Vulnerability Summary for the Week of January 12, 2015

SB15-019: Vulnerability Summary for the Week of January 12, 2015 01/19/2015 06:27 AM EST Original release date: January 19, 2015 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors. 2015-01-13 10.0 CVE-2015-0301 adobe -- adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0306. 2015-01-13 10.0 CVE-2015-0303 adobe -- adobe_air Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309. 2015-01-13 10.0 CVE-2015-0304 adobe -- adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." 2015-01-13 9.3 CVE-2015-0305 CONFIRM adobe -- adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303. 2015-01-13 10.0 CVE-2015-0306 adobe -- adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors. 2015-01-13 8.5 CVE-2015-0307 adobe -- adobe_air Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors. 2015-01-13 10.0 CVE-2015-0308 adobe -- adobe_air Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304. 2015-01-13 10.0 CVE-2015-0309 awpcp -- another_wordpress_classifieds_plugin SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action. 2015-01-13 7.5 CVE-2014-10013 XF EXPLOIT-DB MISC dev4press -- gd_star_rating SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php. 2015-01-12 7.5 CVE-2014-2839 XF FULLDISC divx -- directshowdemuxfilter Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow. 2015-01-13 7.5 CVE-2014-10024 BID FULLDISC domphp -- domphp Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php. 2015-01-13 7.5 CVE-2014-10037 XF EXPLOIT-DB OSVDB domphp -- domphp SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. 2015-01-13 7.5 CVE-2014-10038 XF EXPLOIT-DB MISC OSVDB fluxbb -- fluxbb SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter. 2015-01-13 7.5 CVE-2014-10029 XF SECUNIA FULLDISC MISC hancom -- hancom_office_2010_se Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file. 2015-01-12 7.5 CVE-2013-7420 XF BUGTRAQ ibm -- pureapplication_system Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component. 2015-01-09 9.0 CVE-2014-6158 ibm -- aix lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. 2015-01-15 7.2 CVE-2014-8904 XF AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR ismail_fahmi -- ganesha_digital_library Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. 2015-01-13 7.5 CVE-2014-100031 XF SECUNIA MISC itechscripts -- itechclassifieds SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. 2015-01-13 7.5 CVE-2014-100020 XF BID EXPLOIT-DB OSVDB libpng -- libpng Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16 might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. 2015-01-10 10.0 CVE-2014-9495 SECTRACK BID MLIST MISC MLIST licensepal -- arcticdesk SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-01-13 7.5 CVE-2014-100035 linux -- linux_kernel Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. 2015-01-09 7.2 CVE-2014-9529 CONFIRM MLIST CONFIRM maianscriptworld -- maian_uploader SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2015-01-13 7.5 CVE-2014-10004 XF MISC OSVDB microsoft -- windows_7 The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability." 2015-01-13 7.2 CVE-2015-0002 MISC MISC MISC microsoft -- windows_7 The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability." 2015-01-13 7.2 CVE-2015-0004 MISC microsoft -- windows_7 Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability." 2015-01-13 10.0 CVE-2015-0014 microsoft -- windows_server_2003 Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability." 2015-01-13 7.8 CVE-2015-0015 microsoft -- windows_7 Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability." 2015-01-13 9.3 CVE-2015-0016 mozilla -- firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2015-01-14 7.5 CVE-2014-8634 CONFIRM CONFIRM mozilla -- firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2015-01-14 7.5 CVE-2014-8635 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM mozilla -- firefox The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. 2015-01-14 7.5 CVE-2014-8636 CONFIRM mozilla -- firefox Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. 2015-01-14 7.5 CVE-2014-8641 CONFIRM mozilla -- firefox Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process. 2015-01-14 7.1 CVE-2014-8643 CONFIRM mtouch_quiz_project -- mtouch_quiz SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. 2015-01-13 7.5 CVE-2014-100022 MISC XF SECUNIA phpjabbers -- event_booking_calendar SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. 2015-01-13 7.5 CVE-2014-10015 MISC pomm-project -- pomm SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2015-01-13 7.5 CVE-2014-100019 CONFIRM XF BID SECUNIA qualcomm -- eudora_worldmail Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command. 2015-01-13 7.5 CVE-2014-10031 XF EXPLOIT-DB OSVDB realnetworks -- realarcade_installer The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method. 2015-01-12 10.0 CVE-2013-2603 MISC MISC OSVDB realnetworks -- realarcade_installer RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory. 2015-01-12 7.2 CVE-2013-2604 MISC MISC OSVDB schneider-electric -- wonderware_intouch_access_anywhere_server Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. 2015-01-09 10.0 CVE-2014-9190 CONFIRM sendy -- sendy SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. 2015-01-13 7.5 CVE-2014-100011 XF BID BUGTRAQ EXPLOIT-DB sendy -- sendy SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. 2015-01-13 7.5 CVE-2014-100012 EXPLOIT-DB softbb -- softbb SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter. 2015-01-15 7.5 CVE-2014-9560 BID MISC FULLDISC MISC solidworks -- product_data_management Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000. 2015-01-13 7.5 CVE-2014-100014 XF EXPLOIT-DB SECUNIA tecorange -- simple_e-document SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. 2015-01-13 7.5 CVE-2014-10020 XF EXPLOIT-DB MISC OSVDB topicsviewer -- topicsviewer Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/. 2015-01-13 7.5 CVE-2014-10023 XF BID EXPLOIT-DB MISC OSVDB OSVDB OSVDB OSVDB trendnet -- tv-ip422w Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function. 2015-01-13 7.5 CVE-2014-10011 XF MISC MISC BID MISC welcart -- e-commerce Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. 2015-01-13 7.5 CVE-2014-10017 XF BID MISC wpsymposium -- wp_symposium Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/. 2015-01-13 7.5 CVE-2014-10021 EXPLOIT-DB yourmembers -- yourmembers SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI. 2015-01-13 7.5 CVE-2014-100003 EXPLOIT-DB MISC Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- adobe_air Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to obtain sensitive keystroke information via unspecified vectors. 2015-01-13 5.0 CVE-2015-0302 airties -- air_6372 Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter. 2015-01-13 4.3 CVE-2014-100032 XF MISC apache -- traffic_server Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. 2015-01-13 5.0 CVE-2014-10022 CONFIRM SECTRACK MLIST apache -- cloudstack Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. 2015-01-15 5.0 CVE-2014-9593 SECUNIA april's_super_functions_pack_project -- april's_super_functions_pack Cross-site scripting (XSS) vulnerability in readme.php in the April's Super Functions Pack plugin before 1.4.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. 2015-01-13 4.3 CVE-2014-100026 XF BID SECUNIA OSVDB awpcp -- another_wordpress_classifieds_plugin Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. 2015-01-13 4.3 CVE-2014-10012 XF MISC cisco -- anyconnect_secure_mobility_client Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940. 2015-01-14 5.0 CVE-2014-3314 cisco -- unified_communications_domain_manager Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276. 2015-01-09 5.0 CVE-2014-8020 cisco -- identity_services_engine_software Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776. 2015-01-15 4.3 CVE-2014-8022 cisco -- webex_meetings_server Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. 2015-01-15 5.0 CVE-2014-8034 cisco -- webex_meetings_server The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247. 2015-01-09 5.0 CVE-2014-8035 cisco -- webex_meetings_server The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254. 2015-01-09 5.0 CVE-2014-8036 cisco -- asyncos Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113. 2015-01-14 4.3 CVE-2015-0577 cisco -- adaptive_security_appliance_software Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network, aka Bug ID CSCur45455. 2015-01-14 5.7 CVE-2015-0578 cisco -- telepresence_video_communication_server Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473. 2015-01-14 5.0 CVE-2015-0579 cisco -- nx-os The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. 2015-01-09 5.0 CVE-2015-0582 cisco -- webex_meeting_center Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. 2015-01-14 5.0 CVE-2015-0583 cisco -- unified_communications_domain_manager Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. 2015-01-15 6.8 CVE-2015-0588 cisco -- unified_communications_domain_manager Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. 2015-01-15 5.0 CVE-2015-0591 clientresponse_project -- clientresponse Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field. 2015-01-13 4.3 CVE-2014-100013 XF EXPLOIT-DB context_project -- context Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. 2015-01-15 5.8 CVE-2015-1051 BID corel -- corelcad Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory. 2015-01-15 4.6 CVE-2014-8394 BID BUGTRAQ MISC FULLDISC corel -- painter Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed. 2015-01-15 4.6 CVE-2014-8395 BID BUGTRAQ MISC FULLDISC corel -- pdf_fusion Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed. 2015-01-15 4.6 CVE-2014-8396 BID BUGTRAQ MISC FULLDISC corel -- fastflick Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed. 2015-01-15 4.6 CVE-2014-8397 BID BUGTRAQ MISC FULLDISC corel -- fastflick Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed. 2015-01-15 4.6 CVE-2014-8398 BID BUGTRAQ MISC FULLDISC couponphp -- couponphp Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/. 2015-01-13 6.5 CVE-2014-10034 XF MISC EXPLOIT-DB MISC OSVDB OSVDB CONFIRM couponphp -- couponphp Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php. 2015-01-13 4.3 CVE-2014-10035 MISC EXPLOIT-DB SECUNIA MISC OSVDB OSVDB OSVDB CONFIRM csphere -- clansphere Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php. 2015-01-13 4.3 CVE-2014-100010 MISC BID BUGTRAQ SECUNIA FULLDISC d-link -- dir-60 Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. 2015-01-13 6.8 CVE-2014-100005 XF SECUNIA MISC d-link -- dap-1360_firmware Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi. 2015-01-13 6.8 CVE-2014-10025 MISC FULLDISC d-link -- dap-1360_firmware index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. 2015-01-13 5.0 CVE-2014-10026 MISC FULLDISC d-link -- dap-1360_firmware Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi. 2015-01-13 6.8 CVE-2014-10027 MISC FULLDISC d-link -- dap-1360_firmware Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. 2015-01-13 4.3 CVE-2014-10028 MISC FULLDISC dev4press -- gd_star_rating Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors. 2015-01-12 6.8 CVE-2014-2838 XF SECUNIA FULLDISC e107 -- e107 Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING. 2015-01-15 4.3 CVE-2015-1041 MISC XF BID MLIST MISC MISC FULLDISC MISC f5 -- big-ip_application_security_manager Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account. 2015-01-15 4.3 CVE-2015-1050 XF BUGTRAQ FULLDISC MISC flatpress -- flatpress Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI. 2015-01-13 4.3 CVE-2014-100036 MISC CONFIRM XF SECUNIA fluxbb -- fluxbb Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. 2015-01-13 5.8 CVE-2014-10030 CONFIRM ganesha_digital_library_project -- ganesha_digital_library Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. 2015-01-13 5.0 CVE-2014-100029 XF MISC ganesha_digital_library_project -- ganesha_digital_library Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action. 2015-01-13 4.3 CVE-2014-100030 XF SECUNIA MISC getusedtoit -- wp_slimstat Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-01-13 4.3 CVE-2014-100027 CONFIRM XF BID SECUNIA gnu -- binutils The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. 2015-01-15 5.0 CVE-2014-8738 CONFIRM CONFIRM MLIST MLIST MLIST haxx -- libcurl CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. 2015-01-15 4.3 CVE-2014-8150 DEBIAN SECUNIA SECUNIA haxx -- libcurl The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl