Weekly Vulnerabilities Reports > July 29 to August 4, 2013

Overview

112 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 133 products from 51 vendors including Wireshark, HP, Moodle, Phpmyadmin, and Cisco. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Numeric Errors".

  • 105 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 89 reported vulnerabilities are exploitable by an anonymous user.
  • Wireshark has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-08-01 CVE-2013-4652 Siemens Authentication Bypass vulnerability in Siemens Scalance W-700 Series

Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.

10.0
2013-08-01 CVE-2013-3443 Cisco Improper Input Validation vulnerability in Cisco Wide Area Application Services

The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.

10.0
2013-07-31 CVE-2013-5019 Vector Buffer Errors vulnerability in Vector Ultra Mini Httpd 1.21

Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.

10.0
2013-07-31 CVE-2013-2367 HP Remote Code Execution vulnerability in HP Sitescope 11.20/11.21

Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.

10.0
2013-07-31 CVE-2013-1377 Adobe Buffer Errors vulnerability in Adobe Digital Editions 2.0.0

Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2013-07-29 CVE-2013-4798 HP Remote Code Execution vulnerability in HP LoadRunner

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.

10.0
2013-07-31 CVE-2013-2785 GE Buffer Errors vulnerability in GE products

Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624.

9.3
2013-07-29 CVE-2013-0723 Kingsoft Buffer Errors vulnerability in Kingsoft Spreadsheets 2012 8.1.0.3030

Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsheets 2012 8.1.0.3030 allow remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a crafted spreadsheet file.

9.3
2013-07-29 CVE-2013-4800 HP Remote Code Execution vulnerability in HP LoadRunner

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.

9.3
2013-08-01 CVE-2013-3444 Cisco OS Command Injection vulnerability in Cisco products

The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790.

9.0
2013-07-31 CVE-2013-4697 Hitachi Unspecified vulnerability in Hitachi products

Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors.

9.0

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-08-01 CVE-2013-1616 Symantec OS Command Injection vulnerability in Symantec products

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.

8.3
2013-07-31 CVE-2013-2112 Apache
Collabnet
Canonical
Opensuse
Remote Denial of Service vulnerability in Apache Subversion

The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.

7.8
2013-07-30 CVE-2013-4929 Wireshark Numeric Errors vulnerability in Wireshark

The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet.

7.8
2013-07-30 CVE-2013-4928 Wireshark Numeric Errors vulnerability in Wireshark 1.10.0

Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

7.8
2013-07-30 CVE-2013-4927 Wireshark Numeric Errors vulnerability in Wireshark

Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.

7.8
2013-07-29 CVE-2013-4854 ISC
Suse
Novell
Opensuse
Freebsd
Mandriva
Redhat
Fedoraproject
HP
Slackware
Remote Denial of Service vulnerability in ISC BIND 9 DNS RDATA Handling

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

7.8
2013-07-29 CVE-2013-4799 HP Remote Buffer Overflow vulnerability in HP LoadRunner

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734.

7.6
2013-07-31 CVE-2013-2220 Radius Extension Project
PHP
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Radius Extension Project Radius

Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.

7.5
2013-07-29 CVE-2013-4953 Topgames SQL Injection vulnerability in Topgames TOP Games Script 1.2

SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter.

7.5
2013-07-29 CVE-2013-4952 Elemata SQL Injection vulnerability in Elemata CMS 3.0

SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2013-07-29 CVE-2013-4948 Machform SQL Injection vulnerability in Machform 2.0

SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.

7.5
2013-07-29 CVE-2013-4947 Sawmill Remote Security vulnerability in Sawmill

Unspecified vulnerability in the update and build database page in Sawmill before 8.6.3 allows remote attackers to have unknown impact and attack vectors.

7.5
2013-07-29 CVE-2013-4945 BMC SQL Injection vulnerability in BMC Service Desk Express 10.2.1.95

Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx.

7.5
2013-07-29 CVE-2013-4801 HP Remote Code Execution vulnerability in HP LoadRunner ActiveX Control

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736.

7.5
2013-07-29 CVE-2013-4797 HP Remote Code Execution vulnerability in HP LoadRunner

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690.

7.5
2013-07-29 CVE-2013-2370 HP Remote Code Execution vulnerability in HP LoadRunner

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.

7.5
2013-07-29 CVE-2013-2369 HP Remote Code Execution vulnerability in HP LoadRunner

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670.

7.5
2013-08-01 CVE-2013-1617 Symantec SQL Injection vulnerability in Symantec products

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

7.4
2013-08-01 CVE-2013-4672 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec products

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command.

7.2
2013-07-31 CVE-2013-3956 Novell
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Novell Client 2.0/4.91

The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.

7.2
2013-07-31 CVE-2013-3697 Novell
Microsoft
Numeric Errors vulnerability in Novell Client 2.0/4.91

Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call.

7.2
2013-07-31 CVE-2013-2088 Apache
Collabnet
Opensuse
Improper Input Validation vulnerability in multiple products

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.

