Vulnerability Summary for the Week of June 22, 2015 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID. • The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --Product Description Date CVSS Published Score The CVE Identity adobe -- photoshop_cc Adobe Photoshop CC before 16.0 (aka 2015.0.0) 2015-06-24 10.0 CVE-2015-3109 CONFIRM (link is external) 2015-06-24 10.0 CVE-2015-3110 CONFIRM (link is external) CONFIRM (link is external) 2015-06-24 10.0 CVE-2015-3111 CONFIRM (link is external) CONFIRM (link is external) 2015-06-24 10.0 CVE-2015-3112 CONFIRM (link is external) CONFIRM (link is external) 2015-06-23 10.0 CVE-2015-3113 CONFIRM (link is external) allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. adobe -- bridge Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. adobe -- bridge Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. adobe -- bridge Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. adobe -- flash_player Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. airties -- air_firmware Stack-based buffer overflow in AirTies Air 6372, 2015-06-19 10.0 CVE-2015-2797 EXPLOIT-DB (link is external) EXPLOIT-DB (link is external) MISC (link is external) OSVDB 2015-06-23 7.5 CVE-2014-4882 CERT-VN 2015-06-23 7.5 CVE-2015-4726 MISC (link is external) 2015-06-23 7.8 CVE-2015-2860 CERT-VN 2015-06-23 7.8 CVE-2015-4200 CISCO (link is external) 2015-06-24 7.5 CVE-2015-4208 CISCO (link is external) 2015-06-24 7.2 CVE-2015-4211 CISCO (link is external) 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login. aptexx -- Aptexx Resident Anywhere does not require resident_anywhere authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request. audiosharescript -- PHP remote file inclusion vulnerability in audioshare ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter. avigilon -- Directory traversal vulnerability in Avigilon avigilon_control_center Control Center (ACC) 4 before 4.12.0.54 and 5 before 5.4.2.22 allows remote attackers to read arbitrary files via a crafted help/ URL. cisco -- ios Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (memory consumption) by triggering an error during CPE negotiation, aka Bug ID CSCug00885. cisco -- Cisco WebEx Meeting Center does not properly webex_meeting_center restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. cisco -- Cisco AnyConnect Secure Mobility Client 3.1(60) anyconnect_secure_mobil on Windows does not properly validate ity_client pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862. cisco -- Cisco Wireless LAN Controller (WLC) devices with 2015-06-26 7.2 CVE-2015-4224 CISCO (link is external) wireless_lan_controller_s software 7.0(240.0) allow local users to execute oftware arbitrary OS commands in a privileged context 10.0 CVE-2015-1158 CERT-VN CONFIRM MISC (link is external) CONFIRM (link is external) CONFIRM CONFIRM MISC (link is external) 7.5 CVE-2015-4678 MISC (link is external) 2015-06-24 7.5 CVE-2015-5068 MISC (link is external) MISC (link is external) 2015-06-19 7.5 CVE-2015-4675 FULLDISC MISC (link is external) via crafted CLI commands, aka Bug ID CSCuj39474. cups -- cups The add_job function in scheduler/ipp.c in cupsd 2015-06-26 in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originatinghost-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. persian_car_cms_project SQL injection vulnerability in Persian Car CMS 1.0 2015-06-19 -- persian_car_cms allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI. sap -- mobile_platform XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601. tinysrp_project -- tinysrp Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field. Medium Severity Vulnerabilities The Primary Description Vendor --- Product aftab -- tickfa SQL injection vulnerability in ticket.php in TickFa Date Published CVSS The CVE Score Identity 2015-06-19 6.5 CVE-2015-4676 MISC (link is external) 2015-06-19 4.3 CVE-2015-4679 MISC (link is external) 2015-06-23 6.8 CVE-2015-4586 MISC (link is external) 2015-06-22 6.5 CVE-2015-4713 MISC (link is external) 2015-06-22 5.0 CVE-2015-4590 CONFIRM (link is external) CONFIRM (link is external) CONFIRM (link is external) BID (link is external) MLIST (link is external) 2015-06-24 4.3 CVE-2013-7397 CONFIRM (link is external) MLIST (link is external) 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action. airties -- rt- Multiple cross-site scripting (XSS) vulnerabilities in 210_firmware the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm. alcatel-lucent -- Cross-site request forgery (CSRF) vulnerability in cellpipe_7130_rg_5 Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL ae.m2013_hol_firm with firmware 1.0.0.20h.HOL allows remote ware attackers to hijack the authentication of administrators for requests that create a user account via an add_user action in a request to password.cmd. apphp -- hotel_site SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. arduino_json_proje The extractFrom function in ct -- arduino_json Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a terminator, as demonstrated by "\\\0", which triggers a buffer overflow and overread. async-http- Async Http Client (aka AHC or async-http-client) client_project -- before 1.9.0 skips X.509 certificate verification async-http-client unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-themiddle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates. async-http- main/java/com/ning/http/client/AsyncHttpClientCo client_project -- nfig.java in Async Http Client (aka AHC or async- async-http-client http-client) before 1.9.0 does not require a 2015-06-24 4.3 CVE-2013-7398 CONFIRM (link is external) MLIST (link is external) 2015-06-23 4.3 CVE-2015-4725 MISC (link is external) 2015-06-23 6.8 CVE-2015-4189 CISCO (link is external) 2015-06-20 6.1 CVE-2015-4197 CISCO (link is external) 2015-06-20 4.3 CVE-2015-4198 CISCO (link is external) 2015-06-20 5.0 CVE-2015-4201 CISCO (link is external) 2015-06-20 5.0 CVE-2015-4202 CISCO (link is external) hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. audiosharescript -- Cross-site scripting (XSS) vulnerability in forgot.php audioshare in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter. cisco -- Cross-site request forgery (CSRF) vulnerability in data_center_analyti Cisco Data Center Analytics Framework (DCAF) 1.4 cs_framework allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807. cisco -- nx-os Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415. cisco -- Cross-site scripting (XSS) vulnerability in the web web_security_appli framework on Cisco Web Security Appliance (WSA) ance devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409. cisco -- The Gateway General Packet Radio Service Support asr_5000_series_sof Node (GGSN) component on Cisco ASR 5000 tware devices with software 17.2.0.59184 and 18.0.L0.59219 allows remote attackers to cause a denial of service (Session Manager restart) via an invalid TCP/IP header, aka Bug ID CSCut68058. cisco -- ios Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203. cisco -- ios Race condition in Cisco IOS 12.2SCH in the 2015-06-23 5.4 CVE-2015-4203 CISCO (link is external) 2015-06-23 6.8 CVE-2015-4204 CISCO (link is external) 2015-06-23 5.7 CVE-2015-4205 CISCO (link is external) 2015-06-23 5.0 CVE-2015-4207 CISCO (link is external) 2015-06-23 6.4 CVE-2015-4209 CISCO (link is external) 2015-06-23 4.3 CVE-2015-4210 CISCO (link is external) 2015-06-24 5.0 CVE-2015-4212 CISCO (link is Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of service (PXF process crash) by sending malformed MPLS 6VPE packets quickly, aka Bug ID CSCud83396. cisco -- cisco_ios Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process crash) by sending docsIfMCmtsMib SNMP requests quickly, aka Bug ID CSCue65051. cisco -- ios_xr Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local network, aka Bug ID CSCut19959. cisco -- Cisco WebEx Meeting Center places a meeting's webex_meeting_ce access number in a URL, which allows remote nter attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147. cisco -- Cisco WebEx Meeting Center does not properly webex_meeting_ce determine authorization for reading a host nter calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. cisco -- Cross-site scripting (XSS) vulnerability in Cisco webex_meeting_ce WebEx Meeting Center allows remote attackers to nter inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. cisco -- Cisco WebEx Meeting Center allows remote webex_meeting_ce attackers to obtain sensitive information via nter external) unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466. cisco -- nx-os Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows 2015-06-24 4.0 CVE-2015-4213 CISCO (link is external) 2015-06-24 4.0 CVE-2015-4214 CISCO (link is external) 2015-06-24 6.1 CVE-2015-4215 CISCO (link is external) 2015-06-26 5.0 CVE-2015-4216 CISCO (link is external) 2015-06-26 4.3 CVE-2015-4217 CISCO (link is external) CISCO (link is external) 2015-06-24 5.0 CVE-2015-4218 CISCO (link is external) remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391. cisco -- Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) unified_meetingpla allows remote authenticated users to discover ce cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050. cisco -- Cisco Wireless LAN Controller (WLC) devices with wireless_lan_contro software 7.5(102.0) and 7.6(1.62) allow remote ller_software attackers to cause a denial of service (device crash) by triggering an exception during attempted forwarding of unspecified IPv6 packets to a nonIPv6 device, aka Bug ID CSCuj01046. cisco -- The remote-support feature on Cisco Web Security content_security_m Virtual Appliance (WSAv), Email Security Virtual anagement_virtual_ Appliance (ESAv), and Security Management Virtual appliance Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630. cisco -- The remote-support feature on Cisco Web Security content_security_m Virtual Appliance (WSAv), Email Security Virtual anagement_virtual_ Appliance (ESAv), and Security Management Virtual appliance Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601. cisco -- jabber The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858. cisco -- Cisco Secure Access Control System before identity_services_e 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco ngine_software Identity Services Engine 1.0(4.573) do not properly 2015-06-24 4.0 CVE-2015-4219 CISCO (link is external) 2015-06-25 4.3 CVE-2015-4220 CISCO (link is external) 2015-06-26 4.0 CVE-2015-4221 CISCO (link is external) 2015-06-26 6.5 CVE-2015-4222 CISCO (link is external) 2015-06-25 5.0 CVE-2015-4223 CISCO (link is external) 2015-06-26 4.3 CVE-2015-1159 CERT-VN CONFIRM MISC (link is external) CONFIRM (link is external) CONFIRM implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331. cisco -- Cross-site scripting (XSS) vulnerability in Cisco unified_presence_s Unified Presence Server 9.1(1) allows remote erver attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773. cisco -- Cisco Unified Communications Manager IM and unified_communica Presence Service 9.1(1) does not properly restrict tions_manager_im_ access to encrypted passwords, which allows and_presence_servi remote attackers to determine cleartext passwords, ce and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194. cisco -- SQL injection vulnerability in Cisco Unified unified_communica Communications Manager IM and Presence Service tions_manager_im_ 9.1(1) allows remote authenticated users to execute and_presence_servi arbitrary SQL commands via unspecified vectors, ce aka Bug ID CSCuq46325. cisco -- ios_xr Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478. cups -- cups Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. CONFIRM MISC (link is external) dream-multimedia- Cross-site scripting (XSS) vulnerability in the tv -- DreamBox DM500-S allows remote attackers to dreambox_dm500- inject arbitrary web script or HTML via the mode s_firmware parameter to /body. drupal -- drupal The Render cache system in Drupal 7.x before 7.38, 2015-06-22 4.3 CVE-2015-4714 MISC (link is external) 2015-06-22 4.0 CVE-2015-3231 CONFIRM DEBIAN 2015-06-22 5.8 CVE-2015-3232 CONFIRM DEBIAN 2015-06-22 5.8 CVE-2015-3233 CONFIRM DEBIAN 2015-06-22 4.3 CVE-2015-3234 CONFIRM DEBIAN 2015-06-22 4.3 CVE-2015-0526 BUGTRAQ 2015-06-19 6.8 CVE-2015-4677 EXPLOIT-DB (link is external) 2015-06-26 5.0 CVE-2015-1266 CONFIRM CONFIRM (link when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache. drupal -- drupal Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter. drupal -- drupal Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. drupal -- drupal The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers. emc -- Multiple cross-site scripting (XSS) vulnerabilities in rsa_validation_man EMC RSA Validation Manager (RVM) 3.2 before build ager 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. fiverrscript -- Cross-site request forgery (CSRF) vulnerability in fiverrscript FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php. google -- chrome content/browser/webui/content_web_ui_controlle r_factory.cc in Google Chrome before 43.0.2357.130 is external) CONFIRM (link is external) does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests. google -- chrome Blink, as used in Google Chrome before 2015-06-26 5.0 CVE-2015-1267 CONFIRM CONFIRM CONFIRM (link is external) CONFIRM (link is external) 2015-06-26 5.0 CVE-2015-1268 CONFIRM CONFIRM (link is external) CONFIRM (link is external) 2015-06-26 4.3 CVE-2015-1269 CONFIRM CONFIRM (link is external) CONFIRM (link is external) 2015-06-22 5.0 CVE-2015-3236 CONFIRM (link is external) 2015-06-22 6.4 CVE-2015-3237 CONFIRM (link is external) 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp. google -- chrome bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL. google -- chrome The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase. haxx -- curl cURL and libcurl 7.40.0 through 7.42.1 sends the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors. haxx -- curl The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. mcafee -- Intel McAfee ePolicy Orchestrator (ePO) 4.x through 2015-06-23 5.8 CVE-2015-2859 CERT-VN CONFIRM (link is external) CONFIRM (link is external) 2015-06-24 4.3 CVE-2015-5066 BUGTRAQ (link is external) MISC (link is external) MISC 2015-06-24 4.3 CVE-2015-5064 BUGTRAQ (link is external) MISC 2015-06-24 4.3 CVE-2015-4413 CONFIRM CONFIRM FULLDISC 2015-06-25 6.8 CVE-2015-1851 CONFIRM (link is external) MLIST (link is external) MLIST (link is external) MLIST (link is external) DEBIAN MLIST 2015-06-24 5.0 CVE-2015-5065 CONFIRM EXPLOIT-DB epolicy_orchestrato 4.6.9 and 5.x through 5.1.2 does not validate server r names and Certification Authority names in X.509 certificates from SSL servers, which allows man-inthe-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. metalgenix -- Multiple cross-site scripting (XSS) vulnerabilities in genixcms the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php. mysql-lite- Multiple cross-site scripting (XSS) vulnerabilities in administrator_proje MySql Lite Administrator (mysql-lite-administrator) ct -- mysql-lite- beta-1 allow remote attackers to inject arbitrary administrator web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to coloni.php. nextend -- Cross-site scripting (XSS) vulnerability in the facebook_connect new_fb_sign_button function in nextendfacebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. openstack -- OpenStack Cinder before 2014.1.5 (icehouse), icehouse 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command. paypal_currency_co Absolute path traversal vulnerability in proxy.php nverter_basic_for_ in the google currency lookup in the Paypal woocommerce_proj Currency Converter Basic For WooCommerce plugin ect -- (link is external) CONFIRM MISC (link is external) before 1.4 for WordPress allows remote attackers to paypal_currency_co read arbitrary files via a full pathname in the requrl nverter_basic_for_ parameter. woocommerce pearson -- Pearson ProctorCache before 2015.1.17 uses the proctorcache same hardcoded password across different 2015-06-23 5.0 CVE-2015-0972 CERT-VN 2015-06-24 5.0 CVE-2015-3900 CONFIRM 2015-06-24 5.0 CVE-2015-5067 MISC (link is external) MISC (link is external) 2015-06-24 6.8 CVE-2015-2308 CONFIRM (link is external) JVNDB (link is external) JVN (link is external) 2015-06-24 5.8 CVE-2015-5062 BUGTRAQ (link is external) MISC (link is external) 2015-06-24 4.3 CVE-2015-5063 BUGTRAQ (link is external) MISC (link is external) 2015-06-19 6.4 CVE-2015-4641 CERT-VN customers' installations, which allows remote attackers to modify test metadata or cause a denial of service (test disruption) by leveraging knowledge of this password. ruby-lang -- ruby RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." sap -- netweaver The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Note 2059659 and 2057982. sensiolabs -- Eval injection vulnerability in the HttpCache class in symfony HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element. silverstripe -- Open redirect vulnerability in SilverStripe CMS & silverstripe Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build. silverstripe -- Multiple cross-site scripting (XSS) vulnerabilities in silverstripe SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php. swiftkey -- Directory traversal vulnerability in the SwiftKey swiftkey_sdk MISC (link is external) MISC (link is external) MISC (link is external) MISC (link is external) language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvikcache directory. toshiba -- chec CreateBossCredentials.jar in Toshiba CHEC before 2015-06-24 5.0 CVE-2014-4875 CONFIRM CERT-VN 2015-06-24 4.3 CVE-2015-2169 MISC (link is external) FULLDISC 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access. zohocorp -- Cross-site scripting (XSS) vulnerability in Zoho manageengine_ass ManageEngine AssetExplorer 6.1 service pack 6112 etexplorer allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned. Low Severity Vulnerabilities The Primary Description Vendor --- Product swiftkey -- The SwiftKey language-pack update implementation swiftkey_sdk on Samsung Galaxy S4, S4 Mini, S5, and S6 devices Date Published CVSS The CVE Score Identity 2015-06-19 2.9 CVE-2015-4640 CERT-VN MISC (link is external) MISC (link is external) MISC (link is external) MISC (link is external) 2015-06-24 3.5 CVE-2015-5061 MISC (link is external) MISC (link is external) relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-themiddle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution. zohocorp -- Cross-site scripting (XSS) vulnerability in Zoho manageengine_ass ManageEngine AssetExplorer 6.1 service pack 6112 etexplorer and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do. • Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which contains a database of every vulnerability that has ever been published). Uganda Communications Commission – UGCERT Email: info@ug-cert.ug Tel + 256 414 302 100/150 Toll Free: 0800 133 911 Website www.ug-cert.ug Face book / Twitter: UGCERT