Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Web Design

Vulnerability Summary for the Week of June 22, 2015 - UG-CERT

advertisement 
Vulnerability Summary for the Week of June 22, 2015
Please Note:
•
The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.
•
The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can
search the status of that particular vulnerability using that ID.
•
The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the
severity of the vulnerability.
High Severity Vulnerabilities
The Primary Vendor --Product
Description
Date
CVSS
Published Score
The CVE
Identity
adobe -- photoshop_cc
Adobe Photoshop CC before 16.0 (aka 2015.0.0)
2015-06-24
10.0
CVE-2015-3109
CONFIRM (link
is external)
2015-06-24
10.0
CVE-2015-3110
CONFIRM (link
is external)
CONFIRM (link
is external)
2015-06-24
10.0
CVE-2015-3111
CONFIRM (link
is external)
CONFIRM (link
is external)
2015-06-24
10.0
CVE-2015-3112
CONFIRM (link
is external)
CONFIRM (link
is external)
2015-06-23
10.0
CVE-2015-3113
CONFIRM (link
is external)
allows attackers to execute arbitrary code or
cause a denial of service (memory corruption) via
unspecified vectors.
adobe -- bridge
Integer overflow in Adobe Photoshop CC before
16.0 (aka 2015.0.0) and Adobe Bridge CC before
6.11 allows attackers to execute arbitrary code
via unspecified vectors.
adobe -- bridge
Heap-based buffer overflow in Adobe
Photoshop CC before 16.0 (aka 2015.0.0) and
Adobe Bridge CC before 6.11 allows attackers to
execute arbitrary code via unspecified vectors.
adobe -- bridge
Adobe Photoshop CC before 16.0 (aka 2015.0.0)
and Adobe Bridge CC before 6.11 allow attackers
to execute arbitrary code or cause a denial of
service (memory corruption) via unspecified
vectors.
adobe -- flash_player
Heap-based buffer overflow in Adobe Flash
Player before 13.0.0.296 and 14.x through 18.x
before 18.0.0.194 on Windows and OS X and
before 11.2.202.468 on Linux allows remote
attackers to execute arbitrary code via
unspecified vectors, as exploited in the wild in
June 2015.
airties -- air_firmware
Stack-based buffer overflow in AirTies Air 6372,
2015-06-19
10.0
CVE-2015-2797
EXPLOIT-DB
(link is external)
EXPLOIT-DB
(link is external)
MISC (link is
external)
OSVDB
2015-06-23
7.5
CVE-2014-4882
CERT-VN
2015-06-23
7.5
CVE-2015-4726
MISC (link is
external)
2015-06-23
7.8
CVE-2015-2860
CERT-VN
2015-06-23
7.8
CVE-2015-4200
CISCO (link is
external)
2015-06-24
7.5
CVE-2015-4208
CISCO (link is
external)
2015-06-24
7.2
CVE-2015-4211
CISCO (link is
external)
5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442,
5343, 5342, 5341, and 5021 DSL modems with
firmware 1.0.2.0 and earlier allows remote
attackers to execute arbitrary code via a long
string in the redirect parameter to cgi-bin/login.
aptexx --
Aptexx Resident Anywhere does not require
resident_anywhere
authentication, which allows remote attackers to
obtain sensitive information or modify data via a
direct request.
audiosharescript --
PHP remote file inclusion vulnerability in
audioshare
ajax/myajaxphp.php in AudioShare 2.0.2 allows
remote attackers to execute arbitrary PHP code
via a URL in the config['basedir'] parameter.
avigilon --
Directory traversal vulnerability in Avigilon
avigilon_control_center
Control Center (ACC) 4 before 4.12.0.54 and 5
before 5.4.2.22 allows remote attackers to read
arbitrary files via a crafted help/ URL.
cisco -- ios
Memory leak in the IPv6-to-IPv4 functionality in
Cisco IOS 15.3S in the Performance Routing
Engine (PRE) module on UBR devices allows
remote attackers to cause a denial of service
(memory consumption) by triggering an error
during CPE negotiation, aka Bug ID CSCug00885.
cisco --
Cisco WebEx Meeting Center does not properly
webex_meeting_center
restrict the content of URLs in GET requests,
which allows remote attackers to obtain
sensitive information or conduct SQL injection
attacks via vectors involving read access to a
request, aka Bug ID CSCup88398.
cisco --
Cisco AnyConnect Secure Mobility Client 3.1(60)
anyconnect_secure_mobil on Windows does not properly validate
ity_client
pathnames, which allows local users to gain
privileges via a crafted INF file, aka Bug ID
CSCus65862.
cisco --
Cisco Wireless LAN Controller (WLC) devices with 2015-06-26
7.2
CVE-2015-4224
CISCO (link is
external)
wireless_lan_controller_s
software 7.0(240.0) allow local users to execute
oftware
arbitrary OS commands in a privileged context
10.0
CVE-2015-1158
CERT-VN
CONFIRM
MISC (link is
external)
CONFIRM (link
is external)
CONFIRM
CONFIRM
MISC (link is
external)
7.5
CVE-2015-4678
MISC (link is
external)
2015-06-24
7.5
CVE-2015-5068
MISC (link is
external)
MISC (link is
external)
2015-06-19
7.5
CVE-2015-4675
FULLDISC
MISC (link is
external)
via crafted CLI commands, aka Bug ID
CSCuj39474.
cups -- cups
The add_job function in scheduler/ipp.c in cupsd 2015-06-26
in CUPS before 2.0.3 performs incorrect free
operations for multiple-value job-originatinghost-name attributes, which allows remote
attackers to trigger data corruption for
reference-counted strings via a crafted (1)
IPP_CREATE_JOB or (2) IPP_PRINT_JOB request,
as demonstrated by replacing the configuration
file and consequently executing arbitrary code.
persian_car_cms_project
SQL injection vulnerability in Persian Car CMS 1.0 2015-06-19
-- persian_car_cms
allows remote attackers to execute arbitrary SQL
commands via the cat_id parameter to the
default URI.
sap -- mobile_platform
XML external entity (XXE) vulnerability in SAP
Mobile Platform 3 allows remote attackers to
read arbitrary files or possibly have other
unspecified impact via a crafted XML request,
aka SAP Security Note 2159601.
tinysrp_project -- tinysrp
Buffer overflow in the Tiny SRP library (aka
TinySRP) allows remote attackers to cause a
denial of service (crash) or possibly execute
arbitrary code via a crafted size value for the
username field.
Medium Severity Vulnerabilities
The Primary
Description
Vendor --- Product
aftab -- tickfa
SQL injection vulnerability in ticket.php in TickFa
Date Published CVSS The CVE
Score Identity
2015-06-19
6.5
CVE-2015-4676
MISC (link is
external)
2015-06-19
4.3
CVE-2015-4679
MISC (link is
external)
2015-06-23
6.8
CVE-2015-4586
MISC (link is
external)
2015-06-22
6.5
CVE-2015-4713
MISC (link is
external)
2015-06-22
5.0
CVE-2015-4590
CONFIRM (link
is external)
CONFIRM (link
is external)
CONFIRM (link
is external)
BID (link is
external)
MLIST (link is
external)
2015-06-24
4.3
CVE-2013-7397
CONFIRM (link
is external)
MLIST (link is
external)
1.x allows remote authenticated users to execute
arbitrary SQL commands via the tid parameter in a
read action.
airties -- rt-
Multiple cross-site scripting (XSS) vulnerabilities in
210_firmware
the web interface in Airties RT-210 allow remote
attackers to inject arbitrary web script or HTML via
the (1) ddns_domainame or (2) ddns_account
parameter to ddns.stm.
alcatel-lucent --
Cross-site request forgery (CSRF) vulnerability in
cellpipe_7130_rg_5 Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL
ae.m2013_hol_firm with firmware 1.0.0.20h.HOL allows remote
ware
attackers to hijack the authentication of
administrators for requests that create a user
account via an add_user action in a request to
password.cmd.
