cat51
wifi2
tower5
cat52
tower2
wifi1
tower3
tower4
tower1
wifi3
Security and Firewalls PDF Print E-mail
Written by Administrator   
Tuesday, April 26 2011 09:15

In today's internet, intrusion dectection is a must to ensure data reliablity for all parties. Nexus offers a state-of-the-art security solution to combat unauthorized access to your network. Firewalls are monitored contantly 24x7 by a trained staff with failsafe backup servers at every turn. Whether wirleline or wireless, Nexus has the manpower and resourses to protect your data.

 

Last Updated on Wednesday, March 27 2013 08:26
 

CERT Cyber Security Bulletins

US-CERT Bulletins
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
  • SB15-026: Vulnerability Summary for the Week of January 19, 2015
    Original release date: January 26, 2015

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    adb -- p.dga4001n_firmwareThe ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.2015-01-219.4CVE-2015-0554
    EXPLOIT-DB
    MISC
    advantech -- adamviewMultiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file.2015-01-207.5CVE-2014-8386
    EXPLOIT-DB
    MISC
    FULLDISC
    arbiter_systems -- 1094b_gps_substation_clockArbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts.2015-01-167.8CVE-2014-9194
    ceragon_fiberair_ip-10 -- -Ceragon FiberAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session.2015-01-177.8CVE-2015-0924
    ffmpeg -- ffmpegUse-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data.2015-01-227.5CVE-2014-7933
    CONFIRM
    CONFIRM
    ffmpeg -- ffmpegMultiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.2015-01-227.5CVE-2014-7937
    ffmpeg -- ffmpeglibavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data.2015-01-167.5CVE-2014-9602
    CONFIRM
    ffmpeg -- ffmpegThe vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data.2015-01-167.5CVE-2014-9603
    CONFIRM
    ffmpeg -- ffmpeglibavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.2015-01-167.5CVE-2014-9604
    CONFIRM
    ge -- multilink_ml1200GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets.2015-01-167.8CVE-2014-5418
    gentoo -- libsndfileThe sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.2015-01-1610.0CVE-2014-9496
    CONFIRM
    CONFIRM
    MLIST
    SECUNIA
    SUSE
    gnu -- coreutilsThe parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.2015-01-167.5CVE-2014-9471
    CONFIRM
    MLIST
    MLIST
    MLIST
    SECUNIA
    CONFIRM
    google -- chromeThe Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7926.2015-01-227.5CVE-2014-7923
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    google -- chromeUse-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained.2015-01-227.5CVE-2014-7925
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    google -- chromeThe Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7923.2015-01-227.5CVE-2014-7926
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    google -- chromeThe SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.2015-01-227.5CVE-2014-7927
    CONFIRM
    CONFIRM
    google -- chromehydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy.2015-01-227.5CVE-2014-7928
    CONFIRM
    CONFIRM
    google -- chromeUse-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents.2015-01-227.5CVE-2014-7929
    CONFIRM
    CONFIRM
    google -- chromeUse-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of TreeScope data.2015-01-227.5CVE-2014-7930
    CONFIRM
    CONFIRM
    google -- chromefactory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of backing-store pointers.2015-01-227.5CVE-2014-7931
    CONFIRM
    CONFIRM
    google -- chromeUse-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving pending updates of detached elements.2015-01-227.5CVE-2014-7932
    CONFIRM
    CONFIRM
    google -- chromeUse-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures.2015-01-227.5CVE-2014-7934
    CONFIRM
    CONFIRM
    CONFIRM
    google -- chromeUse-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab.2015-01-227.5CVE-2014-7935
    CONFIRM
    CONFIRM
    google -- chromeThe Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.2015-01-227.5CVE-2014-7938
    google -- chromeThe collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.2015-01-227.5CVE-2014-7940
    google -- chromeThe Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.2015-01-227.5CVE-2014-7942
    gtk -- gtk+GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.2015-01-167.2CVE-2014-1949
    CONFIRM
    CONFIRM
    CONFIRM
    UBUNTU
    MLIST
    MLIST
    ibm -- sas_connectivity_module_firmwareIBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to cause a denial of service (reboot) via a flood of IP packets.2015-01-177.8CVE-2014-3018
    XF
    ipass -- ipass_open_mobileThe client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.2015-01-229.0CVE-2015-0925
    juniper -- junosThe Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete.2015-01-167.1CVE-2014-6382
    BID
    juniper -- junosJuniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before 13.2R1 allows remote attackers to cause a denial of service (assertion failure and rpd restart) via a crafted BGP FlowSpec prefix.2015-01-167.8CVE-2014-6386
    SECTRACK
    BID
    libpng -- libpngBuffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.2015-01-187.5CVE-2015-0973
    MLIST
    MLIST
    MISC
    MLIST
    macroplant -- iexplorerUntrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse itunesmobiledevice.dll.2015-01-167.2CVE-2014-9600
    XF
    MISC
    oracle -- oracle_and_sun_systems_product_suiteUnspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to System management.2015-01-219.0CVE-2014-4259
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.2015-01-2110.0CVE-2014-6549
    oracle -- jd_edwards_productsUnspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Portal SEC.2015-01-217.5CVE-2014-6565
    oracle -- database_serverUnspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command.2015-01-219.0CVE-2014-6567
    MISC
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2015-01-2110.0CVE-2014-6601
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2015-01-219.3CVE-2015-0395
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Admin Console.2015-01-217.5CVE-2015-0396
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.2015-01-2110.0CVE-2015-0408
    CONFIRM
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.2015-01-217.5CVE-2015-0411
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.2015-01-217.2CVE-2015-0412
    oracle -- integrated_lights_out_manager_firmwareUnspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to IPMI.2015-01-217.5CVE-2015-0424
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2015-01-219.3CVE-2015-0437
    pheonixcontact-software -- multiprogPhoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.2015-01-167.5CVE-2014-9195
    redhat -- cloudforms_3.1_management_engineThe customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.2015-01-1610.0CVE-2014-3692
    SECUNIA
    samba -- sambaSamba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.2015-01-168.5CVE-2014-8143
    sap -- hana_extend_application_servicesThe Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2015-01-2210.0CVE-2015-1311
    MISC
    sap -- enterprise_resource_planningThe Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2015-01-227.5CVE-2015-1312
    MISC
    siemens -- scalance_x-300_series_firmwareThe web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests.2015-01-217.8CVE-2014-8478
    sun -- sunosUnspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility.2015-01-217.2CVE-2014-6510
    sun -- sunosUnspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.2015-01-217.2CVE-2014-6521
    sun -- sunosUnspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.2015-01-217.2CVE-2014-6524
    sybase -- adaptive_server_enterpriseSQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2015-01-227.5CVE-2015-1310
    MISC
    symantec -- critical_system_protectionThe Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.2015-01-219.0CVE-2014-3440
    BID
    symantec -- critical_system_protectionThe management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.2015-01-217.2CVE-2014-9226
    BID
    web-dorado -- photo_gallerySQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.2015-01-167.5CVE-2015-1055
    BID
    FULLDISC
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    7-zip -- p7zipp7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.2015-01-215.8CVE-2015-1038
    MISC
    MISC
    XF
    BID
    MLIST
    apache -- xml_securityApache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.2015-01-215.0CVE-2014-8152
    XF
    SECTRACK
    BID
    MLIST
    b2evolution -- b2evolutionCross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.2015-01-164.3CVE-2014-9599
    CONFIRM
    XF
    BID
    MISC
    MISC
    FULLDISC
    MISC
    brother -- mfc-j4410dwCross-site scripting (XSS) vulnerability in Brother MFC-J4410DW printer with firmware before L allows remote attackers to inject arbitrary web script or HTML via the url parameter to general/status.html and possibly other pages.2015-01-164.3CVE-2015-1056
    XF
    BID
    BUGTRAQ
    MISC
    cagintranetworks -- getsimple_cmsXML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.2015-01-205.0CVE-2014-8790
    CONFIRM
    FULLDISC
    MISC
    MISC
    CONFIRM
    cisco -- unified_communications_managerAbsolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.2015-01-226.8CVE-2014-8008
    cisco -- webex_meeting_centerCisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165.2015-01-175.0CVE-2015-0590
    clorius_controls_a/s -- java_web_clientThe Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.2015-01-165.0CVE-2014-9199
    croogo -- croogoCross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.2015-01-164.3CVE-2015-1053
    CONFIRM
    XF
    BID
    MISC
    MISC
    FULLDISC
    MISC
    debian -- dpkgMultiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.2015-01-206.8CVE-2014-8625
    CONFIRM
    CONFIRM
    XF
    MLIST
    MLIST
    MLIST
    djangoproject -- djangoDjango before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.2015-01-165.0CVE-2015-0219
    SECUNIA
    SECUNIA
    djangoproject -- djangoThe django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.2015-01-164.3CVE-2015-0220
    UBUNTU
    SECUNIA
    SECUNIA
    djangoproject -- djangoThe django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.2015-01-165.0CVE-2015-0221
    SECUNIA
    SECUNIA
    djangoproject -- djangoModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.2015-01-165.0CVE-2015-0222
    SECUNIA
    SECUNIA
    e107 -- e107Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.2015-01-164.3CVE-2015-1057
    XF
    EXPLOIT-DB
    OSVDB
    emc -- vipr_srmEMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.2015-01-215.0CVE-2015-0514
    BUGTRAQ
    emc -- vipr_srmUnrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file.2015-01-216.5CVE-2015-0515
    BUGTRAQ
    emc -- vipr_srmDirectory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.2015-01-214.0CVE-2015-0516
    BUGTRAQ
    file_project -- fileThe ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.2015-01-215.0CVE-2014-9620
    CONFIRM
    MLIST
    DEBIAN
    MLIST
    file_project -- fileThe ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.2015-01-215.0CVE-2014-9621
    CONFIRM
    MLIST
    MLIST
    ge -- intelligent_platforms_proficy_hmi/scada_cimplicityThe (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.2015-01-166.9CVE-2014-2355
    ge -- multilink_ml1200GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network.2015-01-165.0CVE-2014-5419
    gentoo -- xdg-utilsEval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.2015-01-216.8CVE-2014-9622
    CONFIRM
    CONFIRM
    MLIST
    DEBIAN
    SECUNIA
    FULLDISC
    getsentry -- raven-rubyThe numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number.2015-01-205.0CVE-2014-9490
    CONFIRM
    CONFIRM
    XF
    MLIST
    getusedtoit -- wp_slimstatCross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php.2015-01-214.3CVE-2015-1204
    MISC
    CONFIRM
    SECUNIA
    gnu -- patchGNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.2015-01-214.3CVE-2015-1196
    CONFIRM
    CONFIRM
    XF
    BID
    MLIST
    CONFIRM
    google -- chromeUse-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc.2015-01-225.0CVE-2014-7924
    CONFIRM
    CONFIRM
    google -- chromeUse-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that triggers improper maintenance of a zoom bubble.2015-01-226.8CVE-2014-7936
    CONFIRM
    CONFIRM
    google -- chromeGoogle Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.2015-01-224.3CVE-2014-7939
    google -- chromeThe SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data.2015-01-225.0CVE-2014-7941
    google -- chromeSkia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.2015-01-225.0CVE-2014-7943
    CONFIRM
    google -- chromeThe sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.2015-01-225.0CVE-2014-7944
    google -- chromeOpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.2015-01-225.0CVE-2014-7945
    google -- chromeThe RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors related to the Fonts implementation.2015-01-225.0CVE-2014-7946
    CONFIRM
    google -- chromeOpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.2015-01-225.0CVE-2014-7947
    google -- chromeThe AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate.2015-01-224.3CVE-2014-7948
    ibm -- sas_connectivity_module_firmwareIBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session.2015-01-175.0CVE-2014-3019
    XF
    ibm -- api_managementIBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors.2015-01-215.0CVE-2014-6172
    XF
    AIXAPAR
    ibm -- security_network_protection_xgs_firmwareIBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.2015-01-174.3CVE-2014-6197
    XF
    illumos -- illumosThe devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors.2015-01-205.0CVE-2014-9491
    CONFIRM
    CONFIRM
    XF
    MLIST
    insanevisions -- adaptcmsMultiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name property in a basicInfo JSON object to admin/tools/create_theme, (4) data[Link][link_title] parameter to admin/links/links/add, or (5) data[ForumTopic][subject] parameter to forums/off-topic/new.2015-01-164.3CVE-2015-1058
    XF
    MISC
    EXPLOIT-DB
    MISC
    OSVDB
    OSVDB
    OSVDB
    OSVDB
    OSVDB
    insanevisions -- adaptcmsUnrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads.2015-01-166.5CVE-2015-1059
    MISC
    XF
    EXPLOIT-DB
    MISC
    OSVDB
    insanevisions -- adaptcmsOpen redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.2015-01-165.8CVE-2015-1060
    XF
    MISC
    EXPLOIT-DB
    MISC
    OSVDB
    juniper -- junosThe stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.2015-01-165.0CVE-2014-6383
    SECTRACK
    BID
    juniper -- junosJuniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors.2015-01-166.9CVE-2014-6384
    SECTRACK
    BID
    juniper -- junosJuniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R2, and 14.2 before 14.2R1 allows remote attackers to cause a denial of service (kernel crash and restart) via a crafted fragmented OSPFv3 packet with an IPsec Authentication Header (AH).2015-01-166.1CVE-2014-6385
    BID
    kde -- kde_applicationskwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.2015-01-185.0CVE-2013-7252
    CONFIRM
    BID
    MLIST
    MLIST
    MISC
    kgb_project -- kgbAbsolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive.2015-01-215.0CVE-2015-1192
    MISC
    BID
    MLIST
    SECUNIA
    kiwix -- kiwixCross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search.2015-01-214.3CVE-2015-1032
    BUGTRAQ
    CONFIRM
    MISC
    MISC
    libtiff -- libtiffInteger overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.2015-01-205.0CVE-2014-9330
    SECTRACK
    FULLDISC
    CONFIRM
    mediawiki -- mediawikiMediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/."2015-01-165.0CVE-2014-9476
    CONFIRM
    MLIST
    MLIST
    mediawiki -- mediawikiMultiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.2015-01-164.3CVE-2014-9477
    CONFIRM
    MLIST
    MLIST
    mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.2015-01-164.3CVE-2014-9479
    CONFIRM
    MLIST
    MLIST
    mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.2015-01-164.3CVE-2014-9480
    CONFIRM
    MLIST
    MLIST
    openstack -- image_registry_and_delivery_service_(glance)The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.2015-01-216.5CVE-2015-1195
    CONFIRM
    MLIST
    MLIST
    SECUNIA
    MLIST
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2015-0386.2015-01-214.3CVE-2014-0191
    oracle -- oracle_and_sun_systems_product_suiteUnspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to System management.2015-01-216.5CVE-2014-6480
