforum — my_little_forum Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php. 2015-02-16 4.3 CVE-2015-1435
MISC (link is external)
XF (link is external)
BID (link is external)
BUGTRAQ (link is external)
MISC (link is external)
open-xchange — open-xchange_appsuite Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the “folder identifier.” 2015-02-17 4.0 CVE-2014-9466
XF (link is external)
SECTRACK (link is external)
BID (link is external)
BUGTRAQ (link is external)
MISC (link is external)
pivotal — spring_framework Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. 2015-02-19 5.0 CVE-2014-3578
REDHAT (link is external)
REDHAT (link is external)
CONFIRM (link is external)
pnmsoft — sequence_kinetics Multiple cross-site scripting (XSS) vulnerabilities in the tables-management module in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-19 4.3 CVE-2014-6301
MISC (link is external)
pnmsoft — sequence_kinetics The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2015-02-19 5.0 CVE-2014-6302
MISC (link is external)
pnmsoft — sequence_kinetics The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 do not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. 2015-02-19 5.0 CVE-2014-6303
MISC (link is external)
pnmsoft — sequence_kinetics The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors. 2015-02-19 5.0 CVE-2014-6304
MISC (link is external)
redhat — jboss_enterprise_application_platform The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. 2015-02-13 4.0 CVE-2014-7849
XF (link is external)
SECTRACK (link is external)
redhat — jboss_enterprise_application_platform The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. 2015-02-13 4.0 CVE-2014-7853
XF (link is external)
SECTRACK (link is external)
redhat — jboss_weld Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state. 2015-02-13 4.3 CVE-2014-8122
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
MISC (link is external)
XF (link is external)
SECTRACK (link is external)
rhodecode — rhodecode_enterprise RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method. 2015-02-16 4.0 CVE-2015-1613
siemens — simatic_step_7 Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user’s privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. 2015-02-17 4.4 CVE-2015-1356
siemens — wincc The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. 2015-02-17 5.0 CVE-2015-1358
solarwinds — server_and_application_monitor Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load. 2015-02-16 6.8 CVE-2015-1500
MISC (link is external)
solarwinds — server_and_application_monitor The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary. 2015-02-16 6.8 CVE-2015-1501
MISC (link is external)
squid-cache — squid CRLF injection vulnerability in Squid before 3.1.10 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. 2015-02-20 4.3 CVE-2015-0881
tibco — activematrix_management_agent The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors. 2015-02-18 6.4 CVE-2014-5286
CONFIRM (link is external)
topline_systems — opportunity_form Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors. 2015-02-15 4.0 CVE-2015-1608
x.org — xorg-server X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. 2015-02-13 6.4 CVE-2015-0255
DEBIAN
xen — xen The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register. 2015-02-16 4.9 CVE-2015-0268
XF (link is external)
SECTRACK (link is external)
BID (link is external)
zarafa — webapp senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. 2015-02-19 5.0 CVE-2014-9465
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
MLIST (link is external)
MISC (link is external)

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
d-bus_project — d-bus D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. 2015-02-13 1.9 CVE-2015-0245
MLIST (link is external)
DEBIAN
emc — captiva_capture The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. 2015-02-14 2.1 CVE-2015-0519
XF (link is external)
MISC (link is external)
BUGTRAQ (link is external)
gnu — cpio cpio 2.11, when using the –no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. 2015-02-19 1.9 CVE-2015-1197
MLIST
MISC
BID (link is external)
MLIST (link is external)
MLIST (link is external)
ibm — change_and_configuration_management_database IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation. 2015-02-16 2.1 CVE-2014-6102
XF (link is external)
ibm — flex_system_manager IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors. 2015-02-18 2.1 CVE-2014-6147
XF (link is external)
AIXAPAR (link is external)
ibm — tivoli_storage_manager The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors. 2015-02-13 1.9 CVE-2014-6195
XF (link is external)
ibm — change_and_configuration_management_database Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108. 2015-02-17 3.5 CVE-2015-0109
XF (link is external)
mcafee — data_loss_prevention_endpoint Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-02-17 3.5 CVE-2015-1617
mcafee — email_gateway Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. 2015-02-17 3.5 CVE-2015-1619
okb.co.jp — smartphone_passbook The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file. 2015-02-14 1.8 CVE-2015-0875
phusion — passenger Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. 2015-02-19 2.1 CVE-2014-1831
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM
MLIST (link is external)
MLIST (link is external)
FEDORA
phusion — passenger Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831. 2015-02-19 2.1 CVE-2014-1832
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM
MLIST (link is external)
MLIST (link is external)
FEDORA
redhat — jboss_enterprise_application_platform The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. 2015-02-13 3.5 CVE-2014-7827
XF (link is external)
SECTRACK (link is external)
siemens — simatic_step_7 Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. 2015-02-17 2.1 CVE-2015-1355
webform_prepopulate_block_project — webform_prepopulate_block Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-02-17 3.5 CVE-2015-1621
MLIST (link is external)

 

#post-1193 .CPlase_panel {display:none;}

(SB15-054) Vulnerability Summary for the Week of February 16, 2015 was originally published on Blogg'n @ ECI

March 1, 2015 - Posted by | IT Security, Security Alerts, Security Issues, US-CERT | , , , , , , , , , , , , ,

Sorry, the comment form is closed at this time.