SB15-159: Vulnerability Summary for the Week of June 1, 2015

Original release date: June 08, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arcserve — arcserve_unified_data_protection Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet. 2015-05-29 9.4 CVE-2015-4068
MISC
MISC
CONFIRM
arcserve — arcserve_unified_data_protection The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method. 2015-05-29 7.8 CVE-2015-4069
MISC
MISC
CONFIRM
avm — fritz!box AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. 2015-05-29 10.0 CVE-2014-9727
MISC
OSVDB
EXPLOIT-DB
cisco — dta_control_system Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus68315. 2015-05-30 7.8 CVE-2015-0744
CISCO
cisco — unified_communications_manager Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. 2015-05-29 7.8 CVE-2015-0751
CISCO
cisco — finesse Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. 2015-05-29 7.5 CVE-2015-0754
CISCO
cisco — anyconnect_secure_mobility_client Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790. 2015-06-04 7.2 CVE-2015-0761
CISCO
dell — netvault_backup Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow. 2015-05-29 10.0 CVE-2015-4067
MISC
fusionforge — fusionforge The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. 2015-06-02 10.0 CVE-2015-0850
CONFIRM
DEBIAN
ibm — powervc IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017. 2015-05-30 7.5 CVE-2015-1937
CONFIRM
AIXAPAR
ipsec-tools — ipsec-tools racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. 2015-05-29 7.8 CVE-2015-4047
MISC
SECTRACK
BID
MLIST
MLIST
DEBIAN
FULLDISC
FULLDISC
MISC
milw0rm_project — milw0rm_clone_script SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter. 2015-05-29 7.5 CVE-2015-4137
BID
FULLDISC
MISC
netapp — oncommand_workflow_automation The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. 2015-05-31 10.0 CVE-2015-3292
CONFIRM
qemu — qemu QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which mighy allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. 2015-06-03 7.2 CVE-2015-4106
CONFIRM
sap — gui Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. 2015-06-02 7.5 CVE-2015-2282
BUGTRAQ
MISC
FULLDISC
FULLDISC
MISC
sap — hana_web-based_development_workbench SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. 2015-06-02 7.5 CVE-2015-4159
FULLDISC
sap — ase_database_platform SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. 2015-06-02 7.5 CVE-2015-4160
FULLDISC
sap — afaria SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. 2015-06-02 7.5 CVE-2015-4161
FULLDISC
visual_mining — netcharts_server Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors. 2015-05-29 10.0 CVE-2015-4031
MISC
visual_mining — netcharts_server projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors. 2015-05-29 10.0 CVE-2015-4032
MISC
wavelink — terminal_emulation Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header. 2015-05-29 10.0 CVE-2015-4059
MISC
wavelink — connectpro Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header. 2015-05-29 10.0 CVE-2015-4060
MISC
wouter_verhelst — nbd The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export. 2015-05-29 7.8 CVE-2013-7441
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
MLIST
wouter_verhelst — nbd nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. 2015-05-29 7.8 CVE-2015-0847
CONFIRM
MLIST
DEBIAN
MLIST
xen — xen Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. 2015-06-03 7.8 CVE-2015-4104
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — camel XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource. 2015-06-03 5.0 CVE-2015-0263
CONFIRM
CONFIRM
SECTRACK
REDHAT
apache — camel Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query. 2015-06-03 5.0 CVE-2015-0264
CONFIRM
CONFIRM
SECTRACK
REDHAT
apache — jackrabbit XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request. 2015-05-29 6.4 CVE-2015-1833
EXPLOIT-DB
CONFIRM
BID
CONFIRM
MLIST
apache — sling_api Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse. 2015-06-02 4.3 CVE-2015-2944
CONFIRM
JVNDB
JVN
beckwithelectric — m-2001d_digital_tapchanger_control Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. 2015-06-05 6.4 CVE-2014-9201
MISC
blue_coat — ssl_visibility_appliance_sv1800_firmware Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators. 2015-05-30 4.3 CVE-2015-2852
CERT-VN
CONFIRM
blue_coat — ssl_visibility_appliance_sv1800_firmware Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID. 2015-05-30 6.8 CVE-2015-2853
CERT-VN
CONFIRM
blue_coat — ssl_visibility_appliance_sv1800_firmware The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element. 2015-05-30 4.3 CVE-2015-2854
CERT-VN
CONFIRM
blue_coat — ssl_visibility_appliance_sv1800_firmware The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator’s cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138. 2015-05-30 4.3 CVE-2015-2855
CERT-VN
CONFIRM
blue_coat — ssl_visibility_appliance_sv1800_firmware The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator’s cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855. 2015-05-30 4.3 CVE-2015-4138
CERT-VN
CONFIRM
cisco — headend_digital_broadband_delivery_system CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580. 2015-05-30 4.3 CVE-2015-0733
CISCO
cisco — headend_digital_broadband_delivery_system Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097. 2015-05-30 5.0 CVE-2015-0743
CISCO
cisco — headend_digital_broadband_delivery_system Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909. 2015-05-30 5.0 CVE-2015-0745
CISCO
cisco — videoscape_conductor Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408. 2015-05-30 4.3 CVE-2015-0747
CISCO
cisco — telepresence_video_communication_server Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635. 2015-05-29 4.3 CVE-2015-0752
CISCO
cisco — unified_web_and_e-mail_interaction_manager SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028. 2015-05-29 6.8 CVE-2015-0753
CISCO
cisco — anyconnect_secure_mobility_client The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797. 2015-05-29 6.8 CVE-2015-0755
CISCO
cisco — wireless_lan_controller Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104. 2015-05-29 6.1 CVE-2015-0756
CISCO
cisco — identity_services_engine_software The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140. 2015-05-29 5.0 CVE-2015-0757
CISCO
cisco — unified_meetingplace The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452. 2015-05-30 4.0 CVE-2015-0758
CISCO
cisco — headend_digital_broadband_delivery_system Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. 2015-06-02 6.8 CVE-2015-0759
CISCO
