ECI Blog @WordPress

Latest news from the ECI Networks Group

SB15-069 Vulnerability Summary for the Week of March 2, 2015

Original release date: March 10, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
clip-bucket — clipbucket SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. 2015-02-27 7.5 CVE-2015-2102
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
dns-sync_project — dns-sync The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. 2015-02-27 10.0 CVE-2014-9682
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
freebsd — freebsd Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. 2015-02-27 7.8 CVE-2015-1414
FREEBSD
DEBIAN
iij — seil/b1 npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.70 allows remote attackers to cause a denial of service (infinite loop and device hang) via a crafted SSTP packet. 2015-02-27 7.1 CVE-2015-0887
CONFIRM (link is external)
JVNDB (link is external)
JVN (link is external)
kent-web — joyful_note KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article. 2015-02-27 7.5 CVE-2015-0889
CONFIRM (link is external)
JVNDB (link is external)
JVN (link is external)
ninjaforms — ninja_forms Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. 2015-03-05 7.5 CVE-2014-9688
CONFIRM
photocati_media — photocrati SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. 2015-03-05 7.5 CVE-2015-2216
MISC (link is external)
symantec — netbackup_opscenter Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. 2015-03-05 10.0 CVE-2015-1483
CONFIRM (link is external)
BID (link is external)
web-dorado — spider_calendar SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. 2015-03-03 7.5 CVE-2015-2196
EXPLOIT-DB (link is external)

