Vulnerability Summary for the Week of January 5, 2014

Please Note:

• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.

• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID.

• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability.

High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity ajax_post_search_project SQL injection vulnerability in the 2015-01-07 7.5 CVE-2012-5853 CONFIRM -- ajax_post_search "the_search_function" function in BUGTRAQ cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php. asus -- wrt_firmware common.c in infosvr in ASUS WRT firmware 2015-01-08 10.0 CVE-2014-9583 MISC (link is 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and external) other versions, as used in RT-AC66U, RT-N66U, EXPLOIT-DB and other routers, does not properly check the (link is external) MISC (link is MAC address for a request, which allows remote external) attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change. basic-cms -- sweetrice Multiple SQL injection vulnerabilities in 2015-01-03 7.5 CVE-2010-5317 MISC (link is index.php in SweetRice CMS before 0.6.7.1 allow external) remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys- name parameter in a view action. cts_projects&software -- SQL injection vulnerability in showads.php in 2015-01-02 7.5 CVE-2014-9455 MISC (link is classad CTS Projects & Software ClassAd 3.0 allows external) remote attackers to execute arbitrary SQL commands via the catid parameter. debian -- mime-support run-mailcap in the Debian mime-support 2015-01-06 7.5 CVE-2014-7209 XF (link is package before 3.52-1+deb7u1 allows context- external) dependent attackers to execute arbitrary BID (link is commands via shell metacharacters in a external) MLIST (link is filename. external) SECUNIA (link is external) deliciousdays -- cformsii Unrestricted file upload vulnerability in 2015-01-07 7.5 CVE-2014-9473 CONFIRM lib_nonajax.php in the CformsII plugin 14.7 and BUGTRAQ earlier for WordPress allows remote attackers to (link is external) execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory. don_ho -- notepad++ Buffer overflow in NotePad++ 6.6.9 allows 2015-01-02 10.0 CVE-2014-9456 EXPLOIT-DB remote attackers to have unspecified impact via (link is external) a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE- 2014-1004 for more information. hex-rays -- ida Heap-based buffer overflow in the GDB 2015-01-02 10.0 CVE-2014-9458 SECUNIA (link debugger module in Hex-Rays IDA Pro before 6.6 is external) cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors. humhub -- humhub SQL injection vulnerability in the actionIndex 2015-01-06 7.5 CVE-2014-9528 CONFIRM (link function in is external) protected/modules_core/notification/controllers XF (link is /ListController.php in HumHub 0.10.0-rc.1 and external) EXPLOIT-DB earlier allows remote authenticated users to (link is external) execute arbitrary SQL commands via the from FULLDISC parameter to index.php. NOTE: this can be MISC (link is leveraged for cross-site scripting (XSS) attacks external) via a request that causes an error. infinitewp -- SQL injection vulnerability in login.php in 2015-01-05 7.5 CVE-2014-9519 MISC (link is infinitewp_admin_panel InfiniteWP Admin Panel before 2.4.3 allows external) remote attackers to execute arbitrary SQL FULLDISC commands via the email parameter. infinitewp -- SQL injection vulnerability in execute.php in 2015-01-05 7.5 CVE-2014-9520 MISC (link is infinitewp_admin_panel InfiniteWP Admin Panel before 2.4.4 allows external) remote attackers to execute arbitrary SQL FULLDISC commands via the historyID parameter. infinitewp -- Unrestricted file upload vulnerability in 2015-01-05 7.5 CVE-2014-9521 MISC (link is infinitewp_admin_panel uploadScript.php in InfiniteWP Admin Panel external) before 2.4.4, when the allWPFiles query FULLDISC parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename. installatron -- SQL injection vulnerability in incl/create.inc.php 2015-01-02 7.5 CVE-2014-9445 XF (link is gq_file_manager in Installatron GQ File Manager 0.2.5 allows external) remote attackers to execute arbitrary SQL EXPLOIT-DB commands via the create parameter to (link is external) index.php. NOTE: this can be leveraged for cross- site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. linux -- linux_kernel The batadv_frag_merge_packets function in 2015-01-02 7.8 CVE-2014-9428 MLIST net/batman-adv/fragmentation.c in the CONFIRM (link B.A.T.M.A.N. implementation in the Linux kernel is external) through 3.18.1 uses an incorrect length field MLIST (link is external) during a calculation of an amount of memory, MLIST (link is external) which allows remote attackers to cause a denial CONFIRM of service (mesh-node system crash) via CONFIRM fragmented