cisco — adaptive_security_appliance_software The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. 2015-06-04 4.0 CVE-2015-0760
CISCO
cisco — unified_meetingplace Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400. 2015-06-04 4.3 CVE-2015-0762
CISCO
cisco — unified_meetingplace Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. 2015-06-04 5.0 CVE-2015-0763
CISCO
cisco — unified_meetingplace Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. 2015-06-04 5.0 CVE-2015-0764
CISCO
cisco — ons_15454_system_software Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263. 2015-06-04 5.0 CVE-2015-0765
CISCO
cisco — firesight_system_software Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196. 2015-06-04 4.3 CVE-2015-0766
CISCO
djangoproject — django The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key. 2015-06-02 5.0 CVE-2015-3982
CONFIRM
emc — rsa_web_threat_detection Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. 2015-06-05 6.8 CVE-2015-0541
BUGTRAQ
f21 — jwt JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens. 2015-06-05 5.0 CVE-2015-2951
CONFIRM
JVNDB
JVN
hp — smart_zero_core Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors. 2015-06-05 6.8 CVE-2015-2124
HP
ibm — infosphere_master_data_management_server Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors. 2015-06-02 6.5 CVE-2015-1945
CONFIRM
ids — nc854 Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file. 2015-05-31 6.8 CVE-2015-3939
MISC
moodle — moodle mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service. 2015-06-01 4.0 CVE-2015-0211
CONFIRM
MLIST
CONFIRM
moodle — moodle Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims. 2015-06-01 6.8 CVE-2015-0213
CONFIRM
MLIST
CONFIRM
moodle — moodle message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request. 2015-06-01 4.0 CVE-2015-0214
CONFIRM
MLIST
CONFIRM
moodle — moodle calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request. 2015-06-01 4.0 CVE-2015-0215
CONFIRM
MLIST
CONFIRM
moodle — moodle filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. 2015-06-01 6.8 CVE-2015-0217
CONFIRM
MLIST
CONFIRM
moodle — moodle Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. 2015-06-01 6.8 CVE-2015-0218
CONFIRM
MLIST
CONFIRM
moodle — moodle Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts. 2015-06-01 6.8 CVE-2015-1493
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
moodle — moodle message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL. 2015-06-01 4.0 CVE-2015-2266
CONFIRM
MLIST
CONFIRM
moodle — moodle mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value. 2015-06-01 4.0 CVE-2015-2267
CONFIRM
MLIST
CONFIRM
moodle — moodle filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. 2015-06-01 6.8 CVE-2015-2268
CONFIRM
MLIST
CONFIRM
moodle — moodle lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors. 2015-06-01 4.3 CVE-2015-2270
CONFIRM
MLIST
CONFIRM
moodle — moodle tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the “Flag as inappropriate” feature. 2015-06-01 4.0 CVE-2015-2271
CONFIRM
MLIST
CONFIRM
moodle — moodle login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token. 2015-06-01 4.0 CVE-2015-2272
CONFIRM
MLIST
CONFIRM
moodle — moodle Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header. 2015-06-01 5.8 CVE-2015-3175
CONFIRM
MLIST
CONFIRM
moodle — moodle The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register. 2015-06-01 4.3 CVE-2015-3176
CONFIRM
MLIST
CONFIRM
moodle — moodle lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment. 2015-06-01 4.0 CVE-2015-3180
CONFIRM
MLIST
CONFIRM
moodle — moodle files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked. 2015-06-01 4.0 CVE-2015-3181
CONFIRM
MLIST
CONFIRM
moxa — softcms Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. 2015-06-05 6.8 CVE-2015-1000
MISC
MISC
open_explorer_beta_project — open_explorer_beta Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. 2015-06-05 6.4 CVE-2015-2950
JVNDB
MISC
JVN
paloaltonetworks — pan-os XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data. 2015-06-02 4.0 CVE-2015-4162
CONFIRM
parityrate — roomcloud Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) pin, (2) start_day, (3) start_month, (4) start_year, (5) end_day, (6) end_month, (7) end_year, (8) lang, (9) adults, or (10) children parameter. 2015-05-29 4.3 CVE-2015-3904
CONFIRM
CONFIRM
BID
FULLDISC
MISC
rockwellautomation — rsview32 Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack. 2015-05-31 4.9 CVE-2015-1010
MISC
MISC
sap — gui The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. 2015-06-02 5.0 CVE-2015-2278
BUGTRAQ
MISC
FULLDISC
FULLDISC
MISC
sap — hana The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. 2015-05-29 4.0 CVE-2015-3994
BUGTRAQ
MISC
FULLDISC
MISC
sap — hana SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. 2015-05-29 4.0 CVE-2015-3995
BUGTRAQ
MISC
FULLDISC
MISC
sap — content_server SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. 2015-06-02 5.0 CVE-2015-4157
FULLDISC
sap — netweaver_abap_application_server SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. 2015-06-02 5.0 CVE-2015-4158
FULLDISC
sendio — sendio Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header. 2015-06-02 5.0 CVE-2014-0999
CONFIRM
BUGTRAQ
EXPLOIT-DB
FULLDISC
MISC
sendio — sendio The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users’ sessions via a large number of request. 2015-06-02 4.0 CVE-2014-8391
EXPLOIT-DB
CONFIRM
BUGTRAQ
FULLDISC
MISC
sensiolabs — symfony FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment. 2015-06-02 4.3 CVE-2015-4050
DEBIAN
CONFIRM
synology — cloud_station client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename. 2015-05-30 6.8 CVE-2015-2851
CONFIRM
CERT-VN
thycotic — password_manager_secret_server The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2015-06-02 5.8 CVE-2015-4094
MISC
wpmembership — wpmembership The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php. 2015-06-03 6.5 CVE-2015-4038
BUGTRAQ
BUGTRAQ
MISC
xen — xen Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. 2015-06-03 4.9 CVE-2015-4103
CONFIRM
xen — xen Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. 2015-06-03 4.9 CVE-2015-4105
CONFIRM
xzeres — 442sr_os Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request. 2015-06-05 6.8 CVE-2015-3950
MISC
zenphoto — zenphoto Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-05-31 4.3 CVE-2015-2948
CONFIRM
JVNDB
JVN
zenphoto — zenphoto Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-05-31 4.3 CVE-2015-2949
JVNDB
JVN
zeromq — zeromq libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMPT v3 protocol security mechanisms via a ZMTP v2 or earlier header. 2015-06-03 4.3 CVE-2014-9721
CONFIRM
CONFIRM
DEBIAN

