Weekly Vulnerabilities Reports > July 15 to 21, 2013
Overview
135 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 120 products from 44 vendors including Oracle, Cisco, SUN, Opensuse, and Suse. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "SQL Injection".
- 113 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 17 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 94 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 63 reported vulnerabilities.
- Apache has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
8 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-07-18 | CVE-2013-4781 | Siemens | OS Command Injection vulnerability in Siemens products core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
2013-07-20 | CVE-2013-2251 | Apache Fujitsu Oracle | Injection vulnerability in multiple products Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. | 9.8 |
2013-07-18 | CVE-2012-6349 | Autonomy IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W. | 9.3 |
2013-07-16 | CVE-2013-2135 | Apache | Code Injection vulnerability in Apache Struts Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice. | 9.3 |
2013-07-16 | CVE-2013-2134 | Apache | Code Injection vulnerability in Apache Struts Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135. | 9.3 |
2013-07-19 | CVE-2013-3274 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server and Avamar Server Virtual Edition EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | 9.0 |
2013-07-17 | CVE-2013-3751 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.2/11.2.0.3 Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 9.0 |
2013-07-15 | CVE-2013-3578 | Wave | SQL Injection vulnerability in Wave products SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands. | 9.0 |
23 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-07-18 | CVE-2013-4780 | Siemens | Information Exposure vulnerability in Siemens products core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary files via unspecified vectors. | 7.8 |
2013-07-18 | CVE-2013-4778 | Siemens | Information Exposure vulnerability in Siemens products core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive server and statistics information via unspecified vectors. | 7.8 |
2013-07-18 | CVE-2013-3411 | Cisco | Denial of Service vulnerability in Cisco IPS Software The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via malformed IPv4 TCP packets, aka Bug ID CSCuh27460. | 7.8 |
2013-07-18 | CVE-2013-3410 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Intrusion Prevention System and IPS NME Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977. | 7.8 |
2013-07-18 | CVE-2013-1243 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before 7.1(5)E4 allows remote attackers to cause a denial of service (MainApp process hang) via malformed IPv4 packets, aka Bug ID CSCtx18596. | 7.8 |
2013-07-18 | CVE-2013-1218 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software modules before 7.1(7)sp1E4 allows remote attackers to cause a denial of service (Analysis Engine process hang or device reload) via fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCue51272. | 7.8 |
2013-07-17 | CVE-2013-3753 | SUN | Remote Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework. | 7.8 |
2013-07-17 | CVE-2013-3748 | SUN | Remote Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Driver/IDM (iSCSI Data Mover). | 7.8 |
2013-07-16 | CVE-2013-1943 | Linux Redhat Canonical | Improper Input Validation vulnerability in multiple products The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. | 7.8 |
2013-07-17 | CVE-2013-3774 | Oracle | Remote Security vulnerability in RETIRED: Oracle Database Server Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 7.6 |
2013-07-20 | CVE-2013-4870 | News Search Project Typo3 | SQL Injection vulnerability in News Search Project News Search 0.1.0 SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-07-20 | CVE-2013-2028 | F5 Fedoraproject | Out-of-bounds Write vulnerability in multiple products The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. | 7.5 |
2013-07-18 | CVE-2013-4878 | Parallels Linux | Permissions, Privileges, and Access Controls vulnerability in Parallels products The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823. | 7.5 |
2013-07-18 | CVE-2013-1606 | UI | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in UI products Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request. | 7.5 |
2013-07-18 | CVE-2013-3404 | Cisco | SQL Injection vulnerability in Cisco Unified Communications Manager SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. | 7.5 |
2013-07-17 | CVE-2013-3779 | Oracle | Remote Security vulnerability in Oracle Virtualization and VM Virtualbox Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI. | 7.5 |
2013-07-15 | CVE-2013-3577 | Wave | SQL Injection vulnerability in Wave products SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote attackers to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field). | 7.5 |
2013-07-18 | CVE-2013-4011 | IBM | Local Privilege Escalation vulnerability in IBM AIX Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat. | 7.2 |
2013-07-17 | CVE-2013-3771 | Oracle | Local Security vulnerability in Oracle Database Server Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-3760. | 7.2 |
2013-07-17 | CVE-2013-3760 | Oracle | Local Security vulnerability in Oracle Database Server Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-3771. | 7.2 |
2013-07-17 | CVE-2013-3754 | Oracle | Local Security vulnerability in Oracle and SUN Systems Product Suite 3.3 Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to HA for TimesTen. | 7.2 |
2013-07-17 | CVE-2013-3750 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/VM Per: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html 'CVE-2013-3750 occurs only when Solaris is running on X86 platform.' | 7.2 |
2013-07-17 | CVE-2013-3746 | Oracle | Local Security vulnerability in Oracle Solaris Cluster Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.2, 3.3, and 4 prior to 4.1 SRU 3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Cluster Infrastructure. | 7.2 |
94 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-07-18 | CVE-2013-4872 | Permissions, Privileges, and Access Controls vulnerability in Google Glass XE5 Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack. | 6.9 | |
2013-07-20 | CVE-2013-4871 | Markus Blaschke Typo3 | Cross-Site Request Forgery (CSRF) vulnerability in Markus Blaschke TQ SEO 5.0.0 Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2013-07-18 | CVE-2013-3665 | Autodesk | Unspecified vulnerability in Autodesk products Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file. | 6.8 |
2013-07-18 | CVE-2013-3420 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506. | 6.8 |
2013-07-18 | CVE-2013-3434 | Cisco | Local Privilege Escalation vulnerability in Cisco Unified Communications Manager Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242. | 6.8 |
2013-07-18 | CVE-2013-3433 | Cisco | Local Privilege Escalation vulnerability in Cisco Unified Communications Manager Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. | 6.8 |
2013-07-18 | CVE-2013-3403 | Cisco | Unspecified vulnerability in Cisco Unified Communications Manager Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. | 6.8 |
2013-07-17 | CVE-2013-3781 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0/8.4/8.4.1 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3776. | 6.8 |
2013-07-17 | CVE-2013-3776 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0/8.4/8.4.1 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3781. | 6.8 |
2013-07-16 | CVE-2013-3491 | Mdolon Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mdolon Sharebar 1.2.5 Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences. | 6.8 |
2013-07-18 | CVE-2013-3412 | Cisco | SQL Injection vulnerability in Cisco Unified Communications Manager SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | 6.5 |
2013-07-18 | CVE-2013-3402 | Cisco | Code Injection vulnerability in Cisco Unified Communications Manager An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | 6.5 |
2013-07-17 | CVE-2013-3789 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.5 |
2013-07-19 | CVE-2013-0559 | IBM | Authentication Bypass vulnerability in IBM API Management 2.0.0.0 Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and consequently obtain sensitive information or modify data, via unknown vectors. | 6.4 |
2013-07-17 | CVE-2013-3821 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via unknown vectors related to Integration Broker. | 6.4 |
2013-07-17 | CVE-2013-3819 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via unknown vectors related to Mobile Applications. | 6.4 |
2013-07-17 | CVE-2013-3800 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Interlinks. | 6.4 |
2013-07-17 | CVE-2013-3757 | SUN | Remote Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services. | 6.4 |
2013-07-18 | CVE-2013-4876 | Verizon | Credentials Management vulnerability in Verizon Wireless Network Extender Scs2U01 The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt. | 6.2 |
2013-07-18 | CVE-2013-4875 | Verizon | Improper Authentication vulnerability in Verizon Wireless Network Extender Scs2U01 The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. | 6.2 |
2013-07-18 | CVE-2013-4874 | Verizon | Improper Authentication vulnerability in Verizon Wireless Network Extender Scs26Uc4 The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable. | 6.2 |
2013-07-17 | CVE-2013-3786 | SUN | Local Security vulnerability in SUN Sunos 5.10/5.11/5.9 Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | 6.0 |
2013-07-20 | CVE-2013-3656 | Cybozu | Improper Authentication vulnerability in Cybozu Office Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL. | 5.8 |
2013-07-20 | CVE-2013-2248 | Apache | Improper Input Validation vulnerability in Apache Struts Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix. | 5.8 |
2013-07-20 | CVE-2013-2070 | F5 Debian | http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. | 5.8 |
2013-07-17 | CVE-2013-3813 | SUN | Remote Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality and integrity via vectors related to Libraries/PAM-Unix. | 5.8 |
2013-07-17 | CVE-2013-3798 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached. | 5.8 |
2013-07-16 | CVE-2013-1935 | Redhat | Race Condition vulnerability in Redhat Enterprise Linux 6.0 A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are possible. | 5.7 |
2013-07-17 | CVE-2013-3784 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors Time and Labor. | 5.5 |
2013-07-17 | CVE-2013-3770 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1/11.1.1.6.0/11.1.1.7.0 Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server. | 5.5 |
2013-07-17 | CVE-2013-3764 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 7.4.0/7.5.1.1 Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3763. | 5.5 |
2013-07-17 | CVE-2013-3763 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 7.4.0/7.5.1.1 Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764. | 5.5 |
2013-07-17 | CVE-2013-3756 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 12.1.1/12.1.2/12.1.3 Unspecified vulnerability in the Oracle Landed Cost Management component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Shipment Workbench. | 5.5 |
2013-07-19 | CVE-2013-3436 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698. | 5.0 |
2013-07-18 | CVE-2013-4873 | Yahoo | Credentials Management vulnerability in Yahoo Tumblr 3.4.0 The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
2013-07-18 | CVE-2013-4668 | File Roller Project Canonical | Path Traversal vulnerability in multiple products Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c. | 5.0 |
2013-07-18 | CVE-2013-3426 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco products The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810. | 5.0 |
2013-07-17 | CVE-2013-3820 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect availability via unknown vectors related to Business Interlink. | 5.0 |
2013-07-17 | CVE-2013-3801 | Oracle Suse Opensuse Mariadb | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. | 5.0 |
2013-07-17 | CVE-2013-3773 | Oracle | Remote Security vulnerability in Oracle SPARC Enterprise M-Series Servers Unspecified vulnerability in the SPARC Enterprise M Series Servers component in Oracle and Sun Systems Products Suite XCP 1114 and earlier allows remote attackers to affect availability via vectors related to XSCF Control Package (XCP). | 5.0 |
2013-07-17 | CVE-2013-0398 | SUN | Remote Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/Remote Execution Server (in.rexecd). | 5.0 |
2013-07-16 | CVE-2013-2122 | Quade Drupal | Permissions, Privileges, and Access Controls vulnerability in Quade Edit Limit The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors. | 5.0 |
2013-07-16 | CVE-2013-1908 | Acquia Commons Wikis Project Drupal | Permissions, Privileges, and Access Controls vulnerability in multiple products The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | 5.0 |
2013-07-16 | CVE-2013-1907 | Acquia Drupal | Permissions, Privileges, and Access Controls vulnerability in Acquia Commons and Commons Group The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | 5.0 |
2013-07-15 | CVE-2013-2765 | Modsecurity Opensuse | Null Pointer Dereference vulnerability in multiple products The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header. | 5.0 |
2013-07-17 | CVE-2013-3799 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 10 and 11, when running on AMD64, allows local users to affect availability via unknown vectors related to Kernel. | 4.9 |
2013-07-17 | CVE-2013-3765 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM. | 4.9 |
2013-07-17 | CVE-2013-3797 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS. | 4.7 |
2013-07-16 | CVE-2013-2188 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 6.0 A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain write permissions, which allows local users to cause a denial of service (system crash) by leveraging access to a filesystem that is mounted read-only. | 4.7 |
2013-07-20 | CVE-2013-1955 | Nashtech | Cross-Site Scripting vulnerability in Nashtech Easy PHP Calendar Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-07-20 | CVE-2013-1879 | Apache | Cross-Site Scripting vulnerability in Apache Activemq Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message." | 4.3 |
2013-07-19 | CVE-2013-3275 | EMC | Improper Input Validation vulnerability in EMC Avamar Server and Avamar Server Virtual Edition EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities." | 4.3 |
2013-07-19 | CVE-2012-3414 | Swfupload Project Tinymce Wordpress | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function. | 4.3 |
2013-07-18 | CVE-2013-4779 | Siemens | Cross-Site Scripting vulnerability in Siemens products Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-07-17 | CVE-2013-3822 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS). | 4.3 |
2013-07-17 | CVE-2013-3818 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2013-2404. | 4.3 |
2013-07-17 | CVE-2013-3791 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework. | 4.3 |
2013-07-17 | CVE-2013-3788 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Supplier Management. | 4.3 |
2013-07-17 | CVE-2013-3787 | SUN | Remote Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Kernel. | 4.3 |
2013-07-17 | CVE-2013-3782 | Oracle | Remote Security vulnerability in Oracle Virtualization 4.6/4.7 Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 prior to 4.63 and 4.7 prior to 4.71 allows remote attackers to affect integrity via unknown vectors related to Web UI. | 4.3 |
2013-07-17 | CVE-2013-3778 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Help. | 4.3 |
2013-07-17 | CVE-2013-3777 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Signon. | 4.3 |
2013-07-17 | CVE-2013-3775 | Oracle | Remote Security vulnerability in Oracle Ilearning 5.2.1/6.0 Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages. | 4.3 |
2013-07-17 | CVE-2013-3772 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1/11.1.1.6.0/11.1.1.7.0 Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Web Forms. | 4.3 |
2013-07-17 | CVE-2013-3769 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1/11.1.1.6.0/11.1.1.7.0 Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Site Studio. | 4.3 |
2013-07-17 | CVE-2013-3768 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to Rich Text Editor. | 4.3 |
2013-07-17 | CVE-2013-3767 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Access Gate 1.2.1 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite Access Gate 1.2.1 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2013-07-17 | CVE-2013-3761 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products Portal 9.1 and PeopleTools 8.52 allows remote attackers to affect integrity via vectors related to PIA Core Technology. | 4.3 |
2013-07-17 | CVE-2013-3759 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Search Functionality. | 4.3 |
2013-07-17 | CVE-2013-3758 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager (EM) Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to Schema Management. | 4.3 |
2013-07-17 | CVE-2013-3755 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.5.0/11.1.1.7.0/11.1.2.0 Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 allows remote attackers to affect integrity via vectors related to SSO Engine. | 4.3 |
2013-07-17 | CVE-2013-3752 | SUN | Remote Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect integrity via vectors related to Service Management Facility (SMF). | 4.3 |
2013-07-16 | CVE-2013-0246 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors. | 4.3 |
2013-07-16 | CVE-2013-4117 | Anshul Sharma Wordpress | Cross-Site Scripting vulnerability in Anshul Sharma Category-Grid-View-Gallery 2.3.1 Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | 4.3 |
2013-07-15 | CVE-2013-1087 | Novell Microsoft | Cross-Site Scripting vulnerability in Novell Groupwise Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message. | 4.3 |
2013-07-17 | CVE-2013-3825 | Oracle | Information Exposure vulnerability in Oracle Supply Chain products Suite 9.3.1 Unspecified vulnerability in the Oracle Agile Product Collaboration component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Folders & Files Attachment. | 4.0 |
2013-07-17 | CVE-2013-3824 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1 Unspecified vulnerability in the Oracle Agile Collaboration Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Manufacturing/Mfg Parts. | 4.0 |
2013-07-17 | CVE-2013-3823 | Oracle | Information Exposure vulnerability in Oracle Supply Chain products Suite 9.3.1 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 4.0 |
2013-07-17 | CVE-2013-3816 | Oracle | Remote Security vulnerability in Oracle Policy Automation Unspecified vulnerability in the Oracle Policy Automation component in Oracle Industry Applications 10.2.0, 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Determinations Engine. | 4.0 |
2013-07-17 | CVE-2013-3809 | Oracle Suse Opensuse Canonical Mariadb | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log. | 4.0 |
2013-07-17 | CVE-2013-3808 | Oracle Mariadb Opensuse Suse | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. | 4.0 |
2013-07-17 | CVE-2013-3807 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges. | 4.0 |
2013-07-17 | CVE-2013-3806 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811. | 4.0 |
2013-07-17 | CVE-2013-3805 | Oracle Suse Opensuse Mariadb | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements. | 4.0 |
2013-07-17 | CVE-2013-3804 | Oracle Debian Canonical Mariadb Suse Opensuse | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
2013-07-17 | CVE-2013-3802 | Oracle Mariadb Debian Canonical Opensuse Suse | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. | 4.0 |
2013-07-17 | CVE-2013-3796 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
2013-07-17 | CVE-2013-3795 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | 4.0 |
2013-07-17 | CVE-2013-3794 | Oracle Suse Opensuse Mariadb | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition. | 4.0 |
2013-07-17 | CVE-2013-3793 | Oracle Debian Opensuse Suse Canonical Mariadb | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | 4.0 |
2013-07-17 | CVE-2013-3783 | Oracle Mariadb Debian Canonical Opensuse Suse | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. | 4.0 |
2013-07-17 | CVE-2013-3780 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1 Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Saved Search. | 4.0 |
2013-07-17 | CVE-2013-3747 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Client System Analyzer. | 4.0 |
2013-07-15 | CVE-2013-3428 | Cisco | Information Exposure vulnerability in Cisco Secure Access Control System The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957. | 4.0 |
10 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-07-17 | CVE-2013-3812 | Oracle Suse Opensuse Canonical Debian Mariadb | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | 3.5 |
2013-07-17 | CVE-2013-3811 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806. | 3.5 |
2013-07-17 | CVE-2013-3810 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions. | 3.5 |
2013-07-17 | CVE-2013-3803 | Oracle | Directory Traversal vulnerability in Oracle Hyperion Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Intelligence Service. | 3.5 |
2013-07-17 | CVE-2013-3749 | Oracle | Remote Password Disclosure vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Logging. | 3.5 |
2013-07-16 | CVE-2013-1925 | Chaos Tool Suite Project | Permissions, Privileges, and Access Controls vulnerability in Chaos Tool Suite Project Ctools The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list. | 3.5 |
2013-07-18 | CVE-2013-4877 | Verizon | Improper Authentication vulnerability in Verizon Wireless Network Extender Scs26Uc4/Scs2U01 The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. | 2.6 |
2013-07-17 | CVE-2013-3790 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Privileged Account. | 2.1 |
2013-07-17 | CVE-2013-3745 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc. | 2.1 |
2013-07-16 | CVE-2013-0245 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors. | 2.1 |