tower2
wifi2
wifi3
wifi1
tower3
cat51
cat52
tower4
tower1
tower5
Security and Firewalls PDF Print E-mail
Written by Administrator   
Tuesday, April 26 2011 09:15

In today's internet, intrusion dectection is a must to ensure data reliablity for all parties. Nexus offers a state-of-the-art security solution to combat unauthorized access to your network. Firewalls are monitored contantly 24x7 by a trained staff with failsafe backup servers at every turn. Whether wirleline or wireless, Nexus has the manpower and resourses to protect your data.

 

Last Updated on Wednesday, March 27 2013 08:26
 

CERT Cyber Security Bulletins

US-CERT Bulletins
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
  • SB14-216: Vulnerability Summary for the Week of July 28, 2014
    Original release date: August 04, 2014

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apple -- quicktimeApple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.2014-07-269.3CVE-2014-4979
    MISC
    codeaurora -- android-msmThe kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.2014-08-017.2CVE-2014-0972
    fonality -- trixboxSQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.2014-07-287.5CVE-2014-5109
    XF
    MISC
    fonality -- trixboxmaint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.2014-07-287.5CVE-2014-5112
    MISC
    h3c -- secbladefwUnspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.2014-07-287.8CVE-2013-4840
    hp -- network_virtualizationDirectory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.2014-07-268.5CVE-2014-2625
    MISC
    hp -- network_virtualizationDirectory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.2014-07-269.4CVE-2014-2626
    MISC
    ibm -- websphere_portalSQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2014-07-297.5CVE-2014-3055
    XF
    AIXAPAR
    linux -- linux_kernelarch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.2014-08-017.2CVE-2014-3534
    CONFIRM
    CONFIRM
    mailpoet -- mailpoet_newslettersThe MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.2014-07-277.5CVE-2014-4725
    MLIST
    MISC
    MISC
    MISC
    MISC
    mailpoet -- mailpoet_newslettersUnspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.2014-07-277.5CVE-2014-4726
    MLIST
    microsoft -- windows_xpMicrosoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.2014-07-267.2CVE-2014-4971
    MISC
    MISC
    FULLDISC
    FULLDISC
    moodle -- moodleThe Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.2014-07-297.5CVE-2014-3541
    MLIST
    morpho -- itemiser_3Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.2014-07-2610.0CVE-2014-2363
    MISC
    ol-commerce_project -- ol-commerceMultiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.2014-07-287.5CVE-2014-5104
    BID
    MISC
    sabreairlinesolutions -- crew_managementMultiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.2014-07-267.5CVE-2014-4858
    sap -- solution_managerThe License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.2014-07-317.5CVE-2014-5175
    CONFIRM
    XF
    BID
    MISC
    FULLDISC
    CONFIRM
    vbulletin -- vbulletinSQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.2014-07-257.5CVE-2014-5102
    MISC
    MISC
    webidsupport -- webidWeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.2014-07-297.5CVE-2014-5114
    BID
    MISC
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    aas9 -- zerocmsCross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field.2014-07-294.3CVE-2014-4710
    MISC
    EXPLOIT-DB
    acmailer -- acmailerMultiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization.2014-07-296.8CVE-2014-3896
    CONFIRM
    JVNDB
    JVN
    apple -- cupsThe web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.2014-07-295.0CVE-2014-5031
    MLIST
    MLIST
    DEBIAN
    SECUNIA
    cairographics -- cairoThe cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.2014-07-295.0CVE-2014-5116
    CONFIRM
    OSVDB
    EXPLOIT-DB
    caucho -- resinThe ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.2014-07-265.0CVE-2014-2966
    cisco -- webex_meetings_serverThe ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.2014-07-265.0CVE-2014-3301
    cisco -- webex_meetings_serveruser.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.2014-08-015.8CVE-2014-3302
    cisco -- webex_meetings_serverThe web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713.2014-07-284.0CVE-2014-3303
    cisco -- webex_meetings_serverThe OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722.2014-07-285.0CVE-2014-3304
    cisco -- webex_meetings_serverCross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.2014-07-266.8CVE-2014-3305
    cisco -- telepresence_server_softwareMultiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.2014-07-264.3CVE-2014-3324
    cisco -- security_managerSQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.2014-07-266.5CVE-2014-3326
    cisco -- unified_presence_serverThe Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125.2014-07-265.0CVE-2014-3328
    cisco -- prime_data_center_network_managerCross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620.2014-07-294.3CVE-2014-3329
    concrete5 -- concrete5concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php, (10) system/seo/view.php, (11) view.php, (12) users/attributes.php, (13) scrapbook/view.php, (14) pages/attributes.php, (15) files/attributes.php, or (16) files/search.php in single_pages/dashboard/.2014-07-285.0CVE-2014-5107
    BID
    MISC
    OSVDB
    concrete5 -- concrete5Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.2014-07-284.3CVE-2014-5108
    BID
    MISC
    OSVDB
    dirphp_project -- dirphpAbsolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.2014-07-295.0CVE-2014-5115
    EXPLOIT-DB
    elasticsearch -- elasticsearchThe default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.2014-07-286.8CVE-2014-3120
    MISC
    BID
    MISC
    OSVDB
    EXPLOIT-DB
    MISC
    fonality -- trixboxCross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter.2014-07-284.3CVE-2014-5110
    XF
    MISC
    fonality -- trixboxMultiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.2014-07-285.0CVE-2014-5111
    MISC
    gnu -- glibcMultiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.2014-07-296.8CVE-2014-0475
    CONFIRM
    SECTRACK
    MLIST
    MLIST
    DEBIAN
    gurock -- testrailCross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity.2014-07-264.3CVE-2014-4857
    homepage_decorator_perlmailer_project -- homepage_decorator_perlmailerCross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-07-294.3CVE-2014-3897
    JVNDB
    JVN
    hp -- nonstop_netbatchUnspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.2014-08-015.2CVE-2014-2627
    hp -- data_protector** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design."2014-08-016.4CVE-2014-5160
    MISC
    MISC
    ibm -- atlas_ediscovery_process_managementMultiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.2014-07-294.3CVE-2014-0889
    XF
    CONFIRM
    ibm -- rational_software_architect_design_managerUnspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.2014-07-306.5CVE-2014-0947
    XF
    ibm -- rational_software_architect_design_managerUnspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.2014-07-306.0CVE-2014-0948
    XF
    ibm -- embedded_websphere_application_serverinstall.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.2014-07-296.9CVE-2014-3020
    XF
    ibm -- websphere_portalMultiple open redirect vulnerabilities in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2014-07-295.8CVE-2014-3054
    XF
    AIXAPAR
    ibm -- websphere_portalThe Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors.2014-07-295.0CVE-2014-3056
    XF
    AIXAPAR
    ibm -- websphere_portalCross-site scripting (XSS) vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2014-07-294.3CVE-2014-3057
    XF
    AIXAPAR
    ibm -- infosphere_information_serverCross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.2014-07-264.3CVE-2014-3071
    XF
    ibm -- sametimeCross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2014-07-264.3CVE-2014-4748
    XF
    innominate -- mguard_firmwareInnominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.2014-07-305.0CVE-2014-2356
    invisionpower -- invision_power_boardCross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.2014-07-284.3CVE-2014-5106
    XF
    BID
    BUGTRAQ
    iodata -- ts-ptcam/poe_cameraThe I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors.2014-07-296.4CVE-2014-3895
    JVNDB
    JVN
    libndp -- libndpBuffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.2014-07-316.8CVE-2014-3554
    CONFIRM
    XF
    MLIST
    linux -- linux_kernelThe mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.2014-08-016.2CVE-2014-5045
    CONFIRM
    MLIST
    CONFIRM
    linux -- linux_kernelThe sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.2014-08-015.4CVE-2014-5077
    MLIST
    moodle -- moodlemod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2014-07-294.3CVE-2014-3542
    MLIST
    moodle -- moodlemod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.2014-07-294.3CVE-2014-3543
    MLIST
    moodle -- moodleMoodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.2014-07-296.0CVE-2014-3545
    MLIST
    moodle -- moodleMoodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.2014-07-295.0CVE-2014-3546
    MLIST
    moodle -- moodleMultiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.2014-07-294.3CVE-2014-3547
    MLIST
    moodle -- moodleMultiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.2014-07-294.3CVE-2014-3548
    MLIST
    moodle -- moodleCross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.2014-07-294.3CVE-2014-3549
    MLIST
    moodle -- moodleMultiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task.2014-07-294.3CVE-2014-3550
    MLIST
    moodle -- moodleThe Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction.2014-07-296.0CVE-2014-3552
    MLIST
    moodle -- moodlemod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.2014-07-294.9CVE-2014-3553
    MLIST
    netty_project -- nettyThe SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.2014-07-315.0CVE-2014-3488
    CONFIRM
    SECUNIA
    ol-commerce_project -- ol-commerceMultiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php.2014-07-284.3CVE-2014-5105
    BID
    MISC
    omeka -- omekaMultiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.2014-07-256.8CVE-2014-5100
    XF
    XF
    MISC
    MISC
    BID
    EXPLOIT-DB
    MISC
    reviewboard -- review_boardCross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.2014-07-254.3CVE-2014-5027
    BID
    MLIST
    MLIST
    sap -- hanaMultiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-07-314.3CVE-2014-5172
    CONFIRM
    XF
    BID
    BUGTRAQ
    MISC
    FULLDISC
    CONFIRM
    MISC
    sap -- hana_extend_application_servicesSAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.2014-07-315.0CVE-2014-5173
    CONFIRM
    XF
    BUGTRAQ
    FULLDISC
    CONFIRM
    MISC
    sap -- fi_manager_self-serviceSAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-07-316.0CVE-2014-5176
    CONFIRM
    XF
    BID
    BUGTRAQ
    MISC
    FULLDISC
    CONFIRM
    MISC
    silver-peak -- vxCross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.2014-07-286.8CVE-2014-2974
    silver-peak -- vxCross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.2014-07-284.3CVE-2014-2975
    torproject -- torTor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY cells as a means of communicating information about hidden service names.2014-07-304.3CVE-2014-5117
    CONFIRM
    MLIST
    MLIST
    MISC
    transmissionbt -- transmissionInteger overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.2014-07-296.8CVE-2014-4909
    MISC
    CONFIRM
    CONFIRM
    UBUNTU
    BID
    OSVDB
    MLIST
    MLIST
    DEBIAN
    SECUNIA
    SECUNIA
    SECUNIA
    FEDORA
    MISC
    ubnt -- unifi_videoThe default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.2014-07-256.0CVE-2014-2227
    BID
    MISC
    FULLDISC
    visualware -- myconnection_serverMultiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter.2014-07-284.3CVE-2014-5113
    BID
    MISC
    MISC
    vitamin_plugin_project -- vitaminMultiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.2014-07-315.0CVE-2012-6651
    BID
    MLIST
    MLIST
    webidsupport -- webidMultiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php.2014-07-254.3CVE-2014-5101
    BID
    MISC
    wireshark -- wiresharkThe dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.2014-08-015.0CVE-2014-5161
    wireshark -- wiresharkThe read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet.2014-08-015.0CVE-2014-5162
    wireshark -- wiresharkThe APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2014-08-015.0CVE-2014-5163
    CONFIRM
    wireshark -- wiresharkThe rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.2014-08-015.0CVE-2014-5164
    CONFIRM
    wireshark -- wiresharkThe dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet.2014-08-015.0CVE-2014-5165
    CONFIRM
    CONFIRM
    zohocorp -- manageengine_eventlog_analyzerCross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check.2014-07-254.3CVE-2014-5103
    BUGTRAQ
    MISC
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apache -- subversionsvnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.2014-07-282.4CVE-2013-4262
    apache -- subversionThe daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).2014-07-282.4CVE-2013-7393
    apple -- cupsThe web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.2014-07-291.5CVE-2014-5029
    MLIST
    MLIST
    DEBIAN
    SECUNIA
    apple -- cupsCUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.2014-07-291.9CVE-2014-5030
    MLIST
    MLIST
    DEBIAN
    SECUNIA
    ibm -- maximo_asset_managementCross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.2014-07-303.5CVE-2014-0914
    XF
    AIXAPAR
    ibm -- maximo_asset_managementMultiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.2014-07-303.5CVE-2014-0915
    XF
    AIXAPAR
    ibm -- infosphere_master_data_managementThe GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site.2014-08-013.5CVE-2014-3009
    XF
    ibm -- maximo_asset_managementMultiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.2014-07-303.5CVE-2014-3025
    XF
    AIXAPAR
    ibm -- maximo_asset_managementCRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.2014-07-293.5CVE-2014-3026
    XF
    ibm -- rational_team_concertIBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors.2014-07-293.5CVE-2014-3050
    XF
    ibm -- sametimeThe Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser.2014-07-262.1CVE-2014-4747
    moodle -- moodleCross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.2014-07-293.5CVE-2014-3544
    MISC
    MLIST
    moodle -- moodleMultiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.2014-07-293.5CVE-2014-3551
    MLIST
    sap -- hana_extend_application_servicesSAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.2014-07-312.9CVE-2014-5171
    CONFIRM
    BUGTRAQ
    MISC
    FULLDISC
    CONFIRM
    MISC
    sap -- netweaver_business_warehouseThe SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.2014-07-313.5CVE-2014-5174
    CONFIRM
    XF
    BID
    MISC
    CONFIRM
    MISC
    ubnt -- unifi_controllerUbiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.2014-07-292.6CVE-2014-2226
    BID
    MISC
    FULLDISC
    MISC
    zarafa -- webappWebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.2014-07-292.1CVE-2014-0103
    CONFIRM
    BID
    FEDORA
    FEDORA
    Back to top

     


    This product is provided subject to this Notification and this Privacy & Use policy.


  • SB14-209: Vulnerability Summary for the Week of July 21, 2014
    Original release date: July 28, 2014

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    acme -- micro_httpdBuffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.2014-07-247.8CVE-2014-4927
    BID
    EXPLOIT-DB
    MISC
    OSVDB
    advantech -- advantech_webaccessMultiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.2014-07-197.5CVE-2014-2364
    attachmate -- verastream_process_designerUnrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.2014-07-2410.0CVE-2014-0607
    autodesk -- sketchbook_proInteger overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow.2014-07-239.3CVE-2014-3938
    MISC
    SECUNIA
    autodesk -- sketchbook_proHeap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file.2014-07-239.3CVE-2014-3939
    MISC
    SECUNIA
    bfgminer -- bfgminerMultiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c.2014-07-2310.0CVE-2014-4501
    FULLDISC
    bfgminer -- bfgminerMultiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request.2014-07-2310.0CVE-2014-4502
    CONFIRM
    FULLDISC
    blogengine -- e2SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.2014-07-247.5CVE-2014-4736
    MISC
    BID
    BUGTRAQ
    citrix -- xenserverBuffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.2014-07-2210.0CVE-2014-4947
    BID
    cybozu -- garoonThe CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.2014-07-2010.0CVE-2014-1987
    cybozu -- garoonCybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.2014-07-207.5CVE-2014-1996
    elasticsearch -- logstashElasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.2014-07-227.5CVE-2014-4326
    BUGTRAQ
    CONFIRM
    fuelphp -- fuelphpThe auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.2014-07-207.5CVE-2014-1999
    gitlist -- gitlistGitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.2014-07-227.5CVE-2013-7392
    MISC
    MISC
    gitlist -- gitlistGitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.2014-07-227.5CVE-2014-4511
    CONFIRM
    EXPLOIT-DB
    EXPLOIT-DB
    MISC
    MISC
    MISC
    google -- chromeThe ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.2014-07-207.5CVE-2014-3160
    CONFIRM
    CONFIRM
    google -- chromeThe WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream.2014-07-207.5CVE-2014-3161
    CONFIRM
    CONFIRM
    honeywell -- falcon_xlweb_linux_controllerHoneywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page.2014-07-247.6CVE-2014-2717
    joomlaboat -- com_youtubegalleryMultiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.2014-07-217.5CVE-2014-4960
    BID
    EXPLOIT-DB
    limesurvey -- limesurveySQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter.2014-07-217.5CVE-2014-5017
    MISC
    mozilla -- firefoxUse-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.2014-07-2310.0CVE-2014-1544
    CONFIRM
    mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2014-07-2310.0CVE-2014-1547
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    mozilla -- firefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.2014-07-2310.0CVE-2014-1548
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    mozilla -- firefoxThe mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering.2014-07-239.3CVE-2014-1549
    CONFIRM
    mozilla -- firefoxUse-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.2014-07-2310.0CVE-2014-1550
    CONFIRM
    mozilla -- firefoxUse-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object.2014-07-2310.0CVE-2014-1551
    CONFIRM
    mozilla -- firefoxUse-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.2014-07-239.3CVE-2014-1555
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.2014-07-239.3CVE-2014-1556
    CONFIRM
    mozilla -- firefoxThe ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.2014-07-239.3CVE-2014-1557
    CONFIRM
    oleumtech -- sensor_wireless_i/o_moduleOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.2014-07-247.5CVE-2014-2360
    oleumtech -- sensor_wireless_i/o_moduleOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.2014-07-247.2CVE-2014-2361
    oleumtech -- sensor_wireless_i/o_moduleOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.2014-07-247.8CVE-2014-2362
    redhat -- jboss_enterprise_application_platformThe org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.2014-07-227.5CVE-2014-3530
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    advantech -- advantech_webaccessUnspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.2014-07-195.5CVE-2014-2365
    advantech -- advantech_webaccessupAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.2014-07-194.0CVE-2014-2366
    advantech -- advantech_webaccessThe ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.2014-07-194.3CVE-2014-2367
    advantech -- advantech_webaccessThe BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.2014-07-195.0CVE-2014-2368
    apache -- http_serverThe cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.2014-07-204.3CVE-2013-4352
    CONFIRM
    CONFIRM
    CONFIRM
    apache -- http_serverThe mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.2014-07-204.3CVE-2014-0117
    CONFIRM
    MISC
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    apache -- http_serverThe deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.2014-07-204.3CVE-2014-0118
    CONFIRM
    CONFIRM
    CONFIRM
    apache -- http_serverRace condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.2014-07-206.8CVE-2014-0226
    CONFIRM
    MISC
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    apache -- http_serverThe mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.2014-07-205.0CVE-2014-0231
    CONFIRM
    CONFIRM
    CONFIRM
    CONFIRM
    apache -- http_serverMemory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.2014-07-205.0CVE-2014-3523
    CONFIRM
    CONFIRM
    canonical -- acpi-supportRace condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.2014-07-246.9CVE-2014-1419
    CONFIRM
    cgminer_project -- cgminerThe parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message.2014-07-234.3CVE-2014-4503
    FULLDISC
    cisco -- asr_9000_rsp440_routerCisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.2014-07-246.1CVE-2014-3322
    cisco -- unified_customer_voice_portalMultiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733.2014-07-194.3CVE-2014-3325
    citrix -- xenserverUnspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).2014-07-226.4CVE-2014-4948
    BID
    cybozu -- garoonThe Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.2014-07-204.0CVE-2014-1993
    dell -- sonicwall_analyzerCross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.2014-07-244.3CVE-2014-5024
    BID
    FULLDISC
    MISC
    drupal -- drupalThe multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.2014-07-225.0CVE-2014-5019
    DEBIAN
    drupal -- drupalThe File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.2014-07-224.9CVE-2014-5020
    DEBIAN
    drupal -- drupalCross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.2014-07-224.3CVE-2014-5022
    DEBIAN
    e107 -- e107Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.2014-07-214.3CVE-2014-4734
    MISC
    CONFIRM
    BID
    BUGTRAQ
    emc -- recoverpoint_applianceThe default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports, or cause a denial of service, by sending packets to many ports.2014-07-195.8CVE-2014-2519
    BUGTRAQ
    entity_api_module_project -- entity_api_moduleThe Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector.2014-07-194.0CVE-2013-4273
    CONFIRM
    MLIST
    entity_api_module_project -- entity_api_moduleThe Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher organizations.2014-07-195.0CVE-2013-7391
    MLIST
    eterna -- bozohttpdbozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.2014-07-245.0CVE-2014-5015
    XF
    BID
    OSVDB
    CONFIRM
    MLIST
    gitlist -- gitlistRepository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.2014-07-226.8CVE-2014-5023
    MISC
    google -- chromeThe WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors.2014-07-206.4CVE-2014-3159
    CONFIRM
    CONFIRM
    google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2014-07-205.0CVE-2014-3162
    CONFIRM
    honeywell -- falcon_xlweb_linux_controllerMultiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.2014-07-244.3CVE-2014-3110
    huawei -- e355_web_uiCross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message.2014-07-244.3CVE-2014-2968
    ibm -- storwize_unified_v7000_softwareIBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account.2014-07-196.5CVE-2014-3043

    ibm -- infosphere_master_data_management_
    collaboration_server

    The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to read arbitrary files via a crafted UNIX file parameter.2014-07-196.3CVE-2014-3064
    XF
    limesurvey -- limesurveyMultiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to application/views/admin/globalSettings_view.php, or (3) a crafted CSV file to the "Import CSV" functionality.2014-07-214.3CVE-2014-5016
    MISC
    limesurvey -- limesurveyIncomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.2014-07-214.3CVE-2014-5018
    MISC
    linux -- linux_kernelThe PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.2014-07-196.9CVE-2014-4943
    CONFIRM
    CONFIRM
    MLIST
    mit -- kerberosMIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.2014-07-205.0CVE-2014-4341
    CONFIRM
    mit -- kerberosMIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.2014-07-205.0CVE-2014-4342
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.2014-07-235.8CVE-2014-1552
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559.2014-07-234.3CVE-2014-1558
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558.2014-07-234.3CVE-2014-1559
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.2014-07-234.3CVE-2014-1560
    CONFIRM
    mozilla -- firefoxMozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.2014-07-235.8CVE-2014-1561
    CONFIRM
    CONFIRM
    nexatechnologies -- meridianCross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-07-204.3CVE-2014-3892
    nextapp -- file_explorerDirectory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.2014-07-205.0CVE-2014-1973
    octavocms -- octavocmsCross-site scripting (XSS) vulnerability in admin/viewer.php in OctavoCMS allows remote attackers to inject arbitrary web script or HTML via the src parameter.2014-07-194.3CVE-2014-4331
    BID
    BUGTRAQ
    VIM
    omeka -- omekaMultiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.2014-07-256.8CVE-2014-5100
    XF
    XF
    MISC
    MISC
    BID
    EXPLOIT-DB
    MISC
    omron -- ns10_hmi_terminalCross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.2014-07-246.0CVE-2014-2369
    openstack -- neutronOpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.2014-07-234.0CVE-2014-3555
    MISC
    BID
    MLIST
    php_kobo -- multifunctional_mailform_freeCross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header.2014-07-204.3CVE-2014-3894
    phpmyadmin -- phpmyadminserver_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.2014-07-204.0CVE-2014-4987
    CONFIRM
    polarssl -- polarsslThe ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.2014-07-225.0CVE-2014-4911
    DEBIAN
    redhat -- enterprise_mrgCumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link.2014-07-195.0CVE-2012-2682
    CONFIRM
    redhat -- jboss_enterprise_application_platformjmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors.2014-07-226.8CVE-2014-3518
    reviewboard -- review_boardCross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.2014-07-254.3CVE-2014-5027
    BID
    MLIST
    MLIST
    siemens -- simatic_pcs7The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.2014-07-245.0CVE-2014-4682
    siemens -- simatic_pcs7The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.2014-07-244.9CVE-2014-4683
    siemens -- simatic_pcs7The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.2014-07-246.0CVE-2014-4684
    siemens -- simatic_pcs7Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.2014-07-244.6CVE-2014-4685
    siemens -- simatic_pcs7The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030.2014-07-246.8CVE-2014-4686
    sophos -- anti-virusMultiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter to exclusion/configure or (4) text:EmailServer or (5) newListList:Email parameter to notification/configure.2014-07-224.3CVE-2014-2385
    MISC
    SECTRACK
    FULLDISC
    tenable -- nessusThe /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter.2014-07-235.0CVE-2014-4980
    SECTRACK
    BID
    BUGTRAQ
    OSVDB
    MISC
    MISC
    ubnt -- unifi_videoThe default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.2014-07-256.0CVE-2014-2227
    BID
    MISC
    FULLDISC
    webmin -- userminCross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.2014-07-204.3CVE-2014-3884
    webmin -- webminCross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.2014-07-204.3CVE-2014-3885
    x -- xf86-video-intelDirectory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.2014-07-244.6CVE-2014-4910
    XF
    MLIST
    MLIST
    OSVDB
    MLIST
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    apple -- cupsThe web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.2014-07-231.2CVE-2014-3537
    CONFIRM
    UBUNTU
    SECTRACK
    CONFIRM
    SECUNIA
    FEDORA
    cybozu -- garoonCross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-07-203.5CVE-2014-1992
    cybozu -- garoonCross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-07-203.5CVE-2014-1994
    cybozu -- garoonCross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.2014-07-203.5CVE-2014-1995
    d-bus_project -- d-busdbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.2014-07-192.1CVE-2014-3532
    DEBIAN
    SECUNIA
    MLIST
    d-bus_project -- d-busdbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.2014-07-192.1CVE-2014-3533
    CONFIRM
    DEBIAN
    SECUNIA
    MLIST
    drupal -- drupalCross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.2014-07-222.1CVE-2014-5021
    DEBIAN
    ibm -- infosphere_master_data_management_collaboration_serverCross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2014-07-193.5CVE-2014-0967
    XF
    ibm -- infosphere_master_data_management_collaboration_serverCross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL for an MHTML document.2014-07-193.5CVE-2014-0968
    XF
    ibm -- infosphere_master_data_management_collaboration_serverThe GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject links via unspecified vectors.2014-07-193.5CVE-2014-0970
    XF
    ibm -- scale_out_network_attached_storageIBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access.2014-07-191.7CVE-2014-3045
    micropact -- icomplaintsCross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter.2014-07-243.5CVE-2014-2971
    omron -- ns10_hmi_terminalCross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.2014-07-243.5CVE-2014-2370
    phpmyadmin -- phpmyadminCross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.2014-07-203.5CVE-2014-4954
    CONFIRM
    phpmyadmin -- phpmyadminCross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.2014-07-203.5CVE-2014-4955
    CONFIRM
    phpmyadmin -- phpmyadminMultiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.2014-07-203.5CVE-2014-4986
    CONFIRM
    webmin -- webminCross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.2014-07-202.6CVE-2014-3886
    Back to top

     


    This product is provided subject to this Notification and this Privacy & Use policy.


  • SB14-202: Vulnerability Summary for the Week of July 14, 2014
    Original release date: July 21, 2014

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    High Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    cisco -- dpc3010The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808.2014-07-1710.0CVE-2014-3306
    dahuasecurity -- dvr_firmwareDahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.2014-07-117.5CVE-2013-6117
    OSVDB
    EXPLOIT-DB
    BUGTRAQ
    MISC
    MISC
    datumsystems -- snipDatum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions, which allows remote attackers to obtain sensitive information via RETR commands.2014-07-147.8CVE-2014-2950
    datumsystems -- snipDatum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-07-1410.0CVE-2014-2951
    hp -- storage_management_softwareUnspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors.2014-07-169.0CVE-2014-2606
    hp -- imc_branch_intelligent_management_system_software_moduleUnspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2080.2014-07-167.8CVE-2014-2618
    hp -- imc_branch_intelligent_management_system_software_moduleUnspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2088.2014-07-167.8CVE-2014-2619
    hp -- imc_branch_intelligent_management_system_software_moduleUnspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2089.2014-07-167.8CVE-2014-2620
    hp -- imc_branch_intelligent_management_system_software_moduleUnspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2090.2014-07-167.8CVE-2014-2621
    hp -- imc_branch_intelligent_management_system_software_moduleUnspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors, aka ZDI-CAN-2312.2014-07-168.5CVE-2014-2622
    HP
    HP
    hp -- storage_data_protectorUnspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.2014-07-1710.0CVE-2014-2623
    infoblox -- netmriconfig/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.2014-07-1510.0CVE-2014-3418
    MISC
    XF
    BID
    BUGTRAQ
    EXPLOIT-DB
    FULLDISC
    MISC
    infoblox -- netmriInfoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.2014-07-157.2CVE-2014-3419
    MISC
    XF
    SECTRACK
    BID
    BUGTRAQ
    MISC
    MISC
    juniper -- srx100Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.2014-07-117.8CVE-2014-3815
    SECTRACK
    juniper -- junosJuniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2, and 14.1 before 14.1R1 allows remote authenticated users to gain privileges via unspecified combinations of CLI commands and arguments.2014-07-119.0CVE-2014-3816
    SECTRACK
    juniper -- srx100Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote attackers to cause a denial of service (flowd hang or crash) via a crafted packet.2014-07-117.8CVE-2014-3817
    SECTRACK
    juniper -- junosJuniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4, 13.2 before 13.2R4, 13.3 before 13.3R2, and 14.1 before 14.1R1, when Auto-RP is enabled, allows remote attackers to cause a denial of service (RDP routing process crash and restart) via a malformed PIM packet.2014-07-117.8CVE-2014-3819
    SECTRACK
    BID
    oracle -- jdkUnspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."2014-07-179.3CVE-2014-2483
    CONFIRM
    oracle -- jdkUnspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2014-07-179.3CVE-2014-2490
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2014-07-179.3CVE-2014-4216
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.2014-07-179.3CVE-2014-4219
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483.2014-07-179.3CVE-2014-4223
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.2014-07-1710.0CVE-2014-4227
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.2014-07-179.3CVE-2014-4247
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Portlet Services.2014-07-177.1CVE-2014-4257
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.2014-07-179.3CVE-2014-4262
    raritan -- dpxr20a-16Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.2014-07-1410.0CVE-2014-2955
    FULLDISC
    wp_rss_poster_plugin_project -- wp-rss-posterSQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.2014-07-117.5CVE-2014-4938
    MISC
    yealink -- sip-t38gconfig/.htpasswd in Yealink IP Phone SIP-T38G have a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-07-167.8CVE-2013-5755
    EXPLOIT-DB
    zte -- zxv10_w300The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.2014-07-167.8CVE-2014-4018
    MISC
    EXPLOIT-DB
    MISC
    Back to top

    Medium Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    arubanetworks -- clearpassSQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2014-07-144.9CVE-2014-4013
    SECUNIA
    arubanetworks -- clearpassThe Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credentials via unspecified vectors.2014-07-154.0CVE-2014-4031
    SECUNIA
    bannersky -- bsk_pdf_managerMultiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.2014-07-146.5CVE-2014-4944
    BID
    MISC
    bestpractical -- rtAlgorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.2014-07-155.0CVE-2014-1474
    binarymoon -- timthumbTimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.2014-07-156.8CVE-2014-4663
    CONFIRM
    CONFIRM
    EXPLOIT-DB
    SECUNIA
    MLIST
    FULLDISC
    FULLDISC
    MISC
    bookx_plugin_project -- bookxDirectory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.2014-07-115.0CVE-2014-4937
    MISC
    cisco -- adaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606.2014-07-145.4CVE-2013-5567
    XF
    SECTRACK
    BID
    cisco -- adaptive_security_appliance_softwareThe WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list, aka Bug ID CSCuj83344.2014-07-146.8CVE-2013-6691
    XF
    SECTRACK
    BID
    cisco -- unified_communications_managerDirectory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.2014-07-145.5CVE-2014-3317
    XF
    SECTRACK
    BID
    SECUNIA
    cisco -- unified_communications_managerDirectory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.2014-07-146.8CVE-2014-3319
    XF
    SECTRACK
    SECUNIA
    cisco -- unified_communications_domain_managerMultiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835.2014-07-175.8CVE-2014-3320
    cisco -- asr_9000_rsp440_routerCisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149.2014-07-175.7CVE-2014-3321
    cisco -- unified_contact_center_enterpriseDirectory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262.2014-07-174.0CVE-2014-3323
    citrix -- netscaler_access_gatewayCross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-07-164.3CVE-2014-4346
    SECTRACK
    SECTRACK
    citrix -- netscaler_access_gatewayCitrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.2014-07-165.0CVE-2014-4347
    SECTRACK
    SECTRACK
    citrix -- xendesktopCitrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.2014-07-114.9CVE-2014-4700
    XF
    SECTRACK
    BID
    SECUNIA
    cross-rss_plugin_project -- wp-cross-rssAbsolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.2014-07-115.0CVE-2014-4941
    MISC
    dell -- sonicwall_scrutinizerDell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change the change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.2014-07-165.5CVE-2014-4976
    MISC
    MISC
    XF
    BID
    FULLDISC
    MISC
    dell -- sonicwall_scrutinizerMultiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.2014-07-166.5CVE-2014-4977
    MISC
    MISC
    XF
    BID
    FULLDISC
    MISC
    enl_newsletter_plugin_project -- enl-newsletterSQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.2014-07-116.5CVE-2014-4939
    MISC
    fortinet -- fortiwebMultiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg.2014-07-114.3CVE-2014-4738
    SECTRACK
    BID
    SECUNIA
    freebsd -- freebsdFreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.2014-07-154.9CVE-2014-3952
    XF
    SECTRACK
    BID
    freebsd -- freebsdFreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.2014-07-154.9CVE-2014-3953
    SECTRACK
    horde -- groupwareMultiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view.2014-07-144.3CVE-2014-4945
    CONFIRM
    CONFIRM
    SECUNIA
    SECUNIA
    horde -- groupwareMultiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.2014-07-144.3CVE-2014-4946
    CONFIRM
    CONFIRM
    SECUNIA
    SECUNIA
    MLIST
    hp -- storage_management_softwareUnspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote attackers to obtain sensitive information via unknown vectors.2014-07-165.0CVE-2014-2605
    ibm -- business_process_managerCross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.2014-07-174.3CVE-2014-0957
    XF
    juniper -- junosCross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2014-07-114.3CVE-2014-3821
    SECTRACK
    BID
    juniper -- srx100Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4.2014-07-115.4CVE-2014-3822
    SECTRACK
    levelfourdevelopment -- wp-easycartThe EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.2014-07-115.0CVE-2014-4942
    MISC
    mysql -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.2014-07-176.5CVE-2014-4258
    mysql -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.2014-07-175.5CVE-2014-4260
    op5 -- monitorCross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.2014-07-114.3CVE-2014-4907
    CONFIRM
    BID
    SECUNIA
    SECUNIA
    MLIST
    oracle -- mojarraOracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.2014-07-174.3CVE-2013-5855
    CONFIRM
    CONFIRM
    MISC
    oracle -- hyperionUnspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Web Analysis.2014-07-174.3CVE-2014-0436
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise ELS Enterprise Learning Management component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.2014-07-175.5CVE-2014-2456
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Web Services.2014-07-176.8CVE-2014-2479
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2481.2014-07-176.8CVE-2014-2480
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2480.2014-07-176.8CVE-2014-2481
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Concurrent Processing component in Oracle E-Business Suite 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.2014-07-175.5CVE-2014-2482
    oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.2014-07-176.5CVE-2014-2484
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261.2014-07-176.9CVE-2014-2487
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.2014-07-174.1CVE-2014-2489
    oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework, a different vulnerability than CVE-2014-4205.2014-07-174.3CVE-2014-2491
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Agile Product Collaboration component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect integrity via unknown vectors related to Web client (PC).2014-07-174.3CVE-2014-2492
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, and 12.1.2.0.0 allows remote attackers to affect confidentiality and availability via vectors related to ADF Faces.2014-07-176.4CVE-2014-2493
    oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.2014-07-174.0CVE-2014-2494
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Test Framework.2014-07-175.5CVE-2014-2496
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WLS - Web Services.2014-07-175.0CVE-2014-4201
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WLS - Web Services.2014-07-175.0CVE-2014-4202
    oracle -- hyperionUnspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Property Editing.2014-07-174.1CVE-2014-4203
    oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework, a different vulnerability than CVE-2014-2491.2014-07-174.3CVE-2014-4205
    oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.2014-07-174.0CVE-2014-4207
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX.2014-07-176.4CVE-2014-4209
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.2014-07-175.0CVE-2014-4210
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers to affect integrity via unknown vectors related to Portlet Services.2014-07-175.0CVE-2014-4211
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle Fusion Middleware component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Process Mgmt and Notification.2014-07-174.3CVE-2014-4212
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote attackers to affect integrity via unknown vectors.2014-07-174.3CVE-2014-4213
    oracle -- sunosUnspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers.2014-07-174.9CVE-2014-4215
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, and 12.1.1.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.2014-07-174.3CVE-2014-4217
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries.2014-07-175.0CVE-2014-4218
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208.2014-07-175.0CVE-2014-4220
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.2014-07-174.3CVE-2014-4221
    oracle -- sunosUnspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs.2014-07-174.9CVE-2014-4224
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise FIN Install component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2014-07-175.1CVE-2014-4226
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.2014-07-174.4CVE-2014-4228
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Data, Domain, and Function Security.2014-07-175.5CVE-2014-4229
    oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI.2014-07-174.3CVE-2014-4230
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Travel & Transportation component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Diary.2014-07-174.3CVE-2014-4231
    oracle -- virtualizationUnspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application.2014-07-174.3CVE-2014-4232
    oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.2014-07-174.0CVE-2014-4233
    oracle -- supply_chain_products_suiteUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote attackers to affect confidentiality via unknown vectors related to Data, Domain & Function Security.2014-07-175.0CVE-2014-4234
    oracle -- database_serverUnspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.2014-07-176.5CVE-2014-4236
    oracle -- database_serverUnspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.2014-07-174.0CVE-2014-4237
    oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.2014-07-174.0CVE-2014-4238
    oracle -- sunosUnspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao).2014-07-174.0CVE-2014-4239
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.2014-07-174.3CVE-2014-4241
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.2014-07-174.3CVE-2014-4242
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.2014-07-174.0CVE-2014-4244
    oracle -- fusion_middlewareUnspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Mobile Service.2014-07-175.0CVE-2014-4249
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security.2014-07-175.0CVE-2014-4252
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WebLogic Server JVM.2014-07-175.0CVE-2014-4253
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Web Services.2014-07-176.8CVE-2014-4254
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Security and Policy.2014-07-176.8CVE-2014-4255
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to WLS - Deployment.2014-07-175.8CVE-2014-4256
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487.2014-07-176.9CVE-2014-4261
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."2014-07-174.0CVE-2014-4263
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security.2014-07-175.0CVE-2014-4264
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.2014-07-175.0CVE-2014-4265
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.2014-07-175.0CVE-2014-4266
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components.2014-07-176.8CVE-2014-4267
    oracle -- jdkUnspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing.2014-07-175.0CVE-2014-4268
    oracle -- hyperionUnspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-4270.2014-07-174.0CVE-2014-4269
    oracle -- hyperionUnspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface, a different vulnerability than CVE-2014-4269.2014-07-174.0CVE-2014-4270
    oracle -- hyperionUnspecified vulnerability in the Hyperion Essbase component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect availability via unknown vectors related to Agent.2014-07-175.0CVE-2014-4271
    reportico -- php_report_designerDirectory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter.2014-07-165.0CVE-2014-3777
    MISC
    OSVDB
    FULLDISC
    MISC
    shopizer -- shopizerShopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost.2014-07-156.4CVE-2014-4962
    BUGTRAQ
    FULLDISC
    shopizer -- shopizerShopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action.2014-07-156.8CVE-2014-4963
    BUGTRAQ
    FULLDISC
    shopizer -- shopizerMultiple cross-site request forgery (CSRF) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that (1) modify customer settings or hijack the authentication of administrators for requests that change (2) customer passwords, (3) shop configuration, or (4) product details, as demonstrated by (5) modify a product's price via a crafted request to central/catalog/saveproduct.action or (6) creating a product review via a crafted request to shop/product/createReview.action.2014-07-156.8CVE-2014-4964
    BUGTRAQ
    FULLDISC
    shopizer -- shopizerMultiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) customername parameter to central/orders/searchcriteria.action; (2) productname, (3) availability, or (4) status parameter to central/catalog/productlist.action; or unspecified vectors in (5) WebContent/orders/orderlist.jsp.2014-07-154.3CVE-2014-4965
    BUGTRAQ
    FULLDISC
    sun -- sunosUnspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts.2014-07-176.9CVE-2014-4225
    tera_charts_plugin_project -- tera-chartsMultiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.2014-07-115.0CVE-2014-4940
    MISC
    yealink -- voip_phone_firmwareCRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.2014-07-165.0CVE-2014-3427
    BUGTRAQ
    FULLDISC
    zte -- zxv10_w300ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.2014-07-165.0CVE-2014-4154
    MISC
    EXPLOIT-DB
    MISC
    Back to top

    Low Vulnerabilities

    Primary
    Vendor -- Product
    DescriptionPublishedCVSS ScoreSource & Patch Info
    kaseya -- virtual_system_administratorkapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.2014-07-141.7CVE-2014-2926
    mysql -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.2014-07-172.8CVE-2014-4243
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core.2014-07-173.6CVE-2014-2477
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Services.2014-07-171.4CVE-2014-2485
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core.2014-07-173.0CVE-2014-2486
    oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.2014-07-171.0CVE-2014-2488
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Purchasing.2014-07-172.3CVE-2014-2495
    oracle -- peoplesoft_productsUnspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.2014-07-173.5CVE-2014-4204
    oracle -- hyperionUnspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows local users to affect integrity and availability via unknown vectors related to Data Synchronizer.2014-07-173.3CVE-2014-4206
    oracle -- jdkUnspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220.2014-07-172.6CVE-2014-4208
    oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.2014-07-173.3CVE-2014-4214
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect confidentiality via vectors related to plugin 1.1.2014-07-172.1CVE-2014-4222
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect integrity via unknown vectors.2014-07-173.5CVE-2014-4235
    oracle -- mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.2014-07-173.6CVE-2014-4240
    oracle -- database_serverUnspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.2014-07-173.5CVE-2014-4245
    oracle -- hyperionUnspecified vulnerability in the Hyperion Analytic Provider Services component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via vectors related to SVP.2014-07-173.5CVE-2014-4246
    oracle -- e-business_suiteUnspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows local users to affect confidentiality via unknown vectors related to Logging.2014-07-171.0CVE-2014-4248
    oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - Server OM Frwks component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Object Manager.2014-07-173.5CVE-2014-4250
    oracle -- fusion_middlewareUnspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect integrity via vectors related to plugin 1.1.2014-07-173.5CVE-2014-4251
    Back to top

    This product is provided subject to this Notification and this Privacy & Use policy.


CERT Technical Feed

US-CERT Alerts
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
  • TA14-212A: Backoff Point-of-Sale Malware
    Original release date: July 31, 2014

    Systems Affected

    Point-of-Sale Systems

     

    Overview

    This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and Analysis Center (FS-ISAC), and Trustwave Spiderlabs, a trusted partner under contract with the USSS.  The purpose of this release is to provide relevant and actionable technical indicators for network defense.

    Recent investigations revealed that malicious actors are using publicly available tools to locate businesses that use remote desktop applications. Remote desktop solutions like Microsoft's Remote Desktop [1] Apple Remote Desktop,[2] Chrome Remote Desktop,[3] Splashtop 2,[4] Pulseway[5], and LogMEIn Join.Me[6] offer the convenience and efficiency of connecting to a computer from a remote location. Once these applications are located, the suspects attempted to brute force the login feature of the remote desktop solution. After gaining access to what was often administrator or privileged access accounts, the suspects were then able to deploy the point-of-sale (PoS) malware and subsequently exfiltrate consumer payment data via an encrypted POST request.

    USSS, NCCIC/US-CERT and Trustwave Spiderlabs have been working together to characterize newly identified malware dubbed "Backoff", associated with several PoS data breach investigations. At the time of discovery and analysis, the malware variants had low to zero percent anti-virus detection rates, which means that fully updated anti-virus engines on fully patched computers could not identify the malware as malicious.