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
beehive_forum — beehive_forum Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message. 2015-03-03 4.3 CVE-2015-2198
EXPLOIT-DB (link is external)
CONFIRM (link is external)
bestwebsoft — captcha The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. 2015-03-03 5.0 CVE-2014-9283
CONFIRM
JVNDB (link is external)
JVN (link is external)
bestwebsoft — google_captcha The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. 2015-03-03 5.0 CVE-2015-0890
CONFIRM
JVNDB (link is external)
JVN (link is external)
canonical — ubuntu_linux The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. 2015-03-02 4.7 CVE-2015-0239
CONFIRM (link is external)
CONFIRM (link is external)
UBUNTU (link is external)
UBUNTU (link is external)
UBUNTU (link is external)
UBUNTU (link is external)
MLIST (link is external)
CONFIRM
MLIST
CONFIRM
checkpw_project — checkpw checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a — (dash dash) in a username. 2015-02-27 5.0 CVE-2015-0885
JVNDB (link is external)
JVN (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
cisco — secure_access_control_system Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. 2015-03-05 6.5 CVE-2014-2130
CISCO (link is external)
cisco — ios The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. 2015-03-05 6.8 CVE-2015-0598
CISCO (link is external)
cisco — ios The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. 2015-03-05 4.3 CVE-2015-0607
SECTRACK (link is external)
BID (link is external)
CONFIRM (link is external)
CISCO (link is external)
cisco — unified_web_and_e-mail_interaction_manager Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184. 2015-02-27 4.3 CVE-2015-0655
CISCO (link is external)
cisco — network_analysis_module_firmware Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. 2015-03-03 4.3 CVE-2015-0656
CISCO (link is external)
cisco — ios_xr Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. 2015-03-05 5.0 CVE-2015-0657
CISCO (link is external)
cisco — ios The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157. 2015-03-05 5.0 CVE-2015-0659
CISCO (link is external)
cisco — ios_xr The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. 2015-03-05 4.0 CVE-2015-0661
CISCO (link is external)
cosmoshop — cosmoshop Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter). 2015-02-27 4.3 CVE-2015-2103
BUGTRAQ (link is external)
MISC (link is external)
dlguard — dlguard DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php. 2015-03-04 5.0 CVE-2015-2209
MISC (link is external)
FULLDISC
ffmpeg — ffmpeg The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service (“invalid memory handler”) and possibly execute arbitrary code via a crafted video that triggers a use after free. 2015-02-27 6.8 CVE-2014-9676
MLIST
fortinet — fortimail Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. 2015-03-04 4.3 CVE-2014-8617
CONFIRM (link is external)
FULLDISC
fusion_project — fusion Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for WordPress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors. 2015-03-03 6.5 CVE-2015-2194
MISC (link is external)
hp — xp7_global_link_manager_software Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-03-03 4.3 CVE-2014-7896
HP (link is external)
ibm — notes_traveler_companion The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message. 2015-03-01 4.3 CVE-2014-8921
CONFIRM (link is external)
impliedbydesign — navigate Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-27 4.3 CVE-2015-2101
MISC
CONFIRM
CONFIRM
BID (link is external)
kent-web — clip_board KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors. 2015-02-27 6.4 CVE-2015-0888
CONFIRM (link is external)
JVNDB (link is external)
JVN (link is external)
linux — linux_kernel net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. 2015-03-02 5.0 CVE-2014-8160
CONFIRM (link is external)
CONFIRM (link is external)
UBUNTU (link is external)
UBUNTU (link is external)
UBUNTU (link is external)
UBUNTU (link is external)
MLIST (link is external)
MLIST (link is external)
CONFIRM
magic_hills — wonderplugin_audio_player Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. 2015-03-05 4.3 CVE-2015-2218
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
OSVDB
microsoft — windows_2003_server Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the “FREAK” issue. 2015-03-06 5.0 CVE-2015-1637
CONFIRM (link is external)
mindrot — jbcrypt Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent. 2015-02-27 5.0 CVE-2015-0886
CONFIRM
CONFIRM
JVNDB (link is external)
JVN (link is external)
netcat — netcat NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php. 2015-03-05 5.0 CVE-2015-2214
MISC (link is external)
FULLDISC
MISC (link is external)
ninjaforms — ninja_forms Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php. 2015-03-05 4.3 CVE-2015-2220
MISC
BUGTRAQ (link is external)
MISC (link is external)
sap — hana Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676. 2015-02-27 4.3 CVE-2015-2072
BID (link is external)
BUGTRAQ (link is external)
FULLDISC
MISC (link is external)
sap — businessobjects_edge SAP BussinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. 2015-02-27 5.0 CVE-2015-2075
BID (link is external)
BUGTRAQ (link is external)
FULLDISC
MISC (link is external)
sap — businessobjects_edge The Auditing service in SAP BussinessObjects Edge 4.0 allows remote attackers to obtains sensitive information by reading an audit event, aka SAP Note 2011395. 2015-02-27 5.0 CVE-2015-2076
BID (link is external)
BUGTRAQ (link is external)
FULLDISC
MISC (link is external)
services_single_sign-on_server_helper_project — services_single_sign-on_server_helper Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. 2015-03-05 5.8 CVE-2015-2215
MISC
BID (link is external)
sharelatex — sharelatex Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. 2015-03-03 6.5 CVE-2015-0934
CERT-VN
tips_and_tricks_hq — all_in_one_wordpress_security_and_firewall SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-03-06 6.0 CVE-2015-0894
CONFIRM
JVNDB (link is external)
JVN (link is external)
tisa — maroyaka_simple_board Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-03-04 4.3 CVE-2015-0891
JVNDB (link is external)
JVN (link is external)
MISC (link is external)
tisa — maroyaka_image_album Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-03-04 4.3 CVE-2015-0892
JVNDB (link is external)
JVN (link is external)
MISC (link is external)
tisa — maroyaka_relay_novel Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-03-04 4.3 CVE-2015-0893
JVNDB (link is external)
JVN (link is external)
MISC (link is external)
toshiba — bluetooth_stack Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. 2015-02-27 6.9 CVE-2015-0884
CERT-VN
CONFIRM (link is external)
CONFIRM (link is external)
MISC (link is external)
wonderplugin — audio_player Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. 2015-03-03 6.5 CVE-2015-2199
MISC (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
OSVDB
OSVDB
wp_media_cleaner_project — wp_media_cleaner Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php. 2015-03-03 4.3 CVE-2015-2195
BUGTRAQ (link is external)

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
canonical — ubuntu_linux Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. 2015-03-03 3.6 CVE-2014-9683
CONFIRM (link is external)
CONFIRM (link is external)
UBUNTU (link is external)
UBUNTU (link is external)
UBUNTU (link is external)
UBUNTU (link is external)
MLIST (link is external)
CONFIRM
CONFIRM
entity_api_project — entity_api Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API. 2015-03-03 3.5 CVE-2015-2197
MISC
CONFIRM
BID (link is external)
linux — linux_kernel The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. 2015-03-02 2.1 CVE-2013-7421
MISC (link is external)
MLIST
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
CONFIRM
CONFIRM
linux — linux_kernel The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421. 2015-03-02 2.1 CVE-2014-9644
MISC (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
CONFIRM
CONFIRM
sharelatex — sharelatex Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command. 2015-03-03 3.5 CVE-2015-0933
CERT-VN

SB15-069 Vulnerability Summary for the Week of March 2, 2015 was originally published on Blogg'n @ ECI

March 12, 2015 - Posted by | IT Security, NewsUpdate, NIST, Security Alerts, Security Issues, US-CERT | , , , , , , , , , , , , , , , , , , , ,

Sorry, the comment form is closed at this time.