    oracle -- database_serverUnspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.2015-01-214.0CVE-2014-6514
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 allows remote attackers to affect integrity via unknown vectors related to Admin Console.2015-01-214.3CVE-2014-6526
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - System Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Server Infrastructure.2015-01-214.0CVE-2014-6528
    oracle -- database_serverUnspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR.2015-01-216.3CVE-2014-6541
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 allows local users to affect confidentiality, integrity, and availability via vectors related to B2B Engine.2015-01-214.6CVE-2014-6548
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AD_DDL.2015-01-214.6CVE-2014-6556
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Portal.2015-01-214.0CVE-2014-6566
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to CIE Related Components.2015-01-215.0CVE-2014-6569
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2011-1944.2015-01-216.8CVE-2014-6571
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to List of Values.2015-01-216.4CVE-2014-6572
    oracle -- enterprise_manager_grid_controlUnspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 11.1.3 and 12.1.4 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.2015-01-214.3CVE-2014-6573
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Testing Protocol Library.2015-01-214.3CVE-2014-6574
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Adaptive Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to OAM Integration.2015-01-215.5CVE-2014-6576
    oracle -- database_serverUnspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the original researcher's claim that this is an XML external entity (XXE) vulnerability in the XML parser, which allows attackers to conduct internal port scanning, perform SSRF attacks, or cause a denial of service via a crafted (1) http: or (2) ftp: URI.2015-01-216.8CVE-2014-6577
    MISC
    oracle -- database_serverUnspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SDO_TOPO and WMSYS.LT.2015-01-216.5CVE-2014-6578
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Integration Broker.2015-01-214.0CVE-2014-6579
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors.2015-01-214.3CVE-2014-6580
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load Programs.2015-01-216.4CVE-2014-6581
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Rapid Implementation.2015-01-215.0CVE-2014-6582
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3. allows remote attackers to affect confidentiality and integrity via unknown vectors related to Audience.2015-01-216.4CVE-2014-6583
    oracle -- integrated_lights_out_manager_firmwareUnspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM before 3.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Backup Restore.2015-01-214.0CVE-2014-6584
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Time and Labor.2015-01-215.5CVE-2014-6586
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.2015-01-214.3CVE-2014-6587
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.2015-01-214.0CVE-2014-6593
    oracle -- ilearningUnspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Learner Pages.2015-01-214.3CVE-2014-6594
    oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework.2015-01-214.3CVE-2014-6596
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.2015-01-214.0CVE-2014-6597
    oracle -- fusion_middlewareUnspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to BI Publisher Security.2015-01-215.0CVE-2015-0362
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Core EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services.2015-01-214.0CVE-2015-0363
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.2015-01-214.3CVE-2015-0365
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration.2015-01-215.0CVE-2015-0366
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via vectors related to SSO Engine.2015-01-215.0CVE-2015-0367
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affect availability via unknown vectors related to Security.2015-01-215.0CVE-2015-0368
    oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to AX/HI Web UI.2015-01-214.3CVE-2015-0369
    oracle -- database_serverUnspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity and availability via unknown vectors.2015-01-214.9CVE-2015-0371
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors.2015-01-215.0CVE-2015-0372
    oracle -- database_serverUnspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.2015-01-216.5CVE-2015-0373
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Content Server.2015-01-214.3CVE-2015-0376
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418.2015-01-214.4CVE-2015-0377
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Technology.2015-01-214.3CVE-2015-0379
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Telecommunications Billing Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to OA Based UI for Bill Summary.2015-01-214.3CVE-2015-0380
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.2015-01-214.3CVE-2015-0381
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.2015-01-214.3CVE-2015-0382
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.2015-01-215.4CVE-2015-0383
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2014-0191.2015-01-214.3CVE-2015-0386
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter.2015-01-214.0CVE-2015-0387
    oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0417.2015-01-214.0CVE-2015-0388
    oracle -- retail_applications_xstoreUnspecified vulnerability in the MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Xstore Point of Sale.2015-01-216.8CVE-2015-0390
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.2015-01-214.0CVE-2015-0391
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Config - Scripting.2015-01-214.6CVE-2015-0392
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to DB Privileges. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that the PUBLIC role is granted the INDEX privilege for the DUAL table during a "seeded install," which allows remote authenticated users to gain SYSDBA privileges and execute arbitrary code.2015-01-216.0CVE-2015-0393
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Report Distribution.2015-01-214.0CVE-2015-0394
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Clinical Trip Report.2015-01-214.0CVE-2015-0398
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.2 and 11.1.1.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Analytics Web General.2015-01-214.0CVE-2015-0399
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.2015-01-215.0CVE-2015-0400
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 and 11.1.1.7 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console.2015-01-214.0CVE-2015-0401
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - COM.2015-01-214.3CVE-2015-0402
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.2015-01-216.9CVE-2015-0403
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Error Messages.2015-01-214.3CVE-2015-0404
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.2015-01-215.8CVE-2015-0406
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.2015-01-215.0CVE-2015-0407
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.2015-01-214.0CVE-2015-0409
    oracle -- jdkUnspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.2015-01-215.0CVE-2015-0410
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Session Management.2015-01-214.0CVE-2015-0415
    oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0388.2015-01-214.0CVE-2015-0417
    oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework.2015-01-214.3CVE-2015-0419
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Forms component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Forms Services.2015-01-214.3CVE-2015-0420
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process.2015-01-216.9CVE-2015-0421
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure.2015-01-214.0CVE-2015-0422
    oracle -- siebel_crmUnspecified vulnerability in the Oracle Enterprise Asset Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Siebel Core - Unix/Windows.2015-01-214.3CVE-2015-0425
    oracle -- enterprise_manager_grid_controlUnspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.3 and 12.1.0.4 allows remote attackers to affect confidentiality via unknown vectors related to UI Framework.2015-01-215.0CVE-2015-0426
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0 6.3.1, 6.3.2, 6.3.4, and 6.3.5 allows remote attackers to affect integrity via unknown vectors related to UI Infrastructure.2015-01-214.3CVE-2015-0431
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.2015-01-214.0CVE-2015-0432
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors related to Integration with OAM.2015-01-214.3CVE-2015-0434
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.2015-01-216.8CVE-2015-0435
    oracle -- ilearningUnspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Login.2015-01-214.3CVE-2015-0436
    pax_project -- paxMultiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.2015-01-215.0CVE-2015-1193
    MISC
    MLIST
    pax_project -- paxpax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.2015-01-214.3CVE-2015-1194
    MISC
    MLIST
    pivotal_software -- rabbitmqRabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.2015-01-205.0CVE-2014-9494
    CONFIRM
    XF
    MLIST
    privoxy -- privoxyMemory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.2015-01-205.0CVE-2015-1030
    MLIST
    SECUNIA
    privoxy -- privoxyPrivoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2015-01-205.0CVE-2015-1201
    SECUNIA
    puppetlabs -- stdlibThe puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.2015-01-166.5CVE-2015-1029
    SECUNIA
    python -- pillowPillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.2015-01-165.0CVE-2014-9601
    CONFIRM
    CONFIRM
    redhat -- cloudforms_3.1_management_engineSQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter.2015-01-166.5CVE-2014-7814
    SECUNIA
    sap -- netweaver_abapXML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.2015-01-225.0CVE-2015-1309
    SECUNIA
    MISC
    MISC
    serve-static_project -- serve-staticOpen redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.2015-01-214.3CVE-2015-1164
    CONFIRM
    CONFIRM
    XF
    BID
    CONFIRM
    siemens -- scalance_x-300_series_firmwareThe FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets.2015-01-216.8CVE-2014-8479
    siemens -- simatic_s7_1200_cpu_firmwareOpen redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2015-01-214.3CVE-2015-1048
    sun -- sunosUnspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL.2015-01-214.3CVE-2014-6481
    sun -- sunosUnspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.2015-01-214.9CVE-2014-6509
    sun -- sunosUnspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).2015-01-216.6CVE-2014-6518
    sun -- sunosUnspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397.2015-01-214.9CVE-2014-6570
    sun -- sunosUnspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.2015-01-215.0CVE-2014-6575
    sun -- sunosUnspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397.2015-01-214.9CVE-2014-6600
    sun -- sunosUnspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.2015-01-215.0CVE-2015-0375
    sun -- sunosUnspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control.2015-01-214.9CVE-2015-0428
    symantec -- critical_system_protectionSQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.2015-01-216.5CVE-2014-7289
    BID
    symantec -- critical_system_protectionThe ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.2015-01-214.0CVE-2014-9225
    BID
    sympa -- sympaThe newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.2015-01-225.0CVE-2015-1306
    MLIST
    DEBIAN
    SECUNIA
    SECUNIA
    synck_graphica -- download_log_cgiDirectory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename.2015-01-215.0CVE-2015-0867
    videolan -- vlc_media_playerThe picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.2015-01-216.8CVE-2014-9597
    MISC
    MISC
    MISC
    FULLDISC
    videolan -- vlc_media_playerThe picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.2015-01-216.8CVE-2014-9598
    MISC
    MISC
    MISC
    FULLDISC
    websitebaker -- websitebakerCross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.2015-01-214.3CVE-2015-0553
    MISC
    BID
    MISC
    MISC
    FULLDISC
    MISC
    zlib -- pigzMultiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.2015-01-215.0CVE-2015-1191
    CONFIRM
    CONFIRM
    MLIST
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    crea8social -- crea8socialCross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game.2015-01-163.5CVE-2015-1054
    XF
    EXPLOIT-DB
    MISC
    OSVDB
    CONFIRM
    CONFIRM
    emc -- vipr_srmMultiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.2015-01-213.5CVE-2015-0513
    BUGTRAQ
    ibm -- tivoli_netcool/omnibusCross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus 7.3.0 before 7.3.0.6, 7.3.1 before 7.3.1.7, and 7.4.0 before 7.4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2015-01-173.5CVE-2014-3032
    XF
    ibm -- serverguideIBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file.2015-01-172.1CVE-2014-4835
    XF
    ibm -- business_process_managerCross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914.2015-01-213.5CVE-2014-8913
    XF
    ibm -- business_process_managerCross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913.2015-01-213.5CVE-2014-8914
    XF
    mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.2015-01-162.6CVE-2014-9478
    CONFIRM
    MLIST
    MLIST
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.2015-01-213.5CVE-2014-4279
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Templates.2015-01-213.5CVE-2014-6525
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.2015-01-213.5CVE-2014-6568
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.2015-01-212.6CVE-2014-6585
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.2015-01-213.2CVE-2014-6588
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.2015-01-213.2CVE-2014-6589
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.2015-01-213.2CVE-2014-6590
    oracle -- jdkUnspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.2015-01-212.6CVE-2014-6591
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2015-0389.2015-01-213.5CVE-2014-6592
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427.2015-01-213.2CVE-2014-6595
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Email.2015-01-213.5CVE-2014-6599
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services.2015-01-213.5CVE-2015-0364
    oracle -- database_serverUnspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors.2015-01-213.5CVE-2015-0370
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.2015-01-213.5CVE-2015-0374
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Public Sector component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Public Sector Portal.2015-01-213.5CVE-2015-0384
    oracle -- mysqlUnspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.2015-01-213.5CVE-2015-0385
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2014-6592.2015-01-213.5CVE-2015-0389
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.2015-01-211.9CVE-2015-0413
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Fabric Layer.2015-01-213.5CVE-2015-0414
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Roles & Privileges.2015-01-213.5CVE-2015-0416
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.2015-01-212.1CVE-2015-0418
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595.2015-01-213.2CVE-2015-0427
    pivotal_software -- rabbitmq_managementMultiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; (2) policy names, which are not properly handled when viewing policies; (3) details for AMQP network clients, such as the version; allow remote authenticated administrators to inject arbitrary web script or HTML via (4) user names, (5) the cluster name; or allow RabbitMQ cluster administrators to (6) modify unspecified content.2015-01-183.5CVE-2015-0862
    sun -- sunosUnspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc.2015-01-212.1CVE-2015-0378
    sun -- sunosUnspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600.2015-01-212.1CVE-2015-0397
    sun -- sunosUnspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.2015-01-213.3CVE-2015-0429
    sun -- sunosUnspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.2015-01-211.9CVE-2015-0430
    symantec -- critical_system_protectionCross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2015-01-213.5CVE-2014-9224
    BID
    websvn -- websvnWebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.2015-01-213.5CVE-2013-6892
    MISC
    SECUNIA
    Back to top

