SB15-180: Vulnerability Summary for the Week of June 22, 2015

Title: SB15-180: Vulnerability Summary for the Week of June 22, 2015

NCCIC / US-CERT

National Cyber Awareness System:

06/29/2015 06:28 AM EDT

Original release date: June 29, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- photoshop_cc	Adobe Photoshop CC before 16.0 (aka 201500) allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.	2015年06月24日	10.0	CVE-2015-3109 CONFIRM
adobe -- bridge	Integer overflow in Adobe Photoshop CC before 16.0 (aka 201500) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.	2015年06月24日	10.0	CVE-2015-3110 CONFIRM CONFIRM
adobe -- bridge	Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 201500) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.	2015年06月24日	10.0	CVE-2015-3111 CONFIRM CONFIRM
adobe -- bridge	Adobe Photoshop CC before 16.0 (aka 201500) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.	2015年06月24日	10.0	CVE-2015-3112 CONFIRM CONFIRM
adobe -- flash_player	Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.	2015年06月23日	10.0	CVE-2015-3113 CONFIRM
airties -- air_firmware	Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.	2015年06月19日	10.0	CVE-2015-2797 EXPLOIT-DB EXPLOIT-DB MISC OSVDB
aptexx -- resident_anywhere	Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request.	2015年06月23日	7.5	CVE-2014-4882 CERT-VN
audiosharescript -- audioshare	PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter.	2015年06月23日	7.5	CVE-2015-4726 MISC
avigilon -- avigilon_control_center	Directory traversal vulnerability in Avigilon Control Center (ACC) 4 before 4.12.0.54 and 5 before 5.4.2.22 allows remote attackers to read arbitrary files via a crafted help/ URL.	2015年06月23日	7.8	CVE-2015-2860 CERT-VN
cisco -- ios	Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation, aka Bug ID CSCug00885.	2015年06月23日	7.8	CVE-2015-4200 CISCO
cisco -- webex_meeting_center	Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398.	2015年06月24日	7.5	CVE-2015-4208 CISCO
cisco -- anyconnect_secure_mobility_client	Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862.	2015年06月24日	7.2	CVE-2015-4211 CISCO
cisco -- wireless_lan_controller_software	Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.	2015年06月26日	7.2	CVE-2015-4224 CISCO
cups -- cups	The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.	2015年06月26日	10.0	CVE-2015-1158 CERT-VN CONFIRM MISC CONFIRM CONFIRM CONFIRM MISC
persian_car_cms_project -- persian_car_cms	SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.	2015年06月19日	7.5	CVE-2015-4678 MISC
sap -- mobile_platform	XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.	2015年06月24日	7.5	CVE-2015-5068 MISC MISC
tinysrp_project -- tinysrp	Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field.	2015年06月19日	7.5	CVE-2015-4675 FULLDISC MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
aftab -- tickfa	SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action.	2015年06月19日	6.5	CVE-2015-4676 MISC
airties -- rt-210_firmware	Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm.	2015年06月19日	4.3	CVE-2015-4679 MISC
alcatel-lucent -- cellpipe_7130_rg_5ae.m2013_hol_firmware	Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add_user action in a request to password.cmd.	2015年06月23日	6.8	CVE-2015-4586 MISC
apphp -- hotel_site	SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.	2015年06月22日	6.5	CVE-2015-4713 MISC
arduino_json_project -- arduino_json	The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a terminator, as demonstrated by "\ ", which triggers a buffer overflow and over-read.	2015年06月22日	5.0	CVE-2015-4590 CONFIRM CONFIRM CONFIRM BID MLIST
async-http-client_project -- async-http-client	Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.	2015年06月24日	4.3	CVE-2013-7397 CONFIRM MLIST
async-http-client_project -- async-http-client	main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.	2015年06月24日	4.3	CVE-2013-7398 CONFIRM MLIST
audiosharescript -- audioshare	Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter.	2015年06月23日	4.3	CVE-2015-4725 MISC
cisco -- data_center_analytics_framework	Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807.	2015年06月23日	6.8	CVE-2015-4189 CISCO
