Weekly Vulnerabilities Reports > August 26 to September 1, 2013

Overview

79 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 80 products from 35 vendors including Paloaltonetworks, IBM, Cisco, Drupal, and XEN. Vulnerabilities are notably categorized as "Cross-site Scripting", "OS Command Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Information Exposure".

  • 68 reported vulnerabilities are remotely exploitables.
  • 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 53 reported vulnerabilities are exploitable by an anonymous user.
  • Paloaltonetworks has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Paloaltonetworks has the most reported critical vulnerabilities, with 13 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

18 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-08-31 CVE-2012-6603 Paloaltonetworks Improper Authentication vulnerability in Paloaltonetworks Pan-Os

The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.

10.0
2013-08-31 CVE-2012-6601 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983.

10.0
2013-08-31 CVE-2012-6593 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088.

10.0
2013-08-31 CVE-2012-6592 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091.

10.0
2013-08-30 CVE-2013-3346 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

10.0
2013-08-29 CVE-2013-3466 Cisco Improper Authentication vulnerability in Cisco Secure Access Control Server

The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.

9.3
2013-08-28 CVE-2013-2782 Schneider Electric Cryptographic Issues vulnerability in Schneider-Electric Tburjr900 and Tburjr900 Firmware

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

9.3
2013-08-27 CVE-2013-4974 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP

RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file.

9.3
2013-08-27 CVE-2013-4973 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP

Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.

9.3
2013-08-31 CVE-2012-6605 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896.

9.0
2013-08-31 CVE-2012-6604 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249.

9.0
2013-08-31 CVE-2012-6602 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122.

9.0
2013-08-31 CVE-2012-6600 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502.

9.0
2013-08-31 CVE-2012-6599 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476.

9.0
2013-08-31 CVE-2012-6598 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080.

9.0
2013-08-31 CVE-2012-6595 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595.

9.0
2013-08-31 CVE-2012-6594 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299.

9.0
2013-08-31 CVE-2012-6591 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116.

9.0

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-08-29 CVE-2013-5209 Freebsd Information Exposure vulnerability in Freebsd

The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks.

7.8
2013-08-29 CVE-2013-3468 Cisco Improper Input Validation vulnerability in Cisco Unified IP Phone 8945 and Unified IP Phone Firmware

The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270.

7.8
2013-08-28 CVE-2013-2353 HP Remote Denial of Service vulnerability in HP StoreOnce D2D Backup System

Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before 1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial of service via unknown vectors.

7.8
2013-08-28 CVE-2013-3582 Dell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dell products

Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.

7.6
2013-08-28 CVE-2013-3586 Samsung Improper Authentication vulnerability in Samsung DVR and Smart Viewer

Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.

7.6
2013-08-29 CVE-2013-5647 Adam Zaninovich
Ruby Lang
Code Injection vulnerability in Adam Zaninovich Sounder 1.0.1

lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

7.5
2013-08-29 CVE-2013-5589 Debian
Cacti
Opensuse
SQL Injection vulnerability in multiple products

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2013-08-28 CVE-2013-2247 Fast Permissions Administration Project
Drupal
Permissions, Privileges, and Access Controls vulnerability in Fast Permissions Administration Project Fast Permission Administration

The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form.

7.5
2013-08-28 CVE-2013-2211 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.

7.4
2013-08-28 CVE-2013-2072 XEN
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.

7.4
2013-08-28 CVE-2013-1432 XEN Resource Management Errors vulnerability in XEN

Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors.

7.4
2013-08-28 CVE-2013-2176 Redhat Resource Management Errors vulnerability in Redhat Enterprise Virtualization 3.0/3.2

Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application.

7.2
2013-08-28 CVE-2013-3077 Freebsd Numeric Errors vulnerability in Freebsd

Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries.

7.2
2013-08-30 CVE-2013-5469 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS

The TCP implementation in Cisco IOS does not properly implement the transitions from the ESTABLISHED state to the CLOSED state, which allows remote attackers to cause a denial of service (flood of ACK packets) via a crafted series of ACK and FIN packets, aka Bug ID CSCtz14399.

7.1
2013-08-28 CVE-2013-2804 Softwaretoolbox Improper Input Validation vulnerability in Softwaretoolbox TOP Server

The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.

7.1

37 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-08-30 CVE-2013-3485 Lulusoftware Insecure Library Loading Arbitrary Code Execution vulnerability in Lulusoftware Soda PDF 5.1.183.10520

Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.10520 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) api-ms-win-core-localregistry-l1-1-0.dll file in the current working directory.

6.9
2013-08-29 CVE-2013-5648 ID Path Traversal vulnerability in ID Id-Software and Libdigidoc

Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.

6.8
2013-08-29 CVE-2013-3472 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager

Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.

6.8
2013-08-28 CVE-2013-3590 Searchblox Remote Command Injection vulnerability in SearchBlox

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.

6.8
2013-08-28 CVE-2013-3583 Corporater Cross-Site Request Forgery (CSRF) vulnerability in Corporater EPM Suite

Cross-site request forgery (CSRF) vulnerability in saveProperties.html in Corporater EPM Suite allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.

6.8
2013-08-31 CVE-2012-6597 Paloaltonetworks Improper Input Validation vulnerability in Paloaltonetworks Pan-Os

Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254.

6.3
2013-08-30 CVE-2013-3474 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Wireless LAN Controller

The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) devices allows remote authenticated users to cause a denial of service (device crash) by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request that (1) lacks a parameter value or (2) contains a malformed parameter value, aka Bug IDs CSCuh14313, CSCuh14159, CSCuh14368, and CSCuh14436.

