SB14-216: Vulnerability Summary for the Week of July 27, 2014

Title: SB14-216: Vulnerability Summary for the Week of July 27, 2014

NCCIC / US-CERT

National Cyber Awareness System:

08/04/2014 10:24 AM EDT

Original release date: August 04, 2014

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apple -- quicktime	Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.	2014年07月26日	9.3	CVE-2014-4979 MISC
codeaurora -- android-msm	The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.	2014年08月01日	7.2	CVE-2014-0972
fonality -- trixbox	SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.	2014年07月28日	7.5	CVE-2014-5109 XF MISC
fonality -- trixbox	maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.	2014年07月28日	7.5	CVE-2014-5112 MISC
h3c -- secbladefw	Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.	2014年07月28日	7.8	CVE-2013-4840
hp -- network_virtualization	Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.	2014年07月26日	8.5	CVE-2014-2625 MISC
hp -- network_virtualization	Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.	2014年07月26日	9.4	CVE-2014-2626 MISC
ibm -- websphere_portal	SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	2014年07月29日	7.5	CVE-2014-3055 XF AIXAPAR
linux -- linux_kernel	arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.	2014年08月01日	7.2	CVE-2014-3534 CONFIRM CONFIRM
mailpoet -- mailpoet_newsletters	The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.	2014年07月27日	7.5	CVE-2014-4725 MLIST MISC MISC MISC MISC
mailpoet -- mailpoet_newsletters	Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.	2014年07月27日	7.5	CVE-2014-4726 MLIST
microsoft -- windows_xp	Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.	2014年07月26日	7.2	CVE-2014-4971 MISC MISC FULLDISC FULLDISC
moodle -- moodle	The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.	2014年07月29日	7.5	CVE-2014-3541 MLIST
morpho -- itemiser_3	Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.	2014年07月26日	10.0	CVE-2014-2363 MISC
ol-commerce_project -- ol-commerce	Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.	2014年07月28日	7.5	CVE-2014-5104 BID MISC
sabreairlinesolutions -- crew_management	Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010年2月12日.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.	2014年07月26日	7.5	CVE-2014-4858
sap -- solution_manager	The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.	2014年07月31日	7.5	CVE-2014-5175 CONFIRM XF BID MISC FULLDISC CONFIRM
vbulletin -- vbulletin	SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.	2014年07月25日	7.5	CVE-2014-5102 MISC MISC
webidsupport -- webid	WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.	2014年07月29日	7.5	CVE-2014-5114 BID MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
aas9 -- zerocms	Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field.	2014年07月29日	4.3	CVE-2014-4710 MISC EXPLOIT-DB
acmailer -- acmailer	Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization.	2014年07月29日	6.8	CVE-2014-3896 CONFIRM JVNDB JVN
apple -- cups	The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.	2014年07月29日	5.0	CVE-2014-5031 MLIST MLIST DEBIAN SECUNIA
cairographics -- cairo	The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.	2014年07月29日	5.0	CVE-2014-5116 CONFIRM OSVDB EXPLOIT-DB
caucho -- resin	The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.	2014年07月26日	5.0	CVE-2014-2966
cisco -- webex_meetings_server	The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.	2014年07月26日	5.0	CVE-2014-3301
cisco -- webex_meetings_server	user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.	2014年08月01日	5.8	CVE-2014-3302
cisco -- webex_meetings_server	The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713.	2014年07月28日	4.0	CVE-2014-3303
cisco -- webex_meetings_server	The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722.	2014年07月28日	5.0	CVE-2014-3304
cisco -- webex_meetings_server	Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.	2014年07月26日	6.8	CVE-2014-3305
cisco -- telepresence_server_software	Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.	2014年07月26日	4.3	CVE-2014-3324
cisco -- security_manager	SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.	2014年07月26日	6.5	CVE-2014-3326
cisco -- unified_presence_server	The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125.	2014年07月26日	5.0	CVE-2014-3328
cisco -- prime_data_center_network_manager	Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620.	2014年07月29日	4.3	CVE-2014-3329
concrete5 -- concrete5	concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php, (10) system/seo/view.php, (11) view.php, (12) users/attributes.php, (13) scrapbook/view.php, (14) pages/attributes.php, (15) files/attributes.php, or (16) files/search.php in single_pages/dashboard/.	2014年07月28日	5.0	CVE-2014-5107 BID MISC OSVDB
concrete5 -- concrete5	Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.	2014年07月28日	4.3	CVE-2014-5108 BID MISC OSVDB
dirphp_project -- dirphp	Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.	2014年07月29日	5.0	CVE-2014-5115 EXPLOIT-DB
elasticsearch -- elasticsearch	The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.	2014年07月28日	6.8	CVE-2014-3120 MISC BID MISC OSVDB EXPLOIT-DB MISC
fonality -- trixbox	Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter.	2014年07月28日	4.3	CVE-2014-5110 XF MISC
fonality -- trixbox	Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.	2014年07月28日	5.0	CVE-2014-5111 MISC
gnu -- glibc	Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.	2014年07月29日	6.8	CVE-2014-0475 CONFIRM SECTRACK MLIST MLIST DEBIAN
gurock -- testrail	Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity.	2014年07月26日	4.3	CVE-2014-4857
homepage_decorator_perlmailer_project -- homepage_decorator_perlmailer	Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2014年07月29日	4.3	CVE-2014-3897 JVNDB JVN
hp -- nonstop_netbatch	Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.	2014年08月01日	5.2	CVE-2014-2627
hp -- data_protector	DISPUTED Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design."	2014年08月01日	6.4	CVE-2014-5160 MISC MISC
ibm -- atlas_ediscovery_process_management	Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.	2014年07月29日	4.3	CVE-2014-0889 XF CONFIRM
ibm -- rational_software_architect_design_manager	Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.	2014年07月30日	6.5	CVE-2014-0947 XF
ibm -- rational_software_architect_design_manager	Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.	2014年07月30日	6.0	CVE-2014-0948 XF
ibm -- embedded_websphere_application_server	install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.	2014年07月29日	6.9	CVE-2014-3020 XF
ibm -- websphere_portal	Multiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	2014年07月29日	5.8	CVE-2014-3054 XF AIXAPAR
ibm -- websphere_portal	The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors.	2014年07月29日	5.0	CVE-2014-3056 XF AIXAPAR
ibm -- websphere_portal	Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.	2014年07月29日	4.3	CVE-2014-3057 XF AIXAPAR
ibm -- infosphere_information_server	Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.	2014年07月26日	4.3	CVE-2014-3071 XF
ibm -- sametime	Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.	2014年07月26日	4.3	CVE-2014-4748 XF
innominate -- mguard_firmware	Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.	2014年07月30日	5.0	CVE-2014-2356
invisionpower -- invision_power_board	Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.	2014年07月28日	4.3	CVE-2014-5106 XF BID BUGTRAQ
iodata -- ts-ptcam/poe_camera	The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors.	2014年07月29日	6.4	CVE-2014-3895 JVNDB JVN
libndp -- libndp	Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.	2014年07月31日	6.8	CVE-2014-3554 CONFIRM XF MLIST
linux -- linux_kernel	The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.	2014年08月01日	6.2	CVE-2014-5045 CONFIRM MLIST CONFIRM
linux -- linux_kernel	The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.	2014年08月01日	5.4	CVE-2014-5077 MLIST
moodle -- moodle	mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	2014年07月29日	4.3	CVE-2014-3542 MLIST
moodle -- moodle	mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.	2014年07月29日	4.3	CVE-2014-3543 MLIST
moodle -- moodle	Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.	2014年07月29日	6.0	CVE-2014-3545 MLIST
moodle -- moodle	Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.	2014年07月29日	5.0	CVE-2014-3546 MLIST
moodle -- moodle	Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.	2014年07月29日	4.3	CVE-2014-3547 MLIST
moodle -- moodle	Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.	2014年07月29日	4.3	CVE-2014-3548 MLIST
moodle -- moodle	Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.	2014年07月29日	4.3	CVE-2014-3549 MLIST
moodle -- moodle	Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task.	2014年07月29日	4.3	CVE-2014-3550 MLIST
moodle -- moodle	The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction.	2014年07月29日	6.0	CVE-2014-3552 MLIST
moodle -- moodle	mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.	2014年07月29日	4.9	CVE-2014-3553 MLIST
netty_project -- netty	The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.	2014年07月31日	5.0	CVE-2014-3488 CONFIRM SECUNIA
ol-commerce_project -- ol-commerce	Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php.	2014年07月28日	4.3	CVE-2014-5105 BID MISC
omeka -- omeka	Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.	2014年07月25日	6.8	CVE-2014-5100 XF XF MISC MISC BID EXPLOIT-DB MISC
reviewboard -- review_board	Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.	2014年07月25日	4.3	CVE-2014-5027 BID MLIST MLIST
sap -- hana	Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2014年07月31日	4.3	CVE-2014-5172 CONFIRM XF BID BUGTRAQ MISC FULLDISC CONFIRM MISC
sap -- hana_extend_application_services	SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.	2014年07月31日	5.0	CVE-2014-5173 CONFIRM XF BUGTRAQ FULLDISC CONFIRM MISC
sap -- fi_manager_self-service	SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.	2014年07月31日	6.0	CVE-2014-5176 CONFIRM XF BID BUGTRAQ MISC FULLDISC CONFIRM MISC
silver-peak -- vx	Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.	2014年07月28日	6.8	CVE-2014-2974
silver-peak -- vx	Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.	2014年07月28日	4.3	CVE-2014-2975
torproject -- tor	Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.	2014年07月30日	4.3	CVE-2014-5117 CONFIRM MLIST MLIST MISC
transmissionbt -- transmission	Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.	2014年07月29日	6.8	CVE-2014-4909 MISC CONFIRM CONFIRM UBUNTU BID OSVDB MLIST MLIST DEBIAN SECUNIA SECUNIA SECUNIA FEDORA MISC
ubnt -- unifi_video	The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.	2014年07月25日	6.0	CVE-2014-2227 BID MISC FULLDISC
visualware -- myconnection_server	Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter.	2014年07月28日	4.3	CVE-2014-5113 BID MISC MISC
vitamin_plugin_project -- vitamin	Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.	2014年07月31日	5.0	CVE-2012-6651 BID MLIST MLIST
webidsupport -- webid	Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php.	2014年07月25日	4.3	CVE-2014-5101 BID MISC
wireshark -- wireshark	The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.	2014年08月01日	5.0	CVE-2014-5161
wireshark -- wireshark	The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet.	2014年08月01日	5.0	CVE-2014-5162
wireshark -- wireshark	The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2014年08月01日	5.0	CVE-2014-5163 CONFIRM
wireshark -- wireshark	The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2014年08月01日	5.0	CVE-2014-5164 CONFIRM
wireshark -- wireshark	The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.	2014年08月01日	5.0	CVE-2014-5165 CONFIRM CONFIRM
zohocorp -- manageengine_eventlog_analyzer	Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check.	2014年07月25日	4.3	CVE-2014-5103 BUGTRAQ MISC