cisco -- nx-os	Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415.	2015年06月20日	6.1	CVE-2015-4197 CISCO
cisco -- web_security_appliance	Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409.	2015年06月20日	4.3	CVE-2015-4198 CISCO
cisco -- asr_5000_series_software	The Gateway General Packet Radio Service Support Node (GGSN) component on Cisco ASR 5000 devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Session Manager restart) via an invalid TCP/IP header, aka Bug ID CSCut68058.	2015年06月20日	5.0	CVE-2015-4201 CISCO
cisco -- ios	Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203.	2015年06月20日	5.0	CVE-2015-4202 CISCO
cisco -- ios	Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396.	2015年06月23日	5.4	CVE-2015-4203 CISCO
cisco -- cisco_ios	Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051.	2015年06月23日	6.8	CVE-2015-4204 CISCO
cisco -- ios_xr	Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959.	2015年06月23日	5.7	CVE-2015-4205 CISCO
cisco -- webex_meeting_center	Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147.	2015年06月23日	5.0	CVE-2015-4207 CISCO
cisco -- webex_meeting_center	Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913.	2015年06月23日	6.4	CVE-2015-4209 CISCO
cisco -- webex_meeting_center	Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806.	2015年06月23日	4.3	CVE-2015-4210 CISCO
cisco -- webex_meeting_center	Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.	2015年06月24日	5.0	CVE-2015-4212 CISCO
cisco -- nx-os	Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391.	2015年06月24日	4.0	CVE-2015-4213 CISCO
cisco -- unified_meetingplace	Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050.	2015年06月24日	4.0	CVE-2015-4214 CISCO
cisco -- wireless_lan_controller_software	Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) and 7.6(1.62) allow remote attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a non-IPv6 device, aka Bug ID CSCuj01046.	2015年06月24日	6.1	CVE-2015-4215 CISCO
cisco -- content_security_management_virtual_appliance	The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015年06月25日 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.	2015年06月26日	5.0	CVE-2015-4216 CISCO
cisco -- content_security_management_virtual_appliance	The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015年06月25日 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.	2015年06月26日	4.3	CVE-2015-4217 CISCO CISCO
cisco -- jabber	The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858.	2015年06月24日	5.0	CVE-2015-4218 CISCO
cisco -- identity_services_engine_software	Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.	2015年06月24日	4.0	CVE-2015-4219 CISCO
cisco -- unified_presence_server	Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773.	2015年06月25日	4.3	CVE-2015-4220 CISCO
cisco -- unified_communications_manager_im_and_presence_service	Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194.	2015年06月26日	4.0	CVE-2015-4221 CISCO
cisco -- unified_communications_manager_im_and_presence_service	SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325.	2015年06月26日	6.5	CVE-2015-4222 CISCO
cisco -- ios_xr	Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478.	2015年06月25日	5.0	CVE-2015-4223 CISCO
cups -- cups	Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.	2015年06月26日	4.3	CVE-2015-1159 CERT-VN CONFIRM MISC CONFIRM CONFIRM CONFIRM MISC
dream-multimedia-tv -- dreambox_dm500-s_firmware	Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.	2015年06月22日	4.3	CVE-2015-4714 MISC
drupal -- drupal	The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.	2015年06月22日	4.0	CVE-2015-3231 CONFIRM DEBIAN
drupal -- drupal	Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.	2015年06月22日	5.8	CVE-2015-3232 CONFIRM DEBIAN
drupal -- drupal	Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	2015年06月22日	5.8	CVE-2015-3233 CONFIRM DEBIAN
drupal -- drupal	The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.	2015年06月22日	4.3	CVE-2015-3234 CONFIRM DEBIAN
emc -- rsa_validation_manager	Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.	2015年06月22日	4.3	CVE-2015-0526 BUGTRAQ
fiverrscript -- fiverrscript	Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.	2015年06月19日	6.8	CVE-2015-4677 EXPLOIT-DB
google -- chrome	content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests.	2015年06月26日	5.0	CVE-2015-1266 CONFIRM CONFIRM CONFIRM
google -- chrome	Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted _javascript_ code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp.	2015年06月26日	5.0	CVE-2015-1267 CONFIRM CONFIRM CONFIRM CONFIRM
google -- chrome	bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted _javascript_ code, as demonstrated by use of a data: URL.	2015年06月26日	5.0	CVE-2015-1268 CONFIRM CONFIRM CONFIRM
google -- chrome	The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase.	2015年06月26日	4.3	CVE-2015-1269 CONFIRM CONFIRM CONFIRM
haxx -- curl	cURL and libcurl 7.40.0 through 7.42.1 sends the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.	2015年06月22日	5.0	CVE-2015-3236 CONFIRM
haxx -- curl	The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.	2015年06月22日	6.4	CVE-2015-3237 CONFIRM
mcafee -- epolicy_orchestrator	Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	2015年06月23日	5.8	CVE-2015-2859 CERT-VN CONFIRM CONFIRM
metalgenix -- genixcms	Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.	2015年06月24日	4.3	CVE-2015-5066 BUGTRAQ MISC MISC
mysql-lite-administrator_project -- mysql-lite-administrator	Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to coloni.php.	2015年06月24日	4.3	CVE-2015-5064 BUGTRAQ MISC
nextend -- facebook_connect	Cross-site scripting (XSS) vulnerability in the new_fb_sign_button function in nextend-facebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter.	2015年06月24日	4.3	CVE-2015-4413 CONFIRM CONFIRM FULLDISC
openstack -- icehouse	OpenStack Cinder before 2014年1月5日 (icehouse), 2014.2.x before 2014年2月4日 (juno), and 2015.1.x before 2015年1月1日 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.	2015年06月25日	6.8	CVE-2015-1851 CONFIRM MLIST MLIST MLIST DEBIAN MLIST
paypal_currency_converter_basic_for_woocommerce_project -- paypal_currency_converter_basic_for_woocommerce	Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.	2015年06月24日	5.0	CVE-2015-5065 CONFIRM EXPLOIT-DB CONFIRM MISC
pearson -- proctorcache	Pearson ProctorCache before 2015年1月17日 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service (test disruption) by leveraging knowledge of this password.	2015年06月23日	5.0	CVE-2015-0972 CERT-VN
ruby-lang -- ruby	RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."	2015年06月24日	5.0	CVE-2015-3900 CONFIRM
sap -- netweaver	The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Note 2059659 and 2057982.	2015年06月24日	5.0	CVE-2015-5067 MISC MISC
sensiolabs -- symfony	Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.	2015年06月24日	6.8	CVE-2015-2308 CONFIRM JVNDB JVN
silverstripe -- silverstripe	Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.	2015年06月24日	5.8	CVE-2015-5062 BUGTRAQ MISC
silverstripe -- silverstripe	Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.	2015年06月24日	4.3	CVE-2015-5063 BUGTRAQ MISC
swiftkey -- swiftkey_sdk	Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.	2015年06月19日	6.4	CVE-2015-4641 CERT-VN MISC MISC MISC MISC
toshiba -- chec	CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.	2015年06月24日	5.0	CVE-2014-4875 CONFIRM CERT-VN
zohocorp -- manageengine_assetexplorer	Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned.	2015年06月24日	4.3	CVE-2015-2169 MISC FULLDISC

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
swiftkey -- swiftkey_sdk	The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution.	2015年06月19日	2.9	CVE-2015-4640 CERT-VN MISC MISC MISC MISC
zohocorp -- manageengine_assetexplorer	Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.	2015年06月24日	3.5	CVE-2015-5061 MISC MISC

This product is provided subject to this Notification and this Privacy & Use policy.

A copy of this publication is available at www.us-cert.gov. If you need help or have questions, please send an email to info@xxxxxxxxxxx. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@xxxxxxxxxxxxxxxx to your address book.

OTHER RESOURCES:

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 Powered by GovDelivery