6.3
2013-08-31 CVE-2012-6606 Paloaltonetworks Cryptographic Issues vulnerability in Paloaltonetworks Globalprotect and Netconnect

Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate.

5.8
2013-08-28 CVE-2013-2123 Node Access User Reference Project
Drupal
Permissions, Privileges, and Access Controls vulnerability in Node Access User Reference Project Nodeaccess Userreference Module

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors.

5.8
2013-08-28 CVE-2013-2212 XEN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN

The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range.

5.7
2013-08-28 CVE-2013-2077 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.

5.2
2013-08-31 CVE-2012-6596 Paloaltonetworks Credentials Management vulnerability in Paloaltonetworks Pan-Os

Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493.

5.0
2013-08-30 CVE-2013-4702 Lockon Path Traversal vulnerability in Lockon Ec-Cube

Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.

5.0
2013-08-30 CVE-2013-3470 Cisco Improper Input Validation vulnerability in Cisco IOS XR

The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.

5.0
2013-08-28 CVE-2013-2178 Fail2Ban Improper Input Validation vulnerability in Fail2Ban

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.

5.0
2013-08-28 CVE-2013-4139 Stage File Proxy Project
Drupal
Unspecified vulnerability in Stage File Proxy Project Stage File Proxy

The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests.

5.0
2013-08-28 CVE-2013-3271 EMC Credentials Management vulnerability in EMC RSA Authentication Agent 7.0.0/7.0.1/7.0.2

EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack.

5.0
2013-08-28 CVE-2013-3598 Searchblox Path Traversal vulnerability in Searchblox

Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a ..

5.0
2013-08-28 CVE-2013-3597 Searchblox Information Exposure vulnerability in Searchblox

servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.

5.0
2013-08-28 CVE-2013-3585 Samsung Credentials Management vulnerability in Samsung Smart Viewer

Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page.

5.0
2013-08-28 CVE-2013-3495 Opensuse
XEN
Permissions, Privileges, and Access Controls vulnerability in multiple products

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).

4.7
2013-08-30 CVE-2013-3467 Cisco Resource Management Errors vulnerability in Cisco products

Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of service (memory consumption and device reset) via a (1) "show monitor session all" or (2) "show monitor session" command, aka Bug ID CSCug20103.

4.6
2013-08-28 CVE-2013-4033 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 and DB2 Connect

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority.

4.6
2013-08-28 CVE-2013-2035 Redhat Code Injection vulnerability in Redhat Hawtjni

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.

4.4
2013-08-31 CVE-2013-5664 Paloaltonetworks Cross-Site Scripting vulnerability in Paloaltonetworks Pan-Os

Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908.

4.3
2013-08-31 CVE-2012-6590 Paloaltonetworks Information Exposure vulnerability in Paloaltonetworks Pan-Os

The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139.

4.3
2013-08-30 CVE-2012-5744 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software

Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904.

4.3
2013-08-29 CVE-2013-5645 Roundcube Cross-Site Scripting vulnerability in Roundcube Webmail

Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc.

4.3
2013-08-29 CVE-2013-5588 Cacti
Opensuse
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.

4.3
2013-08-29 CVE-2013-3471 Cisco Credentials Management vulnerability in Cisco Identity Services Engine Software

The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515.

4.3
2013-08-28 CVE-2013-5018 Strongswan
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.

4.3
2013-08-28 CVE-2013-4272 Botcha Spam Prevention Project
Drupal
Information Exposure vulnerability in Botcha Spam Prevention Project Botcha

The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file.

4.3
2013-08-28 CVE-2013-2197 Login Security Project
Drupal
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Login Security Project Login Security

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts.

4.3
2013-08-28 CVE-2013-3584 Corporater Cross-Site Scripting vulnerability in Corporater EPM Suite

Cross-site scripting (XSS) vulnerability in Corporater EPM Suite allows remote attackers to inject arbitrary web script or HTML via the customerId parameter to an unspecified component.

4.3
2013-08-27 CVE-2013-0595 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes

Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3.

4.3
2013-08-27 CVE-2013-0566 IBM Cross-Site Scripting vulnerability in IBM Websphere Commerce

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-08-28 CVE-2013-4039 IBM Information Exposure vulnerability in IBM Websphere Extended Deployment Compute Grid

IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-08-29 CVE-2013-5646 Roundcube Cross-Site Scripting vulnerability in Roundcube Webmail 1.0

Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group.

3.5
2013-08-29 CVE-2013-4003 IBM Cross-Site Scripting vulnerability in IBM Tririga Application Platform

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via (1) unspecified input to WebProcess.srv, (2) unspecified input to html/en/default/actionHandler/queryHandler.jsp, or (3) unspecified input in a portalSectionId action to html/en/default/reportTemplate/hGridTopQuery.jsp.

3.5
2013-08-27 CVE-2013-0591 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes

Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590.

3.5
2013-08-27 CVE-2013-0590 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes

Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591.

3.5
2013-08-27 CVE-2013-0586 IBM Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence

Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-08-27 CVE-2013-2988 IBM Path Traversal vulnerability in IBM Cognos Business Intelligence

Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2978.

2.6
2013-08-28 CVE-2013-4274 Erikwebb
Drupal
Cross-Site Scripting vulnerability in Erikwebb Password Policy

Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page.

2.1
2013-08-28 CVE-2013-4138 Alienwp
Drupal
Cross-Site Scripting vulnerability in Alienwp Hatch

Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors.

2.1
2013-08-27 CVE-2013-2978 IBM Path Traversal vulnerability in IBM Cognos Business Intelligence

Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2988.

2.1