Weekly Vulnerabilities Reports > April 29 to May 5, 2013

Overview

82 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 128 products from 30 vendors including Cisco, Linux, IBM, Joomla, and Apache. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Improper Input Validation", and "Information Exposure".

  • 68 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 63 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-02 CVE-2013-1091 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Iprint

Stack-based buffer overflow in Novell iPrint Client before 5.90 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2013-05-01 CVE-2013-0673 Matrikonopc Path Traversal vulnerability in Matrikonopc A&E Historian 1.0.0.0

Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL.

9.4
2013-05-05 CVE-2013-1347 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 8

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.

9.3
2013-05-05 CVE-2013-0726 Hexagon Buffer Errors vulnerability in Hexagon Erdas ER Viewer 11.04

Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathname in an ERS file.

9.3
2013-05-03 CVE-2013-0945 EMC Improper Input Validation vulnerability in EMC Avamar

EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

9.3
2013-05-02 CVE-2013-1338 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304.

9.3
2013-04-30 CVE-2012-5947 IBM Buffer Errors vulnerability in IBM Spss Samplepower 3.0.0.0

Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2013-04-30 CVE-2012-5946 IBM Buffer Errors vulnerability in IBM Spss Samplepower 3.0.0.0

Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string.

9.3
2013-04-30 CVE-2012-5945 IBM Buffer Errors vulnerability in IBM Spss Samplepower 3.0.0.0

Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property value.

9.3
2013-05-01 CVE-2013-3080 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server Appliance 5.1

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access.

9.0
2013-05-01 CVE-2013-3079 Vmware Code Injection vulnerability in VMWare Vcenter Server Appliance 5.1

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access.

9.0

7 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-01 CVE-2013-0140 Mcafee SQL Injection vulnerability in Mcafee Epolicy Orchestrator

SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.

7.9
2013-05-03 CVE-2013-2017 Linux Resource Management Errors vulnerability in Linux Kernel

The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error.

7.8
2013-05-02 CVE-2013-3266 Freebsd Improper Input Validation vulnerability in Freebsd

The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory.

7.5
2013-05-05 CVE-2013-1092 Novell Local Privilege Escalation vulnerability in Novell ZENworks Desktop Management 7/7.1

Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe.

7.2
2013-05-03 CVE-2013-0940 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Networker

The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.

7.2
2013-04-29 CVE-2013-3301 Linux
Redhat
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
7.2
2013-05-01 CVE-2013-0699 Galilmc Improper Input Validation vulnerability in Galilmc Rio-47100 PLC

The Galil RIO-47100 Pocket PLC allows remote attackers to cause a denial of service via a session that includes "repeated requests."

7.1

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-03 CVE-2013-1979 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.

6.9
2013-05-05 CVE-2013-2703 Crunchify
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Crunchify Facebook Members

Cross-site request forgery (CSRF) vulnerability in the Facebook Members plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.

6.8
2013-05-05 CVE-2013-2702 Thulasidas
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Thulasidas Easy-Adsense-Lite

Cross-site request forgery (CSRF) vulnerability in the Easy AdSense Lite plugin before 6.10 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings.

6.8
2013-05-02 CVE-2012-0864 GNU Numeric Errors vulnerability in GNU Glibc 2.14

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

6.8
2013-05-02 CVE-2009-5029 GNU Numeric Errors vulnerability in GNU Glibc

Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.

6.8
2013-04-29 CVE-2013-1927 Redhat
Canonical
Opensuse
Security Bypass vulnerability in IcedTea-Web

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." Per http://www.ubuntu.com/usn/USN-1804-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS" Per http://lists.opensuse.org/opensuse-updates/2013-04/msg00106.html "Affected Products: openSUSE 12.2"

6.8
2013-04-29 CVE-2013-1196 Cisco Improper Input Validation vulnerability in Cisco products

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.

6.8
2013-05-01 CVE-2013-3062 SAP Permissions, Privileges, and Access Controls vulnerability in SAP Production Planning and Control

The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.

6.5
2013-05-01 CVE-2013-3061 SAP Permissions, Privileges, and Access Controls vulnerability in SAP ERP Cental Component and Healthcare Industry Solution

The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.

6.5
2013-04-29 CVE-2013-1226 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098.

6.1
2013-05-01 CVE-2013-3063 SAP Remote Command Execution vulnerability in SAP Basis Communication Services 4.6/7.30

SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

6.0
2013-05-01 CVE-2013-0127 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49.

5.8
2013-04-29 CVE-2013-1926 Redhat
Canonical
Opensuse
Security Bypass vulnerability in IcedTea-Web

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

5.8
2013-05-03 CVE-2013-3242 Joomla Improper Input Validation vulnerability in Joomla Joomla!

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.

5.5
2013-05-04 CVE-2013-1235 Cisco Remote Denial of Service vulnerability in Cisco Wireless LAN Controller

Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507.

5.0
2013-05-04 CVE-2013-1232 Cisco Improper Input Validation vulnerability in Cisco products

The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252.

5.0
2013-05-03 CVE-2013-1231 Cisco Improper Input Validation vulnerability in Cisco Webex Meetings Server and Webex Node FOR MCS

The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629.

5.0
2013-05-02 CVE-2013-1884 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Subversion

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.

5.0
2013-05-02 CVE-2013-1847 Apache Unspecified vulnerability in Apache Subversion

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.

