Original release date: June 08, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
arcserve -- arcserve_unified_data_protection
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.
2015-05-29
9.4
CVE-2015-4068
MISC
MISC
CONFIRM
arcserve -- arcserve_unified_data_protection
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.
2015-05-29
7.8
CVE-2015-4069
MISC
MISC
CONFIRM
avm -- fritz!box
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
2015-05-29
10.0
CVE-2014-9727
MISC
OSVDB
EXPLOIT-DB
cisco -- dta_control_system
Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus68315.
2015-05-30
7.8
CVE-2015-0744
CISCO
cisco -- unified_communications_manager
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.
2015-05-29
7.8
CVE-2015-0751
CISCO
cisco -- finesse
Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810.
2015-05-29
7.5
CVE-2015-0754
CISCO
cisco -- anyconnect_secure_mobility_client
Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790.
2015-06-04
7.2
CVE-2015-0761
CISCO
dell -- netvault_backup
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow.
2015-05-29
10.0
CVE-2015-4067
MISC
fusionforge -- fusionforge
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.
2015-06-02
10.0
CVE-2015-0850
CONFIRM
DEBIAN
ibm -- powervc
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
2015-05-30
7.5
CVE-2015-1937
CONFIRM
AIXAPAR
ipsec-tools -- ipsec-tools
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
2015-05-29
7.8
CVE-2015-4047
MISC
SECTRACK
BID
MLIST
MLIST
DEBIAN
FULLDISC
FULLDISC
MISC
milw0rm_project -- milw0rm_clone_script
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
2015-05-29
7.5
CVE-2015-4137
BID
FULLDISC
MISC
netapp -- oncommand_workflow_automation
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
2015-05-31
10.0
CVE-2015-3292
CONFIRM
qemu -- qemu
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which mighy allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
2015-06-03
7.2
CVE-2015-4106
CONFIRM
sap -- gui
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.
2015-06-02
7.5
CVE-2015-2282
BUGTRAQ
MISC
FULLDISC
FULLDISC
MISC
sap -- hana_web-based_development_workbench
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892.
2015-06-02
7.5
CVE-2015-4159
FULLDISC
sap -- ase_database_platform
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278.
2015-06-02
7.5
CVE-2015-4160
FULLDISC
sap -- afaria
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.
2015-06-02
7.5
CVE-2015-4161
FULLDISC
visual_mining -- netcharts_server
Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors.
2015-05-29
10.0
CVE-2015-4031
MISC
visual_mining -- netcharts_server
projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors.
2015-05-29
10.0
CVE-2015-4032
MISC
wavelink -- terminal_emulation
Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header.
2015-05-29
10.0
CVE-2015-4059
MISC
wavelink -- connectpro
Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header.
2015-05-29
10.0
CVE-2015-4060
MISC
wouter_verhelst -- nbd
The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.
2015-05-29
7.8
CVE-2013-7441
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
MLIST
wouter_verhelst -- nbd
nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.
2015-05-29
7.8
CVE-2015-0847
CONFIRM
MLIST
DEBIAN
MLIST
xen -- xen
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
2015-06-03
7.8
CVE-2015-4104
CONFIRM
Back to top
Medium Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
apache -- camel
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
2015-06-03
5.0
CVE-2015-0263
CONFIRM
CONFIRM
SECTRACK
REDHAT
apache -- camel
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
2015-06-03
5.0
CVE-2015-0264
CONFIRM
CONFIRM
SECTRACK
REDHAT
apache -- jackrabbit
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
2015-05-29
6.4
CVE-2015-1833
EXPLOIT-DB
CONFIRM
BID
CONFIRM
MLIST
apache -- sling_api
Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.
2015-06-02
4.3
CVE-2015-2944
CONFIRM
JVNDB
JVN
beckwithelectric -- m-2001d_digital_tapchanger_control
Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
2015-06-05
6.4
CVE-2014-9201
MISC
blue_coat -- ssl_visibility_appliance_sv1800_firmware
Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators.
2015-05-30
4.3
CVE-2015-2852
CERT-VN
CONFIRM
blue_coat -- ssl_visibility_appliance_sv1800_firmware
Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID.
2015-05-30
6.8
CVE-2015-2853
CERT-VN
CONFIRM
blue_coat -- ssl_visibility_appliance_sv1800_firmware
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element.