packets. mediawiki -- mediawiki The wfMangleFlashPolicy function in 2015-01-04 7.5 CVE-2014-9277 CONFIRM OutputHandler.php in MediaWiki before 1.19.22, MLIST (link is 1.20.x through 1.22.x before 1.22.14, and 1.23.x external) before 1.23.7 allows remote attackers to conduct MLIST (link is external) PHP object injection attacks via a crafted string DEBIAN containing in a PHP SECTRACK format request, which causes the string length (link is external) to change when converting the request to . microweber -- microweber SQL injection vulnerability in Category.php in 2015-01-03 7.5 CVE-2014-9464 MISC (link is Microweber CMS 0.95 before 20141209 allows external) remote attackers to execute arbitrary SQL CONFIRM (link commands via the category parameter when is external) displaying a category, related to the $parent_id variable. mini-stream -- rm- Buffer overflow in Mini-stream RM-MP3 2015-01-02 7.5 CVE-2014-9448 EXPLOIT-DB mp3_converter Converter 3.1.2.1.2010.03.30 allows remote (link is external) attackers to execute arbitrary code or cause a EXPLOIT-DB denial of service (crash) via a long string in a (link is external) OSVDB WAX file. osclass -- osclass SQL injection vulnerability in the 2015-01-05 7.5 CVE-2014-8083 BID (link is Search::setJsonAlert method in OSClass before external) 3.4.3 allows remote attackers to execute BUGTRAQ arbitrary SQL commands via the alert parameter (link is external) FULLDISC in a search alert subscription action. MISC (link is external) MISC (link is external) osclass -- osclass Directory traversal vulnerability in oc- 2015-01-05 7.5 CVE-2014-8084 BID (link is includes/osclass/controller/ajax.php in OSClass external) before 3.4.3 allows remote attackers to include BUGTRAQ and execute arbitrary local files via a .. (dot dot) (link is external) FULLDISC in the ajaxfile parameter in a custom action. MISC (link is external) MISC (link is external) php -- php sapi/cgi/cgi_main.c in the CGI component in PHP 2015-01-02 7.5 CVE-2014-9427 CONFIRM (link through 5.4.36, 5.5.x through 5.5.20, and 5.6.x is external) through 5.6.4, when mmap is used to read a .php MLIST (link is file, does not properly consider the mapping's external) MLIST (link is length during processing of an invalid file that external) begins with a # character and lacks a newline MLIST (link is character, which causes an out-of-bounds read external) and might (1) allow remote attackers to obtain CONFIRM (link is external) sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. phpmyrecipes_project -- SQL injection vulnerability in browse.php in 2015-01-02 7.5 CVE-2014-9440 XF (link is phpmyrecipes phpMyRecipes 1.2.2 allows remote attackers to external) execute arbitrary SQL commands via the EXPLOIT-DB category parameter. (link is external) MISC (link is external) projectsend -- projectsend Unrestricted file upload vulnerability in process- 2015-01-07 7.5 CVE-2014-9567 XF (link is upload.php in ProjectSend (formerly cFTP) r100 external) through r561 allows remote attackers to execute EXPLOIT-DB arbitrary PHP code by uploading a file with a (link is external) EXPLOIT-DB PHP extension, then accessing it via a direct (link is external) request to the file in the upload/files/ or MISC (link is upload/temp/ directory. external) OSVDB sefrengo -- sefrengo Multiple SQL injection vulnerabilities in the 2015-01-08 7.5 CVE-2015-0919 MISC (link is administrative backend in Sefrengo before 1.6.1 external) allow remote administrators to execute arbitrary FULLDISC SQL commands via the (1) idcat or (2) idclient MISC (link is external) parameter to backend/main.php. sonatype -- nexus Directory traversal vulnerability in Sonatype 2015-01-05 7.5 CVE-2014-9389 SECUNIA (link Nexus OSS and Pro before 2.11.1-01 allows is external) remote attackers to read or write to arbitrary files via unspecified vectors. typo3 -- typo3 The frontend rendering component in TYPO3 2015-01-04 7.5 CVE-2014-9509 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page. vdgsecurity -- vdg_sense Multiple stack-based buffer overflows in the 2015-01-02 7.5 CVE-2014-9451 MISC (link is DIVA web service API (/webservice) in VDG external) Security SENSE (formerly DIVA) 2.3.13 allow XF (link is remote attackers to execute arbitrary code via external) BID (link is the (1) user or (2) password parameter in an external) AuthenticateUser request. FULLDISC MISC (link is external) xen -- xen Use-after-free vulnerability in Xen 4.2.x, 4.3.x, 2015-01-07 7.8 CVE-2015-0361 and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. zabbix -- zabbix Multiple SQL injection vulnerabilities in 2015-01-02 7.5 CVE-2014-9450 SECUNIA (link chart_bar.php in the frontend in Zabbix before is external) 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter. Medium Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity absolutengine -- Multiple SQL injection vulnerabilities in Absolut 2015-01-02 6.5 CVE-2014-9435 BID (link is absolut_engine Engine 1.73 allow remote authenticated users to external) execute arbitrary SQL commands via the (1) MISC (link is sectionID parameter to external) FULLDISC admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php. apache -- solr Cross-site scripting (XSS) vulnerability in the Admin 2015-01-06 4.3 CVE-2014-3628 SECUNIA (link UI Plugin / Stats page in Apache Solr 4.x before is external) 4.10.3 allows remote attackers to inject arbitrary MLIST web script or HTML via the fieldvaluecache object. apache -- poi HSLFSlideShow in Apache POI before 3.11 allows 2015-01-06 5.0 CVE-2014-9527 CONFIRM remote attackers to cause a denial of service SECUNIA (link (infinite loop and deadlock) via a crafted PPT file. is external) CONFIRM banner_effect_head Cross-site request forgery (CSRF) vulnerability in the 2015-01-08 6.8 CVE-2015-0920 XF (link is er_project -- Banner Effect Header plugin 1.2.6 for WordPress external) banner_effect_head allows remote attackers to hijack the authentication XF (link is er of administrators for requests that conduct cross- external) MISC (link is site scripting (XSS) attacks via the external) banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options- general.php. basic-cms -- Cross-site scripting (XSS) vulnerability in 2015-01-03 4.3 CVE-2010-5316 MISC (link is sweetrice as/index.php in SweetRice CMS before 0.6.7.1 external) allows remote attackers to inject arbitrary web script or HTML via a top_height cookie. basic-cms -- The password-reset feature in as/index.php in 2015-01-03 4.3 CVE-2010-5318 MISC (link is sweetrice SweetRice CMS before 0.6.7.1 allows remote external) attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter. chialab_&_channel Cross-site scripting (XSS) vulnerability in 2015-01-03 4.3 CVE-2010-5314 MISC (link is web -- bedita controllers/home_controller.php in BEdita before external) 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index. chialab_&_channel Multiple cross-site request forgery (CSRF) 2015-01-03 6.8 CVE-2010-5315 MISC (link is web -- bedita vulnerabilities in BEdita before 3.1 allow remote external) attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser. cisco -- The RBAC component in Cisco Secure Access 2015-01-08 6.5 CVE-2014-8027 secure_access_cont Control System (ACS) allows remote authenticated rol_system users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. cisco -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-01-08 4.3 CVE-2014-8028 secure_access_cont the web framework in Cisco Secure Access Control rol_system System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019. cisco -- Open redirect vulnerability in the web interface in 2015-01-08 5.8 CVE-2014-8029 secure_access_cont Cisco Secure Access Control System (ACS) allows rol_system remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150. cisco -- Cross-site scripting (XSS) vulnerability in 2015-01-08 4.3 CVE-2014-8030 webex_meetings_s sendPwMail.do in Cisco WebEx Meetings Server erver allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. cisco -- Cross-site request forgery (CSRF) vulnerability in 2015-01-08 6.8 CVE-2014-8031 webex_meetings_s Cisco WebEx Meetings Server allows remote erver attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. cisco -- The OutlookAction LI in Cisco WebEx Meetings 2015-01-08 4.0 CVE-2014-8032 webex_meetings_s Server allows remote authenticated users to obtain erver sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. cisco -- The play/modules component in Cisco WebEx 2015-01-08 5.0 CVE-2014-8033 webex_meetings_s Meetings Server allows remote attackers to obtain erver administrator access via crafted API requests, aka Bug ID CSCuj40421. codiad -- codiad Directory traversal vulnerability in 2015-01-08 5.0 CVE-2014-9581 EXPLOIT-DB components/filemanager/download.php in Codiad (link is external) 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE- 2014-1137; see CVE-2014-1137 for more information. codiad -- codiad Cross-site scripting (XSS) vulnerability in 2015-01-08 4.3 CVE-2014-9582 EXPLOIT-DB components/filemanager/dialog.php in Codiad (link is external) 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE- 2014-1137 for more information. concrete5 -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-01-05 4.3 CVE-2014-9526 XF (link is concrete5 concrete5 5.7.2.1, 5.7.2, and earlier allow remote external) attackers to inject arbitrary web script or HTML via BUGTRAQ the (1) gName parameter in (link is external) FULLDISC single_pages/dashboard/users/groups/bulkupdate. MISC (link is php or (2) instance_id parameter in external) tools/dashboard/sitemap_drag_request.php. MISC (link is external) d-link -- dcs- Cross-site scripting (XSS) vulnerability in D-link IP 2015-01-05 4.3 CVE-2014-9517 MISC (link is 2103_hd_cube_net camera DCS-2103 with firmware before 1.20 allows external) work_camera remote attackers to inject arbitrary web script or MISC (link is HTML via the QUERY_STRING to vb.htm. external) d-link -- dir-655 Cross-site scripting (XSS) vulnerability in login.cgi in 2015-01-05 4.3 CVE-2014-9518 BID (link is D-Link router DIR-655 (rev Bx) with firmware before external) 2.12b01 allows remote attackers to inject arbitrary CONFIRM (link web script or HTML via the html_response_page is external) SECUNIA (link parameter. is external) e107 -- e107 Cross-site request forgery (CSRF) vulnerability in the 2015-01-02 6.8 CVE-2014-9459 CONFIRM (link AdminObserver function in e107_admin/users.php is external) in e107 2.0 alpha2 allows remote attackers to hijack MISC (link is the authentication of administrators for requests external) FULLDISC that add users to the administrator group via the id parameter in an admin action. efssoft -- Cross-site scripting (XSS) vulnerability in Easy File 2015-01-02 4.3 CVE-2014-9439 XF (link is easy_file_sharing_ Sharing Web Server 6.8 allows remote attackers to external) web_server inject arbitrary web script or HTML via the EXPLOIT-DB username field during registration, which is not (link is external) properly handled by forum.ghp. elfutils_project -- Directory traversal vulnerability in the 2015-01-02 6.4 CVE-2014-9447 MLIST elfutils read_long_names function in libelf/elf_begin.c in BID (link is elfutils 0.152 and 0.161 allows remote attackers to external) write to arbitrary files to the root directory via a / MLIST (link is external) (slash) in a crafted archive, as demonstrated using SECUNIA (link the ar program. is external) emc -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-01-06 4.3 CVE-2014-4635 BUGTRAQ documentum_wdk EMC Documentum Web Development Kit (WDK) (link is external) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. emc -- Cross-site request forgery (CSRF) vulnerability in 2015-01-06 6.8 CVE-2014-4636 BUGTRAQ documentum_wdk EMC Documentum Web Development Kit (WDK) (link is external) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. emc -- Open redirect vulnerability in EMC Documentum 2015-01-06 6.4 CVE-2014-4637 BUGTRAQ documentum_wdk Web Development Kit (WDK) before 6.8 allows (link is external) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. emc -- EMC Documentum Web Development Kit (WDK) 2015-01-06 5.0 CVE-2014-4638 BUGTRAQ documentum_wdk before 6.8 allows remote attackers to conduct (link is external) frame-injection attacks and obtain sensitive information via unspecified vectors. emc -- EMC Documentum Web Development Kit (WDK) 2015-01-06 5.0 CVE-2014-4639 BUGTRAQ documentum_wdk before 6.8 does not properly generate random (link is external) numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute- force attempts to predict the parameter value. exiv2 -- exiv2 Buffer overflow in the RiffVideo::infoTagsHandler 2015-01-02 5.0 CVE-2014-9449 SECUNIA (link function in riffvideo.cpp in Exiv2 0.24 allows remote is external) attackers to cause a denial of service (crash) via a CONFIRM long IKEY INFO tag value in an AVI file. facebook_like_box_ Multiple cross-site request forgery (CSRF) 2015-01-05 6.8 CVE-2014-9524 SECUNIA (link project -- vulnerabilities in the Facebook Like Box (cardoza- is external) facebook_like_box facebook-like-box) plugin before 2.8.3 for MISC (link is WordPress allow remote attackers to hijack the external) authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp- admin/admin.php. frontend_uploader_ Cross-site scripting (XSS) vulnerability in the 2015-01-02 4.3 CVE-2014-9444 BID (link is project -- Frontend Uploader plugin 0.9.2 for WordPress external) frontend_uploader allows remote attackers to inject arbitrary web FULLDISC script or HTML via the errors[fu-disallowed-mime- MISC (link is external) type][0][name] parameter to the default URI. ipcop -- ipcop Cross-site scripting (XSS) vulnerability in cgi- 2015-01-02 4.3 CVE-2013-7417 XF (link is bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before external) 2.1.3 allows remote attackers to inject arbitrary web MISC (link is script or HTML via the QUERY_STRING. NOTE: this external) MISC (link is can be used to bypass the cross-site request forgery external) (CSRF) protection mechanism by setting the MISC (link is Referer. external) ipcop -- ipcop cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) 2015-01-02 6.5 CVE-2013-7418 MISC (link is before 2.1.5 allows remote authenticated users to external) execute arbitrary code via shell metacharacters in MISC (link is the TABLE parameter. NOTE: this can be exploited external) MISC (link is remotely by leveraging a separate cross-site external) scripting (XSS) vulnerability. justin_klein -- wp- Multiple cross-site request forgery (CSRF) 2015-01-02 6.8 CVE-2014-9460 CONFIRM vipergb vulnerabilities in the WP-ViperGB plugin before XF (link is 1.3.11 for WordPress allow remote attackers to external) hijack the authentication of administrators for XF (link is external) requests that (1) change plugin settings via MISC (link is unspecified vectors or conduct cross-site scripting external) (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin/options-general.php. kajona -- kajona Cross-site scripting (XSS) vulnerability in the 2015-01-08 4.3 CVE-2015-0917 CONFIRM (link backend in Kajona before 4.6.3 allows remote is external) attackers to inject arbitrary web script or HTML via CONFIRM (link the action parameter to index.php. is external) MISC (link is external) FULLDISC MISC (link is external) kan-studio -- Multiple cross-site request forgery (CSRF) 2015-01-03 6.8 CVE-2010-5319 MISC (link is kandidat_cms vulnerabilities in Kandidat CMS 1.4.2 allow remote external) attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to admin/edit.php, or (3) modify articles via the edit parameter to admin/news.php. koha -- koha Multiple cross-site scripting (XSS) vulnerabilities in 2015-01-02 4.3 CVE-2014-9446 BID (link is the Staff client in Koha before 3.16.6 and 3.18.x external) before 3.18.2 allow remote attackers to inject SECUNIA (link arbitrary web script or HTML via the sort_by is external) CONFIRM parameter to the (1) opac parameter in opac- search.pl or (2) intranet parameter in catalogue/search.pl. lightbox_photo_gal Multiple cross-site request forgery (CSRF) 2015-01-02 6.8 CVE-2014-9441 XF (link is lery_project -- vulnerabilities in the Lightbox Photo Gallery plugin external) lightbox_photo_gal 1.0 for WordPress allow remote attackers to hijack MISC (link is lery the authentication of administrators for requests external) that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php. mediawiki -- Cross-site request forgery (CSRF) vulnerability in the 2015-01-04 5.1 CVE-2014-9276 CONFIRM mediawiki Special:ExpandedTemplates page in MediaWiki MLIST (link is before 1.19.22, 1.20.x through 1.22.x before 1.22.14, external) and 1.23.x before 1.23.7, when $wgRawHTML is set MLIST (link is external) to true, allows remote attackers to hijack the SECTRACK authentication of users with edit permissions for (link is external) requests that cross-site scripting (XSS) attacks via the wpInput parameter, which is not properly handled in the preview. memht -- Multiple cross-site request forgery (CSRF) 2015-01-03 6.8 CVE-2010-5320 MISC (link is memht_portal vulnerabilities in MemHT Portal 4.0.1 allow remote external) attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php. nyu -- Cross-site scripting (XSS) vulnerability in the logon 2015-01-02 4.3 CVE-2014-7293 MISC (link is opensso_integratio page in NYU OpenSSO Integration 2.1 and earlier external) n for Ex Libris Patron Directory Services (PDS) allows FULLDISC remote attackers to inject arbitrary web script or HTML via the url parameter. nyu -- Open redirect vulnerability in the logon page in 2015-01-02 5.8 CVE-2014-7294 MISC (link is opensso_integratio NYU OpenSSO Integration 2.1 and earlier for Ex external) n Libris Patron Directory Services (PDS) allows remote FULLDISC attackers to redirect users to arbitrary web sites and MISC (link is external) conduct phishing attacks via a URL in the url parameter. oetiker+partner_ag Format string vulnerability in the rrdtool module 2015-01-04 5.0 CVE-2013-2131 MISC (link is -- rrdtool 1.4.7 for Python, as used in Zenoss, allows context- external) dependent attackers to cause a denial of service MISC (link is (crash) via format string specifiers to the external) MISC (link is rrdtool.graph function. external) MLIST (link is external) MLIST (link is external) MLIST (link is external) open-xchange -- Cross-site scripting (XSS) vulnerability in Open- 2015-01-05 4.3 CVE-2014-1679 MISC (link is open- Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 external) xchange_appsuite before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 XF (link is allows remote attackers to inject arbitrary web external) BUGTRAQ script or HTML via the header in an attached SVG (link is external) file. SECUNIA (link is external) open-xchange -- Cross-site scripting (XSS) vulnerability in the 2015-01-07 4.3 CVE-2014-8993 SECTRACK open- backend in Open-Xchange (OX) AppSuite before (link is external) xchange_appsuite 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 BUGTRAQ before 7.6.1-rev11 allows remote attackers to inject (link is external) SECUNIA (link arbitrary web script or HTML via a crafted XHTML is external) file with the application/xhtml+xml MIME type. MISC (link is external) openssl -- openssl The BN_sqr implementation in OpenSSL before 2015-01-08 5.0 CVE-2014-3570 CONFIRM (link 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k is external) does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64- gcc.c, and crypto/bn/bn_asm.c. openssl -- openssl OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 2015-01-08 5.0 CVE-2014-3571 CONFIRM (link 1.0.1 before 1.0.1k allows remote attackers to cause is external) a denial of service (NULL pointer dereference and CONFIRM (link application crash) via a crafted DTLS message that is external) is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. openssl -- openssl The ssl3_get_key_exchange function in s3_clnt.c in 2015-01-08 5.0 CVE-2014-3572 CONFIRM (link OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and is external) 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. openssl -- openssl OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 2015-01-08 5.0 CVE-2014-8275 1.0.1 before 1.0.1k does not enforce certain CONFIRM (link is external) constraints on certificate data, which allows remote CONFIRM (link attackers to defeat a fingerprint-based certificate- is external) blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. openssl -- openssl The ssl3_get_key_exchange function in s3_clnt.c in 2015-01-08 5.0 CVE-2015-0204 CONFIRM (link OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and is external) 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role. openssl -- openssl The ssl3_get_cert_verify function in s3_srvr.c in 2015-01-08 5.0 CVE-2015-0205 CONFIRM (link OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k is external) accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. openssl -- openssl Memory leak in the dtls1_buffer_record function in 2015-01-08 5.0 CVE-2015-0206 CONFIRM (link d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 is external) before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. openstack -- The V2 API in OpenStack Image Registry and 2015-01-07 5.5 CVE-2014-9493 CONFIRM (link image_registry_and Delivery Service (Glance) before 2014.2.2 and is external) _delivery_service_( 2014.1.4 allows remote authenticated users to read MLIST glance) or delete arbitrary files via a full pathname in a file: URL in the image location property. osclass -- osclass Unrestricted file upload vulnerability in the 2015-01-05 6.8 CVE-2014-8085 BID (link is CWebContact::doModel method in oc- external) includes/osclass/controller/contact.php in OSClass BUGTRAQ before 3.4.3 allows remote attackers to execute (link is external) FULLDISC arbitrary PHP code by uploading a file with a PHP MISC (link is extension, then accessing it via a direct request to external) MISC (link is the file in an unspecified directory. external) CONFIRM paloaltonetworks -- Cross-site scripting (XSS) vulnerability in the web- 2015-01-06 4.3 CVE-2014-3764 CONFIRM (link pan-os based device management interface in Palo Alto is external) Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, SECUNIA (link and 6.0.x before 6.0.6 allows remote attackers to is external) inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563. papoo -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-01-05 4.3 CVE-2014-9522 BID (link is cms_papoo_light CMS Papoo Light 6.0.0 (Rev 4701) allow remote external) attackers to inject arbitrary web script or HTML via BUGTRAQ the (1) author field to guestbook.php or (2) (link is external) EXPLOIT-DB username field to account.php. (link is external) MISC (link is external) MISC (link is external) OSVDB pmb_services -- SQL injection vulnerability in 2015-01-02 6.5 CVE-2014-9457 EXPLOIT-DB pmb classes/mono_display.class.php in PMB 4.1.3 and (link is external) earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. projectsend -- Cross-site scripting (XSS) vulnerability in 2015-01-08 4.3 CVE-2014-9580 XF (link is projectsend ProjectSend (formerly cFTP) r561 allows remote external) attackers to inject arbitrary web script or HTML via EXPLOIT-DB the Description field in a file upload. NOTE: this (link is external) MISC (link is issue was originally incorrectly mapped to CVE- external) 2014-1155; see CVE-2014-1155 for more information. quick_page/post_re Cross-site request forgery (CSRF) vulnerability in the 2015-01-05 6.8 CVE-2014-2598 MISC (link is direct_project -- Quick Page/Post Redirect plugin before 5.0.5 for external) quick_page/post_re WordPress allows remote attackers to hijack the XF (link is direct authentication of administrators for requests that external) EXPLOIT-DB conduct cross-site scripting (XSS) attacks via the (link is external) quickppr_redirects[request][] parameter in the SECUNIA (link redirect-updates page to wp-admin/admin.php. is external) FULLDISC MISC (link is external) OSVDB OSVDB reality66 -- SQL injection vulnerability in 2015-01-02 6.5 CVE-2014-9442 MISC (link is cart66_lite models/Cart66Ajax.php in the Cart66 Lite plugin external) before 1.5.4 for WordPress allows remote CONFIRM authenticated users to execute arbitrary SQL SECUNIA (link is external) commands via the q parameter in a promotionProductSearch action to wp- admin/admin-ajax.php. redcloth -- Cross-site scripting (XSS) vulnerability in the 2015-01-07 4.3 CVE-2012-6684 MISC (link is redcloth_library RedCloth library 4.2.9 for Ruby and earlier allows external) remote attackers to inject arbitrary web script or FULLDISC HTML via a javascript: URI. MISC (link is external) MISC redhat -- libvirt The qemu implementation of 2015-01-06 4.0 CVE-2014-8131 SUSE virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. relevanssi -- Cross-site scripting (XSS) vulnerability in the 2015-01-02 4.3 CVE-2014-9443 SECUNIA (link relevanssi Relevanssi plugin before 3.3.8 for WordPress allows is external) remote attackers to inject arbitrary web script or HTML via unspecified vectors. sap -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-01-07 4.3 CVE-2014-9569 MISC (link is netweaver_busines SAP NetWeaver Business Client (NWBC) for HTML external) s_client_for_html 3.0 allow remote attackers to inject arbitrary web SECUNIA (link script or HTML via the (1) title or (2) roundtrips is external) parameter, aka SAP Security Note 2051285. sefrengo -- sefrengo Cross-site scripting (XSS) vulnerability in the 2015-01-08 4.3 CVE-2015-0918 MISC (link is administrative backend in Sefrengo before 1.6.1 external) allows remote attackers to inject arbitrary web FULLDISC script or HTML via the searchterm parameter to MISC (link is external) backend/main.php. simple_sticky_foote Multiple cross-site request forgery (CSRF) 2015-01-02 6.8 CVE-2014-9454 r_project -- vulnerabilities in the Simple Sticky Footer plugin XF (link is external) simple_sticky_foote before 1.3.3 for WordPress allow remote attackers XF (link is r to hijack the authentication of administrators for external) requests that (1) change plugin settings via MISC (link is external) unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) simple_sf_width or (3) simple_sf_style parameter in the simple-simple- sticky-footer page to wp-admin/themes.php. simple_visitor_stat_ Multiple cross-site scripting (XSS) vulnerabilities in 2015-01-02 4.3 CVE-2014-9453 XF (link is project -- simple-visitor-stat.php in the Simple visitor stat external) simple_visitor_stat plugin for WordPress allow remote attackers to MISC (link is inject arbitrary web script or HTML via the (1) HTTP external) User-Agent or (2) HTTP Referer header. sliding_social_icons Multiple cross-site request forgery (CSRF) 2015-01-02 6.8 CVE-2014-9437 XF (link is _project -- vulnerabilities in the Sliding Social Icons plugin 1.61 external) sliding_social_icons for WordPress allow remote attackers to hijack the MISC (link is authentication of administrators for requests that external) (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php. smartcat -- Multiple cross-site request forgery (CSRF) 2015-01-05 6.8 CVE-2014-9523 MISC (link is our_team_showcas vulnerabilities in the Our Team Showcase (our- external) e team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php. social_microbloggin Cross-site scripting (XSS) vulnerability in Social 2015-01-05 4.3 CVE-2014-9516 EXPLOIT-DB g_pro_project -- Microblogging PRO 1.5 allows remote attackers to (link is external) social_microbloggin inject arbitrary web script or HTML via the OSVDB g_pro PATH_INFO to the default URI, related to the "Web Site" input in the Profile section. strongswan -- strongSwan 4.5.x through 5.2.x before 5.2.1 allows 2015-01-07 5.0 CVE-2014-9221 CONFIRM strongswan remote attackers to cause a denial of service SECUNIA (link (invalid pointer dereference) via a crafted IKEv2 Key is external) SECUNIA (link Exchange (KE) message with Diffie-Hellman (DH) is external) group 1025. sysaid -- sysaid Absolute path traversal vulnerability in SysAid On- 2015-01-02 5.0 CVE-2014-9436 XF (link is Premise before 14.4.2 allows remote attackers to external) read arbitrary files via a \\\\ (four backslashes) in the EXPLOIT-DB fileName parameter to getRdsLogFile. (link is external) FULLDISC MISC (link is external) timed_popup_proje Multiple cross-site request forgery (CSRF) 2015-01-05 6.8 CVE-2014-9525 XF (link is ct -- timed_popup vulnerabilities in the Timed Popup (wp-timed- external) popup) plugin 1.3 for WordPress allow remote XF (link is attackers to hijack the authentication of external) MISC (link is administrators for requests that (1) change plugin external) settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php. typo3 -- typo3 The frontend rendering component in TYPO3 4.5.x 2015-01-04 4.3 CVE-2014-9508 before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors. vbulletin -- vbulletin Cross-site request forgery (CSRF) vulnerability in the 2015-01-02 6.8 CVE-2014-9438 MISC (link is Moderator Control Panel in vBulletin 4.2.2 allows external) remote attackers to hijack the authentication of XF (link is administrators for requests that (1) ban a user via external) MISC (link is the username parameter in a dobanuser action to external) modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors. vdgsecurity -- Directory traversal vulnerability in VDG Security 2015-01-02 5.0 CVE-2014-9452 MISC (link is vdg_sense SENSE (formerly DIVA) 2.3.13 allows remote external) attackers to read arbitrary files via a .. (dot dot) in XF (link is the default URI to images/. external) BID (link is external) FULLDISC MISC (link is external) vdgsecurity -- VDG Security SENSE (formerly DIVA) before 2.3.15 2015-01-08 6.4 CVE-2014-9575 MISC (link is vdg_sense allows remote attackers to bypass authentication, external) and consequently read and modify arbitrary plugin FULLDISC settings, via an encoded : (colon) character in the MISC (link is external) Authorization HTTP header. vdgsecurity -- VDG Security SENSE (formerly DIVA) 2.3.13 has a 2015-01-08 5.0 CVE-2014-9576 MISC (link is vdg_sense hardcoded password of (1) ArpaRomaWi for the external) root Postgres account and !DVService for the (2) FULLDISC postgres and (3) NTP Windows user accounts, which MISC (link is external) allows remote attackers to obtain access. vdgsecurity -- VDG Security SENSE (formerly DIVA) 2.3.13 sends 2015-01-08 4.0 CVE-2014-9577 MISC (link is vdg_sense the user database when a user logs in, which allows external) remote authenticated users to obtain usernames FULLDISC and password hashes by logging in to TCP port MISC (link is external) 51410 and reading the response. vdgsecurity -- VDG Security SENSE (formerly DIVA) 2.3.13 performs 2015-01-08 5.0 CVE-2014-9578 MISC (link is vdg_sense authentication with a password hash instead of a external) password, which allows remote attackers to gain FULLDISC login access by leveraging knowledge of password MISC (link is external) hash. vdgsecurity -- VDG Security SENSE (formerly DIVA) 2.3.13 stores 2015-01-08 5.0 CVE-2014-9579 MISC (link is vdg_sense administrator credentials in cleartext, which allows external) attackers to obtain sensitive information by reading FULLDISC the plugin configuration files. MISC (link is external) zohocorp -- Cross-site scripting (XSS) vulnerability in ZOHO 2015-01-07 4.3 CVE-2014-3779 XF (link is manageengine_ads ManageEngine ADSelfService Plus before 5.2 Build external) elfservice_plus 5202 allows remote attackers to inject arbitrary web MISC (link is script or HTML via the name parameter to external) GroupSubscription.do. Low Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity absolutengine -- Cross-site scripting (XSS) vulnerability in 2015-01-02 3.5 CVE-2014-9434 BID (link is absolut_engine admin/managerrelated.php in the administrative external) backend in Absolut Engine 1.73 allows remote MISC (link is authenticated users to inject arbitrary web script or external) FULLDISC HTML via the title parameter. linuxcontainers -- cmanager 0.32 does not properly enforce nesting 2015-01-07 2.1 CVE-2014-1425 cgmanager when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors. mantisbt -- MantisBT before 1.2.18 does not properly check 2015-01-04 3.5 CVE-2014-9506 CONFIRM mantisbt permissions when sending an email that indicates DEBIAN when a monitored issue is related to another issue, MLIST which allows remote authenticated users to obtain sensitive information about restricted issues. mediawiki -- MediaWiki before 1.19.22, 1.20.x through 1.22.x 2015-01-04 2.6 CVE-2014-9507 mediawiki before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS. reality66 -- Directory traversal vulnerability in 2015-01-02 3.5 CVE-2014-9461 CONFIRM cart66_lite models/Cart66.php in the Cart66 Lite plugin before MISC (link is 1.5.4 for WordPress allows remote authenticated external) users to read arbitrary files via a .. (dot dot) in the CONFIRM member_download action to wp-admin/admin- ajax.php.

• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which contains a database of every vulnerability that has ever been published).

Uganda Communications Commission – UGCERT Email: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911 Website www.ug-cert.ug Face book / Twitter: UGCERT