5.0
2013-05-02 CVE-2013-0306 Djangoproject
Canonical
Numeric Errors vulnerability in multiple products

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

5.0
2013-05-02 CVE-2012-5657 Zend Information Exposure vulnerability in Zend Framework

The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.

5.0
2013-05-02 CVE-2011-4609 GNU Resource Management Errors vulnerability in GNU Glibc

The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.

5.0
2013-05-02 CVE-2009-5135 Nextapp Improper Input Validation vulnerability in Nextapp Echo

The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.0
2013-05-02 CVE-2012-5222 HP
Microsoft
Information Exposure vulnerability in HP Service Manager web Tier 9.31

HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2013-05-01 CVE-2013-1230 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Communications Domain Manager

Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057.

5.0
2013-05-01 CVE-2013-1229 Cisco Improper Input Validation vulnerability in Cisco Telepresence Management Suite

TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Management Suite (TMS) on 64-bit platforms allows remote attackers to cause a denial of service (process crash) via SNMP traps, aka Bug ID CSCue00028.

5.0
2013-05-01 CVE-2013-1156 Cisco Path Traversal vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution

Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034.

5.0
2013-05-01 CVE-2013-0666 Matrikonopc Resource Management Errors vulnerability in Matrikonopc Security Gateway 1.0

The configuration utility in MatrikonOPC Security Gateway 1.0 allows remote attackers to cause a denial of service (unhandled exception and application crash) via a TCP RST packet.

5.0
2013-05-01 CVE-2012-4952 Dentrix Credentials Management vulnerability in Dentrix G5

Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation.

5.0
2013-04-29 CVE-2013-1944 Haxx
Canonical
Information Exposure vulnerability in multiple products

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

5.0
2013-04-29 CVE-2013-1914 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Glibc

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.

5.0
2013-04-29 CVE-2012-5221 HP Information Disclosure vulnerability in Multiple HP LaserJet Printers

Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx, 47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet Enterprise CP4xxx; and 9250c Digital Sender with model-dependent firmware through 52.x allows remote attackers to read arbitrary files via unknown vectors.

5.0
2013-05-02 CVE-2013-2944 Strongswan Improper Authentication vulnerability in Strongswan

strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.

4.9
2013-04-29 CVE-2013-2015 Linux
Redhat
Resource Management Errors vulnerability in multiple products

The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.

4.7
2013-04-29 CVE-2013-1928 Linux
Redhat
Information Exposure vulnerability in Linux Kernel

The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.

4.7
2013-05-04 CVE-2013-1240 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager

The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.

4.6
2013-04-29 CVE-2013-3302 Linux Race Condition vulnerability in Linux Kernel

Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event.

4.4
2013-04-29 CVE-2013-1219 Cisco Local Denial of Service vulnerability in Cisco Intrusion Prevention System

SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630.

4.4
2013-05-03 CVE-2013-3267 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-05-03 CVE-2013-3059 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-05-03 CVE-2013-3058 Joomla Cross-Site Scripting vulnerability in Joomla Joomla!

Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-05-02 CVE-2013-0582 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response.

4.3
2013-05-02 CVE-2013-1849 Apache Unspecified vulnerability in Apache Subversion

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.

4.3
2013-05-02 CVE-2012-4481 Ruby Lang Permissions, Privileges, and Access Controls vulnerability in Ruby-Lang Ruby 1.8.7

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects.

4.3
2013-05-02 CVE-2013-2321 HP
Microsoft
Cross-Site Scripting vulnerability in HP Service Manager web Tier 9.31

Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-05-01 CVE-2013-3107 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server Appliance 5.0

VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.

4.3
2013-05-01 CVE-2013-1160 Cisco Cross-Site Scripting vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution

Cross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56743.

4.3
2013-05-01 CVE-2013-1159 Cisco Cross-Site Scripting vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution

Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56706.

4.3
2013-05-01 CVE-2013-1158 Cisco Cross-Site Scripting vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution

Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) help menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud54397.

4.3
2013-05-01 CVE-2013-1157 Cisco Cross-Site Scripting vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution

Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud51068.

4.3
2013-05-01 CVE-2013-0538 IBM Cross-Site Scripting vulnerability in IBM Lotus Notes

Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49.

4.3
2013-05-01 CVE-2013-0141 Mcafee Path Traversal vulnerability in Mcafee Epolicy Orchestrator

Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory.

4.3
2013-04-29 CVE-2013-1227 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Domain Manager

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902.

4.3
2013-04-29 CVE-2013-1198 Cisco Cross-Site Scripting vulnerability in Cisco Unified Computing System Software

Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud15430.

4.3
2013-05-03 CVE-2013-3057 Joomla Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla!

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors.

4.0
2013-05-03 CVE-2013-3056 Joomla Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla!

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.

4.0
2013-05-03 CVE-2013-1234 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS XR

The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.

4.0
2013-05-02 CVE-2013-1846 Apache
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.

4.0
2013-05-02 CVE-2013-0305 Djangoproject
Canonical
Information Exposure vulnerability in multiple products

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

4.0
2013-04-29 CVE-2013-1216 Cisco Information Exposure vulnerability in Cisco IOS XR

Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-05-03 CVE-2013-1959 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.

3.7
2013-05-03 CVE-2013-0944 EMC Information Exposure vulnerability in EMC Avamar

The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.

3.5
2013-05-02 CVE-2013-0535 IBM Cross-Site Scripting vulnerability in IBM Classic Meeting Server and Lotus Sametime

Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-05-02 CVE-2013-1845 Apache
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.

2.1