    Similar attacks have been noted in previous PoS malware campaigns [7] and some studies state that targeting the Remote Desktop Protocol with brute force attacks is on the rise.[8] A Mitigation and Prevention Strategies section is included to offer options for network defenders to consider.

    Description

    “Backoff” is a family of PoS malware and has been discovered recently. The malware family has been witnessed on at least three separate forensic investigations. Researchers have identified three primary variants to the “Backoff” malware including 1.4, 1.55 (“backoff”, “goo”, “MAY”, “net”), and 1.56 (“LAST”).

    These variations have been seen as far back as October 2013 and continue to operate as of July 2014. In total, the malware typically consists of the following four capabilities. An exception is the earliest witnessed variant (1.4) which does not include keylogging functionality. Additionally, 1.55 ‘net’ removed the explorer.exe injection component:

    • Scraping memory for track data
    • Logging keystrokes
    • Command & control (C2) communication
    • Injecting malicious stub into explorer.exe

    The malicious stub that is injected into explorer.exe is responsible for persistence in the event the malicious executable crashes or is forcefully stopped. The malware is responsible for scraping memory from running processes on the victim machine and searching for track data. Keylogging functionality is also present in most recent variants of “Backoff”. Additionally, the malware has a C2 component that is responsible for uploading discovered data, updating the malware, downloading/executing further malware, and uninstalling the malware.

    Variants

    Based on compiled timestamps and versioning information witnessed in the C2 HTTP POST requests, “Backoff” variants were analyzed over a seven month period. The five variants witnessed in the “Backoff” malware family have notable modifications, to include:

    1.55 “backoff”

    • Added Local.dat temporary storage for discovered track data
    • Added keylogging functionality
    • Added “gr” POST parameter to include variant name
    • Added ability to exfiltrate keylog data
    • Supports multiple exfiltration domains
    • Changed install path
    • Changed User-Agent

    1.55 “goo”

    • Attempts to remove prior version of malware
    • Uses 8.8.8.8 as resolver

    1.55 “MAY”

    • No significant updates other than changes to the URI and version name

    1.55 “net”

    • Removed the explorer.exe injection component

    1.56 “LAST”

    • Re-added the explorer.exe injection component
    • Support for multiple domain/URI/port configurations
    • Modified code responsible for creating exfiltration thread(s)
    • Added persistence techniques

    Command & Control Communication

    All C2 communication for “Backoff” takes place via HTTP POST requests. A number of POST parameters are included when this malware makes a request to the C&C server.

    • op : Static value of ‘1’
    • id : randomly generated 7 character string
    • ui : Victim username/hostname
    • wv : Version of Microsoft Windows
    • gr (Not seen in version 1.4) : Malware-specific identifier
    • bv : Malware version
    • data (optional) : Base64-encoded/RC4-encrypted data

    The ‘id’ parameter is stored in the following location, to ensure it is consistent across requests:

    • HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

    If this key doesn’t exist, the string will be generated and stored. Data is encrypted using RC4 prior to being encoded with Base64. The password for RC4 is generated from the ‘id’ parameter, a static string of ‘jhgtsd7fjmytkr’, and the ‘ui’ parameter. These values are concatenated together and then hashed using the MD5 algorithm to form the RC4 password. In the above example, the RC4 password would be ‘56E15A1B3CB7116CAB0268AC8A2CD943 (The MD5 hash of ‘vxeyHkSjhgtsd7fjmytkrJosh @ PC123456).

    File Indicators:

    The following is a list of the Indicators of Compromise (IOCs) that should be added to the network security to search to see if these indicators are on their network.

    1.4

    Packed MD5: 927AE15DBF549BD60EDCDEAFB49B829E

    Unpacked MD5: 6A0E49C5E332DF3AF78823CA4A655AE8

    Install Path: %APPDATA%\AdobeFlashPlayer\mswinsvc.exe

    Mutexes:

    uhYtntr56uisGst

    uyhnJmkuTgD

    Files Written:

    %APPDATA%\mskrnl

    %APPDATA%\winserv.exe

    %APPDATA%\AdobeFlashPlayer\mswinsvc.exe

    Static String (POST Request): zXqW9JdWLM4urgjRkX

    Registry Keys:

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

    HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

    User-Agent: Mozilla/4.0

    URI(s): /aircanada/dark.php

    1.55 “backoff”

    Packed MD5: F5B4786C28CCF43E569CB21A6122A97E

    Unpacked MD5: CA4D58C61D463F35576C58F25916F258

    Install Path: %APPDATA%\AdobeFlashPlayer\mswinhost.exe

    Mutexes:

    Undsa8301nskal

    uyhnJmkuTgD

    Files Written:

    %APPDATA%\mskrnl

    %APPDATA%\winserv.exe

    %APPDATA%\AdobeFlashPlayer\mswinhost.exe

    %APPDATA%\AdobeFlashPlayer\Local.dat

    %APPDATA%\AdobeFlashPlayer\Log.txt

    Static String (POST Request): ihasd3jasdhkas

    Registry Keys:

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

    HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0

    URI(s): /aero2/fly.php

    1.55 “goo”

    Pa  cked MD5: 17E1173F6FC7E920405F8DBDE8C9ECAC

    Unpacked MD5: D397D2CC9DE41FB5B5D897D1E665C549

    Install Path: %APPDATA%\OracleJava\javaw.exe

    Mutexes:

    nUndsa8301nskal

    nuyhnJmkuTgD

    Files Written:

    %APPDATA%\nsskrnl

    %APPDATA%\winserv.exe

    %APPDATA%\OracleJava\javaw.exe

    %APPDATA%\OracleJava\Local.dat

    %APPDATA%\OracleJava\Log.txt

    Static String (POST Request): jhgtsd7fjmytkr

    Registry Keys:

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

    HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

    User-Agent:

    URI(s): /windows/updcheck.php

    1.55 “MAY”

    Packed MD5: 21E61EB9F5C1E1226F9D69CBFD1BF61B

    Unpacked MD5: CA608E7996DED0E5009DB6CC54E08749

    Install Path: %APPDATA%\OracleJava\javaw.exe

    Mutexes:

    nUndsa8301nskal

    nuyhnJmkuTgD

    Files Written:

    %APPDATA%\nsskrnl

    %APPDATA%\winserv.exe

    %APPDATA%\OracleJava\javaw.exe

    %APPDATA%\OracleJava\Local.dat

    %APPDATA%\OracleJava\Log.txt

    Static String (POST Request): jhgtsd7fjmytkr

    Registry Keys:

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

    HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

    User-Agent:

    URI(s): /windowsxp/updcheck.php

    1.55 “net”

    Packed MD5: 0607CE9793EEA0A42819957528D92B02

    Unpacked MD5: 5C1474EA275A05A2668B823D055858D9

    Install Path: %APPDATA%\AdobeFlashPlayer\mswinhost.exe

    Mutexes:

    nUndsa8301nskal

    Files Written:

    %APPDATA%\AdobeFlashPlayer\mswinhost.exe

    %APPDATA%\AdobeFlashPlayer\Local.dat

    %APPDATA%\AdobeFlashPlayer\Log.txt

    Static String (POST Request): ihasd3jasdhkas9

    Registry Keys:

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

    HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

    User-Agent:

    URI(s): /windowsxp/updcheck.php

    1.56 “LAST”

    Packed MD5: 12C9C0BC18FDF98189457A9D112EEBFC

    Unpacked MD5: 205947B57D41145B857DE18E43EFB794

    Install Path: %APPDATA%\OracleJava\javaw.exe

    Mutexes:

    nUndsa8301nskal

    nuyhnJmkuTgD

    Files Written:

    %APPDATA%\nsskrnl

    %APPDATA%\winserv.exe

    %APPDATA%\OracleJava\javaw.exe

    %APPDATA%\OracleJava\Local.dat

    %APPDATA%\OracleJava\Log.txt

    Static String (POST Request): jhgtsd7fjmytkr

    Registry Keys:

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

    HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

    HKLM\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

    HKCU\SOFTWARE\\Microsoft\Active Setup\Installed Components\{B3DB0D62-B481-4929-888B-49F426C1A136}\StubPath

    HKLM\SOFTWARE\\Microsoft\Active Setup\Installed Components\{B3DB0D62-B481-4929-888B-49F426C1A136}\StubPath

    User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0

    URI(s):  /windebug/updcheck.php

    Impact

    The impact of a compromised PoS system can affect both the businesses and consumer by exposing customer data such as names, mailing addresses, credit/debit card numbers, phone numbers, and e-mail addresses to criminal elements. These breaches can impact a business’ brand and reputation, while consumers’ information can be used to make fraudulent purchases or risk compromise of bank accounts. It is critical to safeguard your corporate networks and web servers to prevent any unnecessary exposure to compromise or to mitigate any damage that could be occurring now.

    Solution

    At the time this advisory is released, the variants of the “Backoff’ malware family are largely undetected by anti-virus (AV) vendors. However, shortly following the publication of this technical analysis, AV companies will quickly begin detecting the existing variants. It’s important to maintain up‐to‐date AV signatures and engines as new threats such as this are continually being added to your AV solution. Pending AV detection of the malware variants, network defenders can apply indicators of compromise (IOC) to a variety of prevention and detection strategies.[9],[10],[11] IOCs can be found above.

    The forensic investigations of compromises of retail IT/payment networks indicate that the network compromises allowed the introduction of memory scraping malware to the payment terminals. Information security professionals recommend a defense in depth approach to mitigating risk to retail payment systems. While some of the risk mitigation recommendations are general in nature, the following strategies provide an approach to minimize the possibility of an attack and mitigate the risk of data compromise:

    Remote Desktop Access

    • Configure the account lockout settings to lock a user account after a period of time or a specified number of failed login attempts. This prevents unlimited unauthorized attempts to login whether from an unauthorized user or via automated attack types like brute force.[12]
    • Limit the number of users and workstation who can log in using Remote Desktop.
    • Use firewalls (both software and hardware where available) to restrict access to remote desktop listening ports (default is TCP 3389).[13]
    • Change the default Remote Desktop listening port.
    • Define complex password parameters. Configuring an expiration time and password length and complexity can decrease the amount of time in which a successful attack can occur.[14]
    • Require two-factor authentication (2FA) for remote desktop access.[15 ]
    • Install a Remote Desktop Gateway to restrict access.[16 ]
    • Add an extra layer of authentication and encryption by tunneling your Remote Desktop through IPSec, SSH or SSL.[17],[18]
    • Require 2FA when accessing payment processing networks. Even if a virtual private network is used, it is important that 2FA is implemented to help mitigate keylogger or credential dumping attacks.
    • Limit administrative privileges for users and applications.
    • Periodically review systems (local and domain controllers) for unknown and dormant users.

    Network Security

    • Review firewall configurations and ensure that only allowed ports, services and Internet protocol (IP) addresses are communicating with your network. This is especially critical for outbound (e.g., egress) firewall rules in which compromised entities allow ports to communicate to any IP address on the Internet. Hackers leverage this configuration to exfiltrate data to their IP addresses.
    • Segregate payment processing networks from other networks.
    • Apply access control lists (ACLs) on the router configuration to limit unauthorized traffic to payment processing networks.
    • Create strict ACLs segmenting public-facing systems and back-end database systems that house payment card data.
    • Implement data leakage prevention/detection tools to detect and help prevent data exfiltration.
    • Implement tools to detect anomalous network traffic and anomalous behavior by legitimate users (compromised credentials).

    Cash Register and PoS Security

    • Implement hardware-based point-to-point encryption. It is recommended that EMV-enabled PIN entry devices or other credit-only accepting devices have Secure Reading and Exchange of Data (SRED) capabilities. SRED-approved devices can be found at the Payment Card Industry Security Standards website.
    • Install Payment Application Data Security Standard-compliant payment applications.
    • Deploy the latest version of an operating system and ensure it is up to date with security patches, anti-virus software, file integrity monitoring and a host-based intrusion-detection system.
    • Assign a strong password to security solutions to prevent application modification. Use two-factor authentication (2FA) where feasible.
    • Perform a binary or checksum comparison to ensure unauthorized files are not installed.
    • Ensure any automatic updates from third parties are validated. This means performing a checksum comparison on the updates prior to deploying them on PoS systems. It is recommended that merchants work with their PoS vendors to obtain signatures and hash values to perform this checksum validation.
    • Disable unnecessary ports and services, null sessions, default users and guests.
    • Enable logging of events and make sure there is a process to monitor logs on a daily basis.
    • Implement least privileges and ACLs on users and applications on the system.

    References

    Revision History

    • July, 31 2014 - Initial Release

    This product is provided subject to this Notification and this Privacy & Use policy.


  • TA14-150A: GameOver Zeus P2P Malware
    Original release date: June 02, 2014 | Last revised: June 06, 2014

    Systems Affected

    • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
    • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

    Overview

    GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

    Description

    GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. [2] Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks. 

    Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community. [1] GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data. [3] Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult. [1]

    Impact

    A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users' credentials for online services, including banking services.

    Solution

    Users are recommended to take the following actions to remediate GOZ infections:

    • Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
    • Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
    • Keep your operating system and application software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
    • Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.

    F-Secure       

    http://www.f-secure.com/en/web/home_global/online-scanner (Windows Vista, 7 and 8) 

    http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142 (Windows XP)

    Heimdal

    http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1)   

    McAfee

    www.mcafee.com/stinger (Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7 and 8)

    Microsoft

    http://www.microsoft.com/security/scanner/en-us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP) 

    Sophos

    http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above) 

    Symantec

    http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7)

    Trend Micro

    http://www.trendmicro.com/threatdetector (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)

    The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

     

    References

    Revision History

    • Initial Publication - June 2, 2014
    • Added McAfee - June 6, 2014

    This product is provided subject to this Notification and this Privacy & Use policy.


  • TA14-098A: OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160)
    Original release date: April 08, 2014

    Systems Affected

    • OpenSSL 1.0.1 through 1.0.1f
    • OpenSSL 1.0.2-beta

    Overview

    A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.

    Description

    OpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality. This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the intended secrets. The sensitive information that may be retrieved using this vulnerability include:

    • Primary key material (secret keys)
    • Secondary key material (user names and passwords used by vulnerable services)
    • Protected content (sensitive data used by vulnerable services)
    • Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)

    Exploit code is publicly available for this vulnerability.  Additional details may be found in CERT/CC Vulnerability Note VU#720951.

    Impact

    This flaw allows a remote attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time.

    Solution

    OpenSSL 1.0.1g has been released to address this vulnerability.  Any keys generated with a vulnerable version of OpenSSL should be considered compromised and regenerated and deployed after the patch has been applied.

    US-CERT recommends system administrators consider implementing Perfect Forward Secrecy to mitigate the damage that may be caused by future private key disclosures.

    References

    Revision History

    • Initial Publication

    This product is provided subject to this Notification and this Privacy & Use policy.


Valid XHTML 1.0 Transitional CSS ist valide!