Vulnerability Summary for the Week of January 5, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity a*a+,#ost,search,#roject 'QL in*ection vulnerability in the 2015-01-07 7.5 CVE-2012-5853 CONFIRM -- a*a+,#ost,search /the,search,function/ function in BUGTRAQ cardoza,a*a+,search.#h# in the 0102 Post 'earch (cardoza-a*a+-search) #lugin before 3.3 for 5ordPress allows remote attac$ers to e+ecute arbitrary 'QL commands via the srch,t+t #arameter in a /the,search,te+t/ action to wp-admin6admin-a*a+.ph#. asus -- wrt,firmware common.c in infosvr in 0'7' 58T firmware 2015-01-08 10.0 CVE-2014-9583 MISC (link is 4.9.0.4.3;<,39;3, 4.0.0.3;<.=>=:-g9934f>=, and external) other versions, as used in 8T-0 <<7, 8T-N6<7, EXPLOIT-DB and other routers, does not #roperly chec$ the (link is external) MISC (link is M0 address for a re?uest, which allows remote external) attac$ers to by#ass authentication and e+ecute arbitrary commands via a NET, M&,%&,M0NU, MD #ac$et to 7DP #ort @@@@. NOTE: this issue was incorrectly ma##ed to !"-=93:-39999, but that %D is invalid due to its use as an e+am#le of the =93: !E %D synta+ change. basic-cms -- sweetrice Multi#le 'QL in*ection vulnerabilities in 2015-01-03 7.5 CVE-2010-5317 MISC (link is inde+.ph# in 'weet8ice M' before 9.<.7.1 allow external) remote attac$ers to e+ecute arbitrary 'QL commands via (3) the file,name #arameter in an attachment action, (=) the #ost #arameter in a show_comment action, (4) the sys-name #arameter in an rssfeed action, or (:) the sys- name #arameter in a view action. cts,#rojectsBsoftware -- 'QL in*ection vulnerability in showads.ph# in 2015-01-02 7.5 CVE-2014-9455 MISC (link is classad T' Pro*ects B 'oftware lass0d 4.0 allows external) remote attac$ers to e+ecute arbitrary 'QL commands via the catid #arameter. debian -- mime-su##ort run-mailca# in the Debian mime-su##ort 2015-01-06 7.5 CVE-2014-7209 XF (link is #ac$age before 4.5=-3Cdeb;u3 allows conte+t- external) de#endent attac$ers to e+ecute arbitrary BID (link is commands via shell metacharacters in a external) MLIST (link is filename. external) SECUNIA (link is external) deliciousdays -- cformsii 7nrestricted file u#load vulnerability in 2015-01-07 7.5 CVE-2014-9473 CONFIRM lib,nona*a+.ph# in the forms%% #lugin 3:.7 and BUGTRAQ earlier for 5ordPress allows remote attac$ers to (link is external) e+ecute arbitrary code by u#loading a file with an e+ecutable e+tension via the cf,u#loadfile=DE #arameter, then accessing the file via a direct re?uest to the file in the default u#load directory. don,ho -- note#ad+C Fuffer overflow in NotePad+C <.6.@ allows 2015-01-02 10.0 CVE-2014-9456 EXPLOIT-DB remote attac$ers to have uns#ecified im#act via (link is external) a long Time attribute in an Event element in an 2ML file. NOTE: this issue was originally incorrectly ma##ed to !"-=93:-399:G see !"- =93:-399: for more information. he+-rays -- ida Hea#-based buffer overflow in the H&F 2015-01-02 10.0 CVE-2014-9458 SECUNIA (link debugger module in He+-8ays %&0 Pro before <.6 is external) cumulative fi+ =93:-3=-=: allows remote H&F servers to have uns#ecified im#act via un$nown vectors. humhub -- humhub 'QL in*ection vulnerability in the action%nde+ 2015-01-06 7.5 CVE-2014-9528 CONFIRM (link function in is external) #rotected/modules,core6notification6controllers XF (link is 6List ontroller.ph# in HumHub 9.19.0-rc.1 and external) EXPLOIT-DB earlier allows remote authenticated users to (link is external) e+ecute arbitrary 'QL commands via the from FULLDISC #arameter to inde+.ph#. NOTE: this can be MISC (link is leveraged for cross-site scri#ting (2'') attac$s external) via a re?uest that causes an error. infinitewp -- 'QL in*ection vulnerability in login.