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apache -- subversion	svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.	2014年07月28日	2.4	CVE-2013-4262
apache -- subversion	The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).	2014年07月28日	2.4	CVE-2013-7393
apple -- cups	The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.	2014年07月29日	1.5	CVE-2014-5029 MLIST MLIST DEBIAN SECUNIA
apple -- cups	CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.	2014年07月29日	1.9	CVE-2014-5030 MLIST MLIST DEBIAN SECUNIA
ibm -- maximo_asset_management	Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.	2014年07月30日	3.5	CVE-2014-0914 XF AIXAPAR
ibm -- maximo_asset_management	Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.	2014年07月30日	3.5	CVE-2014-0915 XF AIXAPAR
ibm -- infosphere_master_data_management	The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site.	2014年08月01日	3.5	CVE-2014-3009 XF
ibm -- maximo_asset_management	Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.	2014年07月30日	3.5	CVE-2014-3025 XF AIXAPAR
ibm -- maximo_asset_management	CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.	2014年07月29日	3.5	CVE-2014-3026 XF
ibm -- rational_team_concert	IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors.	2014年07月29日	3.5	CVE-2014-3050 XF
ibm -- sametime	The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser.	2014年07月26日	2.1	CVE-2014-4747
moodle -- moodle	Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.	2014年07月29日	3.5	CVE-2014-3544 MISC MLIST
moodle -- moodle	Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.	2014年07月29日	3.5	CVE-2014-3551 MLIST
sap -- hana_extend_application_services	SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.	2014年07月31日	2.9	CVE-2014-5171 CONFIRM BUGTRAQ MISC FULLDISC CONFIRM MISC
sap -- netweaver_business_warehouse	The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.	2014年07月31日	3.5	CVE-2014-5174 CONFIRM XF BID MISC CONFIRM MISC
ubnt -- unifi_controller	Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.	2014年07月29日	2.6	CVE-2014-2226 BID MISC FULLDISC MISC
zarafa -- webapp	WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.	2014年07月29日	2.1	CVE-2014-0103 CONFIRM BID FEDORA FEDORA

This product is provided subject to this Notification and this Privacy & Use policy.

OTHER RESOURCES:

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110 Powered by GovDelivery