ECI Blog @WordPress

Latest news from the ECI Networks Group

SB15-166 Vulnerability Summary for the Week of June 8, 2015

Original release date: June 15, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — air Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. 2015-06-09 10.0 CVE-2015-3100
CONFIRM (link is external)
adobe — air Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3106 and CVE-2015-3107. 2015-06-09 10.0 CVE-2015-3103
CONFIRM (link is external)
adobe — air Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. 2015-06-09 10.0 CVE-2015-3104
CONFIRM (link is external)
adobe — air Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2015-06-09 10.0 CVE-2015-3105
CONFIRM (link is external)
adobe — air Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107. 2015-06-09 10.0 CVE-2015-3106
CONFIRM (link is external)
adobe — air Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106. 2015-06-09 10.0 CVE-2015-3107
CONFIRM (link is external)
apache — tomcat Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (memory consumption) via a series of aborted upload attempts. 2015-06-07 7.8 CVE-2014-0230
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST (link is external)
beckhoff — ipc_diagnostics Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi. 2015-06-08 9.0 CVE-2015-4051
MISC (link is external)
FULLDISC
CONFIRM (link is external)
buffalotech — bhr-4grv2_firmware The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. 2015-06-08 7.7 CVE-2014-9284
JVNDB (link is external)
JVN (link is external)
cisco — edge_340_firmware Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132. 2015-06-07 7.2 CVE-2015-0767
CISCO (link is external)
comodo — geekbuddy Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server. 2015-06-09 7.2 CVE-2014-7872
EXPLOIT-DB (link is external)
OSVDB
linux — linux_kernel Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. 2015-06-07 9.0 CVE-2015-4001
CONFIRM (link is external)
MLIST (link is external)
CONFIRM
linux — linux_kernel drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. 2015-06-07 9.0 CVE-2015-4002
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
CONFIRM
CONFIRM
linux — linux_kernel The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. 2015-06-07 7.8 CVE-2015-4003
CONFIRM (link is external)
MLIST (link is external)
CONFIRM
linux — linux_kernel The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. 2015-06-07 8.5 CVE-2015-4004
MLIST
MLIST (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-06-09 9.3 CVE-2015-1687
MS (link is external)
microsoft — windows_7 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Microsoft Windows Kernel Use After Free Vulnerability.” 2015-06-09 7.2 CVE-2015-1720
MS (link is external)
microsoft — windows_7 The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka “Win32k Null Pointer Dereference Vulnerability.” 2015-06-09 7.2 CVE-2015-1721
MS (link is external)
microsoft — windows_7 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability.” 2015-06-09 7.2 CVE-2015-1722
MS (link is external)
microsoft — windows_7 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Microsoft Windows Station Use After Free Vulnerability.” 2015-06-09 7.2 CVE-2015-1723
MS (link is external)
microsoft — windows_7 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Microsoft Windows Kernel Object Use After Free Vulnerability.” 2015-06-09 7.2 CVE-2015-1724
MS (link is external)
microsoft — windows_7 Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Win32k Buffer Overflow Vulnerability.” 2015-06-09 7.2 CVE-2015-1725
MS (link is external)
microsoft — windows_7 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Microsoft Windows Kernel Brush Object Use After Free Vulnerability.” 2015-06-09 7.2 CVE-2015-1726
MS (link is external)
microsoft — windows_7 Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka “Win32k Pool Buffer Overflow Vulnerability.” 2015-06-09 7.2 CVE-2015-1727
MS (link is external)
microsoft — windows_media_player Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka “Windows Media Player RCE via DataObject Vulnerability.” 2015-06-09 9.3 CVE-2015-1728
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-06-09 9.3 CVE-2015-1730
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1736, CVE-2015-1737, and CVE-2015-1755. 2015-06-09 9.3 CVE-2015-1731
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1742, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753. 2015-06-09 9.3 CVE-2015-1732
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1740, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766. 2015-06-09 9.3 CVE-2015-1735
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1731, CVE-2015-1737, and CVE-2015-1755. 2015-06-09 9.3 CVE-2015-1736
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1755. 2015-06-09 9.3 CVE-2015-1737
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1735, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766. 2015-06-09 9.3 CVE-2015-1740
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1752. 2015-06-09 9.3 CVE-2015-1741
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1732, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753. 2015-06-09 9.3 CVE-2015-1742
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1745, and CVE-2015-1766. 2015-06-09 9.3 CVE-2015-1744
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1766. 2015-06-09 9.3 CVE-2015-1745
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1750, and CVE-2015-1753. 2015-06-09 9.3 CVE-2015-1747
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1753. 2015-06-09 9.3 CVE-2015-1750
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-06-09 9.3 CVE-2015-1751
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1741. 2015-06-09 9.3 CVE-2015-1752
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1750. 2015-06-09 9.3 CVE-2015-1753
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2015-06-09 9.3 CVE-2015-1754
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1737. 2015-06-09 9.3 CVE-2015-1755
MS (link is external)
microsoft — windows_7 Use-after-free vulnerability in Microsoft Common Controls in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted web site that is accessed with the F12 Developer Tools feature of Internet Explorer, aka “Microsoft Common Control Use After Free Vulnerability.” 2015-06-09 9.3 CVE-2015-1756
MS (link is external)
microsoft — office_compatibility_pack Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2015-06-09 9.3 CVE-2015-1759
MS (link is external)
microsoft — office Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2015-06-09 9.3 CVE-2015-1760
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1745. 2015-06-09 9.3 CVE-2015-1766
MS (link is external)
microsoft — windows_2003_server win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka “Win32k Memory Corruption Elevation of Privilege Vulnerability.” 2015-06-09 7.2 CVE-2015-1768
MS (link is external)
microsoft — office_2013 Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Uninitialized Memory Use Vulnerability.” 2015-06-09 9.3 CVE-2015-1770
MS (link is external)
microsoft — windows_7 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” 2015-06-09 7.2 CVE-2015-2360
MS (link is external)
montala — resourcespace Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter. 2015-06-09 7.5 CVE-2015-3648
MISC (link is external)
BUGTRAQ (link is external)
CONFIRM (link is external)
MISC (link is external)
novell — zenworks_configuration_management Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. 2015-06-07 10.0 CVE-2010-5323
CONFIRM (link is external)
CONFIRM (link is external)
MISC (link is external)
EXPLOIT-DB (link is external)
novell — zenworks_configuration_management Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323. 2015-06-07 10.0 CVE-2010-5324
CONFIRM (link is external)
CONFIRM (link is external)
MISC (link is external)
MISC (link is external)
novell — zenworks_configuration_management Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324. 2015-06-07 10.0 CVE-2015-0779
CONFIRM (link is external)
EXPLOIT-DB (link is external)
MISC (link is external)
MISC (link is external)
FULLDISC
php — php The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. 2015-06-09 7.5 CVE-2015-3307
CONFIRM (link is external)
CONFIRM (link is external)
php — php Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. 2015-06-09 7.5 CVE-2015-3329
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
php — php Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. 2015-06-09 7.5 CVE-2015-4022
CONFIRM (link is external)
CONFIRM (link is external)
php — php PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. 2015-06-09 7.5 CVE-2015-4025
CONFIRM (link is external)
CONFIRM (link is external)
php — php The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. 2015-06-09 7.5 CVE-2015-4026
CONFIRM (link is external)
CONFIRM (link is external)
php — php The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a “type confusion” issue. 2015-06-09 7.5 CVE-2015-4147
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
pivotal_software — redis Redis before 2.8.1 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. 2015-06-09 10.0 CVE-2015-4335
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
MLIST (link is external)
MLIST (link is external)
DEBIAN
MISC (link is external)
sybase — adaptive_server_enterprise SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995. 2015-06-08 7.5 CVE-2014-6284
MISC (link is external)
sysaid — sysaid SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. 2015-06-08 7.5 CVE-2015-2993
CONFIRM (link is external)
FULLDISC
MISC (link is external)
sysaid — sysaid Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum. 2015-06-08 8.5 CVE-2015-2996
CONFIRM (link is external)
FULLDISC
MISC (link is external)
sysaid — sysaid SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack. 2015-06-08 7.8 CVE-2015-3000
CONFIRM (link is external)
FULLDISC
MISC (link is external)
t1utils_project — t1utils Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. 2015-06-08 7.5 CVE-2015-3905
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM
MLIST (link is external)
MLIST (link is external)
UBUNTU (link is external)
usersultra — usersultra Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php. 2015-06-09 7.5 CVE-2015-4109
CONFIRM
BUGTRAQ (link is external)
MISC (link is external)
zohocorp — manageengine_netflow_analyzer Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role. 2015-06-08 7.5 CVE-2015-2959
CONFIRM (link is external)
JVNDB (link is external)
JVN (link is external)

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — air Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass a CVE-2014-5333 protection mechanism via unspecified vectors. 2015-06-09 6.8 CVE-2015-3096
CONFIRM (link is external)
adobe — air Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address. 2015-06-09 5.0 CVE-2015-3097
CONFIRM (link is external)
adobe — air Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3099 and CVE-2015-3102. 2015-06-09 5.0 CVE-2015-3098
CONFIRM (link is external)
adobe — air Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3102. 2015-06-09 5.0 CVE-2015-3099
CONFIRM (link is external)
adobe — air The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, when Internet Explorer is used, allows attackers to perform a transition from Low Integrity to Medium Integrity via unspecified vectors. 2015-06-09 4.3 CVE-2015-3101
CONFIRM (link is external)
adobe — air Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3099. 2015-06-09 5.0 CVE-2015-3102
CONFIRM (link is external)
adobe — air Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. 2015-06-09 5.0 CVE-2015-3108
CONFIRM (link is external)
apache — tomcat The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. 2015-06-07 5.0 CVE-2014-7810
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
cisco — firesight_system_software Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099. 2015-06-12 4.3 CVE-2015-0737
CISCO (link is external)
cisco — telepresence_tc_software CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341. 2015-06-07 5.0 CVE-2015-0770
CISCO (link is external)
cisco — ios The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505. 2015-06-12 6.3 CVE-2015-0771
CISCO (link is external)
cisco — firesight_system_software Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user’s dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078. 2015-06-12 5.5 CVE-2015-0773
CISCO (link is external)
cisco — application_and_content_networking_system_software Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650. 2015-06-12 4.3 CVE-2015-0774
CISCO (link is external)
coppermine-gallery — coppermine_photo_gallery Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php. 2015-06-10 5.0 CVE-2015-3923
CONFIRM (link is external)
MISC (link is external)
dolibarr — dolibarr Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM before 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php. 2015-06-10 4.3 CVE-2015-3935
CONFIRM (link is external)
CONFIRM (link is external)
FULLDISC
MISC (link is external)
ektron — ektron_content_management_system Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action. 2015-06-09 5.8 CVE-2015-3624
BUGTRAQ (link is external)
MISC (link is external)
MISC (link is external)
encrypted_contact_form_project — encrypted_contact_form Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php. 2015-06-09 6.8 CVE-2015-4010
CONFIRM
CONFIRM
BUGTRAQ (link is external)
FULLDISC
hp — webinspect Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors. 2015-06-07 4.0 CVE-2015-2125
HP (link is external)
ibm — marketing_operations Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. 2015-06-07 4.0 CVE-2014-6222
CONFIRM (link is external)
AIXAPAR (link is external)
AIXAPAR (link is external)
AIXAPAR (link is external)
ibm — marketing_operations IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via unspecified vectors. 2015-06-07 4.0 CVE-2014-8887
CONFIRM (link is external)
AIXAPAR (link is external)
AIXAPAR (link is external)
AIXAPAR (link is external)
ibm — rational_collaborative_lifecycle_management Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2015-06-07 4.0 CVE-2015-0112
CONFIRM (link is external)
kankun — smartsocket The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2) obtain access to the device by encrypting messages. 2015-06-09 6.8 CVE-2015-4080
MISC (link is external)
BUGTRAQ (link is external)
libmspack_project — libmspack The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive. 2015-06-11 4.3 CVE-2014-9732
CONFIRM
MLIST (link is external)
libmspack_project — libmspack The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file. 2015-06-11 4.3 CVE-2015-4467
CONFIRM
MLIST (link is external)
CONFIRM
libmspack_project — libmspack Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file. 2015-06-11 4.3 CVE-2015-4468
CONFIRM
MLIST (link is external)
CONFIRM
libmspack_project — libmspack The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file. 2015-06-11 4.3 CVE-2015-4469
CONFIRM
MLIST (link is external)
CONFIRM
libmspack_project — libmspack Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive. 2015-06-11 4.3 CVE-2015-4470
CONFIRM
MLIST (link is external)
libmspack_project — libmspack Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive. 2015-06-11 4.3 CVE-2015-4471
CONFIRM (link is external)
CONFIRM
MLIST (link is external)
libmspack_project — libmspack Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file. 2015-06-11 6.8 CVE-2015-4472
CONFIRM
MLIST (link is external)
lighttpd — lighttpd mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. 2015-06-09 5.0 CVE-2015-3200
SECTRACK (link is external)
CONFIRM (link is external)
MISC (link is external)
magnifica_webscripts — anima_gallery Multiple directory traversal vulnerabilities in func.php in Magnifica Webscripts Anima Gallery 2.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme or (2) lang cookie parameter to AnimaGallery/. 2015-06-10 5.0 CVE-2015-4415
BUGTRAQ (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability.” 2015-06-09 6.8 CVE-2015-1739
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-1748. 2015-06-09 6.8 CVE-2015-1743
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka “Internet Explorer Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-1743. 2015-06-09 6.8 CVE-2015-1748
MS (link is external)
microsoft — windows_server_2008 Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka “ADFS XSS Elevation of Privilege Vulnerability.” 2015-06-09 4.3 CVE-2015-1757
MS (link is external)
microsoft — windows_7 Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, aka “Windows LoadLibrary EoP Vulnerability.” 2015-06-09 6.9 CVE-2015-1758
MS (link is external)
microsoft — exchange_server The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka “Exchange Server-Side Request Forgery Vulnerability.” 2015-06-09 4.3 CVE-2015-1764
MS (link is external)
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site. 2015-06-09 4.3 CVE-2015-1765
MS (link is external)
microsoft — exchange_server Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka “Exchange Cross-Site Request Forgery Vulnerability.” 2015-06-09 6.8 CVE-2015-1771
MS (link is external)
microsoft — exchange_server Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka “Exchange HTML Injection Vulnerability.” 2015-06-09 4.3 CVE-2015-2359
MS (link is external)
php — php ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. 2015-06-09 5.8 CVE-2015-2783
CONFIRM (link is external)
CONFIRM (link is external)
php — php The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a “deconfigured interpreter.” 2015-06-09 6.8 CVE-2015-3330
CONFIRM (link is external)
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
CONFIRM (link is external)
php — php The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. 2015-06-09 5.0 CVE-2015-4021
CONFIRM (link is external)
CONFIRM (link is external)
php — php Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. 2015-06-09 5.0 CVE-2015-4024
CONFIRM (link is external)
CONFIRM (link is external)
php — php The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a “type confusion” issue. 2015-06-09 5.0 CVE-2015-4148
CONFIRM (link is external)
CONFIRM (link is external)
MLIST (link is external)
sysaid — sysaid Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/. 2015-06-08 6.5 CVE-2015-2994
CONFIRM (link is external)
FULLDISC
MISC (link is external)
sysaid — sysaid SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. 2015-06-08 6.8 CVE-2015-2995
CONFIRM (link is external)
FULLDISC
MISC (link is external)
sysaid — sysaid SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message. 2015-06-08 5.0 CVE-2015-2997
CONFIRM (link is external)
FULLDISC
MISC (link is external)
sysaid — sysaid SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml. 2015-06-08 5.0 CVE-2015-2998
CONFIRM (link is external)
FULLDISC
MISC (link is external)
sysaid — sysaid Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp. 2015-06-08 6.5 CVE-2015-2999
CONFIRM (link is external)
FULLDISC
MISC (link is external)
sysaid — sysaid SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. 2015-06-08 5.0 CVE-2015-3001
CONFIRM (link is external)
FULLDISC
MISC (link is external)
wftpserver — wing_ftp_server Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html. 2015-06-10 6.8 CVE-2015-4108
CONFIRM (link is external)
BUGTRAQ (link is external)
BUGTRAQ (link is external)
BUGTRAQ (link is external)
MISC (link is external)
MISC (link is external)
xcloner — xcloner cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG[‘tarcompress’], (5) $_CONFIG[‘filename’], (6) $_CONFIG[‘exfile_tar’], (7) $_CONFIG[sqldump], (8) $_CONFIG[‘mysql_host’], (9) $_CONFIG[‘mysql_pass’], (10) $_CONFIG[‘mysql_user’], (11) $database_name, or (12) $sqlfile variable. 2015-06-10 6.5 CVE-2014-8603
MISC
MISC
xcloner — xcloner The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQL password in cleartext to a text box in the configuration panel, which allows remote attackers to obtain sensitive information via unspecified vectors. 2015-06-10 5.0 CVE-2014-8604
MISC
MISC
xcloner — xcloner The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/. 2015-06-10 5.0 CVE-2014-8605
MISC
MISC
xcloner — xcloner Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php. 2015-06-10 4.0 CVE-2014-8606
MISC
MISC
zanematthew — zm_ajax_login_&_register Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php. 2015-06-10 5.0 CVE-2015-4153
EXPLOIT-DB (link is external)
CONFIRM
BUGTRAQ (link is external)
MISC (link is external)
zanematthew — zm_ajax_login_&_register Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-06-10 4.3 CVE-2015-4465
CONFIRM
zarafa — zarafa_collaboration_platform provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock. 2015-06-09 6.6 CVE-2015-3436
CONFIRM (link is external)
FEDORA
FEDORA
zohocorp — manageengine_netflow_analyzer Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-06-08 4.3 CVE-2015-2960
CONFIRM (link is external)
JVNDB (link is external)
JVN (link is external)
zohocorp — manageengine_netflow_analyzer Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators. 2015-06-08 6.8 CVE-2015-2961
CONFIRM (link is external)
JVNDB (link is external)
JVN (link is external)
zohocorp — manageengine_netflow_analyzer Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. 2015-06-08 5.0 CVE-2015-4418
CONFIRM (link is external)

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ceph — ceph-deploy The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. 2015-06-08 2.1 CVE-2015-4053
BID (link is external)
MLIST (link is external)
MLIST (link is external)
CONFIRM (link is external)
ektron — ektron_content_management_system Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, (2) action, (3) folder_id, or (4) LangType parameter. 2015-06-09 3.5 CVE-2015-4427
BUGTRAQ (link is external)
MISC (link is external)
MISC (link is external)
ibm — marketing_operations Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-06-07 3.5 CVE-2014-6175
CONFIRM (link is external)
AIXAPAR (link is external)
AIXAPAR (link is external)
AIXAPAR (link is external)
microsoft — windows_7 The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka “Microsoft Windows Kernel Information Disclosure Vulnerability.” 2015-06-09 2.1 CVE-2015-1719
MS (link is external)
redhat — thermostat Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file. 2015-06-08 2.1 CVE-2015-3201
REDHAT (link is external)
CONFIRM
CONFIRM
strongswan — strongswan strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. 2015-06-10 2.6 CVE-2015-4171
CONFIRM
CONFIRM (link is external)
UBUNTU (link is external)
DEBIAN
SECTRACK (link is external)
MLIST (link is external)
MLIST (link is external)
MLIST (link is external)
xcloner — xcloner The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command. 2015-06-10 2.1 CVE-2014-8607
MISC
MISC

SB15-166 Vulnerability Summary for the Week of June 8, 2015 was originally published on Blogg'n @ ECI

June 18, 2015 - Posted by | IT Security, NewsUpdate, NIST, Security Alerts, Security Issues, US-CERT | , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sorry, the comment form is closed at this time.