2015-05-30
4.3
CVE-2015-2854
CERT-VN
CONFIRM
blue_coat -- ssl_visibility_appliance_sv1800_firmware
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138.
2015-05-30
4.3
CVE-2015-2855
CERT-VN
CONFIRM
blue_coat -- ssl_visibility_appliance_sv1800_firmware
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administrator's cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2015-2855.
2015-05-30
4.3
CVE-2015-4138
CERT-VN
CONFIRM
cisco -- headend_digital_broadband_delivery_system
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580.
2015-05-30
4.3
CVE-2015-0733
CISCO
cisco -- headend_digital_broadband_delivery_system
Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097.
2015-05-30
5.0
CVE-2015-0743
CISCO
cisco -- headend_digital_broadband_delivery_system
Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909.
2015-05-30
5.0
CVE-2015-0745
CISCO
cisco -- videoscape_conductor
Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.
2015-05-30
4.3
CVE-2015-0747
CISCO
cisco -- telepresence_video_communication_server
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.
2015-05-29
4.3
CVE-2015-0752
CISCO
cisco -- unified_web_and_e-mail_interaction_manager
SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028.
2015-05-29
6.8
CVE-2015-0753
CISCO
cisco -- anyconnect_secure_mobility_client
The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797.
2015-05-29
6.8
CVE-2015-0755
CISCO
cisco -- wireless_lan_controller
Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104.
2015-05-29
6.1
CVE-2015-0756
CISCO
cisco -- identity_services_engine_software
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
2015-05-29
5.0
CVE-2015-0757
CISCO
cisco -- unified_meetingplace
The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452.
2015-05-30
4.0
CVE-2015-0758
CISCO
cisco -- headend_digital_broadband_delivery_system
Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.
2015-06-02
6.8
CVE-2015-0759
CISCO
cisco -- adaptive_security_appliance_software
The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259.
2015-06-04
4.0
CVE-2015-0760
CISCO
cisco -- unified_meetingplace
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400.
2015-06-04
4.3
CVE-2015-0762
CISCO
cisco -- unified_meetingplace
Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338.
2015-06-04
5.0
CVE-2015-0763
CISCO
cisco -- unified_meetingplace
Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603.
2015-06-04
5.0
CVE-2015-0764
CISCO
cisco -- ons_15454_system_software
Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263.
2015-06-04
5.0
CVE-2015-0765
CISCO
cisco -- firesight_system_software
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196.
2015-06-04
4.3
CVE-2015-0766
CISCO
djangoproject -- django
The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.
2015-06-02
5.0
CVE-2015-3982
CONFIRM
emc -- rsa_web_threat_detection
Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users.
2015-06-05
6.8
CVE-2015-0541
BUGTRAQ
f21 -- jwt
JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens.
2015-06-05
5.0
CVE-2015-2951
CONFIRM
JVNDB
JVN
hp -- smart_zero_core
Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors.
2015-06-05
6.8
CVE-2015-2124
HP
ibm -- infosphere_master_data_management_server
Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.
2015-06-02
6.5
CVE-2015-1945
CONFIRM
ids -- nc854
Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file.
2015-05-31
6.8
CVE-2015-3939
MISC
moodle -- moodle
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service.
2015-06-01
4.0
CVE-2015-0211
CONFIRM
MLIST
CONFIRM
moodle -- moodle
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.
2015-06-01
6.8
CVE-2015-0213
CONFIRM
MLIST
CONFIRM
moodle -- moodle
message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.
2015-06-01
4.0
CVE-2015-0214
CONFIRM
MLIST
CONFIRM
moodle -- moodle
calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.
2015-06-01
4.0
CVE-2015-0215
CONFIRM
MLIST
CONFIRM
moodle -- moodle
filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.
2015-06-01
6.8
CVE-2015-0217
CONFIRM
MLIST
CONFIRM
moodle -- moodle
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.
2015-06-01
6.8
CVE-2015-0218
CONFIRM
MLIST
CONFIRM
moodle -- moodle
Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts.
2015-06-01
6.8
CVE-2015-1493
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
moodle -- moodle
message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL.
2015-06-01
4.0
CVE-2015-2266
CONFIRM
MLIST
CONFIRM
moodle -- moodle
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.
2015-06-01
4.0
CVE-2015-2267
CONFIRM
MLIST
CONFIRM
<td scope="row" style="text-align: left;word-break:keep-all;" width="