apphp -- hotel_site
SQL injection vulnerability in ApPHP Hotel Site 3.x.x
allows remote editors to execute arbitrary SQL
commands via the pid parameter to index.php.
arduino_json_proje The extractFrom function in
ct -- arduino_json
Internals/QuotedString.cpp in Arduino JSON before
4.5 allows remote attackers to cause a denial of
service (crash) via a JSON string with a \ (backslash)
followed by a terminator, as demonstrated by
"\\\0", which triggers a buffer overflow and overread.
async-http-
Async Http Client (aka AHC or async-http-client)
client_project --
before 1.9.0 skips X.509 certificate verification
async-http-client
unless both a keyStore location and a trustStore
location are explicitly set, which allows man-in-themiddle attackers to spoof HTTPS servers by
presenting an arbitrary certificate during use of a
typical AHC configuration, as demonstrated by a
configuration that does not send client certificates.
async-http-
main/java/com/ning/http/client/AsyncHttpClientCo
client_project --
nfig.java in Async Http Client (aka AHC or async-
async-http-client
http-client) before 1.9.0 does not require a
2015-06-24
4.3
CVE-2013-7398
CONFIRM (link
is external)
MLIST (link is
external)
2015-06-23
4.3
CVE-2015-4725
MISC (link is
external)
2015-06-23
6.8
CVE-2015-4189
CISCO (link is
external)
2015-06-20
6.1
CVE-2015-4197
CISCO (link is
external)
2015-06-20
4.3
CVE-2015-4198
CISCO (link is
external)
2015-06-20
5.0
CVE-2015-4201
CISCO (link is
external)
2015-06-20
5.0
CVE-2015-4202
CISCO (link is
external)
hostname match during verification of X.509
certificates, which allows man-in-the-middle
attackers to spoof HTTPS servers via an arbitrary
valid certificate.
audiosharescript --
Cross-site scripting (XSS) vulnerability in forgot.php
audioshare
in AudioShare 2.0.2 allows remote attackers to
inject arbitrary web script or HTML via the email
parameter.
cisco --
Cross-site request forgery (CSRF) vulnerability in
data_center_analyti Cisco Data Center Analytics Framework (DCAF) 1.4
cs_framework
allows remote attackers to hijack the authentication
of arbitrary users, aka Bug ID CSCun26807.
cisco -- nx-os
Cisco NX-OS 5.2(5) on Nexus 7000 devices allows
remote attackers to cause a denial of service (device
crash) by sending a malformed LLDP packet on the
local network, aka Bug ID CSCud89415.
cisco --
Cross-site scripting (XSS) vulnerability in the web
web_security_appli framework on Cisco Web Security Appliance (WSA)
ance
devices with software 8.5.0-497 allows remote
attackers to inject arbitrary web script or HTML via
an unspecified HTTP header, aka Bug ID
CSCuu24409.
cisco --
The Gateway General Packet Radio Service Support
asr_5000_series_sof Node (GGSN) component on Cisco ASR 5000
tware
devices with software 17.2.0.59184 and
18.0.L0.59219 allows remote attackers to cause a
denial of service (Session Manager restart) via an
invalid TCP/IP header, aka Bug ID CSCut68058.
cisco -- ios
Cisco IOS 12.2SCH on uBR10000 router Cable
Modem Termination Systems (CMTS) does not
properly restrict access to the IP Detail Record
(IPDR) service, which allows remote attackers to
obtain potentially sensitive MAC address and
network-utilization information via crafted IPDR
packets, aka Bug ID CSCua39203.
cisco -- ios
Race condition in Cisco IOS 12.2SCH in the
2015-06-23
5.4
CVE-2015-4203
CISCO (link is
external)
2015-06-23
6.8
CVE-2015-4204
CISCO (link is
external)
2015-06-23
5.7
CVE-2015-4205
CISCO (link is
external)
2015-06-23
5.0
CVE-2015-4207
CISCO (link is
external)
2015-06-23
6.4
CVE-2015-4209
CISCO (link is
external)
2015-06-23
4.3
CVE-2015-4210
CISCO (link is
external)
2015-06-24
5.0
CVE-2015-4212
CISCO (link is
Performance Routing Engine (PRE) module on
uBR10000 devices, when NetFlow and an MPLS IPv6
VPN are configured, allows remote attackers to
cause a denial of service (PXF process crash) by
sending malformed MPLS 6VPE packets quickly, aka
Bug ID CSCud83396.