#h# in 2015-01-05 7.5 CVE-2014-9519 MISC (link is infinitewp,admin,#anel %nfinite5P 0dmin Panel before =.4.4 allows external) remote attac$ers to e+ecute arbitrary 'QL FULLDISC commands via the email #arameter. infinitewp -- 'QL in*ection vulnerability in e+ecute.ph# in 2015-01-05 7.5 CVE-2014-9520 MISC (link is infinitewp,admin,#anel %nfinite5P 0dmin Panel before =.4.: allows external) remote attac$ers to e+ecute arbitrary 'QL FULLDISC commands via the historyID #arameter. infinitewp -- 7nrestricted file u#load vulnerability in 2015-01-05 7.5 CVE-2014-9521 MISC (link is infinitewp,admin,#anel u#loadScri#t.ph# in %nfinite5P 0dmin Panel external) before =.4.:, when the allWPIiles ?uery FULLDISC #arameter is set, allows remote attac$ers to e+ecute arbitrary code by u#loading a file with a double e+tension, then accessing it via a direct re?uest to the file in the u#loads directory, as demonstrated by the .ph#.swp filename. installatron -- 'QL in*ection vulnerability in incl/create.inc.ph# 2015-01-02 7.5 CVE-2014-9445 XF (link is g?,file,manager in %nstallatron HQ Iile Manager 9.2.5 allows external) remote attac$ers to e+ecute arbitrary 'QL EXPLOIT-DB commands via the create #arameter to (link is external) inde+.ph#. NOTE: this can be leveraged for cross- site scri#ting (2'') attac$s by creating a file that generates an error. NOTE: this issue was originally incorrectly ma##ed to !"-=93:-334;G see !"-=93:-334; for more information. linu+ -- linu+,$ernel The batadv_frag,merge,#ac$ets function in 2015-01-02 7.8 CVE-2014-9428 MLIST net6batman-adv/fragmentation.c in the CONFIRM (link F.A.T.M.A.N. im#lementation in the Linu+ $ernel is external) through 4.1J.1 uses an incorrect length field MLIST (link is external) during a calculation of an amount of memory, MLIST (link is external) which allows remote attac$ers to cause a denial CONFIRM of service (mesh-node system crash) via CONFIRM fragmented #ac$ets. mediawi$i -- mediawi$i The wfMangleIlashPolicy function in 2015-01-04 7.5 CVE-2014-9277 CONFIRM Aut#utHandler.ph# in Media5i$i before 3.1@.==, MLIST (link is 3.=9.x through 3.2=.x before 3.2=.3:, and 3.24.x external) before 3.24.7 allows remote attac$ers to conduct MLIST (link is external) PHP ob*ect in*ection attac$s via a crafted string DEBIAN containing Kcross-domain-#olicyL in a PHP SECTRACK format re?uest, which causes the string length (link is external) to change when converting the re?uest to KNOT-cross-domain-#olicy>. microweber -- microweber 'QL in*ection vulnerability in ategory.#h# in 2015-01-03 7.5 CVE-2014-9464 MISC (link is Microweber M' 9.9> before =93:3=9@ allows external) remote attac$ers to e+ecute arbitrary 'QL CONFIRM (link commands via the category #arameter when is external) dis#laying a category, related to the M#arent,id variable. mini-stream -- rm- Fuffer overflow in Mini-stream 8M-MP4 2015-01-02 7.5 CVE-2014-9448 EXPLOIT-DB m#4,converter onverter 4.1.2.3.2939.94.39 allows remote (link is external) attac$ers to e+ecute arbitrary code or cause a EXPLOIT-DB denial of service (crash) via a long string in a (link is external) OSVDB 502 file. osclass -- osclass 'QL in*ection vulnerability in the 2015-01-05 7.5 CVE-2014-8083 BID (link is 'earch::set1son0lert method in A' lass before external) 4.:.3 allows remote attac$ers to e+ecute BUGTRAQ arbitrary '.L commands via the alert #arameter (link is external) FULLDISC in a search alert subscri#tion action. MISC (link is external) MISC (link is external) osclass -- osclass Directory traversal vulnerability in oc- 2015-01-05 7.5 CVE-2014-8084 BID (link is includes6osclass6controller6a*a+.ph# in A' lass external) before 4.4.4 allows remote attac$ers to include BUGTRAQ and e+ecute arbitrary local files via a .. (dot dot) (link is external) FULLDISC in the a*a+file #arameter in a custom action. MISC (link is external) MISC (link is external) #h# -- #h# sa#i6cgi6cgi,main.c in the H% com#onent in PHP 2015-01-02 7.5 CVE-2014-9427 CONFIRM (link through >.4.3<, >.5.x through >.5.29, and >.6.x is external) through >.6.4, when mma# is used to read a .ph# MLIST (link is file, does not #ro#erly consider the ma##ingNs external) MLIST (link is length during #rocessing of an invalid file that external) begins with a O character and lac$s a newline MLIST (link is character, which causes an out-of-bounds read external) and might (3) allow remote attac$ers to obtain CONFIRM (link is external) sensitive information from #h#-cgi #rocess memory by leveraging the ability to u#load a .ph# file or (=) trigger une+#ected code e+ecution if a valid PHP scri#t is #resent in memory locations adjacent to the ma##ing.