SB15-145: Vulnerability Summary for the Week of May 18, 2015

Title: SB15-145: Vulnerability Summary for the Week of May 18, 2015

NCCIC / US-CERT

National Cyber Awareness System:

05/25/2015 07:19 AM EDT

Original release date: May 25, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
cisco -- unified_communications_manager	Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.	2015年05月16日	7.2	CVE-2015-0717 CISCO
dell -- sonicwall_analyzer	The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.	2015年05月20日	9.0	CVE-2015-3990 CONFIRM MISC
docker -- docker	Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.	2015年05月18日	7.2	CVE-2015-3627 CONFIRM FULLDISC MISC
docker -- libcontainer	Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.	2015年05月18日	7.2	CVE-2015-3629 CONFIRM FULLDISC MISC
docker -- docker	Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.	2015年05月18日	7.2	CVE-2015-3630 CONFIRM FULLDISC MISC
gns3 -- gns3	Untrusted search path vulnerability in GNS3 before 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory.	2015年05月18日	7.2	CVE-2015-2667 MISC
google -- chrome	common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions.	2015年05月20日	7.5	CVE-2015-1252 CONFIRM CONFIRM CONFIRM
google -- chrome	core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted _javascript_ code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.	2015年05月20日	7.5	CVE-2015-1253 CONFIRM CONFIRM CONFIRM
google -- chrome	Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element.	2015年05月20日	7.5	CVE-2015-1256 CONFIRM CONFIRM CONFIRM CONFIRM
google -- chrome	platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.	2015年05月20日	7.5	CVE-2015-1257 CONFIRM CONFIRM CONFIRM CONFIRM
google -- chrome	Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.	2015年05月20日	7.5	CVE-2015-1258 CONFIRM CONFIRM CONFIRM
google -- chrome	PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.	2015年05月20日	7.5	CVE-2015-1259 CONFIRM CONFIRM
google -- chrome	Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted _javascript_ code that executes upon completion of a getUserMedia request.	2015年05月20日	7.5	CVE-2015-1260 CONFIRM CONFIRM CONFIRM
google -- chrome	platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text.	2015年05月20日	7.5	CVE-2015-1262 CONFIRM CONFIRM CONFIRM
google -- chrome	Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.	2015年05月20日	7.5	CVE-2015-1265 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
google -- chrome	Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.	2015年05月20日	7.5	CVE-2015-3910 CONFIRM
hancom -- hanword_viewer_2007	Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly "influence the program's execution flow" via a document with a large paragraph size, which triggers heap corruption.	2015年05月15日	7.5	CVE-2015-2810 BUGTRAQ
huawei -- e587_mobile_wifi_firmware	Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors.	2015年05月21日	9.0	CVE-2015-3911 BID CONFIRM
ibm -- domino	Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.	2015年05月20日	10.0	CVE-2015-1902 CONFIRM
ibm -- domino	Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.	2015年05月20日	10.0	CVE-2015-1903 CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.	2015年05月19日	10.0	CVE-2015-1920 CONFIRM AIXAPAR
infocus -- in3128hd_firmware	The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html.	2015年05月18日	10.0	CVE-2014-8383 MISC FULLDISC MISC
infocus -- in3128hd_firmware	The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request.	2015年05月18日	9.4	CVE-2014-8384 MISC FULLDISC MISC
kcodes -- netusb	Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005.	2015年05月20日	10.0	CVE-2015-3036 CERT-VN MISC MISC
libuv_project -- libuv	libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.	2015年05月18日	10.0	CVE-2015-0278 FEDORA CONFIRM CONFIRM CONFIRM MANDRIVA CONFIRM
module-signature_project -- module-signature	Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.	2015年05月19日	10.0	CVE-2015-3408 CONFIRM CONFIRM MLIST MLIST UBUNTU
module-signature_project -- module-signature	Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.	2015年05月19日	7.2	CVE-2015-3409 CONFIRM CONFIRM MLIST MLIST UBUNTU
oscmax -- oscmax	Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.	2015年05月20日	7.5	CVE-2012-1665 MISC OSVDB OSVDB OSVDB CONFIRM CONFIRM BUGTRAQ