7.1

73 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-08-01 CVE-2013-4911 Siemens Cross-Site Request Forgery (CSRF) vulnerability in Siemens Wincc 11.0/12.0

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

6.8
2013-07-31 CVE-2013-4156 Apache Out-of-bounds Write vulnerability in Apache Openoffice

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.

6.8
2013-07-31 CVE-2013-2189 Apache Out-of-bounds Write vulnerability in Apache Openoffice

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.

6.8
2013-07-31 CVE-2013-2174 Haxx
Canonical
Opensuse
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

6.8
2013-07-29 CVE-2013-4949 Machform Unspecified vulnerability in Machform 2.0

Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.

6.8
2013-08-01 CVE-2013-4651 Siemens Credentials Management vulnerability in Siemens products

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.

6.6
2013-07-31 CVE-2013-5003 Phpmyadmin SQL Injection vulnerability in PHPmyadmin

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.

6.5
2013-07-29 CVE-2013-3033 IBM SQL Injection vulnerability in IBM Tivoli Remote Control 5.1.2

SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2013-08-02 CVE-2013-3220 Bitcoin Resource Management Errors vulnerability in Bitcoin products

bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split) and enable certain double-spending capabilities via a large block that triggers incorrect Berkeley DB locking.

6.4
2013-08-01 CVE-2013-2994 IBM Improper Input Validation vulnerability in IBM Websphere Commerce 7.0

IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors.

6.4
2013-07-29 CVE-2013-4851 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd 8.3/9.0/9.1

The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.

6.4
2013-08-01 CVE-2013-4671 Symantec Cross-Site Request Forgery (CSRF) vulnerability in Symantec products

Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

6.0
2013-08-01 CVE-2013-4912 Siemens Improper Input Validation vulnerability in Siemens Wincc 11.0/12.0

Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

5.8
2013-08-01 CVE-2013-4673 Symantec Improper Input Validation vulnerability in Symantec products

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt.

5.8
2013-08-01 CVE-2013-2993 IBM Improper Authentication vulnerability in IBM Websphere Commerce

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.

5.8
2013-07-31 CVE-2013-1968 Apache
Collabnet
Canonical
Opensuse
Remote Denial of Service vulnerability in Apache Subversion

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.

5.5
2013-08-02 CVE-2013-4627 Bitcoin Denial of Service vulnerability in Bitcoin Bitcoin-Qt and Bitcoind

Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remote attackers to cause a denial of service (memory consumption) via a large amount of tx message data.

5.0
2013-08-02 CVE-2013-3219 Bitcoin Permissions, Privileges, and Access Controls vulnerability in Bitcoin Core 0.8.0

bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions.

5.0
2013-08-02 CVE-2013-1190 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System

The C-Series Rack Server component 1.4 in Cisco Unified Computing System (UCS) does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service (Integrated Management Controller reboot or hang) via crafted packets, as demonstrated by nmap, aka Bug ID CSCtx19850.

5.0
2013-08-01 CVE-2013-3724 Monkey Project Improper Input Validation vulnerability in Monkey-Project Monkey 1.1.1

The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.

5.0
2013-08-01 CVE-2012-3913 Cisco Denial of Service vulnerability in Cisco products

The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019.

5.0
2013-07-31 CVE-2013-5000 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.

5.0
2013-07-31 CVE-2013-4999 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php.

5.0
2013-07-31 CVE-2013-4998 Phpmyadmin Information Exposure vulnerability in PHPmyadmin

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.

5.0
2013-07-31 CVE-2013-2056 Redhat Improper Authentication vulnerability in Redhat Satellite 5.3/5.4/5.5

The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.

5.0
2013-07-30 CVE-2013-4936 Wireshark Unspecified vulnerability in Wireshark 1.10.0

The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.

5.0
2013-07-30 CVE-2013-4933 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file.

5.0
2013-07-30 CVE-2013-4932 Wireshark Improper Input Validation vulnerability in Wireshark

Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet.

5.0
2013-07-30 CVE-2013-4931 Wireshark Resource Management Errors vulnerability in Wireshark

epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector.

5.0
2013-07-30 CVE-2013-4930 Wireshark Improper Input Validation vulnerability in Wireshark

The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.

5.0
2013-07-30 CVE-2013-4926 Wireshark Improper Input Validation vulnerability in Wireshark 1.10.0

epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.0
2013-07-30 CVE-2013-4925 Wireshark Numeric Errors vulnerability in Wireshark 1.10.0

Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet.

5.0
2013-07-30 CVE-2013-4924 Wireshark Improper Input Validation vulnerability in Wireshark 1.10.0

epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.

5.0
2013-07-30 CVE-2013-4923 Wireshark Resource Management Errors vulnerability in Wireshark 1.10.0

Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.

5.0
2013-07-30 CVE-2013-4922 Wireshark Resource Management Errors vulnerability in Wireshark 1.10.0

Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.0
2013-07-30 CVE-2013-4921 Wireshark Numeric Errors vulnerability in Wireshark 1.10.0

Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.0
2013-07-30 CVE-2013-4920 Wireshark Buffer Errors vulnerability in Wireshark 1.10.0

The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.0
2013-07-29 CVE-2013-3445 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine

The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572.