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
gnu — parallel GNU Parallel before 20150422, when using (1) –pipe, (2) –tmux, (3) –cat, (4) –fifo, or (5) –compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. 2015-06-02 3.6 CVE-2015-4155
MLIST
MLIST
gnu — parallel GNU Parallel before 20150522 (Nepal), when using (1) –cat or (2) –fifo with –sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. 2015-06-02 3.6 CVE-2015-4156
SUSE
MLIST
MLIST
ibm — rational_doors_next_generation IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token expiration, which allows remote attackers to obtain access by leveraging an unattended workstation. 2015-05-30 3.7 CVE-2015-0121
CONFIRM
ibm — business_process_manager Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition. 2015-05-30 3.5 CVE-2015-0193
CONFIRM
AIXAPAR
ibm — websphere_commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors. 2015-05-29 2.1 CVE-2015-0200
CONFIRM
AIXAPAR
AIXAPAR
moodle — moodle Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary. 2015-06-01 3.5 CVE-2015-0212
CONFIRM
MLIST
CONFIRM
moodle — moodle access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback. 2015-06-01 3.5 CVE-2015-0216
CONFIRM
MLIST
CONFIRM
moodle — moodle Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element. 2015-06-01 3.5 CVE-2015-2269
CONFIRM
MLIST
CONFIRM
moodle — moodle Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response. 2015-06-01 3.5 CVE-2015-2273
CONFIRM
MLIST
CONFIRM
moodle — moodle mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading. 2015-06-01 3.5 CVE-2015-3174
CONFIRM
MLIST
CONFIRM
moodle — moodle Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request. 2015-06-01 3.5 CVE-2015-3177
CONFIRM
MLIST
CONFIRM
moodle — moodle Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services. 2015-06-01 3.5 CVE-2015-3178
CONFIRM
MLIST
CONFIRM
moodle — moodle login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account. 2015-06-01 3.5 CVE-2015-3179
CONFIRM
MLIST
CONFIRM

Back to top

 


This product is provided subject to this Notification and this Privacy & Use policy.


Source: US-Cert Bulletins