ECI Blog @WordPress

Latest news from the ECI Networks Group

SB15-264 Vulnerability Summary for the Week of September 14th 2015

09/21/2015 06:23 AM EDT – Original release date: September 21, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — webaccess Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. 2015-09-11 10.0 CVE-2014-9208
MISC
apple — iphone_os IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. 2015-09-18 7.2 CVE-2015-5843
CONFIRM
APPLE
apple — iphone_os IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846. 2015-09-18 9.3 CVE-2015-5844
CONFIRM
APPLE
apple — iphone_os IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5846. 2015-09-18 9.3 CVE-2015-5845
CONFIRM
APPLE
apple — iphone_os IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845. 2015-09-18 9.3 CVE-2015-5846
CONFIRM
APPLE
apple — iphone_os The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. 2015-09-18 7.2 CVE-2015-5847
CONFIRM
APPLE
apple — iphone_os IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. 2015-09-18 7.2 CVE-2015-5848
CONFIRM
APPLE
apple — iphone_os IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2015-09-18 9.3 CVE-2015-5867
CONFIRM
APPLE
apple — iphone_os The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903. 2015-09-18 7.2 CVE-2015-5868
CONFIRM
APPLE
apple — itunes CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. 2015-09-18 7.5 CVE-2015-5874
APPLE
CONFIRM
CONFIRM
APPLE
apple — iphone_os dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2015-09-18 9.3 CVE-2015-5876
CONFIRM
APPLE
apple — iphone_os The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges. 2015-09-18 7.2 CVE-2015-5882
CONFIRM
APPLE
apple — iphone_os The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903. 2015-09-18 7.2 CVE-2015-5896
CONFIRM
APPLE
apple — iphone_os libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. 2015-09-18 7.2 CVE-2015-5899
CONFIRM
APPLE
apple — iphone_os The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896. 2015-09-18 10.0 CVE-2015-5903
CONFIRM
APPLE
asus — tm-1900 Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values. 2015-09-15 9.3 CVE-2015-6949
MISC
borland — accurev Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the the activate_doit function or (3) licfile parameter to the service_startup_doit functionality. 2015-09-15 9.3 CVE-2015-6946
MISC
MISC
MISC
checkmarx — cxsast Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission. 2015-09-16 9.0 CVE-2014-8778
BUGTRAQ
FULLDISC
MISC
ciphercoin — wp_limit_login_attempts Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header. 2015-09-16 7.5 CVE-2015-6829
MISC
CONFIRM
CONFIRM
MLIST
MLIST
ibm — websphere_portal IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. 2015-09-14 7.8 CVE-2015-1943
CONFIRM
AIXAPAR
ibm — http_server Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors. 2015-09-15 9.0 CVE-2015-4947
CONFIRM
AIXAPAR
AIXAPAR
ibs_mappro_project — ibs_mappro Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. 2015-09-15 7.8 CVE-2015-5472
MISC
CONFIRM
MISC
impero — impero_education_pro Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data. 2015-09-14 7.8 CVE-2015-5997
CERT-VN
impero — impero_education_pro Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command. 2015-09-14 10.0 CVE-2015-5998
CERT-VN
mindbite — sitefactory_cms Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx. 2015-09-11 7.8 CVE-2015-6914
MISC
montala — resourcespace SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the “user” cookie to plugins/feedback/pages/feedback.php. 2015-09-11 7.5 CVE-2015-6915
MISC
moxa — eds-405a_firmware The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. 2015-09-11 8.5 CVE-2015-6464
MISC
CONFIRM
mozilla — bugzilla Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address. 2015-09-13 7.5 CVE-2015-4499
BUGTRAQ
BUGTRAQ
CONFIRM
sis — windows_vga_display_manager Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call. 2015-09-16 7.2 CVE-2015-5465
MISC
EXPLOIT-DB
BUGTRAQ
FULLDISC
MISC
sma_solar_technology_ag — webbox_firmware SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors. 2015-09-11 10.0 CVE-2015-3964
MISC
synology — video_station SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. 2015-09-11 7.5 CVE-2015-6910
CONFIRM
CONFIRM
MISC
BUGTRAQ
FULLDISC
MISC
synology — video_station SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. 2015-09-11 7.5 CVE-2015-6911
CONFIRM
MISC
BUGTRAQ
FULLDISC
MISC
synology — video_station Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi. 2015-09-11 10.0 CVE-2015-6912
CONFIRM
MISC
BUGTRAQ
FULLDISC
MISC
teiko — farol SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. 2015-09-17 7.5 CVE-2015-6962
EXPLOIT-DB
unit4 — teta_web Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted “received parameters.” 2015-09-16 7.5 CVE-2015-1173
FULLDISC
MISC
yahoo — messenger Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file. 2015-09-11 9.3 CVE-2014-7216
MISC
MISC
BUGTRAQ
MISC