cisco -- cisco_ios
Memory leak in Cisco IOS 12.2 in the Performance
Routing Engine (PRE) module on uBR10000 devices
allows remote authenticated users to cause a denial
of service (memory consumption or PXF process
crash) by sending docsIfMCmtsMib SNMP requests
quickly, aka Bug ID CSCue65051.
cisco -- ios_xr
Cisco IOS XR 5.3.1 on ASR 9000 devices allows
remote attackers to cause a denial of service (NPU
chip reset or line-card reload) by sending crafted
IEEE 802.3x flow-control PAUSE frames on the local
network, aka Bug ID CSCut19959.
cisco --
Cisco WebEx Meeting Center places a meeting's
webex_meeting_ce access number in a URL, which allows remote
nter
attackers to obtain sensitive information and
bypass intended attendance restrictions by visiting
a meeting-registration page, aka Bug ID
CSCus62147.
cisco --
Cisco WebEx Meeting Center does not properly
webex_meeting_ce determine authorization for reading a host
nter
calendar, which allows remote attackers to obtain
sensitive information by obtaining a list of all
meetings and then sending a calendar request for
each one, aka Bug ID CSCur23913.
cisco --
Cross-site scripting (XSS) vulnerability in Cisco
webex_meeting_ce WebEx Meeting Center allows remote attackers to
nter
inject arbitrary web script or HTML via a crafted
URL, aka Bug ID CSCur03806.
cisco --
Cisco WebEx Meeting Center allows remote
webex_meeting_ce attackers to obtain sensitive information via
nter
external)
unspecified vectors, as demonstrated by
discovering credentials, aka Bug ID CSCut17466.
cisco -- nx-os
Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows
2015-06-24
4.0
CVE-2015-4213
CISCO (link is
external)
2015-06-24
4.0
CVE-2015-4214
CISCO (link is
external)
2015-06-24
6.1
CVE-2015-4215
CISCO (link is
external)
2015-06-26
5.0
CVE-2015-4216
CISCO (link is
external)
2015-06-26
4.3
CVE-2015-4217
CISCO (link is
external)
CISCO (link is
external)
2015-06-24
5.0
CVE-2015-4218
CISCO (link is
external)
remote authenticated users to discover cleartext
passwords by leveraging the existence of a
decryption mechanism, aka Bug ID CSCuu84391.
cisco --
Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9)
unified_meetingpla allows remote authenticated users to discover
ce
cleartext passwords by reading HTML source code,
aka Bug ID CSCuu33050.
cisco --
Cisco Wireless LAN Controller (WLC) devices with
wireless_lan_contro software 7.5(102.0) and 7.6(1.62) allow remote
ller_software
attackers to cause a denial of service (device crash)
by triggering an exception during attempted
forwarding of unspecified IPv6 packets to a nonIPv6 device, aka Bug ID CSCuj01046.
cisco --
The remote-support feature on Cisco Web Security
content_security_m Virtual Appliance (WSAv), Email Security Virtual
anagement_virtual_ Appliance (ESAv), and Security Management Virtual
appliance
Appliance (SMAv) devices before 2015-06-25 uses
the same default SSH root authorized key across
different customers' installations, which makes it
easier for remote attackers to bypass
authentication by leveraging knowledge of a
private key from another installation, aka Bug IDs
CSCuu95988, CSCuu95994, and CSCuu96630.
cisco --
The remote-support feature on Cisco Web Security
content_security_m Virtual Appliance (WSAv), Email Security Virtual
anagement_virtual_ Appliance (ESAv), and Security Management Virtual
appliance
Appliance (SMAv) devices before 2015-06-25 uses
the same default SSH host keys across different
customers' installations, which makes it easier for
remote attackers to defeat cryptographic
protection mechanisms by leveraging knowledge of
a private key from another installation, aka Bug IDs
CSCus29681, CSCuu95676, and CSCuu96601.
cisco -- jabber
The web-based user interface in Cisco Jabber
through 9.6(3) and 9.7 through 9.7(5) on Windows
allows remote attackers to obtain sensitive
information via a crafted value in a GET request, aka
Bug IDs CSCuu65622 and CSCuu70858.
cisco --
Cisco Secure Access Control System before
identity_services_e
5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco
ngine_software
Identity Services Engine 1.0(4.573) do not properly
2015-06-24
4.0
CVE-2015-4219
CISCO (link is
external)
2015-06-25
4.3
CVE-2015-4220
CISCO (link is
external)
2015-06-26
4.0
CVE-2015-4221
CISCO (link is
external)
2015-06-26
6.5
CVE-2015-4222
CISCO (link is
external)
2015-06-25
5.0
CVE-2015-4223
CISCO (link is
external)
2015-06-26
4.3
CVE-2015-1159
CERT-VN
CONFIRM
MISC (link is
external)
CONFIRM (link
is external)
CONFIRM
implement access control for support bundles,
which allows remote authenticated users to obtain
sensitive information via brute-force attempts to
send valid credentials, aka Bug IDs CSCue00833 and
CSCub40331.
cisco --
Cross-site scripting (XSS) vulnerability in Cisco
unified_presence_s Unified Presence Server 9.1(1) allows remote
erver
attackers to inject arbitrary web script or HTML via
an unspecified value, aka Bug ID CSCuq03773.
cisco --
Cisco Unified Communications Manager IM and
unified_communica Presence Service 9.1(1) does not properly restrict
tions_manager_im_ access to encrypted passwords, which allows
and_presence_servi remote attackers to determine cleartext passwords,
ce
and consequently execute arbitrary commands, by
visiting an unspecified web page and then
conducting a decryption attack, aka Bug ID
CSCuq46194.
cisco --
SQL injection vulnerability in Cisco Unified
unified_communica Communications Manager IM and Presence Service
tions_manager_im_ 9.1(1) allows remote authenticated users to execute
and_presence_servi arbitrary SQL commands via unspecified vectors,
ce
aka Bug ID CSCuq46325.
cisco -- ios_xr
Cisco IOS XR 5.1.3 allows remote attackers to cause
a denial of service (process reload) via crafted MPLS
Label Distribution Protocol (LDP) packets, aka Bug
ID CSCuu77478.
cups -- cups
Cross-site scripting (XSS) vulnerability in the
cgi_puts function in cgi-bin/template.c in the
template engine in CUPS before 2.0.3 allows remote
attackers to inject arbitrary web script or HTML via
the QUERY parameter to help/.
CONFIRM
MISC (link is
external)
dream-multimedia- Cross-site scripting (XSS) vulnerability in the
tv --
DreamBox DM500-S allows remote attackers to
dreambox_dm500-
inject arbitrary web script or HTML via the mode
s_firmware
parameter to /body.
drupal -- drupal
The Render cache system in Drupal 7.x before 7.38,
2015-06-22
4.3
CVE-2015-4714
MISC (link is
external)
2015-06-22
4.0
CVE-2015-3231
CONFIRM
DEBIAN
2015-06-22
5.8
CVE-2015-3232
CONFIRM
DEBIAN
2015-06-22
5.8
CVE-2015-3233
CONFIRM
DEBIAN
2015-06-22
4.3
CVE-2015-3234
CONFIRM
DEBIAN
2015-06-22
4.3
CVE-2015-0526
BUGTRAQ
2015-06-19
6.8
CVE-2015-4677
EXPLOIT-DB
(link is external)
2015-06-26
5.0
CVE-2015-1266
CONFIRM
CONFIRM (link
when used to cache content by user role, allows
remote authenticated users to obtain private
content viewed by user 1 by reading the cache.
drupal -- drupal
Open redirect vulnerability in the Field UI module in
Drupal 7.x before 7.38 allows remote attackers to
redirect users to arbitrary web sites and conduct
phishing attacks via a URL in the destinations
parameter.