     


    This product is provided subject to this Notification and this Privacy & Use policy.


  • SB15-019: Vulnerability Summary for the Week of January 12, 2015
    Original release date: January 19, 2015

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    adobe -- adobe_airAdobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors.2015-01-1310.0CVE-2015-0301
    adobe -- adobe_airAdobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0306.2015-01-1310.0CVE-2015-0303
    adobe -- adobe_airHeap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309.2015-01-1310.0CVE-2015-0304
    adobe -- adobe_airAdobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."2015-01-139.3CVE-2015-0305
    CONFIRM
    adobe -- adobe_airAdobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303.2015-01-1310.0CVE-2015-0306
    adobe -- adobe_airAdobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.2015-01-138.5CVE-2015-0307
    adobe -- adobe_airUse-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors.2015-01-1310.0CVE-2015-0308
    adobe -- adobe_airHeap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304.2015-01-1310.0CVE-2015-0309
    awpcp -- another_wordpress_classifieds_pluginSQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.2015-01-137.5CVE-2014-10013
    XF
    EXPLOIT-DB
    MISC
    dev4press -- gd_star_ratingSQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php.2015-01-127.5CVE-2014-2839
    XF
    FULLDISC
    divx -- directshowdemuxfilterMultiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow.2015-01-137.5CVE-2014-10024
    BID
    FULLDISC
    domphp -- domphpDirectory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.2015-01-137.5CVE-2014-10037
    XF
    EXPLOIT-DB
    OSVDB
    domphp -- domphpSQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.2015-01-137.5CVE-2014-10038
    XF
    EXPLOIT-DB
    MISC
    OSVDB
    fluxbb -- fluxbbSQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.2015-01-137.5CVE-2014-10029
    XF
    SECUNIA
    FULLDISC
    MISC
    hancom -- hancom_office_2010_seBuffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.2015-01-127.5CVE-2013-7420
    XF
    BUGTRAQ
    ibm -- pureapplication_systemMultiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.2015-01-099.0CVE-2014-6158
    ibm -- aixlquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.2015-01-157.2CVE-2014-8904
    XF
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    AIXAPAR
    ismail_fahmi -- ganesha_digital_libraryMultiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.2015-01-137.5CVE-2014-100031
    XF
    SECUNIA
    MISC
    itechscripts -- itechclassifiedsSQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.2015-01-137.5CVE-2014-100020
    XF
    BID
    EXPLOIT-DB
    OSVDB
    libpng -- libpngHeap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16 might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.2015-01-1010.0CVE-2014-9495
    SECTRACK
    BID
    MLIST
    MISC
    MLIST
    licensepal -- arcticdeskSQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2015-01-137.5CVE-2014-100035
    linux -- linux_kernelRace condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.2015-01-097.2CVE-2014-9529
    CONFIRM
    MLIST
    CONFIRM
    maianscriptworld -- maian_uploaderSQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.2015-01-137.5CVE-2014-10004
    XF
    MISC
    OSVDB
    microsoft -- windows_7The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability."2015-01-137.2CVE-2015-0002
    MISC
    MISC
    MISC
    microsoft -- windows_7The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability."2015-01-137.2CVE-2015-0004
    MISC
    microsoft -- windows_7Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."2015-01-1310.0CVE-2015-0014
    microsoft -- windows_server_2003Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."2015-01-137.8CVE-2015-0015
    microsoft -- windows_7Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."2015-01-139.3CVE-2015-0016
    mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2015-01-147.5CVE-2014-8634
    CONFIRM
    CONFIRM
    mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2015-01-147.5CVE-2014-8635
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    mozilla -- firefoxThe XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.2015-01-147.5CVE-2014-8636
    CONFIRM
    mozilla -- firefoxUse-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.2015-01-147.5CVE-2014-8641
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process.2015-01-147.1CVE-2014-8643
    CONFIRM
    mtouch_quiz_project -- mtouch_quizSQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php.2015-01-137.5CVE-2014-100022
    MISC
    XF
    SECUNIA
    phpjabbers -- event_booking_calendarSQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.2015-01-137.5CVE-2014-10015
    MISC
    pomm-project -- pommSQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2015-01-137.5CVE-2014-100019
    CONFIRM
    XF
    BID
    SECUNIA
    qualcomm -- eudora_worldmailBuffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command.2015-01-137.5CVE-2014-10031
    XF
    EXPLOIT-DB
    OSVDB
    realnetworks -- realarcade_installerThe RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.2015-01-1210.0CVE-2013-2603
    MISC
    MISC
    OSVDB
    realnetworks -- realarcade_installerRealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.2015-01-127.2CVE-2013-2604
    MISC
    MISC
    OSVDB
    schneider-electric -- wonderware_intouch_access_anywhere_serverStack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.2015-01-0910.0CVE-2014-9190
    CONFIRM
    sendy -- sendySQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter.2015-01-137.5CVE-2014-100011
    XF
    BID
    BUGTRAQ
    EXPLOIT-DB
    sendy -- sendySQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.2015-01-137.5CVE-2014-100012
    EXPLOIT-DB
    softbb -- softbbSQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter.2015-01-157.5CVE-2014-9560
    BID
    MISC
    FULLDISC
    MISC
    solidworks -- product_data_managementMultiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000.2015-01-137.5CVE-2014-100014
    XF
    EXPLOIT-DB
    SECUNIA
    tecorange -- simple_e-documentSQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.2015-01-137.5CVE-2014-10020
    XF
    EXPLOIT-DB
    MISC
    OSVDB
    topicsviewer -- topicsviewerMultiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.2015-01-137.5CVE-2014-10023
    XF
    BID
    EXPLOIT-DB
    MISC
    OSVDB
    OSVDB
    OSVDB
    OSVDB
    trendnet -- tv-ip422wStack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.2015-01-137.5CVE-2014-10011
    XF
    MISC
    MISC
    BID
    MISC
    welcart -- e-commerceMultiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.2015-01-137.5CVE-2014-10017
    XF
    BID
    MISC
    wpsymposium -- wp_symposiumUnrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.2015-01-137.5CVE-2014-10021
    EXPLOIT-DB
    yourmembers -- yourmembersSQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.2015-01-137.5CVE-2014-100003
    EXPLOIT-DB
    MISC
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    adobe -- adobe_airAdobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to obtain sensitive keystroke information via unspecified vectors.2015-01-135.0CVE-2015-0302
    airties -- air_6372Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter.2015-01-134.3CVE-2014-100032
    XF
    MISC
    apache -- traffic_serverApache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing.2015-01-135.0CVE-2014-10022
    CONFIRM
    SECTRACK
    MLIST
    apache -- cloudstackApache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.2015-01-155.0CVE-2014-9593
    SECUNIA
    april's_super_functions_pack_project -- april's_super_functions_packCross-site scripting (XSS) vulnerability in readme.php in the April's Super Functions Pack plugin before 1.4.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information.2015-01-134.3CVE-2014-100026
    XF
    BID
    SECUNIA
    OSVDB
    awpcp -- another_wordpress_classifieds_pluginCross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.2015-01-134.3CVE-2014-10012
    XF
    MISC
    cisco -- anyconnect_secure_mobility_clientCisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.2015-01-145.0CVE-2014-3314
    cisco -- unified_communications_domain_managerCisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276.2015-01-095.0CVE-2014-8020
    cisco -- identity_services_engine_softwareMultiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776.2015-01-154.3CVE-2014-8022
    cisco -- webex_meetings_serverCisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321.2015-01-155.0CVE-2014-8034
    cisco -- webex_meetings_serverThe web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247.2015-01-095.0CVE-2014-8035
    cisco -- webex_meetings_serverThe outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254.2015-01-095.0CVE-2014-8036
    cisco -- asyncosMultiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113.2015-01-144.3CVE-2015-0577
    cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network, aka Bug ID CSCur45455.2015-01-145.7CVE-2015-0578
    cisco -- telepresence_video_communication_serverCisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473.2015-01-145.0CVE-2015-0579
    cisco -- nx-osThe High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129.2015-01-095.0CVE-2015-0582
    cisco -- webex_meeting_centerCisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281.2015-01-145.0CVE-2015-0583
    cisco -- unified_communications_domain_managerCross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055.2015-01-156.8CVE-2015-0588
    cisco -- unified_communications_domain_managerCisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177.2015-01-155.0CVE-2015-0591
    clientresponse_project -- clientresponseMultiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field.2015-01-134.3CVE-2014-100013
    XF
    EXPLOIT-DB
    context_project -- contextOpen redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.2015-01-155.8CVE-2015-1051
    BID
    corel -- corelcadMultiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory.2015-01-154.6CVE-2014-8394
    BID
    BUGTRAQ
    MISC
    FULLDISC
    corel -- painterUntrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed.2015-01-154.6CVE-2014-8395
    BID
    BUGTRAQ
    MISC
    FULLDISC
    corel -- pdf_fusionUntrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed.2015-01-154.6CVE-2014-8396
    BID
    BUGTRAQ
    MISC
    FULLDISC
    corel -- fastflickUntrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed.2015-01-154.6CVE-2014-8397
    BID
    BUGTRAQ
    MISC
    FULLDISC
    corel -- fastflickMultiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed.2015-01-154.6CVE-2014-8398
    BID
    BUGTRAQ
    MISC
    FULLDISC
    couponphp -- couponphpMultiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.2015-01-136.5CVE-2014-10034
    XF
    MISC
    EXPLOIT-DB
    MISC
    OSVDB
    OSVDB
    CONFIRM
    couponphp -- couponphpMultiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php.2015-01-134.3CVE-2014-10035
    MISC
    EXPLOIT-DB
    SECUNIA
    MISC
    OSVDB
    OSVDB
    OSVDB
    CONFIRM
    csphere -- clansphereCross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.2015-01-134.3CVE-2014-100010
    MISC
    BID
    BUGTRAQ
    SECUNIA
    FULLDISC
    d-link -- dir-60Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.2015-01-136.8CVE-2014-100005
    XF
    SECUNIA
    MISC
    d-link -- dap-1360_firmwareMultiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.2015-01-136.8CVE-2014-10025
    MISC
    FULLDISC
    d-link -- dap-1360_firmwareindex.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin.2015-01-135.0CVE-2014-10026
    MISC
    FULLDISC
    d-link -- dap-1360_firmwareMultiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi.2015-01-136.8CVE-2014-10027
    MISC
    FULLDISC
    d-link -- dap-1360_firmwareCross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41.2015-01-134.3CVE-2014-10028
    MISC
    FULLDISC
    dev4press -- gd_star_ratingMultiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors.2015-01-126.8CVE-2014-2838
    XF
    SECUNIA
    FULLDISC
    e107 -- e107Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING.2015-01-154.3CVE-2015-1041
    MISC
    XF
    BID
    MLIST
    MISC
    MISC
    FULLDISC
    MISC
    f5 -- big-ip_application_security_managerCross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account.2015-01-154.3CVE-2015-1050
    XF
    BUGTRAQ
    FULLDISC
    MISC
    flatpress -- flatpressCross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI.2015-01-134.3CVE-2014-100036
    MISC
    CONFIRM
    XF
    SECUNIA
    fluxbb -- fluxbbOpen redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.2015-01-135.8CVE-2014-10030
    CONFIRM
    ganesha_digital_library_project -- ganesha_digital_libraryMultiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter.2015-01-135.0CVE-2014-100029
    XF
    MISC
    ganesha_digital_library_project -- ganesha_digital_libraryCross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action.2015-01-134.3CVE-2014-100030
    XF
    SECUNIA
    MISC
    getusedtoit -- wp_slimstatCross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2015-01-134.3CVE-2014-100027
    CONFIRM
    XF
    BID
    SECUNIA
    gnu -- binutilsThe _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.2015-01-155.0CVE-2014-8738
    CONFIRM
    CONFIRM
    MLIST
    MLIST
    MLIST
    haxx -- libcurlCRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.2015-01-154.3CVE-2014-8150
    DEBIAN
    SECUNIA
    SECUNIA
    haxx -- libcurlThe darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.2015-01-155.8CVE-2014-8151
    SECUNIA
    hk_exif_tags_project -- hk_exif_tagsCross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.2015-01-134.3CVE-2014-100007
    XF
    SECUNIA
    hp -- insight_control_server_deploymentCross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-01-154.3CVE-2014-7881
    ibm -- sterling_b2b_integratorThe HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 and 2.2 allows remote attackers to cause a denial of service (connection-slot exhaustion) via a crafted HTTP request.2015-01-095.0CVE-2014-6199
    XF
    ibm -- emptorisThe Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2015-01-094.0CVE-2014-6212
    XF
    iwcn -- stark_crmMultiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a crafted request to the admin page, (2) an agent via a crafted request to the agent page, (3) a sub-agent via a crafted request to the sub_agent page, (4) a partner via a crafted request to the partner page, or (5) a client via a crafted request to the client page.2015-01-136.8CVE-2014-10008
    XF
    XF
    MISC
    MISC
    SECUNIA
    iwcn -- stark_crmMultiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.2015-01-134.3CVE-2014-10009
    XF
    MISC
    MISC
    SECUNIA
    jetbrains -- teamcityUnspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.2015-01-135.0CVE-2014-10002
    SECUNIA
    jetbrains -- teamcityCross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.2015-01-134.3CVE-2014-10036
    MISC
    XF
    SECUNIA
    CONFIRM
    joomlaskin -- js_multi_hotelCross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the roomid parameter.2015-01-094.3CVE-2013-7419
    MISC
    joomlaskin -- js_multi_hotelCross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter.2015-01-134.3CVE-2014-100008
    XF
    MISC
    MISC
    joomlaskin -- js_multi_hotelThe Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php, (2) myCalendar.php, (3) refreshDate.php, (4) show_image.php, (5) widget.php, (6) phpthumb/GdThumb.inc.php, or (7) phpthumb/thumb_plugins/gd_reflection.inc.php in includes/.2015-01-135.0CVE-2014-100009
    MISC
    MISC
    licensepal -- arcticdeskDirectory traversal vulnerability in LicensePal ArcticDesk before 1.2.5 allows remote attackers to read arbitrary files via unspecified vectors.2015-01-135.0CVE-2014-100033
    MISC
    SECUNIA
    licensepal -- arcticdeskCross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-01-134.3CVE-2014-100034
    XF
    SECUNIA
    litech -- router_advertisement_daemonThe L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.2015-01-154.0CVE-2014-8153
    MISC
    CONFIRM
    CONFIRM
    BID
    maianscriptworld -- maian_uploaderMultiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.2015-01-134.3CVE-2014-10003
    XF
    MISC
    OSVDB
    maianscriptworld -- maian_uploaderMaian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message.2015-01-135.0CVE-2014-10005
    OSVDB
    MISC
    maianscriptworld -- maian_uploaderMultiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.2015-01-136.8CVE-2014-10006
    MISC
    maianscriptworld -- maian_weblogMultiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact action to index.php.2015-01-134.3CVE-2014-10007
    MISC
    XF
    SECUNIA
    mantisbt -- mantisbtCross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.2015-01-094.3CVE-2014-9271
    CONFIRM
    MLIST
    MLIST
    MLIST
    mantisbt -- mantisbtThe string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.2015-01-094.3CVE-2014-9272
    CONFIRM
    CONFIRM
    MLIST
    MLIST
    mcafee -- epolicy_orchestratorXML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.2015-01-094.0CVE-2015-0921
    FULLDISC
    FULLDISC
    MISC
    mcafee -- epolicy_orchestratorMcAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.2015-01-095.0CVE-2015-0922
    FULLDISC
    FULLDISC
    MISC
    microsoft -- windows_7The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka "NLA Security Feature Bypass Vulnerability."2015-01-136.1CVE-2015-0006
    microsoft -- windows_7mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."2015-01-134.7CVE-2015-0011
    moip_project -- moipCross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback.2015-01-094.3CVE-2014-9500
    MLIST
    MLIST
    mozilla -- firefoxMozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.2015-01-145.0CVE-2014-8637
    CONFIRM
    mozilla -- firefoxThe navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.2015-01-146.8CVE-2014-8638
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.2015-01-146.8CVE-2014-8639
    CONFIRM
    mozilla -- firefoxThe mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.2015-01-145.0CVE-2014-8640
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.2015-01-144.3CVE-2014-8642
    CONFIRM
    mtouch_quiz_project -- mtouch_quizMultiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php.2015-01-134.3CVE-2014-100023
    MISC
    XF
    XF
    SECUNIA
    mywebsiteadvisor -- simple_securityMultiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php.2015-01-154.3CVE-2014-9570
    MISC
    BUGTRAQ
    orangehrm -- orangehrmCross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter.2015-01-134.3CVE-2014-100021
    BID
    SECUNIA
    MISC
    oscommerce -- online_merchantSQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.2015-01-136.5CVE-2014-10033
    CONFIRM
    XF
    MISC
    EXPLOIT-DB
    OSVDB
    panasonic -- arbitrator_back-end_server_mk_2.0_vpuPanasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information.2015-01-154.3CVE-2014-9596
    photocati_media -- photocratiCross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter.2015-01-134.3CVE-2014-100016
    XF
    BID
    SECUNIA
    MISC
    OSVDB
    phpjabbers -- appointment_schedulerMultiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller.2015-01-136.8CVE-2014-10001
    XF
    XF
    EXPLOIT-DB
    SECUNIA
    MISC
    phpjabbers -- appointment_schedulerDirectory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.2015-01-135.0CVE-2014-10010
    XF
    EXPLOIT-DB
    MISC
    phpjabbers -- event_booking_calendarMultiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller.2015-01-136.8CVE-2014-10014
    XF
    XF
    SECUNIA
    MISC
    phpkit -- phpkitCross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/include.php.2015-01-154.3CVE-2015-1052
    BID
    MISC
    MISC
    FULLDISC
    MISC
    phponlinechat -- phponlinechatCross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlineChat 3.0 allows remote attackers to inject arbitrary web script or HTML via the message field.2015-01-134.3CVE-2014-100017
    XF
    BID
    EXPLOIT-DB
    MISC
    pods_foundation -- podsCross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.2015-01-154.3CVE-2014-7956
    BID
    BUGTRAQ
    FULLDISC
    MISC
    pods_foundation -- podsMultiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete action in the pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admin.php, (4) deactivate and reset pod data via the pods_reset_deactivate parameter in the pod-settings page to wp-admin/admin.php, (5) delete the admin role via the id parameter in a delete action in the pods-component-roles-and-capabilities page to wp-admin/admin.php, or (6) enable "roles and capabilities" in a toggle action in the pods-components page to wp-admin/admin.php.2015-01-156.8CVE-2014-7957
    BID
    BUGTRAQ
    FULLDISC
    MISC
    redhat -- jboss_data_virtualizationXML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.2015-01-155.0CVE-2014-0171
    CONFIRM
    roundcube -- webmailMultiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.2015-01-156.8CVE-2014-9587
    CONFIRM
    MISC
    BID
    MLIST
    sap -- sap_kernelBuffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.2015-01-156.5CVE-2014-9594
    SECUNIA
    MISC
    MISC
    sap -- sap_kernelBuffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.2015-01-156.5CVE-2014-9595
    SECUNIA
    MISC
    MISC
    savsoft -- savsoft_quizCross-site request forgery (CSRF) vulnerability in index.php/user_data/insert_user in Savsoft Quiz allows remote attackers to hijack the authentication of administrators for requests that create an administrator account via a crafted request.2015-01-136.8CVE-2014-100025
    XF
    BID
    SECUNIA
    MISC
    scriptbrasil -- taboada_macronewsSQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.2015-01-136.5CVE-2014-10032
    XF
    EXPLOIT-DB
    OSVDB
    seopanel -- seo_panelCross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-01-134.3CVE-2014-100024
    XF
    SECUNIA
    OSVDB
    seopressor -- seo_plugin_liveoptimCross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.2015-01-136.8CVE-2014-100001
    XF
    SECUNIA
    sitecore -- cmsCross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information.2015-01-134.3CVE-2014-100004
    XF
    BID
    BUGTRAQ
    MISC
    SECUNIA
    OSVDB
    softbb -- softbbCross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter.2015-01-154.3CVE-2014-9561
    BID
    MISC
    FULLDISC
    MISC
    solidworks -- product_data_managementDirectory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.2015-01-136.4CVE-2014-100015
    XF
    EXPLOIT-DB
    EXPLOIT-DB
    MISC
    storytlr -- storytlrCross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to archives/.2015-01-134.3CVE-2014-100037
    MISC
    SECUNIA
    storytlr -- storytlrCross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/.2015-01-134.3CVE-2014-100038
    MISC
    XF
    SECUNIA
    suse -- gcabDirectory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."2015-01-156.4CVE-2015-0552
    CONFIRM
    CONFIRM
    MLIST
    SUSE
    tapatalk -- tapatalkMultiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) app_android_id or (2) app_kindle_url parameter.2015-01-154.3CVE-2014-8869
    MISC
    BID
    BUGTRAQ
    FULLDISC
    tapatalk -- tapatalkOpen redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter.2015-01-155.8CVE-2014-8870
    BID
    BUGTRAQ
    FULLDISC
    teracom -- t2-b-gawv1.4u10y-biCross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.2015-01-134.3CVE-2014-10018
    XF
    BID
    EXPLOIT-DB
    OSVDB
    teracom -- t2-b-gawv1.4u10y-biMultiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or (2) change the password via a crafted request.2015-01-136.8CVE-2014-10019
    XF
    EXPLOIT-DB
    tp-link -- tl-wr840n_firmwareCross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.2015-01-096.8CVE-2014-9510
    BID
    MISC
    FULLDISC
    unconfirmed_project -- unconfirmedCross-site scripting (XSS) vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in the unconfirmed page to wp-admin/network/users.php.2015-01-134.3CVE-2014-100018
    CONFIRM
    MISC
    BID
    SECUNIA
    webcrafted_project -- webcraftedCross-site scripting (XSS) vulnerability in /signup in WEBCrafted allows remote attackers to inject arbitrary web script or HTML via the username.2015-01-134.3CVE-2014-100028
    XF
    BID
    SECUNIA
    MISC
    webtrees -- webtreesMultiple cross-site scripting (XSS) vulnerabilities in modules_v3/googlemap/wt_v3_street_view.php in webtrees before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) map, (2) streetview, or (3) reset parameter.2015-01-134.3CVE-2014-100006
    XF
    MISC
    SECUNIA
    welcart -- e-commerceMultiple cross-site scripting (XSS) vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) unspecified vectors related to purchase_limit or the (2) name, (3) intl, (4) nocod, or (5) time parameter in an add_delivery_method action to wp-admin/admin-ajax.php.2015-01-134.3CVE-2014-10016
    XF
    BID
    SECUNIA
    MISC
    wireshark -- wiresharkMultiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.2015-01-095.0CVE-2015-0559
    CONFIRM
    CONFIRM
    wireshark -- wiresharkThe dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2015-01-095.0CVE-2015-0560
    CONFIRM
    CONFIRM
    wireshark -- wiresharkasn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.2015-01-095.0CVE-2015-0561
    CONFIRM
    CONFIRM
    wireshark -- wiresharkMultiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.2015-01-095.0CVE-2015-0562
    CONFIRM
    CONFIRM
    wireshark -- wiresharkepan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2015-01-095.0CVE-2015-0563
    CONFIRM
    CONFIRM
    CONFIRM
    wireshark -- wiresharkBuffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.2015-01-095.0CVE-2015-0564
    CONFIRM
    wpeasycart -- wp_easycartUnrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.2015-01-156.5CVE-2014-9308
    BID
    EXPLOIT-DB
    MISC
    MISC
    OSVDB
    xen -- xenThe evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.2015-01-124.9CVE-2014-6268
    XF
    SECTRACK
    BID
    zfcuser_project -- zfcuserCross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.2015-01-154.3CVE-2015-1039
    CONFIRM
    CONFIRM
    BID
    MLIST
    zohocorp -- manageengine_supportcenter_plusDirectory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.2015-01-135.0CVE-2014-100002
    CONFIRM
    XF
    EXPLOIT-DB
    OSVDB
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    bedita -- beditaMultiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view.2015-01-153.5CVE-2015-1040
    CONFIRM
    BID
    MISC
    MLIST
    FULLDISC
    MISC
    codewrights -- hart_device_type_managerThe CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 mA current loop.2015-01-092.1CVE-2014-9191
    godwin's_law_project -- godwin's_lawCross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message.2015-01-093.5CVE-2014-9499
    XF
    MLIST
    MLIST
    ibm -- curam_social_program_managementCross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2015-01-093.5CVE-2014-3096
    linux -- linux_kernelThe parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.2015-01-092.1CVE-2014-9584
    CONFIRM
    CONFIRM
    MLIST
    CONFIRM
    linux -- linux_kernelThe vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.2015-01-092.1CVE-2014-9585
    MLIST
    MLIST
    MISC
    CONFIRM
    malwarebytes -- malwarebytes_anti-exploitmbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.2015-01-132.1CVE-2014-100039
    CONFIRM
    OSVDB
    mantisbt -- mantisbtCross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.2015-01-092.6CVE-2014-9269
    CONFIRM
    DEBIAN
    MLIST
    MLIST
    mediawiki -- mediawikiCross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.2015-01-163.5CVE-2014-9475
    MLIST
    MLIST
    DEBIAN
    microsoft -- windows_8The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka "Windows Error Reporting Security Feature Bypass Vulnerability."2015-01-131.9CVE-2015-0001
    poll_chart_block_project -- poll_chart_blockCross-site scripting (XSS) vulnerability in the Poll Chart Block module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a poll node title.2015-01-093.5CVE-2014-9501
    MLIST
    MLIST
    redhat -- network_satelliteMultiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.2015-01-153.5CVE-2014-7811
    redhat -- network_satelliteCross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.2015-01-153.5CVE-2014-7812
    school_administration_project -- school_administrationCross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title.2015-01-093.5CVE-2014-9505
    XF
    MLIST
    MLIST
    siemens -- simatic_wincc_sm@rtclientThe Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.2015-01-142.1CVE-2014-5231
    siemens -- simatic_wincc_sm@rtclientThe Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.2015-01-141.9CVE-2014-5232
    siemens -- simatic_wincc_sm@rtclientThe Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism.2015-01-141.9CVE-2014-5233
    webform_invitation_project -- webform_invitationCross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web script or HTML via a node title.2015-01-093.5CVE-2014-9498
    MLIST
    MLIST
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


  • SB15-012: Vulnerability Summary for the Week of January 5, 2015
    Original release date: January 12, 2015

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    ajax_post_search_project -- ajax_post_searchSQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.2015-01-077.5CVE-2012-5853
    CONFIRM
    BUGTRAQ
    asus -- wrt_firmwarecommon.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.2015-01-0810.0CVE-2014-9583
    MISC
    EXPLOIT-DB
    MISC
    basic-cms -- sweetriceMultiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action.2015-01-037.5CVE-2010-5317
    MISC
    cts_projects&software -- classadSQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.2015-01-027.5CVE-2014-9455
    MISC
    debian -- mime-supportrun-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.2015-01-067.5CVE-2014-7209
    XF
    BID
    MLIST
    SECUNIA
    deliciousdays -- cformsiiUnrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory.2015-01-077.5CVE-2014-9473
    CONFIRM
    BUGTRAQ
    don_ho -- notepad++Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information.2015-01-0210.0CVE-2014-9456
    EXPLOIT-DB
    hex-rays -- idaHeap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.2015-01-0210.0CVE-2014-9458
    SECUNIA
    humhub -- humhubSQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.2015-01-067.5CVE-2014-9528
    CONFIRM
    XF
    EXPLOIT-DB
    FULLDISC
    MISC
    infinitewp -- infinitewp_admin_panelSQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.2015-01-057.5CVE-2014-9519
    MISC
    FULLDISC
    infinitewp -- infinitewp_admin_panelSQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.2015-01-057.5CVE-2014-9520
    MISC
    FULLDISC
    infinitewp -- infinitewp_admin_panelUnrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename.2015-01-057.5CVE-2014-9521
    MISC
    FULLDISC
    installatron -- gq_file_managerSQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.2015-01-027.5CVE-2014-9445
    XF
    EXPLOIT-DB
    linux -- linux_kernelThe batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets.2015-01-027.8CVE-2014-9428
    MLIST
    CONFIRM
    MLIST
    MLIST
    CONFIRM
    CONFIRM
    mediawiki -- mediawikiThe wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.2015-01-047.5CVE-2014-9277
    CONFIRM
    MLIST
    MLIST
    DEBIAN
    SECTRACK
    microweber -- microweberSQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.2015-01-037.5CVE-2014-9464
    MISC
    CONFIRM
    mini-stream -- rm-mp3_converterBuffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.2015-01-027.5CVE-2014-9448
    EXPLOIT-DB
    EXPLOIT-DB
    OSVDB
    osclass -- osclassSQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.2015-01-057.5CVE-2014-8083
    BID
    BUGTRAQ
    FULLDISC
    MISC
    MISC
    osclass -- osclassDirectory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.2015-01-057.5CVE-2014-8084
    BID
    BUGTRAQ
    FULLDISC
    MISC
    MISC
    php -- phpsapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.2015-01-027.5CVE-2014-9427
    CONFIRM
    MLIST
    MLIST
    MLIST
    CONFIRM
    phpmyrecipes_project -- phpmyrecipesSQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.2015-01-027.5CVE-2014-9440
    XF
    EXPLOIT-DB
    MISC
    projectsend -- projectsendUnrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.2015-01-077.5CVE-2014-9567
    XF
    EXPLOIT-DB
    EXPLOIT-DB
    MISC
    OSVDB
    sefrengo -- sefrengoMultiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.2015-01-087.5CVE-2015-0919
    MISC
    FULLDISC
    MISC
    sonatype -- nexusDirectory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors.2015-01-057.5CVE-2014-9389
    SECUNIA
    typo3 -- typo3The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.2015-01-047.5CVE-2014-9509
    vdgsecurity -- vdg_senseMultiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENSE (formerly DIVA) 2.3.13 allow remote attackers to execute arbitrary code via the (1) user or (2) password parameter in an AuthenticateUser request.2015-01-027.5CVE-2014-9451
    MISC
    XF
    BID
    FULLDISC
    MISC
    xen -- xenUse-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.2015-01-077.8CVE-2015-0361
    zabbix -- zabbixMultiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.2015-01-027.5CVE-2014-9450
    SECUNIA
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    absolutengine -- absolut_engineMultiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php.2015-01-026.5CVE-2014-9435
    BID
    MISC
    FULLDISC
    apache -- solrCross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.2015-01-064.3CVE-2014-3628
    SECUNIA
    MLIST
    apache -- poiHSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.2015-01-065.0CVE-2014-9527
    CONFIRM
    SECUNIA
    CONFIRM
    banner_effect_header_project -- banner_effect_headerCross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.2015-01-086.8CVE-2015-0920
    XF
    XF
    MISC
    basic-cms -- sweetriceCross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie.2015-01-034.3CVE-2010-5316
    MISC
    basic-cms -- sweetriceThe password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.2015-01-034.3CVE-2010-5318
    MISC
    chialab_&_channelweb -- beditaCross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index.2015-01-034.3CVE-2010-5314
    MISC
    chialab_&_channelweb -- beditaMultiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser.2015-01-036.8CVE-2010-5315
    MISC
    cisco -- secure_access_control_systemThe RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.2015-01-086.5CVE-2014-8027
    cisco -- secure_access_control_systemMultiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019.2015-01-084.3CVE-2014-8028
    cisco -- secure_access_control_systemOpen redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150.2015-01-085.8CVE-2014-8029
    cisco -- webex_meetings_serverCross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.2015-01-084.3CVE-2014-8030
    cisco -- webex_meetings_serverCross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456.2015-01-086.8CVE-2014-8031
    cisco -- webex_meetings_serverThe OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449.2015-01-084.0CVE-2014-8032
    cisco -- webex_meetings_serverThe play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421.2015-01-085.0CVE-2014-8033
    codiad -- codiadDirectory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.2015-01-085.0CVE-2014-9581
    EXPLOIT-DB
    codiad -- codiadCross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.2015-01-084.3CVE-2014-9582
    EXPLOIT-DB
    concrete5 -- concrete5Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2) instance_id parameter in tools/dashboard/sitemap_drag_request.php.2015-01-054.3CVE-2014-9526
    XF
    BUGTRAQ
    FULLDISC
    MISC
    MISC
    d-link -- dcs-2103_hd_cube_network_cameraCross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.2015-01-054.3CVE-2014-9517
    MISC
    MISC
    d-link -- dir-655Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter.2015-01-054.3CVE-2014-9518
    BID
    CONFIRM
    SECUNIA
    e107 -- e107Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action.2015-01-026.8CVE-2014-9459
    CONFIRM
    MISC
    FULLDISC
    efssoft -- easy_file_sharing_web_serverCross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp.2015-01-024.3CVE-2014-9439
    XF
    EXPLOIT-DB
    elfutils_project -- elfutilsDirectory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.2015-01-026.4CVE-2014-9447
    MLIST
    BID
    MLIST
    SECUNIA
    emc -- documentum_wdkMultiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-01-064.3CVE-2014-4635
    BUGTRAQ
    emc -- documentum_wdkCross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations.2015-01-066.8CVE-2014-4636
    BUGTRAQ
    emc -- documentum_wdkOpen redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.2015-01-066.4CVE-2014-4637
    BUGTRAQ
    emc -- documentum_wdkEMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors.2015-01-065.0CVE-2014-4638
    BUGTRAQ
    emc -- documentum_wdkEMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.2015-01-065.0CVE-2014-4639
    BUGTRAQ
    exiv2 -- exiv2Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.2015-01-025.0CVE-2014-9449
    SECUNIA
    CONFIRM
    facebook_like_box_project -- facebook_like_boxMultiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php.2015-01-056.8CVE-2014-9524
    SECUNIA
    MISC
    frontend_uploader_project -- frontend_uploaderCross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI.2015-01-024.3CVE-2014-9444
    BID
    FULLDISC
    MISC
    ipcop -- ipcopCross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer.2015-01-024.3CVE-2013-7417
    XF
    MISC
    MISC
    MISC
    ipcop -- ipcopcgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability.2015-01-026.5CVE-2013-7418
    MISC
    MISC
    MISC
    justin_klein -- wp-vipergbMultiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php.2015-01-026.8CVE-2014-9460
    CONFIRM
    XF
    XF
    MISC
    kajona -- kajonaCross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.2015-01-084.3CVE-2015-0917
    CONFIRM
    CONFIRM
    MISC
    FULLDISC
    MISC
    kan-studio -- kandidat_cmsMultiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to admin/edit.php, or (3) modify articles via the edit parameter to admin/news.php.2015-01-036.8CVE-2010-5319
    MISC
    koha -- kohaMultiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl.2015-01-024.3CVE-2014-9446
    BID
    SECUNIA
    CONFIRM
    lightbox_photo_gallery_project -- lightbox_photo_galleryMultiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php.2015-01-026.8CVE-2014-9441
    XF
    MISC
    mediawiki -- mediawikiCross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote attackers to hijack the authentication of users with edit permissions for requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview.2015-01-045.1CVE-2014-9276
    CONFIRM
    MLIST
    MLIST
    SECTRACK
    memht -- memht_portalMultiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php.2015-01-036.8CVE-2010-5320
    MISC
    nyu -- opensso_integrationCross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to inject arbitrary web script or HTML via the url parameter.2015-01-024.3CVE-2014-7293
    MISC
    FULLDISC
    nyu -- opensso_integrationOpen redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.2015-01-025.8CVE-2014-7294
    MISC
    FULLDISC
    MISC
    oetiker+partner_ag -- rrdtoolFormat string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.2015-01-045.0CVE-2013-2131
    MISC
    MISC
    MISC
    MLIST
    MLIST
    MLIST
    open-xchange -- open-xchange_appsuiteCross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.2015-01-054.3CVE-2014-1679
    MISC
    XF
    BUGTRAQ
    SECUNIA
    open-xchange -- open-xchange_appsuiteCross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.2015-01-074.3CVE-2014-8993
    SECTRACK
    BUGTRAQ
    SECUNIA
    MISC
    openssl -- opensslThe BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.2015-01-085.0CVE-2014-3570
    CONFIRM
    openssl -- opensslOpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.2015-01-085.0CVE-2014-3571
    CONFIRM
    CONFIRM
    openssl -- opensslThe ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.2015-01-085.0CVE-2014-3572
    CONFIRM
    openssl -- opensslOpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.2015-01-085.0CVE-2014-8275
    CONFIRM
    CONFIRM
    openssl -- opensslThe ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.2015-01-085.0CVE-2015-0204
    CONFIRM
    openssl -- opensslThe ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.2015-01-085.0CVE-2015-0205
    CONFIRM
    openssl -- opensslMemory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.2015-01-085.0CVE-2015-0206
    CONFIRM
    openstack -- image_registry_and_delivery_service_(glance)The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.2015-01-075.5CVE-2014-9493
    CONFIRM
    MLIST
    osclass -- osclassUnrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.2015-01-056.8CVE-2014-8085
    BID
    BUGTRAQ
    FULLDISC
    MISC
    MISC
    CONFIRM
    paloaltonetworks -- pan-osCross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.2015-01-064.3CVE-2014-3764
    CONFIRM
    SECUNIA
    papoo -- cms_papoo_lightMultiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.2015-01-054.3CVE-2014-9522
    BID
    BUGTRAQ
    EXPLOIT-DB
    MISC
    MISC
    OSVDB
    pmb_services -- pmbSQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php.2015-01-026.5CVE-2014-9457
    EXPLOIT-DB
    projectsend -- projectsendCross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information.2015-01-084.3CVE-2014-9580
    XF
    EXPLOIT-DB
    MISC
    quick_page/post_redirect_project -- quick_page/post_redirectCross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the quickppr_redirects[request][] parameter in the redirect-updates page to wp-admin/admin.php.2015-01-056.8CVE-2014-2598
    MISC
    XF
    EXPLOIT-DB
    SECUNIA
    FULLDISC
    MISC
    OSVDB
    OSVDB
    reality66 -- cart66_liteSQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php.2015-01-026.5CVE-2014-9442
    MISC
    CONFIRM
    SECUNIA
    redcloth -- redcloth_libraryCross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.2015-01-074.3CVE-2012-6684
    MISC
    FULLDISC
    MISC
    MISC
    redhat -- libvirtThe qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.2015-01-064.0CVE-2014-8131
    SUSE
    relevanssi -- relevanssiCross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2015-01-024.3CVE-2014-9443
    SECUNIA
    sap -- netweaver_business_client_for_htmlMultiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.2015-01-074.3CVE-2014-9569
    MISC
    SECUNIA
    sefrengo -- sefrengoCross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php.2015-01-084.3CVE-2015-0918
    MISC
    FULLDISC
    MISC
    simple_sticky_footer_project -- simple_sticky_footerMultiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple-sticky-footer page to wp-admin/themes.php.2015-01-026.8CVE-2014-9454
    XF
    XF
    MISC
    simple_visitor_stat_project -- simple_visitor_statMultiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP User-Agent or (2) HTTP Referer header.2015-01-024.3CVE-2014-9453
    XF
    MISC
    sliding_social_icons_project -- sliding_social_iconsMultiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php.2015-01-026.8CVE-2014-9437
    XF
    MISC
    smartcat -- our_team_showcaseMultiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php.2015-01-056.8CVE-2014-9523
    MISC
    social_microblogging_pro_project -- social_microblogging_proCross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.2015-01-054.3CVE-2014-9516
    EXPLOIT-DB
    OSVDB
    strongswan -- strongswanstrongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.2015-01-075.0CVE-2014-9221
    CONFIRM
    SECUNIA
    SECUNIA
    sysaid -- sysaidAbsolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.2015-01-025.0CVE-2014-9436
    XF
    EXPLOIT-DB
    FULLDISC
    MISC
    timed_popup_project -- timed_popupMultiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php.2015-01-056.8CVE-2014-9525
    XF
    XF
    MISC
    typo3 -- typo3The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.2015-01-044.3CVE-2014-9508
    vbulletin -- vbulletinCross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors.2015-01-026.8CVE-2014-9438
    MISC
    XF
    MISC
    vdgsecurity -- vdg_senseDirectory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/.2015-01-025.0CVE-2014-9452
    MISC
    XF
    BID
    FULLDISC
    MISC
    vdgsecurity -- vdg_senseVDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header.2015-01-086.4CVE-2014-9575
    MISC
    FULLDISC
    MISC
    vdgsecurity -- vdg_senseVDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access.2015-01-085.0CVE-2014-9576
    MISC
    FULLDISC
    MISC
    vdgsecurity -- vdg_senseVDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response.2015-01-084.0CVE-2014-9577
    MISC
    FULLDISC
    MISC
    vdgsecurity -- vdg_senseVDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of password hash.2015-01-085.0CVE-2014-9578
    MISC
    FULLDISC
    MISC
    vdgsecurity -- vdg_senseVDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files.2015-01-085.0CVE-2014-9579
    MISC
    FULLDISC
    MISC
    zohocorp -- manageengine_adselfservice_plusCross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.2015-01-074.3CVE-2014-3779
    XF
    MISC
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    absolutengine -- absolut_engineCross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter.2015-01-023.5CVE-2014-9434
    BID
    MISC
    FULLDISC
    linuxcontainers -- cgmanagercmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.2015-01-072.1CVE-2014-1425
    mantisbt -- mantisbtMantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues.2015-01-043.5CVE-2014-9506
    CONFIRM
    DEBIAN
    MLIST
    mediawiki -- mediawikiMediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.2015-01-042.6CVE-2014-9507
    reality66 -- cart66_liteDirectory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php.2015-01-023.5CVE-2014-9461
    CONFIRM
    MISC
    CONFIRM
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


CERT Technical Feed

US-CERT Alerts
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
  • TA14-353A: Targeted Destructive Malware
    Original release date: December 19, 2014 | Last revised: December 25, 2014

    Systems Affected

    Microsoft Windows

    Overview

    US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities recently targeting a major entertainment company. This SMB Worm Tool is equipped with a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool.

    SMB Worm Tool: This worm uses a brute force authentication attack to propagate via Windows SMB shares. It connects home every five minutes to send log data back to command and control (C2) infrastructure if it has successfully spread to other Windows hosts via SMB port 445. The tool also accepts new scan tasking when it connects to C2. There are two main threads: the first thread calls home and sends back logs (a list of successful SMB exploitations), and the second thread attempts to guess passwords for SMB connections. If the password is correctly guessed, a file share is established and file is copied and run on the newly-infected host.

    Listening Implant: During installation of this tool, a portion of the binaries is decrypted using AES, with a key derived from the phrase "National Football League." Additionally, this implant listens for connections on TCP port 195 (for "sensvc.exe" and "msensvc.exe") and TCP port 444 (for "netcfg.dll"). Each message sent to and from this implant is preceded with its length, then XOR encoded with the byte 0x1F. Upon initial connection, the victim sends the string, "HTTP/1.1 GET /dns?\x00." The controller then responds with the string "200 www.yahoo.com!\x00" (for "sensvc.exe" and "msensvc.exe") or with the string "RESPONSE 200 OK!!" (for "netcfg.dll"). The controller sends the byte "!" (0x21) to end the network connection. This special message is not preceded with a length or XOR encoded.

    Lightweight Backdoor: This is a backdoor listener that is designed as a service DLL. It includes functionality such as file transfer, system survey, process manipulation, file time matching and proxy capability. The listener can also perform arbitrary code execution and execute commands on the command line. This tool includes functionality to open ports in a victim host's firewall and take advantage of universal Plug and Play (UPNP) mechanisms to discover routers and gateway devices, and add port mappings, allowing inbound connections to victim hosts on Network Address Translated (NAT) private networks. There are no callback domains associated with this malware since connections are inbound only on a specified port number.

    Proxy Tool: Implants in this malware family are typically loaded via a dropper installed as a service, then configured to listen on TCP port 443. The implant may have an associated configuration file which can contain a configurable port. This proxy tool has basic backdoor functionality, including the ability to fingerprint the victim machine, run remote commands, perform directory listings, perform process listings, and transfer files.

    Destructive Hard Drive Tool: This tool is a tailored hard-drive wiping tool that is intended to destroy data past the point of recovery and to complicate the victim machine’s recovery. If the CNE operator has administrator-level privileges on the host, the program will over-write portions of up-to the first four physical drives attached, and over-write the master boot record (MBR) with a program designed to cause further damage if the hard drive is re-booted. This further results in the victim machine being non-operational with irrecoverable data (There is a caveat for machines installed with the windows 7 operating system: windows 7 machines will continue to operate in a degraded state with the targeted files destroyed until after reboot, in which the infected MBR then wipes the drive.) If the actor has user-level access, the result includes specific files being deleted and practically irrecoverable, but the victim machine would remain usable.

    Destructive Target Cleaning Tool: This tool renders victim machines inoperable by overwriting the Master Boot Record. The tool is dropped and installed by another executable and consists of three parts: an executable and a dll which contain the destructive components, and an encoded command file that contains the actual destruction commands to be executed.