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
administration_views_project — administration_views The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler. 2015-09-17 5.0 CVE-2015-7226
MISC
CONFIRM
CONFIRM
apple — iphone_os The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. 2015-09-18 4.3 CVE-2015-5764
CONFIRM
APPLE
apple — iphone_os The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. 2015-09-18 4.3 CVE-2015-5765
CONFIRM
APPLE
apple — iphone_os The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. 2015-09-18 4.3 CVE-2015-5767
CONFIRM
APPLE
apple — iphone_os The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. 2015-09-18 4.3 CVE-2015-5788
CONFIRM
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5789
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5790
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5791
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5792
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5793
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5794
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5795
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5796
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5797
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5798
CONFIRM
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5799
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5800
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5801
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5802
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5803
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5804
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5805
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5806
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5807
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5808
CONFIRM
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5809
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5810
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5811
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5812
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5813
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5814
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5815
CONFIRM
APPLE
apple — itunes WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5816
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5817
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5818
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5819
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. 2015-09-18 4.3 CVE-2015-5820
CONFIRM
APPLE
apple — itunes WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5821
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5822
CONFIRM
CONFIRM
APPLE
APPLE
apple — itunes WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. 2015-09-18 6.8 CVE-2015-5823
CONFIRM
CONFIRM
APPLE
APPLE
apple — iphone_os The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2015-09-18 4.3 CVE-2015-5824
CONFIRM
APPLE
apple — iphone_os WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code. 2015-09-18 4.3 CVE-2015-5825
CONFIRM
APPLE
apple — iphone_os WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. 2015-09-18 4.3 CVE-2015-5826
CONFIRM
APPLE
apple — iphone_os WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event. 2015-09-18 5.0 CVE-2015-5827
CONFIRM
APPLE
apple — iphone_os Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file. 2015-09-18 6.8 CVE-2015-5829
CONFIRM
APPLE
apple — iphone_os NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. 2015-09-18 5.0 CVE-2015-5831
CONFIRM
APPLE
apple — iphone_os IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. 2015-09-18 4.3 CVE-2015-5834
CONFIRM
APPLE
apple — iphone_os Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. 2015-09-18 4.3 CVE-2015-5835
CONFIRM
APPLE
apple — iphone_os PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. 2015-09-18 4.3 CVE-2015-5837
CONFIRM
APPLE
apple — iphone_os SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. 2015-09-18 4.3 CVE-2015-5838
CONFIRM
APPLE
apple — iphone_os dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. 2015-09-18 5.0 CVE-2015-5839
CONFIRM
APPLE
apple — iphone_os The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. 2015-09-18 5.0 CVE-2015-5840
CONFIRM
APPLE
apple — iphone_os The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. 2015-09-18 5.0 CVE-2015-5841
CONFIRM
APPLE
apple — iphone_os Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app. 2015-09-18 4.3 CVE-2015-5855
CONFIRM
APPLE
apple — iphone_os The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. 2015-09-18 4.3 CVE-2015-5856
CONFIRM
APPLE
apple — iphone_os Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. 2015-09-18 5.0 CVE-2015-5857
CONFIRM
APPLE
apple — iphone_os The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. 2015-09-18 5.0 CVE-2015-5858
CONFIRM
APPLE
apple — iphone_os The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site. 2015-09-18 5.0 CVE-2015-5860
CONFIRM
APPLE
apple — iphone_os The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. 2015-09-18 4.3 CVE-2015-5862
CONFIRM
APPLE
apple — iphone_os XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header. 2015-09-18 5.0 CVE-2015-5879
CONFIRM
APPLE
apple — iphone_os CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. 2015-09-18 4.3 CVE-2015-5880
CONFIRM
APPLE
apple — iphone_os The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain. 2015-09-18 5.0 CVE-2015-5885
CONFIRM
APPLE
apple — iphone_os Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. 2015-09-18 4.3 CVE-2015-5904
CONFIRM
APPLE
apple — iphone_os Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. 2015-09-18 5.0 CVE-2015-5905
CONFIRM
APPLE
apple — iphone_os The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. 2015-09-18 5.0 CVE-2015-5906
CONFIRM
APPLE
apple — iphone_os The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. 2015-09-18 5.0 CVE-2015-5912
CONFIRM
APPLE
apple — iphone_os The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. 2015-09-18 4.3 CVE-2015-5916
CONFIRM
APPLE
apple — iphone_os WebKit in Apple iOS before 9 mishandles “Content-Disposition: attachment” HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. 2015-09-18 4.3 CVE-2015-5921
CONFIRM
APPLE
auto-exchanger — auto-exchanger Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php. 2015-09-11 6.8 CVE-2015-6827
EXPLOIT-DB
canon — pixma_mg7500_series_inkjet_printer Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators. 2015-09-11 6.8 CVE-2015-5631
CONFIRM
JVNDB
JVN
cisco — email_security_appliance Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. 2015-09-13 6.4 CVE-2015-6285
CISCO
cisco — application_visibility_and_control Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID CSCuu47016. 2015-09-13 5.7 CVE-2015-6286
CISCO
cisco — web_security_virtual_appliance Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bug IDs CSCur32005 and CSCur07907. 2015-09-13 5.0 CVE-2015-6287
CISCO
cisco — content_security_management_appliance Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application fault) via crafted HTTP requests, aka Bug ID CSCuw09620. 2015-09-13 5.0 CVE-2015-6288
CISCO
cisco — web_security_virtual_appliance Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426. 2015-09-13 4.3 CVE-2015-6290
CISCO
corel — wordperfect Heap-based buffer overflow in the Microsoft Word document conversion feature in Corel WordPerfect allows remote attackers to execute arbitrary code via a crafted document. 2015-09-15 6.8 CVE-2015-6948
MISC
creative-solutions — contact_form_generator Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php. 2015-09-16 6.8 CVE-2015-6965
EXPLOIT-DB
MISC
MISC
freetype — freetype The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a “broken number-with-base” in a Postscript stream, as demonstrated by 8#garbage. 2015-09-14 5.0 CVE-2014-9745
CONFIRM
CONFIRM
UBUNTU
CONFIRM
CONFIRM
googlesearch_project — googlesearch Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php. 2015-09-11 4.3 CVE-2015-6919
MISC
hp — arcsight_logger HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. 2015-09-16 4.0 CVE-2015-2136
HP
hp — loadrunner Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. 2015-09-15 4.6 CVE-2015-5426
HP
hp — universal_configuration_management_database HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. 2015-09-16 4.9 CVE-2015-5440
HP
ibm — websphere_mq IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call. 2015-09-13 5.0 CVE-2015-2013
CONFIRM
AIXAPAR
ibm — websphere_commerce Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors. 2015-09-14 4.0 CVE-2015-4980
CONFIRM
AIXAPAR
igniterealtime — openfire Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp. 2015-09-16 4.3 CVE-2015-6972
EXPLOIT-DB
MISC
MISC
igniterealtime — openfire Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server setting or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp. 2015-09-16 6.8 CVE-2015-6973
EXPLOIT-DB
BUGTRAQ
MISC
jsp/mysql_administrador_web_project — jsp/mysql_administrador_web Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp. 2015-09-15 6.8 CVE-2015-6944
BUGTRAQ
MISC
MISC
jsp/mysql_administrador_web_project — jsp/mysql_administrador_web Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp. 2015-09-15 4.3 CVE-2015-6945
BUGTRAQ
MISC
MISC
moxa — eds-405a_firmware The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. 2015-09-11 6.8 CVE-2015-6465
MISC
CONFIRM
moxa — eds-405a_firmware Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. 2015-09-11 4.3 CVE-2015-6466
MISC
CONFIRM
nibbleblog — nibbleblog Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site scripting (XSS) attacks via the content parameter in a new_simple action to admin.php. 2015-09-16 6.8 CVE-2015-6966
CONFIRM
FULLDISC
MISC
nibbleblog — nibbleblog Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php. 2015-09-16 6.5 CVE-2015-6967
FULLDISC
MISC
CONFIRM
MISC
nokia — @vantage_commander Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to cftraces/filter/fl_copy.jsp; the (3) flName parameter to cftraces/filter/fl_crea1.jsp; the (4) serchStatus, (5) refreshTime, or (6) serchNode parameter to cftraces/process/pr_show_process.jsp; the (7) MaxActivationTime, (8) NumberOfBytes, (9) NumberOfTracefiles, (10) SessionName, or (11) serchSessionkind parameter to cftraces/session/se_crea.jsp; the (12) serchSessionDescription parameter to cftraces/session/se_show.jsp; the (13) serchApplication or (14) serchApplicationkind parameter to cftraces/session/tr_crea_filter.jsp; the (15) columKeyUnique, (16) columParameter, (17) componentName, (18) criteria1, (19) criteria2, (20) criteria3, (21) description, (22) filter, (23) id, (24) pathName, (25) tableName, or (26) component parameter to cftraces/session/tr_create_tagg_para.jsp; or the (27) userid parameter to home/certificate_association.jsp. 2015-09-16 4.3 CVE-2015-6929
MISC
FULLDISC
MISC
ntt-bp — japan_connected-free_wi-fi The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism via unspecified vectors. 2015-09-11 6.8 CVE-2015-5629
MISC
MISC
JVNDB
JVN
ntt-bp — japan_connected-free_wi-fi Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID. 2015-09-11 4.3 CVE-2015-5630
MISC
MISC
JVNDB
JVN
openldap — openldap The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. 2015-09-11 5.0 CVE-2015-6908
CONFIRM
CONFIRM
phpmyadmin — phpmyadmin libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. 2015-09-13 5.0 CVE-2015-6830
CONFIRM
CONFIRM
qlik — qlikview XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx. 2015-09-16 6.4 CVE-2015-3623
EXPLOIT-DB
BUGTRAQ
MISC
s9y — serendipity SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when “Use Tokens for Comment Moderation” enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. 2015-09-15 6.0 CVE-2015-6943
NVD
CONFIRM
FULLDISC
MISC
MISC
s9y — serendipity Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .pht or (2) .phtml extension. 2015-09-16 6.5 CVE-2015-6968
FULLDISC
CONFIRM
MISC
MISC
s9y — serendipity Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link. 2015-09-16 4.3 CVE-2015-6969
FULLDISC
CONFIRM
MISC
MISC
securemoz — securemoz_security_audit The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information. 2015-09-16 6.8 CVE-2015-6828
MISC
MLIST
MLIST
siemens — ruggedcom_rugged_operating_system Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. 2015-09-11 4.3 CVE-2015-6675
MISC
CONFIRM
sourceafrica_project — sourceafrica Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. 2015-09-11 4.3 CVE-2015-6920
MISC
MISC
sprymedia — datatables Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php. 2015-09-11 4.3 CVE-2015-6584
MISC
BUGTRAQ
structured_dynamics — open_semantic_framework Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors. 2015-09-17 5.1 CVE-2015-7233
MISC
CONFIRM
structured_dynamics — open_semantic_framework The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors. 2015-09-17 4.0 CVE-2015-7234
MISC
CONFIRM
CONFIRM
synology — download_station Cross-site scripting (XSS) vulnerability in the “Create download task via file upload” feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file. 2015-09-11 4.3 CVE-2015-6909
CONFIRM
CONFIRM
MISC
BUGTRAQ
FULLDISC
MISC
synology — download_station Cross-site scripting (XSS) vulnerability in the “Create download task via URL” feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi. 2015-09-11 4.3 CVE-2015-6913
CONFIRM
MISC
BUGTRAQ
FULLDISC
MISC

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — iphone_os The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors. 2015-09-18 2.1 CVE-2015-5832
CONFIRM
APPLE
apple — iphone_os XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. 2015-09-18 2.1 CVE-2015-5842
CONFIRM
APPLE
apple — iphone_os AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. 2015-09-18 2.1 CVE-2015-5850
CONFIRM
APPLE
apple — iphone_os The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. 2015-09-18 2.1 CVE-2015-5851
CONFIRM
APPLE
apple — iphone_os SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors. 2015-09-18 2.1 CVE-2015-5861
CONFIRM
APPLE
apple — iphone_os IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. 2015-09-18 2.1 CVE-2015-5863
CONFIRM
APPLE
apple — iphone_os The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. 2015-09-18 3.3 CVE-2015-5869
CONFIRM
MLIST
APPLE
apple — iphone_os Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. 2015-09-18 2.1 CVE-2015-5892
CONFIRM
APPLE
apple — iphone_os WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. 2015-09-18 2.6 CVE-2015-5907
CONFIRM
APPLE
structured_dynamics — open_semantic_framework Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-09-17 2.6 CVE-2015-7232
MISC
CONFIRM
typo3 — typo3 The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. 2015-09-16 3.5 CVE-2015-5956
CONFIRM
BUGTRAQ
zendesk — zendesk_feedback_tab Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the “Configure Zendesk Feedback Tab” permission to inject arbitrary web script or HTML via unspecified vectors. 2015-09-11 2.6 CVE-2015-6921
MISC
CONFIRM

#post-1369 .CPlase_panel {display:none;}

SB15-264 Vulnerability Summary for the Week of September 14th 2015 was originally published on Blogg'n @ ECI

September 21, 2015 - Posted by | ANSI, IT Security, NewsUpdate, NIST, Security Alerts, Security Issues, US-CERT | , , , , , , , , , , , , , , , , , , , , , , , , , ,

Sorry, the comment form is closed at this time.