drupal -- drupal
Open redirect vulnerability in the Overlay module in
Drupal 7.x before 7.38 allows remote attackers to
redirect users to arbitrary web sites and conduct
phishing attacks via unspecified vectors.
drupal -- drupal
The OpenID module in Drupal 6.x before 6.36 and
7.x before 7.38 allows remote attackers to log into
other users' accounts by leveraging an OpenID
identity from certain providers, as demonstrated by
the Verisign, LiveJournal, and StackExchange
providers.
emc --
Multiple cross-site scripting (XSS) vulnerabilities in
rsa_validation_man EMC RSA Validation Manager (RVM) 3.2 before build
ager
201 allow remote attackers to inject arbitrary web
script or HTML via the (1) displayMode or (2)
wrapPreDisplayMode parameter.
fiverrscript --
Cross-site request forgery (CSRF) vulnerability in
fiverrscript
FiverrScript (aka Fiverr Script) 7.2 allows remote
attackers to hijack the authentication of
administrators for requests that create a new admin
via a request to administrator/admins_create.php.
google -- chrome
content/browser/webui/content_web_ui_controlle
r_factory.cc in Google Chrome before 43.0.2357.130
is external)
CONFIRM (link
is external)
does not properly consider the scheme in
determining whether a URL is associated with a
WebUI SiteInstance, which allows remote attackers
to bypass intended access restrictions via a similar
URL, as demonstrated by use of http://gpu when
there is a WebUI class for handling chrome://gpu
requests.
google -- chrome
Blink, as used in Google Chrome before
2015-06-26
5.0
CVE-2015-1267
CONFIRM
CONFIRM
CONFIRM (link
is external)
CONFIRM (link
is external)
2015-06-26
5.0
CVE-2015-1268
CONFIRM
CONFIRM (link
is external)
CONFIRM (link
is external)
2015-06-26
4.3
CVE-2015-1269
CONFIRM
CONFIRM (link
is external)
CONFIRM (link
is external)
2015-06-22
5.0
CVE-2015-3236
CONFIRM (link
is external)
2015-06-22
6.4
CVE-2015-3237
CONFIRM (link
is external)
43.0.2357.130, does not properly restrict the
creation context during creation of a DOM wrapper,
which allows remote attackers to bypass the Same
Origin Policy via crafted JavaScript code that uses a
Blink public API, related to
WebArrayBufferConverter.cpp, WebBlob.cpp,
WebDOMError.cpp, and WebDOMFileSystem.cpp.
google -- chrome
bindings/scripts/v8_types.py in Blink, as used in
Google Chrome before 43.0.2357.130, does not
properly select a creation context for a return
value's DOM wrapper, which allows remote
attackers to bypass the Same Origin Policy via
crafted JavaScript code, as demonstrated by use of
a data: URL.
google -- chrome
The DecodeHSTSPreloadRaw function in
net/http/transport_security_state.cc in Google
Chrome before 43.0.2357.130 does not properly
canonicalize DNS hostnames before making
comparisons to HSTS or HPKP preload entries,
which allows remote attackers to bypass intended
access restrictions via a string that (1) ends in a .
(dot) character or (2) is not entirely lowercase.
haxx -- curl
cURL and libcurl 7.40.0 through 7.42.1 sends the
HTTP Basic authentication credentials for a previous
connection when reusing a reset (curl_easy_reset)
connection handle to send a request to the same
host name, which allows remote attackers to obtain
sensitive information via unspecified vectors.
haxx -- curl
The smb_request_state function in cURL and libcurl
7.40.0 through 7.42.1 allows remote SMB servers to
obtain sensitive information from memory or cause
a denial of service (out-of-bounds read and crash)
via crafted length and offset values.
mcafee --
Intel McAfee ePolicy Orchestrator (ePO) 4.x through
2015-06-23
5.8
CVE-2015-2859
CERT-VN
CONFIRM (link
is external)
CONFIRM (link
is external)
2015-06-24
4.3
CVE-2015-5066
BUGTRAQ
(link is external)
MISC (link is
external)
MISC
2015-06-24
4.3
CVE-2015-5064
BUGTRAQ
(link is external)
MISC
2015-06-24
4.3
CVE-2015-4413
CONFIRM
CONFIRM
FULLDISC
2015-06-25
6.8
CVE-2015-1851
CONFIRM (link
is external)
MLIST (link is
external)
MLIST (link is
external)
MLIST (link is
external)
DEBIAN
MLIST
2015-06-24
5.0
CVE-2015-5065
CONFIRM
EXPLOIT-DB
epolicy_orchestrato 4.6.9 and 5.x through 5.1.2 does not validate server
r
names and Certification Authority names in X.509
certificates from SSL servers, which allows man-inthe-middle attackers to spoof servers and obtain
sensitive information via a crafted certificate.
metalgenix --
Multiple cross-site scripting (XSS) vulnerabilities in
genixcms
the MetalGenix GeniXCMS 0.0.3 allow remote
attackers to inject arbitrary web script or HTML via
the (1) content or (2) title field in an add action in
the posts page to index.php or the (3) q parameter
in the posts page to index.php.
mysql-lite-
Multiple cross-site scripting (XSS) vulnerabilities in
administrator_proje MySql Lite Administrator (mysql-lite-administrator)
ct -- mysql-lite-
beta-1 allow remote attackers to inject arbitrary
administrator
web script or HTML via the table_name parameter
to (1) tabella.php, (2) coloni.php, or (3) insert.php or
(4) num_row parameter to coloni.php.
nextend --
Cross-site scripting (XSS) vulnerability in the
facebook_connect
new_fb_sign_button function in nextendfacebook-connect.php in Nextend Facebook
Connect plugin before 1.5.6 for WordPress allows
remote attackers to inject arbitrary web script or
HTML via the redirect_to parameter.
openstack --
OpenStack Cinder before 2014.1.5 (icehouse),
icehouse
2014.2.x before 2014.2.4 (juno), and 2015.1.x before
2015.1.1 (kilo) allows remote authenticated users to
read arbitrary files via a crafted qcow2 signature in
an image to the upload-to-image command.
paypal_currency_co Absolute path traversal vulnerability in proxy.php
nverter_basic_for_
in the google currency lookup in the Paypal
woocommerce_proj Currency Converter Basic For WooCommerce plugin
ect --
(link is external)
CONFIRM
MISC (link is
external)
before 1.4 for WordPress allows remote attackers to
paypal_currency_co read arbitrary files via a full pathname in the requrl
nverter_basic_for_
parameter.
woocommerce
pearson --
Pearson ProctorCache before 2015.1.17 uses the
proctorcache
same hardcoded password across different
2015-06-23
5.0
CVE-2015-0972
CERT-VN
2015-06-24
5.0
CVE-2015-3900
CONFIRM
2015-06-24
5.0
CVE-2015-5067
MISC (link is
external)
MISC (link is
external)
2015-06-24
6.8
CVE-2015-2308
CONFIRM (link
is external)
JVNDB (link is
external)
JVN (link is
external)
2015-06-24
5.8
CVE-2015-5062
BUGTRAQ
(link is external)
MISC (link is
external)
2015-06-24
4.3
CVE-2015-5063
BUGTRAQ
(link is external)
MISC (link is
external)
2015-06-19
6.4
CVE-2015-4641
CERT-VN
customers' installations, which allows remote
attackers to modify test metadata or cause a denial
of service (test disruption) by leveraging knowledge
of this password.
ruby-lang -- ruby
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4,
and 2.4.x before 2.4.7 does not validate the
hostname when fetching gems or making API
request, which allows remote attackers to redirect
requests to arbitrary domains via a crafted DNS SRV
record, aka a "DNS hijack attack."
sap -- netweaver
The (1) Cross-System Tools and (2) Data Transfer
Workbench in SAP NetWeaver have hardcoded
credentials, which allows remote attackers to
obtain access via unspecified vectors, aka SAP
Security Note 2059659 and 2057982.
sensiolabs --
Eval injection vulnerability in the HttpCache class in
symfony
HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and
2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows
remote attackers to execute arbitrary PHP code via
a language="php" attribute of a SCRIPT element.
silverstripe --
Open redirect vulnerability in SilverStripe CMS &
silverstripe
Framework 3.1.13 allows remote attackers to
redirect users to arbitrary web sites and conduct
phishing attacks via a URL in the returnURL
parameter to dev/build.
silverstripe --
Multiple cross-site scripting (XSS) vulnerabilities in
silverstripe
SilverStripe CMS & Framework 3.1.13 allow remote
attackers to inject arbitrary web script or HTML via
the (1) admin_username or (2) admin_password
parameter to install.php.
swiftkey --
Directory traversal vulnerability in the SwiftKey
swiftkey_sdk
MISC (link is
external)
MISC (link is
external)
MISC (link is
external)
MISC (link is
external)
language-pack update implementation on
Samsung Galaxy S4, S4 Mini, S5, and S6 devices
allows remote web servers to write to arbitrary files,
and consequently execute arbitrary code in a
privileged context, by leveraging control of the
skslm.swiftkey.net domain name and providing a ..
(dot dot) in an entry in a ZIP archive, as
demonstrated by a traversal to the /data/dalvikcache directory.
toshiba -- chec
CreateBossCredentials.jar in Toshiba CHEC before
2015-06-24
5.0
CVE-2014-4875
CONFIRM
CERT-VN
2015-06-24
4.3
CVE-2015-2169
MISC (link is
external)
FULLDISC
6.6 build 4014 and 6.7 before build 4329 contains a
hardcoded AES key, which allows attackers to
discover Back Office System Server (BOSS) DB2
database credentials by leveraging knowledge of
this key in conjunction with bossinfo.pro read
access.
zohocorp --
Cross-site scripting (XSS) vulnerability in Zoho
manageengine_ass ManageEngine AssetExplorer 6.1 service pack 6112
etexplorer
allows remote attackers to inject arbitrary web
script or HTML via a Publisher registry entry, which
is not properly handled when the machine is
scanned.
Low Severity Vulnerabilities
The Primary
Description
Vendor --- Product
swiftkey --
The SwiftKey language-pack update implementation
swiftkey_sdk
on Samsung Galaxy S4, S4 Mini, S5, and S6 devices
Date Published CVSS The CVE
Score Identity
2015-06-19
2.9
CVE-2015-4640
CERT-VN
MISC (link is
external)
MISC (link is
external)
MISC (link is
external)
MISC (link is
external)
2015-06-24
3.5
CVE-2015-5061
MISC (link is
external)
MISC (link is
external)
relies on an HTTP connection to the
skslm.swiftkey.net server, which allows man-in-themiddle attackers to write to language-pack files by
modifying an HTTP response. NOTE: CVE-2015-4640
exploitation can be combined with CVE-2015-4641
exploitation for man-in-the-middle code execution.
zohocorp --
Cross-site scripting (XSS) vulnerability in Zoho
manageengine_ass ManageEngine AssetExplorer 6.1 service pack 6112
etexplorer
and earlier allows remote authenticated users with
permissions to add new vendors to inject arbitrary
web script or HTML via the organizationName
parameter to VendorDef.do.
•
Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which
contains a database of every vulnerability that has ever been published).
Uganda Communications Commission – UGCERT
Email: info@ug-cert.ug Tel + 256 414 302 100/150 Toll Free: 0800 133 911
Website www.ug-cert.ug Face book / Twitter: UGCERT
Related documents
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Cisco Services are most attractive to customers when they are sold
Cisco Services are most attractive to customers when they are sold
CCENT 640-822 ICND1 Exam Topics Review
CCENT 640-822 ICND1 Exam Topics Review
Class Schedule
Class Schedule
Full-time Information System Administrator
Full-time Information System Administrator
7 Survival Skills - 21st Century Schools
7 Survival Skills - 21st Century Schools
102 - ICM Software House
102 - ICM Software House
Download
advertisement