    Network Propagation Wiper: The malware has the ability to propagate throughout the target network via built-in Windows shares. Based on the username/password provided in the configuration file and the hostname/IP address of target systems, the malware will access remote network shares in order to upload a copy of the wiper and begin the wiping process on these remote systems. The malware uses several methods to access shares on the remote systems to begin wiping files. Checking for existing shares via “\\hostname\admin$\system32” and “\\hostname\shared$\system32” or create a new share “cmd.exe /q /c net share shared$=%SystemRoot% /GRANT:everyone, FULL”. Once successful, the malware uploads a copy of the wiper file “taskhostXX.exe”, changes the file-time to match that of the built-in file “calc.exe”, and starts the remote process. The remote process is started via the command “cmd.exe /c wmic.exe /node:hostname /user:username /password:pass PROCESS CALL CREATE”. Hostname, username, and password are then obtained from the configuration file. Afterwards, the remote network share is removed via “cmd.exe /q /c net share shared$ /delete”. Once the wiper has been uploaded, the malware reports its status back to one of the four C2 IP addresses.

    Technical and strategic mitigation recommendations are included in the Solution section below.

    US-CERT recommends reviewing the Security Tip Handling Destructive Malware #ST13-003.

    Description

    Cyber threat actors are using an SMB worm to conduct cyber exploitation activities.  This tool contains five components – a listening implant, lightweight backdoor, proxy tool, destructive hard drive tool, and destructive target cleaning tool.

    The SMB worm propagates throughout an infected network via brute-force authentication attacks, and connects to a C2 infrastructure.

    Impact

    Due to the highly destructive functionality of this malware, an organization infected could experience operational impacts including loss of intellectual property and disruption of critical systems.

    Solution

    Users and administrators are recommended to take the following preventive measures to protect their computer networks:

    • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
    • Keep your operating system and application software up-to-date – Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
    • Review Security Tip Handling Destructive Malware #ST13-003 and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.
    • Review Recommended Practices for Control Systems, and Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies (pdf).

    The following is a list of the Indicators of Compromise (IOCs) that can be added to network security solutions to determine whether they are present on a network.

    Import Hashes:

    SMB worm tool:

    Import hash: f6f48551d7723d87daeef2e840ae008f

    Characterization: File Hash Watchlist

    Notes: "SMB worm tool"

            Earliest PE compile Time: 20141001T072107Z

            Most Recent PE compile Time: 20141001T072107Z

     

    Import hash: 194ae075bf53aa4c83e175d4fa1b9d89

    Characterization: File Hash Watchlist

    Notes: "SMB worm tool"

             Earliest PE compile Time: 20141001T120954Z

             Most Recent PE compile Time: 20141001T142138Z

     

    Lightweight backdoor:

    Import hash: f57e6156907dc0f6f4c9e2c5a792df48

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20110411T225224Z

             Latest PE compile time: 20110411T225224Z

     

    Import hash: 838e57492f632da79dcd5aa47b23f8a9

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20110517T050015Z

             Latest PE compile time: 20110605T204508Z

     

    Import hash: 11c9374cea03c3b2ca190b9a0fd2816b

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20110729T062417Z

             Latest PE compile time: 20110729T062958Z

     

    Import hash: 7fb0441a08690d4530d2275d4d7eb351

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20120128T071327Z

             Latest PE compile time: 20120128T071327Z

     

    Import hash: 7759c7d2c6d49c8b0591a3a7270a44da

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20120309T105837Z

             Latest PE compile time: 20120309T105837Z

     

    Import hash: 7e48d5ba6e6314c46550ad226f2b3c67

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20120311T090329Z

             Latest PE compile time: 20120311T090329Z

     

    Import hash: 0a87c6f29f34a09acecce7f516cc7fdb

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20120325T053138Z

             Latest PE compile time: 20130513T090422Z

     

    Import hash: 25fb1e131f282fa25a4b0dec6007a0ce

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20130802T054822Z

             Latest PE compile time: 20130802T054822Z

     

    Import hash: 9761dd113e7e6673b94ab4b3ad552086

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20130913T013016Z

             Latest PE compile time: 20130913T013016Z

     

    Import hash: c905a30badb458655009799b1274205c

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20140205T090906Z

             Latest PE compile time: 20140205T090906Z

     

    Import hash: 40adcd738c5bdc5e1cc3ab9a48b3df39

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20140320T152637Z

             Latest PE compile time: 20140402T023748Z

     

    Import hash: 68a26b8eaf2011f16a58e4554ea576a1

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20140321T014949Z

             Latest PE compile time: 20140321T014949Z

     

    Import hash: 74982cd1f3be3d0acfb0e6df22dbcd67

    Characterization: File Hash Watchlist

    Notes: "Lightweight backdoor"

             Earliest PE compile time: 20140506T020330Z

             Latest PE compile time: 20140506T020330Z

     

    Proxy tool:

    Import hash: 734740b16053ccc555686814a93dfbeb

    Characterization: File Hash Watchlist

    Notes: "Proxy tool"

             Earliest PE compile time: 20140611T064905Z

             Latest PE compile time: 20140611T064905Z

     

    Import hash: 3b9da603992d8001c1322474aac25f87

    Characterization: File Hash Watchlist

    Notes: "Proxy tool"

             Earliest PE compile time: 20140617T035143Z

             Latest PE compile time: 20140617T035143Z

     

    Import hash: e509881b34a86a4e2b24449cf386af6a

    Characterization: File Hash Watchlist

    Notes: "Proxy tool"

             Earliest PE compile time : 20140618T064527Z

             Latest PE compile time: 20140618T064527Z

     

    Import hash: 9ab7f2bf638c9d911c2c742a574db89e

    Characterization: File Hash Watchlist

    Notes: "Proxy tool"

             Earliest PE compile time: 20140724T011233Z

             Latest PE compile time: 20140724T011233Z

     

    Import hash: a565e8c853b8325ad98f1fac9c40fb88

    Characterization: File Hash Watchlist

    Notes: "Proxy tool"

             Earliest PE compile time: 20140724T065031Z

             Latest PE compile time: 20140902T135050Z

     

    Import hash: 0bb82def661dd013a1866f779b455cf3

    Characterization: File Hash Watchlist

    Notes: "Proxy tool"

             Earliest PE compile time: 20140819T024812Z

             Latest PE compile time: 20140819T024812Z

     

    Import hash: b8ffff8b57586d24e1e65cd0b0ad9173

    Characterization: File Hash Watchlist

    Notes: "Proxy tool"

             Earliest PE compile time: 20140902T172442Z

             Latest PE compile time: 20140902T172442Z

     

    Import hash: 4ef0ad7ad4fe3ef4fb3db02cd82bface

    Characterization: File Hash Watchlist

    Notes: "Proxy tool"

             Earliest PE compile time: 20141024T134136Z

             Latest PE compile time: 20141024T134136Z

     

    Import hash: eb435e86604abced7c4a2b11c4637a52

    Characterization: File Hash Watchlist

    Notes: "Proxy tool"

             Earliest PE compile time: 20140526T010925Z

             Latest PE compile time: 20140526T010925Z

     

    Import hash: ed7a9c6d9fc664afe2de2dd165a9338c

    Characterization: File Hash Watchlist

    Notes: "Proxy tool"

             Earliest PE compile time: 20140611T064904Z

     

    Destructive hard drive tool:

    Import hash: 8dec36d7f5e6cbd5e06775771351c54e

    Characterization: File Hash Watchlist

    Notes: "Destructive hard drive tool"

             Earliest PE compile time: 20120507T151820Z

             Latest PE compile time: 20120507T151820Z

     

    Import hash: a385900a36cad1c6a2022f31e8aca9f7

    Characterization: File Hash Watchlist

    Notes: "Destructive target cleaning tool"

             Earliest PE compile time: 20130318T003315Z

             Latest PE compile time: 20130318T003315Z

     

    Import hash: 7bea4323807f7e8cf53776e24cbd71f1

    Characterization: File Hash Watchlist

    Notes: "Destructive target cleaning tool"

             Earliest PE compile time: 20130318T003319Z

             Latest PE compile time: 20130318T003319Z

     

    Name: d1c27ee7ce18675974edf42d4eea25c6.bin

    Size: 268579 bytes (268.6 KB)

    MD5: D1C27EE7CE18675974EDF42D4EEA25C6

    PE Compile Time: 2014-11-22 00:06:54

     

    The malware has the following characteristics:

    While the original filename of this file is unknown, it was likely “diskpartmg16.exe”. This file serves as a dropper. It drops destructive malware: “igfxtrayex.exe”. When the dropper file was executed, it started a second instance of itself with “-i” as an argument, and then terminated. The second instance of the dropper file installed itself as the “WinsSchMgmt” service with “-k” as a command line argument, started the service, and then terminated. The “WinsSchMgmt” service executed the file with “-k” as an argument, which started another instance of the file using “-s” as an argument. The “-s” instance dropped and executed “igfxtrayex.exe”, created “net_ver.dat”, and began generating network traffic over TCP ports 445 and 139 to victim IP addresses.

     

    Name: net_ver.dat

    Size: 4572 bytes (4.6 KB)  (size will vary)

    MD5: 93BC819011B2B3DA8487F964F29EB934  (hash will vary)

     

    This is a log file created by the dropper, and appended to as the scans progress  It contains what appear to be hostnames, IP addresses, and the number 2.   Entries in the file have the structure “HOSTNAME | IP Address | 2”.

     

    Name: igfxtrayex.exe

    Size: 249856 bytes (249.9 KB)

    MD5: 760C35A80D758F032D02CF4DB12D3E55

    PE Compile Time: 2014-11-24 04:11:08

     

    This file is destructive malware: a disk wiper with network beacon capabilities. If “igfxtrayex.exe” is run with no parameters, it creates and starts a copy of itself with the “–i” argument. After 10 minutes, the “igfxtrayex.exe” makes three copies of itself and places them in the same directory from which it was executed. These copies are named according to the format “taskhostXX.exe” (where X is a randomly generated ASCII character). These copies are then executed, each with a different argument (one being “-m”, one being “-d” and the other “-w”). Network connection attempts are made to one of three hard-coded IP addresses in a random order to port 8080 or 8000. If a connection to the IP address cannot be made, it attempts to connect to another of the three IP addresses, until connections to all three IP addresses have been attempted. The following command-line string is then executed: “cmd.exe /c net stop MSExchangeIS /y”. A 120-minute (2 hour) sleep command is issued after which the computer is shut down and rebooted.

     

    Name: iissvr.exe

    Size: 114688 bytes (114.7 KB)

    MD5: E1864A55D5CCB76AF4BF7A0AE16279BA

    PE Compile Time: 2014-11-13 02:05:35

     

    This file, when executed, starts a listener on localhost port 80. It has 3 files contained in the resource section; all xor’d with 0x63.

     

    Name: usbdrv3_32bit.sys

    Size: 24280 bytes (24.3 KB)

    MD5: 6AEAC618E29980B69721158044C2E544

    PE Compile Time: 2009-08-21 06:05:32

     

    This SYS file is a commercially available tool that allows read/write access to files and raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008 (32-bit). It is dropped from resource ID 0x81 of “igfxtrayex.exe”.

     

    Name: usbdrv3_64bit.sys

    Size: 28120 bytes (28.1 KB)

    MD5: 86E212B7FC20FC406C692400294073FF

    PE Compile Time: 2009-08-21 06:05:35

     

    This SYS file is a also a commercially available tool that allows read/write access to files and raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008 (64-bit). It is dropped from resource ID 0x83 of “igfxtrayex.exe”.

     

    Name: igfxtpers.exe

    Size: 91888 bytes (91.9 KB)

    MD5: e904bf93403c0fb08b9683a9e858c73e

    PE Compile Time: 2014-07-07 08:01:09

     

    A summary of the C2 IP addresses:

    IP Address

    Country

    Port

    Filename

    203.131.222.102

    Thailand

    8080

    Diskpartmg16.exe
    igfxtrayex.exe
    igfxtpers.exe

    217.96.33.164

    Poland

    8000

    Diskpartmg16.exe
    igfxtrayex.exe

    88.53.215.64

    Italy

    8000

    Diskpartmg16.exe
    igfxtrayex.exe

    200.87.126.116

    Bolivia

    8000

    --

    58.185.154.99

    Singapore

    8080

    --

    212.31.102.100

    Cypress

    8080

    --

    208.105.226.235

    United States

    --

    igfxtpers.exe

     

    Snort signatures:

    SMB Worm Tool (not necessarily the tool itself):

    alert tcp any any -> any any (msg:"Wiper 1"; sid:42000001; rev:1; flow:established; content:"|be 64 ba f2 a8 64|"; depth:6; offset:16; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Wiper 2"; sid:42000002; rev:1; flow:established; content:"|c9 06 d9 96 fc 37 23 5a fe f9 40 ba 4c 94 14 98|"; depth:16; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Wiper 3"; sid:42000003; rev:1; flow:established; content:"|aa 64 ba f2 56|"; depth:50; classtype:bad-unknown;)

    alert ip any any -> any any (msg:"Wiper 4"; sid:42000004; rev:1; content:"|aa 74 ba f2 b9 75|"; depth:74; classtype:bad-unknown;)

    alert tcp any any -> any [8000,8080] (msg:"Wiper 5"; sid:42000005; rev:1; flow:established,to_server; dsize:42; byte_test:2,=,40,0,little; content:"|04 00 00 00|"; depth:4; offset:38; classtype:bad-unknown;)

     

    Listening Implant:

    alert tcp any any -> any any (msg:"Listening Implant 1"; sid:42000006; rev:1; flow:established; content:"|0c 1f 1f 1f 4d 5a 4c 4f 50 51 4c 5a 3f 2d 2f 2f 3f 50 54 3e 3e 3e|"; depth:22; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Listening Implant 2"; sid:42000007; rev:1; flow:established; content:"|d3 c4 d2 d1 ce cf d2 c4 a1 b3 b1 b1 a1 ce ca a0 a0 a0|"; depth:18; classtype:bad-unknown;)

    alert ip any any -> any any (msg:"Listening Implant 3"; sid:42000008; rev:1; content:"|17 08 14 13 67 0f 13 13 17 67 15 02 16 12 02 14 13 78 47 47|"; depth:24; classtype:bad-unknown;)

    alert ip any any -> any any (msg:"Listening Implant 4"; sid:42000009; rev:1; content:"|4f 50 4c 4b 3f 57 4b 4b 4f 3f 4d 5a 4e 4a 5a 4c 4b 20 1f|"; depth:23; classtype:bad-unknown;)

    alert ip any any -> any any (msg:"Listening Implant 5"; sid:42000010; rev:1; content:"|15 02 14 17 08 09 14 02 67 75 77 77 67 08 0c 66 66 66|"; depth:22; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Listening Implant 6"; sid:42000011; rev:1; flow:established; content:"|09 22 33 30 28 35 2c|"; fast_pattern:only; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Listening Implant 7"; sid:42000012; rev:1; flow:established; content:"|13 2f 22 35 22 67 26 35 22 29 27 33 67 28 37 22 29 67 37 28 35 33 34 69|"; fast_pattern:only; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Listening Implant 8"; sid:42000013; rev:1; flow:established; content:"|43 47 47 47 45 67 47 47 43 47 47 47 44 67 47 47|"; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Listening Implant 9"; sid:42000014; rev:1; flow:established; content:"|43 47 47 47 42 67 47 47 43 47 47 47 4f 67 47 47 43 47 47 47 43 67 47 47 43 47 47 47 4e 67 47 47|"; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Listening Implant 10"; sid:42000015; rev:1; flow:established; content:"|d1 ce d2 d5 a1 c9 d5 d5 d1 a1 d3 c4 d0 d4 c4 d2 d5 be|"; depth:18; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Listening Implant 11"; sid:42000016; rev:1; flow:established; content:"|17 08 14 13 67 0f 13 13 17 67 15 02 16 12 02 14 13 78|"; depth:18; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Listening Implant 12"; sid:42000017; rev:1; flow:established; content:"|0c 1f 1f 1f 4f 50 4c 4b 3f 57 4b 4b 4f 3f 4d 5a 4e 4a 5a 4c 4b 20|"; classtype:bad-unknown;)

     

    Lightweight Backdoor:

    alert tcp any 488 -> any any (msg:"Lightweight Backdoor 1"; sid:42000018; rev:1; flow:established,from_server; content:"|60 db 37 37 37 37 37 37|"; fast_pattern:only; classtype:bad-unknown;)

    alert tcp any any -> any 488 (msg:"Lightweight Backdoor 2"; sid:42000019; rev:1; flow:established,to_server; content:"|60 db 37 37 37 37 37 37|"; fast_pattern:only; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Lightweight Backdoor 3"; sid:42000020; rev:1; flow:established; content:"|4c 4c|"; depth:2; offset:16; content:"|75 14 2a 2a|"; distance:4; within:4; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Lightweight Backdoor 4"; sid:42000021; rev:1; flow:established; content:"|8a 10 80 c2 67 80 f2 24 88 10|"; fast_pattern:only; content:"|8a 10 80 f2 24 80 ea 67 88 10|"; classtype:bad-unknown;)

    alert tcp any 488 -> any any (msg:"Lightweight Backdoor 5"; sid:42000022; rev:1; flow:established,from_server; content:"|65 db 37 37 37 37 37 37|"; fast_pattern:only; classtype:bad-unknown;)

    alert tcp any any -> any 488 (msg:"Lightweight Backdoor 6"; sid:42000023; rev:1; flow:established,to_server; content:"|65 db 37 37 37 37 37 37|"; fast_pattern:only; classtype:bad-unknown;)

    alert tcp any [547,8080,133,117,189,159] -> any any (msg:"Lightweight Backdoor 7"; sid:42000024; rev:1; flow:established,from_server; content:"|7b 08 2a 2a|"; offset:17; content:"|08 2a 2a 01 00|"; distance:0; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Lightweight Backdoor 8"; sid:42000025; rev:1; flow:established; content:"|8a 10 80 ea 62 80 f2 b4 88 10|"; fast_pattern:only; content:"|8a 10 80 f2 b4 80 c2 62 88 10|"; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Lightweight Backdoor 9"; sid:42000026; rev:1; flow:established; content:"|8a 10 80 c2 4e 80 f2 79 88 10|"; fast_pattern:only; content:"|8a 10 80 f2 79 80 ea 4e 88 10|"; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Lightweight Backdoor 10"; sid:42000027; rev:1; flow:established; content:"Sleepy!@#qaz13402scvsde890"; fast_pattern:only; content:"BC435@PRO62384923412!@3!"; nocase; classtype:bad-unknown;)

     

    Proxy Tool:

    alert tcp any any -> any any (msg:"Proxy Tool 1"; sid:42000028; rev:1; flow:established; content:"|8a 10 80 c2 3a 80 f2 73 88 10|"; fast_pattern:only; content:"|8a 10 80 f2 73 80 ea 3a 88 10|"; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Proxy Tool 2"; sid:42000029; rev:1; flow:established; content:!"HTTP/1"; content:"|e2 1d 49 49|"; depth:4; fast_pattern; content:"|49 49 49 49|"; distance:4; within:4; classtype:bad-unknown;)

    alert tcp any any -> any any (msg:"Proxy Tool 3"; sid:42000030; rev:1; flow:established; content:"|82 f4 de d4 d3 c2 ca f5 c8 c8 d3 82 fb f4 de d4 d3 c2 ca 94 95 fb d4 d1 c4 cf c8 d4 d3 89 c2 df c2 87 8a cc 87 00|"; fast_pattern:only; classtype:bad-unknown;)

     

    Malware associated with the cyber threat actor:

    alert tcp any any -> any [8000,8080] (msg:"WIPER4";flow: established, to_server;dsize:42;content:"|28 00|";depth:2;content:"|04 00 00 00|";offset:38;depth:4;sid:123;)

     

    Host Based Indicators

    Below are potential YARA signatures to detect malware binaries on host machines:

     

    SMB Worm Tool:

    strings:

    $STR1 = "Global\\FwtSqmSession106829323_S-1-5-19"

    $STR2 ="EVERYONE"

    $STR3 = "y0uar3@s!llyid!07,ou74n60u7f001"

    $STR4 = "\\KB25468.dat" condition:

    (uintl6(0) == 0x5A4D or uint16(0) == 0xCFD0 or uint16(0) ==0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

     

    Lightweight Backdoor:

    strings:

    $STR1 = ''NetMgStart"

    $STR2 = ''Netmgmt.srg"

    condition:

    (uint16(0) == 0x5A4D) and all of them

     

    Lightweight Backdoor:

    strings:

    $STR1 = "prxTroy" ascii wide nocase

    condition:

    (uintl6(0) == 0x5A4D or uint16(0) == 0xCFD0 or uintl6(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

     

    Lightweight Backdoor:

    strings:

    $strl  = { C6 45 E8 64 C6 45 E9 61 C6 45 EA 79 C6 45 EB 69 C6 45 EC 70 C6 45 ED 6D C6 45 EE 72 C6 45 EF 2E C6 45 F0 74 C6 45 F1  62 C6 45 F2 6C } // 'dayipmr.tbl' being moved to ebp

    condition:

    (uintl6(0) == 0x5A4D or uintl6(0) == 0xCFD0 or uint16(0) == 0xC3D4 or

    uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

     

    Lightweight Backdoor:

    strings:

    $strl  = { C6 45 F4 61 C6 45 F5 6E C6 45 F6 73 C6 45 F7 69 C6 45 F8 2E C6 45 F9 6E C6 45 FA 6C C6 45 FB 73 } // 'ansi.nls' being moved to ebp

    condition:

    (uint16(0) == 0x5A4D or uint16(0) == 0xCFD0 or uintl6(0) == 0xC3D4 or

    uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

     

    Lightweight Backdoor:

    strings:

    $strl  = { C6 45 F4 74 C6 45 F5 6C C6 45 F6 76 C6 45 F7 63 C6 45 F8 2E C6 45 F9 6E C6 45 FA 6C C6 45 FB 73 } // 'tlvc.nls' being moved to ebp

    condition:

    (uint16(0) == 0x5A4D or uint16(0) == 0xCFD0 or uint16(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

     

    Lightweight Backdoor:

    strings:

    $STR1 = { 8A 10 80 ?? 4E 80 ?? 79 88 10}

    $STR2 = {SA 10 80?? 79 80 ?? 4E 88 10}

    condition:

    (uintl6(0) == 0x5A4D or uintl6(0) == 0xCFD0 or uint16(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

     

    Proxy Tool:

    strings:

    $STR1 = "pmsconfig.msi" wide

    $STR2 = "pmslog.msi" wide

    condition:

    (uint16(0) == 0x5A4D or uint16(0) == 0xCFD0 or uintl6(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and any of them

     

    Proxy Tool:

    strings:

    $STR1 = { 82 F4 DE D4 D3 C2 CA F5 C8 C8 D3 82 FB F4 DE D4 D3 C2 CA 94 95 FB D4 Dl  C4 CF C8 D4 D3 89 C2 DF C2 87 8A CC 87 00 } // '%SystemRoot%\System32\svchost.exe -k' xor A7

    condition:

    (uint16(0) == 0x5A4D or uintl6(0) == 0xCFD0 or uint16(0) == 0xC3D4 or

    uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

     

    Proxy Tool:

    strings:

    $STR2 = {8A 04 17 8B FB 34 A7 46 88 02 83 C9 FF}

    condition:

    (uintl6(0) == 0x5A4D or uint16(0) == 0xCFD0 or uintl6(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and $STR2

     

    Destructive Hard Drive Tool:

    strings:

    $str0= "MZ"

    $str1 = {c6 84 24 ?? ( 00 | 01 ) 00 00 }

    $xorInLoop = { 83 EC 20 B9 08 00 00 00 33 D2 56 8B 74 24 30 57 8D 7C 24 08

    F3 A5 8B 7C 24 30 85 FF 7E 3A 8B 74 24 2C 8A 44 24 08 53 8A 4C 24 21 8A 5C 24 2B 32 C1 8A 0C 32 32 C3 32 C8 88 0C 32 B9 1E 00 00 00 8A 5C 0C 0C 88 5C 0C 0D 49 83 F9 FF 7F F2 42 88 44 24 0C 3B D7 7C D0 5B 5F 5E 83 C4 20 C3 }

    condition:

    $str0 at 0 and $xorInLoop and #str1 > 300

     

    Destructive Target Cleaning Tool:

    strings:

    $s1  = {d3000000 [4] 2c000000 [12] 95000000 [4] 6a000000 [8] 07000000}

    condition:

    (uintl6(0) == 0x5A4D and uintl6(uint32(0x3c)) == 0x4550) and all of them

     

    Destructive Target Cleaning Tool:

    strings:

    $secureWipe= { 83 EC 34 53 55 8B 6C 24 40 56 57 83 CE FF 55 C7 44 24 2C D3 00 00 00 C7 44 24 30 2C 00 00 00 89 74 24 34 89 74 24 38 C7 44 24 3C 95 00 00 00 C7 44 24 40 6A 00 00 00 89 74 24 44 C7 44 24 14 07 00 00 00 FF 15 ?? ?? ?? ?? 3B C6 89 44 24 1C 0F 84 (D8 | d9) 01 00 00 33 FF 68 00 00 01 00 57 FF 15 ?? ?? ?? ?? 8B D8 3B DF 89 5C 24 14 0F 84 (BC | BD) 01 00 00 8B 44 24 1C A8 01 74 0A 24 FE 50 55 FF 15 ?? ?? ?? ?? 8B 44 24 4C 2B C7 74 20 48 74 0F 83 E8 02 75 1C C7 44 24 10 03 00 00 00 EB 12 C7 44 24 10 01 00 00 00 89 74 24 28 EB 04 89 7C 24 10 8B 44 24 10 89 7C 24 1C 3B C7 0F 8E ( 5C | 5d ) 01 00 00 8D 44 24 28 89 44 24 4C EB 03 83 CE FF 8B 4C 24 4C 8B 01 3B C6 74 17 8A D0 B9 00 40 00 00 8A F2 8B FB 8B C2 C1 E0 10 66 8B C2 F3 AB EB ( 13 | 14) 33 F6 (E8 | ff 15) ?? ?? ?? ?? 88 04 1E 46 81 FE 00 00 01 00 7C ( EF | ee) 6A 00 6A 00 6A 03 6A 00 6A 03 68 00 00 00 C0 55 FF 15 ?? ?? ?? ?? 8B F0 83 FE FF 0F 84 FA 00 00 00 8D 44 24 20 50 56 FF 15 ?? ?? ?? ?? 8B 2D ?? ?? ?? ?? 6A 02 6A 00 6A FF 56 FF D5 8D 4C 24 18 6A 00 51 6A 01 53 56 FF 15 ?? ?? ?? ?? 56 FF 15 ?? ?? ?? ?? 6A 00 6A 00 6A 00 56 FF D5 8B 44 24 24 8B 54 24 20 33 FF 33 DB 85 CO 7C 5A 7F 0A 85 D2 76 54 EB 04 8B 54 24 20 8B CA BD 00 00 01 00 2B CF 1B C3 85 C0 7F 0A 7C 04 3B CD 73 04 2B D7 8B EA 8B 44 24 14 8D 54 24 18 6A 00 52 55 50 56 FF 15 ?? ?? ?? ?? 8B 6C 24 18 8B 44 24 24 03 FD 83 D3 00 3B D8 7C BE 7F 08 8B 54 24 20 3B FA 72 B8 8B 2D ?? ?? ?? ?? 8B 5C 24 10 8B 7C 24 1C 8D 4B FF 3B F9 75 17 56 FF 15 ?? ?? ?? ?? 6A 00 6A 00 6A 00 56 FF D5 56 FF 15 ?? ?? ?? ?? 56 FF 15 ?? ?? ?? ?? 56 FF 15 ?? ?? ?? ?? 8B 4C 24 4C 8B 6C 24 48 47 83 C1 04 3B FB 8B 5C 24 14 89 7C 24 1C 89 4C 24 4C 0F 8C ( AE | AD) FE FF FF 6A 00 55 E8 ?? ?? ?? ?? 83 C4 08 53 FF 15 ?? ?? ?? ?? 5F 5E 5D 5B 83 C4 34 C3}

    condition:

    $secureWipe

     

    Destructive Target Cleaning Tool:

    strings:

    $S1_CMD_Arg = ""/install'"' fullword

    $S2_CMD_Parse= ""\""%s'"'  /install \""%s\""'"' fullword

    $S3_CMD_Builder= ""\'"'%s\""  \""%s\'"' \""%s\'"' %s'"' fullword

    condition:

    all of them

     

    Destructive Target Cleaning Tool:

    strings:

    $BATCH_SCRIPT_LN1_0 = ""goto x"" fullword

    $BATCH_SCRIPT_LN1_1 = '"'del"" fullword

    $BATCH_SCRIPT_LN2_0 = ""if exist"" fullword

    $BATCH_SCRIPT_LN3_0 = "":x'"' fullword

    $BATCH_SCRIPT_LN4_0 = ""zz%d.bat"'' fullword

    condition:

    (#BATCH_SCRIPT_LNl_l == 2) and all of them"

     

    Destructive Target Cleaning Tool:

    strings:

    $MCU_DLL_ZLIB_COMPRESSED2=

    {5CECABAE813CC9BCD5A542F454910428343479806F71D5521E2AOD}

    condition:

    $MCU_DLL_ZLIB_COMPRESSED2"

     

    Destructive Target Cleaning Tool:

    strings:

    $MCU_INF_StartHexDec =

    {010346080A30D63633000B6263750A5052322A00103D1B570A30E67F2A00130952690A50 3A0D2A000E00A26El5104556766572636C7669642E657865}

    $MCU_INF_StartHexEnc =

    {6C3272386958BF075230780A0A54676166024968790C7A6779588F5E47312739310163615B3D59686721CF5F2120263ElF5413531FlE004543544C55}

    condition:

    $MCU_INF_StartHexEnc or

    $MCU_INF_StartHexDec

    Destructive Target Cleaning Tool:

    strings:

    $ = "SetFilePointer"

    $ = "SetEndOfFile"

    $ = {75 17 56 ff 15 ?? ?? ?? ?? 6a 00 6a 00 6a 00 56 ffD5 56 ff 15?? ?? ??

    ?? 56}

    condition:

    (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them

     

    Destructive Target Cleaning Tool:

    strings:

    $license=

    {E903FFFF820050006F007200740069006F006E007300200063006F007000790072006900670068007400200052006F006200650072007400200064006500200042006100740068002C0020004A006F007200690073002000760061006E002000520061006E007400770069006A006B002C002000440065006C00690061006E000000000000000250000000000A002200CE000800EA03FFFF8200}

    $PuTTY= {50007500540054005900}

    condition:

    (uint16(0) == 0x5A4D and uintl6(uint32(0x3c)) == 0x4550) and $license and not $PuTTY

     

    Malware used by cyber threat actor:

    strings:

    $heapCreateFunction_0 = {33C06A003944240868001000000F94C050FF15????????85C0A3???????07436E893FEFFFF83F803A3???????0750D68F8030000E8??00000059EB0A83F8027518E8????000085C0750FFF35???????0FF15???????033C0C36A0158C3}

    $heapCreateFunction =

    {558BECB82C120000E8????FFFF8D8568FFFFFF5350C78568FFFFFF94000000FF1????????085C0741A83BD78FFFFFF02751183BD6CFFFFFF0572086A0158E9020100008D85D4EDFFF68901000005068???????0FF15???????085C00F84D000000033DB8D8DD4EDFFFF389DD4EDFFFF74138A013C617C083C7A7F042C20880141381975ED8D85D4EDFFFF6A165068???????0E8????000083C40C85C075088D85D4EDFFFFEB498D8564FEFFFF68040100005053FF15???????0389D64FEFFFF8D8D64FEFFFF74138A013C617C083C7A7F042C20880141381975ED8D8564FEFFFF508D85D4EDFFFF50E8????????59593BC3743E6A2C50E8????????593BC3597430408BC83818740E80393B75048819EB0141381975F26A0A5350E8????000083C40C83F802741D83F803741883F80174138D45FC50E898FEFFFF807DFC06591BC083C0035BC9C3}

    $getMajorMinorLinker =

    {568B7424086A00832600FF15???????06681384D5A75148B483C85C9740D03C18A481A880E8A401B8846015EC3}

    $openServiceManager =

    {FF15???0?0?08B?885??74????????????????5?FF15???0?0?08B?????0?0?08BF?85F?74}

    condition:

    all of them

     

    Malware used by cyber threat actor:

    strings:

    $str1 = "_quit"

    $str2 = "_exe"

    $str3 = "_put"

    $str4 = "_got"

    $str5 = "_get"

    $str6 ="_del"

    $str7 = "_dir"

    $str8 = { C7 44 24 18 1F F7}

    condition:

    (uintl6(0) == 0x5A4D or uintl6(0) == 0xCFD0  or uintl6(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

     

    Malware used by cyber threat actor:

    strings:

    $STR1 = { 50 68 80 00 00 00 68 FF FF 00 00 51 C7 44 24 1C 3a 8b 00 00 }

    condition:

    (uintl6(0) == 0x5A4D or uint16(0) == 0xCFD0 or uintl6(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and all of them

     

    Recommended Security Practices

    Because of the highly destructive functionality of the malware, an organization infected with the malware could experience operational impacts including loss of intellectual property (IP) and disruption of critical systems. Actual impact to organizations may vary depending on the type and number of systems impacted.

    Tactical Mitigations

    • Implement the indicators of compromise within your systems for detection and mitigation purposes.
    • Encourage users to transfer critical files to network shares, to allow for central backed up.
    • Execute daily backups of all critical systems.
    • Periodically execute an “offline” backup of critical files to removable media.
    • Establish emergency communications plans should network resources become unavailable.
    • Isolate any critical networks (including operations networks) from business systems.
    • Identify critical systems and evaluate the need for having on-hand spares to quickly restore service.
    • Ensure antivirus is up to date.
    • Disable credential caching for all desktop devices with particular importance on critical systems such as servers and restrict the number of cached credential for all portable devices to no more than three if possible. This can be accomplished through a Group Policy Object (GPO).
    • Disable AutoRun and Autoplay for any removable media device.
    • Prevent or limit the use of all removable media devices on systems to limit the spread or introduction of malicious software and possible exfiltration data, except where there is a valid business case for use. This business case must be approved by the organization Chief IT Security Officer, with policy/guidance on how such media should be used.
    • Consider restricting account privileges. It is our recommendation that all daily operations should be executed using standard user accounts unless administrative privileges are required for that specific function. Configure all standard user accounts to prevent the execution and installation of any unknown or unauthorized software. Both standard and administrative accounts should have access only to services required for nominal daily duties, enforcing the concept of separation of duties. Lastly, disable Web and email capabilities on administrative accounts. Compromise of admin accounts is one vector that allows malicious activity to become truly persistent in a network environment.
    • Ensure that password policy rules are enforced and Admin password values are changed periodically.
    • Consider prohibiting hosts within the production environment or DMZ from sharing an Active Directory enterprise with hosts on other networks. Each environment should have separate forests within Active Directory, with no trust relationships allowed between the forests if at all possible. If necessary, the trust relationships should be one-way with the low integrity environment trusting the higher integrity environment.
    • Consider deployment of a coaching page with click through acceptance; these are traditionally deployed in an environment to log the acceptance of network acceptable use policy or to notify users of monitoring. Coaching pages also provide some measure of protection from automated malicious activity. This occurs because automated malware is normally incapable of physically clicking an acceptance radial button. Automated malware is traditionally hardcoded to execute, then retrieve commands or additional executables from the Internet. If the malware is unable to initiate an active connection, the full train of infection is potentially halted. The danger still exists that the physical user will authorize access, but through the use of coaching pages, infections can be limited or at least the rate of infection reduced.
    • Monitor logs -- Maintain and actively monitor a centralized logging solution that keeps track of all anomalous and potentially malicious activity.
    • Ensure that all network operating systems, web browsers, and other related network hardware and software remain updated with all current patches and fixes.

    Strategic Mitigations

    • Organizations should review Security Tip Handling Destructive Malware #ST13-003 and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.
    • Always keep your patch levels up to date, especially on computers that host public services accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
    • Build host systems, especially critical systems such as servers, with only essential applications and components required to perform the intended function. Any unused applications or functions should be removed or disabled, if possible, to limit the attack surface of the host.
    • Implement network segmentation through V-LANs to limit the spread of malware.
    • Consider the deployment of Software Restriction Policy set to only allow the execution of approved software (application whitelisting)
    • Recommend the whitelisting of legitimate executable directories to prevent the execution of potentially malicious binaries.
    • Consider the use of two-factor authentication methods for accessing privileged root level accounts or systems.
    • Consider deploying a two-factor authentication through a hardened IPsec/VPN gateway with split-tunneling prohibited for secure remote access.
    • Deny direct Internet access, except through the use of proxies for Enterprise servers and workstations. Perform regular content filtering at the proxies or external firewall points of presence. Also consider the deployment of an explicit versus transparent proxy policy.
    • Implement a Secure Socket Layer (SSL) inspection capability to inspect both ingress and egress encrypted network traffic for potential malicious activity.
    • Isolate network services, such as email and Web application servers by utilizing a secure multi-tenant virtualization technology. This will limit the damage sustained from a compromise or attack of a single network component.
    • Implement best practice guidance and policy to restrict the use of non-Foundation assets for processing or accessing Foundation-controlled data or systems (e.g., working from home, or using a personal device while at the office). It is difficult to enforce corporate policies, detect intrusions, and conduct forensic analysis or remediate compromises on non-corporate owned devices.
    • Minimize network exposure for all control system devices. Control system devices should not directly face the Internet.
    • Place control system networks behind firewalls, and isolate or air gap them from the business network.
    • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPN is only as secure as the connected devices.
    • Industrial Control System (ICS)-CERT and US-CERT remind organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.

    References

    Revision History

    • December 19, 2014: Initial Release
    • December 24, 2014: Updates to information in the Solutions section.

    This product is provided subject to this Notification and this Privacy & Use policy.


  • TA14-329A: Regin Malware
    Original release date: November 25, 2014

    Systems Affected

    Microsoft Windows NT, 2000, XP, Vista, and 7

    Overview

    On November 24, 2014, Symantec released a report on Regin, a sophisticated backdoor Trojan used to conduct intelligence-gathering campaigns. At this time, the Regin campaign has not been identified targeting any organizations within the United States.

    Description

    Regin is a multi-staged, modular threat—meaning it has a number of components, each dependent on others to perform an attack. Each of the five stages is hidden and encrypted, with the exception of the first stage. The modular design poses difficulties to analysis, as all components must be available in order to fully understand the Trojan.  

    Impact

    Regin is a remote access Trojan (RAT), able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization. The complex design provides flexibility to actors, as they can load custom features tailored to individual targets. [1]

    Solution

    Users and administrators are recommended to take the following preventive measures to protect their computer networks:

    • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information). [2]
    • Keep your operating system and application software up-to-date – Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).

    The following is a list of the Indicators of Compromise (IOCs) that can be added to network security solutions to determine whether they are present on a network.

    MD5s: [1]

    Stage 1 files, 32 bit:

    06665b96e293b23acc80451abb413e50

    187044596bc1328efa0ed636d8aa4a5c

    1c024e599ac055312a4ab75b3950040a

    2c8b9d2885543d7ade3cae98225e263b

    4b6b86c7fec1c574706cecedf44abded

    6662c390b2bbbd291ec7987388fc75d7

    b269894f434657db2b15949641a67532

    b29ca4f22ae7b7b25f79c1d4a421139d

    b505d65721bb2453d5039a389113b566

    26297dc3cd0b688de3b846983c5385e5

    ba7bb65634ce1e30c1e5415be3d1db1d

    bfbe8c3ee78750c3a520480700e440f8

    d240f06e98c8d3e647cbf4d442d79475

    ffb0b9b5b610191051a7bdf0806e1e47

    Unusual stage 1 files apparently compiled from various public source codes merged with malicious code:

    01c2f321b6bfdb9473c079b0797567ba

    47d0e8f9d7a6429920329207a32ecc2e

    744c07e886497f7b68f6f7fe57b7ab54

    db405ad775ac887a337b02ea8b07fddc

    Stage 1, 64-bit system infection:

    bddf5afbea2d0eed77f2ad4e9a4f044d

    c053a0a3f1edcbbfc9b51bc640e808ce

    e63422e458afdfe111bd0b87c1e9772c

    Stage 2, 32 bit:

    18d4898d82fcb290dfed2a9f70d66833

    b9e4f9d32ce59e7c4daf6b237c330e25

    Stage 2, 64 bit:

    d446b1ed24dad48311f287f3c65aeb80

    Stage 3, 32 bit:

    8486ec3112e322f9f468bdea3005d7b5

    da03648948475b2d0e3e2345d7a9bbbb

    Stage 4, 32 bit:

    1e4076caa08e41a5befc52efd74819ea

    68297fde98e9c0c29cecc0ebf38bde95

    6cf5dc32e1f6959e7354e85101ec219a

    885dcd517faf9fac655b8da66315462d

    a1d727340158ec0af81a845abd3963c1

    Stage 4, 64 bit:

    de3547375fbf5f4cb4b14d53f413c503

    Note: Stages 2, 3, and 4 do not appear on infected systems as real files on disk. Hashes are provided for research purposes only.

    Registry branches used to store malware stages 2 and 3:

    \REGISTRY\Machine\System\CurrentControlSet\Control\RestoreList

    \REGISTRY\Machine\System\CurrentControlSet\Control\Class\{39399744-44FC-AD65-474B-E4DDF-8C7FB97}

    \REGISTRY\Machine\System\CurrentControlSet\Control\Class\{3F90B1B4-58E2-251E-6FFE-4D38C5631A04}

    \REGISTRY\Machine\System\CurrentControlSet\Control\Class\{4F20E605-9452-4787-B793-D0204917CA58}

    \REGISTRY\Machine\System\CurrentControlSet\Control\Class\{9B9A8ADB-8864-4BC4-8AD5-B17DFDBB9F58}

    IP IOCs [3]:

    61.67.114.73

    202.71.144.113

    203.199.89.80

    194.183.237.145

    References

    Revision History

    • November 25, 2014: Initial Release

    This product is provided subject to this Notification and this Privacy & Use policy.


  • TA14-323A: Microsoft Windows Kerberos KDC Remote Privilege Escalation Vulnerability
    Original release date: November 19, 2014 | Last revised: November 25, 2014

    Systems Affected

    • Microsoft Windows Vista, 7, 8, and 8.1
    • Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2

    Overview

    A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows which could allow a remote attacker to take control of a vulnerable system. [1]

    Description

    The Microsoft Windows Kerberos KDC fails to properly check service tickets for valid signatures, which can allow aspects of the service ticket to be forged. The improper check allows an attacker to escalate valid domain user account privileges to those of a domain administrator account, which renders the entire domain vulnerable to compromise.

    At the time this release was issued, Microsoft was aware of limited, targeted attacks attempting to exploit this vulnerability.

    Impact

    A valid domain user can pass invalid domain administrator credentials, gain access and compromise any system on the domain, including the domain controller. [2]

    Solution

    An update is available from Microsoft. Please see Microsoft Security Bulletin MS14-068 and Microsoft Research Security and Defense Blog for more details, and apply the necessary updates.[1, 3

    References

    Revision History

    • November 19, 2014: Initial Draft
    • November 25, 2014: Revised formatting

    This product is provided subject to this Notification and this Privacy & Use policy.


Valid XHTML 1.0 Transitional CSS ist valide!