5.0
2013-07-29 CVE-2013-2368 HP Denial of Service vulnerability in HP LoadRunner

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669.

5.0
2013-07-29 CVE-2011-1483 Redhat
HP
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.
5.0
2013-07-31 CVE-2013-0943 EMC Information Exposure vulnerability in EMC Networker

EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.

4.6
2013-08-02 CVE-2013-4165 Bitcoin Information Exposure vulnerability in Bitcoin Core 0.8.1

The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.

4.3
2013-08-01 CVE-2013-4670 Symantec Cross-Site Scripting vulnerability in Symantec products

Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-08-01 CVE-2012-5460 Juniper Cross-Site Scripting vulnerability in Juniper products

Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.

4.3
2013-07-31 CVE-2013-5020 Minibb Cross-Site Scripting vulnerability in Minibb

Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter.

4.3
2013-07-31 CVE-2013-5006 Westerndigital Credentials Management vulnerability in Westerndigital MY NET N750, MY NET N900 and MY NET N900C

main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code.

4.3
2013-07-31 CVE-2013-4997 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.

4.3
2013-07-31 CVE-2013-4996 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file.

4.3
2013-07-31 CVE-2013-4674 Symantec Cross-Site Scripting vulnerability in Symantec Encryption Management Server and PGP Universal Server

Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.

4.3
2013-07-31 CVE-2013-2209 Reviewboard Cross-Site Scripting vulnerability in Reviewboard Review Board

Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name.

4.3
2013-07-30 CVE-2013-4935 Wireshark Numeric Errors vulnerability in Wireshark

The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2013-07-30 CVE-2013-4934 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file.

4.3
2013-07-29 CVE-2013-4951 Mintboard Cross-Site Scripting vulnerability in Mintboard 0.3

Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php.

4.3
2013-07-29 CVE-2013-4950 Machform Cross-Site Scripting vulnerability in Machform 2.0

Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.

4.3
2013-07-29 CVE-2013-4946 BMC Cross-Site Scripting vulnerability in BMC Service Desk Express 10.2.1.95

Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.

4.3
2013-07-29 CVE-2013-3515 Openx Cross-Site Scripting vulnerability in Openx

Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.

4.3
2013-07-29 CVE-2013-2181 Monkey Project Cross-Site Scripting vulnerability in Monkey-Project Monkey 1.2.2

Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.

4.3
2013-07-29 CVE-2013-4942 Moodle
Yahoo
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

4.3
2013-07-29 CVE-2013-4941 Moodle
Yahoo
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

4.3
2013-07-29 CVE-2013-4940 Moodle
Yahoo
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

4.3
2013-07-29 CVE-2013-4938 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values.

4.3
2013-07-29 CVE-2013-4802 HP Cross-Site Scripting vulnerability in HP Application Lifecycle Management 11.00/11.50

Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ZDI-CAN-1565.

4.3
2013-07-29 CVE-2013-3580 Trustgo Improper Input Validation vulnerability in Trustgo Antivirus & Mobile Security

The TrustGo Antivirus & Mobile Security application before 1.3.6 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.trustgo.mobile.security.USSDScannerActivity with zero arguments.

4.3
2013-07-29 CVE-2013-2244 Moodle Cross-Site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the conditional access rule value of a user field.

4.3
2013-08-02 CVE-2013-3448 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Meetings Server

Cisco WebEx Meetings Server does not check whether a user account is active, which allows remote authenticated users to bypass intended access restrictions by performing meeting operations after account deactivation, aka Bug ID CSCuh33315.

4.0
2013-07-31 CVE-2013-4131 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Subversion

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.

4.0
2013-07-31 CVE-2013-3425 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Webex 11.0

The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965.

4.0
2013-07-31 CVE-2013-2219 Fedoraproject
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.

4.0
2013-07-29 CVE-2013-3300 Liftweb Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Liftweb Lift

The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.

4.0
2013-07-29 CVE-2013-2246 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time.

4.0
2013-07-29 CVE-2013-2245 Moodle Improper Authentication vulnerability in Moodle

rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.

4.0
2013-07-29 CVE-2013-2243 Moodle Information Exposure vulnerability in Moodle

mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document.

4.0
2013-07-29 CVE-2013-2242 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-07-31 CVE-2013-5002 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.

3.5
2013-07-31 CVE-2013-5001 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.

3.5
2013-07-31 CVE-2013-4995 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information.

3.5
2013-07-29 CVE-2013-4954 Genetechsolutions
Wordpress
Cross-Site Scripting vulnerability in Genetechsolutions Pie-Register

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action.

2.6
2013-07-29 CVE-2013-4944 Fusedpress
Wordpress
Cross-Site Scripting vulnerability in Fusedpress Buddypress-Extended-Frienship-Request 1.0/1.0.1

Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php.

2.6
2013-07-29 CVE-2013-4140 Drupalisme
Drupal
Cross-Site Scripting vulnerability in Drupalisme Tinybox

Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.

2.1