powerdns -- authoritative	The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.	2015年05月18日	7.8	CVE-2015-1868 SECTRACK FEDORA FEDORA FEDORA FEDORA FEDORA FEDORA
proftpd -- proftpd	The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.	2015年05月18日	10.0	CVE-2015-3306 EXPLOIT-DB EXPLOIT-DB FEDORA FEDORA FEDORA
swisscom -- centro_grande_(adb)_dsl_firmware	The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors.	2015年05月20日	10.0	CVE-2015-1188 FULLDISC
unzoo -- unzoo	Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors.	2015年05月19日	10.0	CVE-2015-1845 MISC MLIST
unzoo -- unzoo	unzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling.	2015年05月19日	7.8	CVE-2015-1846 MISC MLIST
wpsymposium -- wp_symposium	SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.	2015年05月15日	7.5	CVE-2015-3325 MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apple -- safari	The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.	2015年05月20日	4.3	CVE-2015-4000 CONFIRM CONFIRM MISC MISC MISC MLIST
cacti -- cacti	SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.	2015年05月21日	6.5	CVE-2015-0916 MISC JVNDB JVN
cisco -- wireless_lan_controller_software	The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269.	2015年05月16日	6.1	CVE-2015-0723 CISCO
cisco -- wireless_lan_controller_software	The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252.	2015年05月16日	6.8	CVE-2015-0726 CISCO
cisco -- secure_access_control_server	Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005.	2015年05月16日	4.3	CVE-2015-0729 CISCO
cisco -- wide_area_application_services	The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645.	2015年05月16日	5.0	CVE-2015-0730 CISCO
cisco -- ios	The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890.	2015年05月15日	6.1	CVE-2015-0731 CISCO
cisco -- unified_customer_voice_portal	Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970.	2015年05月16日	6.8	CVE-2015-0735 CISCO
cisco -- mediasense	Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728.	2015年05月15日	6.8	CVE-2015-0736 CISCO
cisco -- web_security_appliance	Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008.	2015年05月16日	4.3	CVE-2015-0738 CISCO
cisco -- firesight_system_software	The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938.	2015年05月18日	4.0	CVE-2015-0739 CISCO
cisco -- unified_intelligence_center	Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.	2015年05月19日	6.8	CVE-2015-0740 CISCO
cisco -- hosted_collaboration_solution	Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.	2015年05月21日	6.8	CVE-2015-0741 CISCO
cisco -- adaptive_security_appliance_software	The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398.	2015年05月21日	5.0	CVE-2015-0742 CISCO
cisco -- secure_access_control_server	The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.	2015年05月21日	5.0	CVE-2015-0746 CISCO
concrete5 -- concrete5	Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index.php/dashboard/reports/logs/view, (3) accessType parameter to index.php/tools/required/permissions/access_entity, (4) msCountry parameter to index.php/dashboard/system/multilingual/setup/load_icon, arHandle parameter to (5) design/submit or (6) design in index.php/ccm/system/dialogs/area/design/submit, (7) pageURL to index.php/dashboard/pages/single, (8) SEARCH_INDEX_AREA_METHOD parameter to index.php/dashboard/system/seo/searchindex/updated, (9) unit parameter to index.php/dashboard/system/optimization/jobs/job_scheduled, (10) register_notification_email parameter to index.php/dashboard/system/registration/open/1, or (11) PATH_INFO to index.php/dashboard/extend/connect/.	2015年05月15日	4.3	CVE-2015-2250 CONFIRM MISC BUGTRAQ FULLDISC MISC
concrete5 -- concrete5	Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.	2015年05月15日	4.3	CVE-2015-3989 CONFIRM
dcraw_project -- dcraw	Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.	2015年05月19日	4.3	CVE-2015-3885 MISC CONFIRM CONFIRM BID BUGTRAQ
feedwordpress_project -- feedwordpress	SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.	2015年05月21日	6.5	CVE-2015-4018 CONFIRM FULLDISC
google -- chrome	Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document.	2015年05月20日	6.8	CVE-2015-1251 CONFIRM CONFIRM MISC
google -- chrome	core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.	2015年05月20日	5.0	CVE-2015-1254 CONFIRM CONFIRM CONFIRM
google -- chrome	Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track.	2015年05月20日	6.8	CVE-2015-1255 CONFIRM CONFIRM CONFIRM
google -- chrome	android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.	2015年05月20日	5.0	CVE-2015-1261 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
google -- chrome	The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.	2015年05月20日	4.3	CVE-2015-1263 CONFIRM CONFIRM CONFIRM
google -- chrome	Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature.	2015年05月20日	4.3	CVE-2015-1264 CONFIRM CONFIRM
huawei -- seq_analyst	XML external entity (XXE) in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.	2015年05月18日	4.0	CVE-2015-2346 FULLDISC
huawei -- webui	Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.	2015年05月21日	5.0	CVE-2015-3912 BID CONFIRM
ibm -- license_metric_tool	The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	2015年05月20日	6.4	CVE-2014-8924 CONFIRM
ibm -- websphere_mq	The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records.	2015年05月20日	4.0	CVE-2015-0189 CONFIRM AIXAPAR
module-signature_project -- module-signature	Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.	2015年05月19日	5.0	CVE-2015-3407 CONFIRM CONFIRM MLIST MLIST UBUNTU
oscmax -- oscmax	Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php.	2015年05月20日	4.3	CVE-2012-1664 CONFIRM MISC OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB CONFIRM BUGTRAQ
oscmax -- oscmax	Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php.	2015年05月20日	6.8	CVE-2012-6691 MISC CONFIRM BUGTRAQ
rakus -- maildealer	Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.	2015年05月21日	4.3	CVE-2015-0915 CONFIRM JVNDB JVN
realmd_project -- realmd	realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.	2015年05月18日	5.0	CVE-2015-2704 CONFIRM FEDORA
rockwell -- automation_rslinx_classic	Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file.	2015年05月16日	6.9	CVE-2014-9204 MISC MISC
seogento -- seogento	Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	2015年05月20日	4.3	CVE-2012-3243 BID
simple_php_agenda_project -- simple_php_agenda	Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/.	2015年05月21日	6.8	CVE-2012-1978 MISC MISC MISC OSVDB
synametrics -- xeams	Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an SMTP domain or (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.	2015年05月20日	6.8	CVE-2015-3141 EXPLOIT-DB MISC OSVDB
template_cms_project -- template_cms	Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter an add_template action to admin/index.php.	2015年05月20日	4.3	CVE-2012-4901 MISC BID OSVDB
template_cms_project -- template_cms	Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an add action to admin/index.php or (2) conduct static PHP code injection attacks via the themes_editor parameter in an edit_template action to admin/index.php.	2015年05月20日	6.8	CVE-2012-4902 MISC BID OSVDB
valve -- steam	The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet.	2015年05月20日	5.0	CVE-2015-4016 CONFIRM MISC
wppa.opajaap -- wp-photo-album-plus	Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.	2015年05月21日	4.3	CVE-2015-3647 CONFIRM MISC BUGTRAQ

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
docker -- docker	Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.	2015年05月18日	3.6	CVE-2015-3631 CONFIRM FULLDISC MISC
ibm -- license_metric_tool	IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.	2015年05月20日	2.1	CVE-2014-4776 CONFIRM
ibm -- websphere_commerce	The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file.	2015年05月19日	2.1	CVE-2014-6211 CONFIRM AIXAPAR AIXAPAR
openstack -- horizon	Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 201510 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.	2015年05月19日	3.5	CVE-2015-3988 BID MLIST MLIST
piriform -- ccleaner	Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.	2015年05月20日	2.1	CVE-2015-3999 BID FULLDISC
redhat -- kexec-tools	The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.	2015年05月19日	3.6	CVE-2015-0267 REDHAT
squid-cache -- squid	Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, does not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.	2015年05月18日	2.6	CVE-2015-3455 CONFIRM SECTRACK MANDRIVA CONFIRM

This product is provided subject to this Notification and this Privacy & Use policy.

OTHER RESOURCES:

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 Powered by GovDelivery