Original release date: December 08, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
canto -- canto_curses
canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.
2014-12-03
7.5
CVE-2013-7416
CONFIRM
CONFIRM
XF
BID
MLIST
MLIST
cchgroup -- prosystem_fx_engagement
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file.
2014-12-02
7.2
CVE-2014-9113
MISC
EXPLOIT-DB
MISC
creative_minds -- cm_download_manager
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.
2014-12-05
10.0
CVE-2014-8877
CONFIRM
BID
BUGTRAQ
MISC
MISC
fujitsu -- arrows_kiss_f-03d
FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors.
2014-12-05
7.2
CVE-2014-7253
google_doc_embedder_project -- google_doc_embedder
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
2014-12-02
7.5
CVE-2014-9173
CONFIRM
XF
EXPLOIT-DB
MISC
OSVDB
graphviz -- graphviz
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.
2014-12-03
7.5
CVE-2014-9157
CONFIRM
XF
BID
SECUNIA
MLIST
MLIST
hikvision -- dvr_ds-7204_firmware
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.
2014-12-08
7.5
CVE-2014-4880
EXPLOIT-DB
MISC
huawei -- p2-6011_firmware
The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors.
2014-12-05
7.2
CVE-2014-2273
MISC
XF
BID
huawei -- honor_cube_wireless_router_ws860s
Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
2014-12-03
10.0
CVE-2014-9134
BID
internet_initiative_japan -- seil_b1_firmware
The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Internet Initiative Japan Inc. SEIL series routers SEIL/x86 Fuji 1.00 through 3.22; SEIL/X1, SEIL/X2, and SEIL/B1 1.00 through 4.62; SEIL/Turbo 1.82 through 2.18; and SEIL/neu 2FE Plus 1.82 through 2.18 allow remote attackers to cause a denial of service (restart) via crafted (a) GRE or (b) MPPE packets.
2014-12-05
7.8
CVE-2014-7256
JVNDB
JVN
invisionpower -- invision_power_board
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
2014-12-03
7.5
CVE-2014-9239
FULLDISC
lsyncd_project -- lsyncd
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
2014-12-05
7.5
CVE-2014-8990
CONFIRM
CONFIRM
CONFIRM
BID
MLIST
MLIST
FEDORA
FEDORA
manageengine -- desktop_central
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.
2014-12-05
7.5
CVE-2014-3996
MISC
MISC
FULLDISC
manageengine -- it360
SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.
2014-12-05
7.5
CVE-2014-3997
MISC
MISC
FULLDISC
mybb -- mybb
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.
2014-12-03
7.5
CVE-2014-9240
MISC
openvas -- openvas_manager
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
2014-12-02
7.5
CVE-2014-9220
MLIST
ossec -- ossec
host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.
2014-12-01
7.2
CVE-2014-5284
EXPLOIT-DB
MISC
pbboard -- pbboard
SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2.
2014-12-05
7.5
CVE-2014-9215
MISC
BUGTRAQ
MISC
proticaret -- proticaret
SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.
2014-12-03
7.5
CVE-2014-9237
FULLDISC
MISC
services_project -- services
The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.
2014-12-01
7.5
CVE-2014-9151
services_project -- services
The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack.
2014-12-01
7.5
CVE-2014-9152
smartypantsplugins -- sp_project_&_document_manager
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.
2014-12-02
7.5
CVE-2014-9178
XF
BUGTRAQ
MISC
EXPLOIT-DB
MISC
subex -- roc_fraud_management_system
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter.
2014-12-02
7.5
CVE-2014-8728
EXPLOIT-DB
technicolor -- td5130_router_firmware
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
2014-12-05
7.5
CVE-2014-9144
BUGTRAQ
EXPLOIT-DB
MISC
thomsonreuters -- fixed_assets_cs
The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
2014-12-02
7.2
CVE-2014-9141
MISC
websitebaker -- websitebaker
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
2014-12-03
7.5
CVE-2014-9242
FULLDISC
MISC
wpdatatables -- wpdatatables
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.
2014-12-02
7.5
CVE-2014-9175
XF
BID
MISC
EXPLOIT-DB
MISC
zohocorp -- manageengine_opmanager
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
2014-12-04
7.5
CVE-2014-6035
MISC
FULLDISC
zohocorp -- manageengine_it360
SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter.
2014-12-04
7.5
CVE-2014-7867
zohocorp -- manageengine_it360
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.
2014-12-04
7.5
CVE-2014-7868
MISC
FULLDISC
zte -- zxdsl
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.
2014-12-02
10.0
CVE-2014-9183
MISC
Back to top
Medium Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
ad-manager_project -- ad-manager
Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the out parameter.
2014-12-02
4.3
CVE-2014-8754
XF
MISC
FULLDISC
MISC
adobe -- acrobat
Race condition in the MoveFileEx call hook feature in Adobe Reader and Acrobat 11.x before 11.0.09 on Windows allows attackers to bypass a sandbox protection mechanism, and consequently write to files in arbitrary locations, via an NTFS junction attack, a similar issue to CVE-2014-0568.
2014-11-29
6.4
CVE-2014-9150
MISC
ait-pro -- bulletproof_security
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
2014-12-01
5.0
CVE-2014-8749
FULLDISC
altitude -- altitude_unified_customer_interaction
Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section.
2014-12-05
4.3
CVE-2014-9212
MISC
anchorcms -- anchor_cms
models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.
2014-12-02
4.3
CVE-2014-9182
MISC
antiword_project -- antiword
Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document.
2014-12-05
5.0
CVE-2014-8123
BID
MLIST
MLIST
apache -- hadoop
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.
2014-12-05
5.0
CVE-2014-3627
SECUNIA
SECUNIA
avatar_uploader_project -- avatar_uploader
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.
2014-12-01
4.0
CVE-2014-9155
clamav -- clamav
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.95.4 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.
2014-12-01
5.0
CVE-2014-9050
CONFIRM
BID
MLIST
SECUNIA
SECUNIA
FEDORA
creative_minds -- cm_download_manager
Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the addons_title parameter in the CMDM_admin_settings page to wp-admin/admin.php.
2014-12-05
6.8
CVE-2014-9129
BID
BUGTRAQ
MISC
d-link -- dcs-2103_hd_cube_network_camera_firmware
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
2014-12-03
5.0
CVE-2014-9234
FULLDISC
MISC
d-link -- dcs-2103_hd_cube_network_camera_firmware
D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character.
2014-12-03
5.0
CVE-2014-9238
FULLDISC
MISC
eleanor-cms -- eleanor_cms
Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.
2014-12-02
5.0
CVE-2014-9180
MISC
emc -- rsa_adaptive_authentication_on-premise
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.
2014-12-08
5.0
CVE-2014-4631
XF
SECTRACK
BID
BUGTRAQ
f5 -- big-ip
Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation.
2014-12-08
4.3
CVE-2014-9342
BUGTRAQ
fasttoggle_project -- fasttoggle
The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link.
2014-12-01
5.8
CVE-2014-5268
filefield_project -- filefield
The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file.
2014-12-01
4.0
CVE-2014-9156
fujitsu -- arrows_tab_lte_f-01d
Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and "improper data validation."
2014-12-05
4.6
CVE-2014-7252
JVNDB
JVN
MISC
MISC
fujitsu -- arrows_me_f-11d
Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors.
2014-12-05
4.6
CVE-2014-7254
JVNDB
JVN
MISC
gleamtech -- filevista
GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.
2014-12-02
4.0
CVE-2014-8788
CONFIRM
FULLDISC
MISC
gleamtech -- filevista
GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction.
2014-12-02
6.5
CVE-2014-8789
CONFIRM
FULLDISC
MISC
gnu -- glibc
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8.
2014-12-05
5.0
CVE-2012-6656
CONFIRM
CONFIRM
BID
MLIST
MLIST
MANDRIVA
gnu -- glibc
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
2014-12-05
5.0
CVE-2014-6040
CONFIRM
CONFIRM
BID
MLIST
MLIST
MANDRIVA
gnu -- cpio
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
2014-12-02
5.0
CVE-2014-9112
MISC
MLIST
MLIST
MLIST
SECUNIA
FULLDISC
ibm -- java
Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.
2014-12-01
6.9
CVE-2014-3065
CONFIRM
BID
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
ibm -- java
IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack.
2014-12-01
6.4
CVE-2014-3068
CONFIRM
XF
icecast -- icecast
Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.
2014-12-03
5.0
CVE-2014-9018
CONFIRM
CONFIRM
XF
BID
MLIST
MLIST
MANDRIVA
CONFIRM
infoware -- mapsuite
Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors.
2014-12-01
5.0
CVE-2014-2232
MISC
infoware -- mapsuite
Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors.
2014-12-01
5.0
CVE-2014-2233
MISC
instasqueeze -- sexy_squeeze_pages
Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.
2014-12-02
4.3
CVE-2014-9176
XF
MISC
MISC
internet_initiative_japan -- seil_b1_firmware
Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent.
2014-12-05
5.0
CVE-2014-7255
JVNDB
JVN
kde -- kde-runtime
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.
2014-12-08
<a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2014-8600&vector=(AV:N/AC:M/Au:N/C:N/I: