Weekly Vulnerabilities Reports > September 30 to October 6, 2013

Overview

183 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 208 products from 86 vendors including IBM, Cisco, Redhat, Google, and Canonical. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Resource Management Errors", "Cross-site Scripting", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 139 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 137 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 29 reported vulnerabilities.
  • Emerson has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-03 CVE-2013-5944 Siemens Improper Authentication vulnerability in Siemens products

The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.

10.0
2013-10-03 CVE-2013-0693 Enea
Emerson
Information Exposure vulnerability in multiple products

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive information about device presence by listening for broadcast traffic.

10.0
2013-10-03 CVE-2013-0692 Enea
Emerson
Permissions, Privileges, and Access Controls vulnerability in multiple products

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service.

10.0
2013-10-03 CVE-2013-0689 Enea
Emerson
Code Injection vulnerability in multiple products

The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors.

10.0
2013-10-01 CVE-2013-5370 IBM Unspecified vulnerability in IBM Spss Collaboration and Deployment Services

Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-4042.

10.0
2013-10-01 CVE-2013-4042 IBM Unspecified vulnerability in IBM Spss Collaboration and Deployment Services

Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-5370.

10.0
2013-09-30 CVE-2013-4316 Apache
Oracle
Improper Access Control vulnerability in multiple products

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

10.0
2013-10-05 CVE-2013-2808 Philips Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Philips products

Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.

9.3
2013-10-03 CVE-2013-3248 Corel Stack Based Buffer Overflow vulnerability in Corel PDF Fusion 1.11

Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.

9.3
2013-10-03 CVE-2013-0742 Corel Buffer Errors vulnerability in Corel PDF Fusion 1.11

Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS file.

9.3
2013-10-03 CVE-2013-0694 Enea
Emerson
Credentials Management vulnerability in multiple products

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by leveraging knowledge of the ROM contents from a product installation elsewhere.

9.0

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-04 CVE-2013-3543 Axis Permissions, Privileges, and Access Controls vulnerability in Axis Media Control Activex Control 6.2.10.11

The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.

8.8
2013-09-30 CVE-2013-5692 X2Engine Path Traversal vulnerability in X2Engine X2Crm

Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a ..

8.5
2013-10-04 CVE-2013-3689 Brickom Permissions, Privileges, and Access Controls vulnerability in Brickom products

Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information (user names, passwords, and configurations) via a get action.

7.8
2013-10-04 CVE-2013-3541 Ovislink Path Traversal vulnerability in Ovislink Airlive Wl2600Cam

Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a ..

7.8
2013-10-04 CVE-2013-6011 Citrix Improper Input Validation vulnerability in Citrix products

Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request.

7.8
2013-10-03 CVE-2013-3625 Baramundi Credentials Management vulnerability in Baramundi Management Suite

An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 uses a hardcoded encryption key, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.

7.8
2013-10-03 CVE-2013-3624 Baramundi Cryptographic Issues vulnerability in Baramundi Management Suite

The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading a file.

7.8
2013-10-03 CVE-2013-3593 Baramundi Cryptographic Issues vulnerability in Baramundi Management Suite

Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) client-server communication and (2) data storage, which allows remote attackers to obtain sensitive information by sniffing the network, and allows context-dependent attackers to obtain sensitive information by reading a file.

7.8
2013-10-02 CVE-2013-5503 Cisco Resource Management Errors vulnerability in Cisco IOS XR 4.3.1

The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.

7.8
2013-09-30 CVE-2013-1839 Squid Cache Improper Input Validation vulnerability in Squid-Cache Squid

The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.

7.8
2013-10-04 CVE-2013-2221 Wernerd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wernerd Zrtpcpp

Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large packet.

7.5
2013-10-02 CVE-2013-2924 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2013-10-02 CVE-2013-2923 Google Unspecified vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2013-10-02 CVE-2013-2919 Opensuse
Google
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5
2013-10-02 CVE-2013-2918 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect handling of parent-child relationships for anonymous blocks.

7.5
2013-10-02 CVE-2013-2912 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message.

7.5
2013-10-02 CVE-2013-2910 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2013-10-02 CVE-2013-2909 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicode text in an element isolated from its siblings.

7.5
2013-10-01 CVE-2013-5395 IBM Unspecified vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors.

7.5
2013-09-30 CVE-2013-5697 Simone Tellini
Apache
SQL Injection vulnerability in Simone Tellini MOD Accounting 0.5

SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.

7.5
2013-10-05 CVE-2012-4075 Cisco OS Command Injection vulnerability in Cisco Nx-Os

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.

7.2
2013-10-04 CVE-2013-4344 Qemu
Opensuse
Redhat
Canonical
Classic Buffer Overflow vulnerability in multiple products

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

7.2
2013-10-04 CVE-2013-2964 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Storage Manager

Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors.

7.2
2013-10-03 CVE-2013-4288 Opensuse
Polkit Project
Canonical
Redhat
Race Condition vulnerability in multiple products

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.

7.2
2013-10-03 CVE-2013-5701 Watchguard Permissions, Privileges, and Access Controls vulnerability in Watchguard Server Center 11.7.3/11.7.4

Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory.

7.2
2013-10-01 CVE-2013-2231 Redhat
Microsoft
Resource Management Errors vulnerability in Redhat products

Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder.

7.2
2013-09-30 CVE-2013-4362 Werner Baumann Permissions, Privileges, and Access Controls vulnerability in Werner Baumann Davfs2 1.4.6/1.4.7

WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.

7.2
2013-10-01 CVE-2013-3688 TP Link Permissions, Privileges, and Access Controls vulnerability in Tp-Link products

The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative functions, which allows remote attackers to (1) cause a denial of service (device reboot) via a request to cgi-bin/reboot or (2) cause a denial of service (reboot and reset to factory defaults) via a request to cgi-bin/hardfactorydefault.

7.1
2013-10-01 CVE-2013-5745 David King
Canonical
Improper Input Validation vulnerability in multiple products

The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

7.1

128 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-04 CVE-2013-5419 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 6.1/7.1

Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.

6.9
2013-09-30 CVE-2013-4291 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt 0.10.2.7/1.0.5.5/1.1.1

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.

6.9
2013-10-05 CVE-2012-4084 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Computing System

Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755.

6.8
2013-10-04 CVE-2013-3540 Ovislink Cross-Site Request Forgery (CSRF) vulnerability in Ovislink products

Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.

6.8
2013-10-04 CVE-2013-4986 Iconcool Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Iconcool Pdfcool Studio

Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 in IconCool PDFCool Studio 3.32 Build 130330 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file.

6.8
2013-10-04 CVE-2013-4758 Rsyslog Resource Management Errors vulnerability in Rsyslog

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.

6.8
2013-10-04 CVE-2013-4330 Apache Code Injection vulnerability in Apache Camel

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.

6.8
2013-10-04 CVE-2013-2222 Wernerd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wernerd Zrtpcpp

Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ZRTP Hello packet to the (1) ZRtp::findBestSASType, (2) ZRtp::findBestAuthLen, (3) ZRtp::findBestCipher, (4) ZRtp::findBestHash, or (5) ZRtp::findBestPubKey functions.

6.8
2013-10-03 CVE-2012-4136 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System

The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910.

6.8
2013-10-02 CVE-2012-4111 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86563.

6.8
2013-10-02 CVE-2012-4110 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560.

6.8
2013-10-02 CVE-2012-4109 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559.

6.8
2013-10-02 CVE-2012-4103 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686.

6.8
2013-10-02 CVE-2012-4102 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02600.

6.8
2013-10-02 CVE-2013-2922 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that operates on a TEMPLATE element.

6.8
2013-10-02 CVE-2013-2921 Google Resource Management Errors vulnerability in Google Chrome

Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain callback processing during the reporting of a resource entry.

6.8
2013-10-02 CVE-2013-2914 Google
Microsoft
Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the color-chooser dialog in Google Chrome before 30.0.1599.66 on Windows allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to color_chooser_dialog.cc and color_chooser_win.cc in browser/ui/views/.

6.8
2013-10-02 CVE-2013-2913 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an XML document.

6.8
2013-10-02 CVE-2013-2911 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt versions.

6.8
2013-10-02 CVE-2013-2906 Google Race Condition vulnerability in Google Chrome

Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/html/HTMLMediaElement.cpp, core/platform/audio/AudioDSPKernelProcessor.cpp, core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp.

6.8
2013-10-01 CVE-2013-3963 Grandstream Cross-Site Request Forgery (CSRF) vulnerability in Grandstream products

Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.

6.8
2013-10-01 CVE-2013-3690 Brickom Cross-Site Request Forgery (CSRF) vulnerability in Brickom products

Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.

6.8
2013-10-01 CVE-2013-3539 Ovislink
Sony
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.

6.8
2013-10-01 CVE-2012-3323 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors.

6.8
2013-09-30 CVE-2013-5963 Cdsincdesign
Wordpress
Unspecified vulnerability in Cdsincdesign Simple Dropbox Upload Form

Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/.

6.8
2013-09-30 CVE-2013-5961 Danny Morris
Wordpress
Unspecified vulnerability in Danny Morris Lazy SEO 1.1.9

Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/.

6.8
2013-09-30 CVE-2013-2238 Freeswitch Buffer Errors vulnerability in Freeswitch 1.2

Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the index and substituted variables.

6.8
2013-10-04 CVE-2013-5163 Apple Improper Authentication vulnerability in Apple mac OS X

Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.

6.6
2013-10-02 CVE-2012-4104 Cisco Path Traversal vulnerability in Cisco Unified Computing System

Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706.

6.6
2013-10-04 CVE-2013-5091 Vtiger SQL Injection vulnerability in Vtiger CRM

SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.

6.5
2013-10-01 CVE-2013-3969 Mongodb Resource Management Errors vulnerability in Mongodb

The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.

6.5
2013-10-01 CVE-2013-5381 IBM Unspecified vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.

6.5
2013-10-01 CVE-2013-4027 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

6.5
2013-10-01 CVE-2013-4021 IBM Unspecified vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors.

6.5
2013-10-01 CVE-2013-4017 IBM SQL Injection vulnerability in IBM Maximo Asset Management

SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

6.5
2013-10-01 CVE-2013-3973 IBM SQL Injection vulnerability in IBM Maximo Asset Management

SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2013-10-01 CVE-2013-3047 IBM Unspecified vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors.

6.5
2013-10-01 CVE-2013-0451 IBM SQL Injection vulnerability in IBM Maximo Asset Management

SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2013-09-30 CVE-2013-4222 Openstack
Fedoraproject
Canonical
Redhat
Insufficiently Protected Credentials vulnerability in multiple products

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

6.5
2013-10-01 CVE-2013-5516 Cisco Resource Management Errors vulnerability in Cisco Telepresence Multipoint Switch

The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796.

6.3
2013-10-05 CVE-2012-4141 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os

Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.

6.2
2013-10-05 CVE-2012-4122 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669.

6.2
2013-10-01 CVE-2012-4096 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574.

6.2
2013-10-05 CVE-2013-3610 Asus Improper Authentication vulnerability in Asus Rt-N10E and Rt-N10E Firmware

qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.

6.1
2013-10-01 CVE-2013-1892 Mongodb
Redhat
Improper Input Validation vulnerability in multiple products

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.

6.0
2013-10-01 CVE-2013-4018 IBM Unspecified vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.

6.0
2013-10-04 CVE-2013-2223 Wernerd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wernerd Zrtpcpp

GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function.

5.8
2013-10-02 CVE-2013-4067 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors.

5.8
2013-10-01 CVE-2012-2125 Rubygems
Redhat
Canonical
URI Redirection vulnerability in RubyGems

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

5.8
2013-09-30 CVE-2013-4310 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Struts

Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.

5.8
2013-09-30 CVE-2013-5960 Owasp Cryptographic Issues vulnerability in Owasp Enterprise Security API 2.0/2.0.1/2.1.0

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.

5.8
2013-10-02 CVE-2013-5517 Cisco SQL Injection vulnerability in Cisco Unified Communications Domain Manager

SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567.

5.5
2013-10-02 CVE-2012-4095 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521.

5.5
2013-10-01 CVE-2011-2901 XEN Resource Management Errors vulnerability in XEN

Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.

5.5
2013-10-04 CVE-2013-4788 GNU Improper Input Validation vulnerability in GNU Eglibc and Glibc

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.

5.1
2013-09-30 CVE-2013-5962 Envato Unspecified vulnerability in Envato Complete Gallery Manager Plugin

Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.

5.1
2013-10-05 CVE-2013-3627 Mcafee Resource Management Errors vulnerability in Mcafee Agent

FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request.

5.0
2013-10-05 CVE-2012-4098 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055.

5.0
2013-10-05 CVE-2012-4091 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415.

5.0
2013-10-02 CVE-2013-5979 Springsignage Path Traversal vulnerability in Springsignage Xibo

Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a ..

5.0
2013-10-02 CVE-2013-4032 IBM Improper Input Validation vulnerability in IBM DB2 10.1/10.5

The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data.

5.0
2013-10-02 CVE-2013-2920 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-relative URL beginning with a //www.google.com/ substring.

5.0
2013-10-02 CVE-2013-2917 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the impulseResponse array.

5.0
2013-10-02 CVE-2013-2908 Google Unspecified vulnerability in Google Chrome

Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.

5.0
2013-10-02 CVE-2013-2907 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5.0
2013-10-01 CVE-2013-4210 Redhat Remote Denial of Service vulnerability in Red Hat JBoss Remoting

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors.

5.0
2013-10-01 CVE-2013-2269 Arubanetworks Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass and Clearpass Guest

The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link.

5.0
2013-10-01 CVE-2013-4013 IBM Unspecified vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2013-10-01 CVE-2013-5725 Metaclassy Permissions, Privileges, and Access Controls vulnerability in Metaclassy Byword

The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL.

5.0
2013-09-30 CVE-2013-0211 Libarchive
Canonical
Opensuse
Fedoraproject
Freebsd
Numeric Errors vulnerability in multiple products

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

5.0
2013-09-30 CVE-2013-5965 Adcisolutions
Drupal
Permissions, Privileges, and Access Controls vulnerability in Adcisolutions Node View Permissions 7.X1.0/7.X1.1

The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing.

5.0
2013-09-30 CVE-2013-5651 Redhat Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat Libvirt

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.

5.0
2013-09-30 CVE-2013-4359 Proftpd Numeric Errors vulnerability in Proftpd 1.3.4/1.3.5

Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.

5.0
2013-09-30 CVE-2013-4153 Redhat Resource Management Errors vulnerability in Redhat Libvirt 1.0.6/1.1.0

Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.

5.0
2013-09-30 CVE-2013-2218 Redhat Resource Management Errors vulnerability in Redhat Libvirt 1.0.6

Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.

5.0
2013-09-30 CVE-2013-3417 Cisco Improper Authentication vulnerability in Cisco Video Surveillance Operations Manager

The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug ID CSCtg72262.

5.0
2013-10-01 CVE-2013-3278 EMC Credentials Management vulnerability in EMC products

EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file.

4.9
2013-10-03 CVE-2013-4327 Freedesktop
Debian
Canonical
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
4.6
2013-10-03 CVE-2013-4326 Lennart Poettering
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

4.6
2013-10-03 CVE-2013-4324 Spice GTK Project
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

4.6
2013-10-03 CVE-2013-4311 Redhat
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

4.6
2013-10-03 CVE-2013-1066 Ubuntu Developers
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

4.6
2013-10-03 CVE-2013-1065 Martin Pitt
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

4.6
2013-10-03 CVE-2013-1064 Canonical Permissions, Privileges, and Access Controls vulnerability in Canonical Apt-Xapian-Index and Ubuntu Linux

apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

4.6
2013-10-03 CVE-2013-1063 Canonical
Evan Dandrea
Permissions, Privileges, and Access Controls vulnerability in multiple products

usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

4.6
2013-10-03 CVE-2013-1062 Canonical
Michael Vogt
Permissions, Privileges, and Access Controls vulnerability in multiple products

ubuntu-system-service 0.2.4 before 0.2.4.1.

4.6
2013-10-03 CVE-2013-1061 Marc Deslauriers
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

4.6
2013-09-30 CVE-2013-4136 Phusion
Ruby Lang
Link Following vulnerability in Phusion Passenger

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

4.4
2013-10-04 CVE-2013-6044 Djangoproject Cross-Site Scripting vulnerability in Djangoproject Django

The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by "the login view in django.contrib.auth.views" and the javascript: scheme.

4.3
2013-10-04 CVE-2013-5915 Polarssl Cryptographic Issues vulnerability in Polarssl

The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.

4.3
2013-10-04 CVE-2013-4249 Djangoproject Cross-Site Scripting vulnerability in Djangoproject Django 1.5/1.5.1/1.6

Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.

4.3
2013-10-04 CVE-2013-4828 HP Cryptographic Issues vulnerability in HP products

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not properly encrypt PDF documents, which allows remote attackers to obtain sensitive information via unspecified vectors.

4.3
2013-10-04 CVE-2013-4711 Accelatech Cross-Site Scripting vulnerability in Accelatech Bizsearch 3.2

Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-10-03 CVE-2013-6010 Wearegumball
Wordpress
Cross-Site Scripting vulnerability in Wearegumball Comment-Attachment 1.0

Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title."

4.3
2013-10-03 CVE-2013-6009 Open Xchange Code Injection vulnerability in Open-Xchange Appsuite

CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.

4.3
2013-10-03 CVE-2013-5519 Cisco Cross-Site Scripting vulnerability in Cisco Wireless LAN Controller

Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.

4.3
2013-10-02 CVE-2013-4066 IBM Improper Input Validation vulnerability in IBM Infosphere Information Server

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface.

4.3
2013-10-02 CVE-2013-2916 Google Unspecified vulnerability in Google Chrome

Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a delay in notifying the user of an attempted spoof.

4.3
2013-10-02 CVE-2013-2915 Google Unspecified vulnerability in Google Chrome

Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL.

4.3
2013-10-01 CVE-2013-5976 F5 Cross-Site Scripting vulnerability in F5 Big-Ip Access Policy Manager

Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie.

4.3
2013-10-01 CVE-2013-5975 F5 Permissions, Privileges, and Access Controls vulnerability in F5 Big-Ip Access Policy Manager 11.1.0/11.2.0/11.2.1

The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

4.3
2013-10-01 CVE-2013-5580 Barton Improper Input Validation vulnerability in Barton Ngircd

The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client.

4.3
2013-10-01 CVE-2013-3964 Samsung Cross-Site Scripting vulnerability in Samsung Shr-5082 and Shr-5162

Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2013-10-01 CVE-2013-3962 Grandstream Cross-Site Scripting vulnerability in Grandstream products

Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2013-10-01 CVE-2012-2126 Rubygems
Redhat
Canonical
Cryptographic Issues vulnerability in Rubygems

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

4.3
2013-10-01 CVE-2013-4014 IBM Cross-Site Scripting vulnerability in IBM Maximo Asset Management

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-10-01 CVE-2013-3041 IBM Information Disclosure vulnerability in IBM Rational ClearQuest

The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream via unspecified vectors associated with a "JSON hijacking attack."

4.3
2013-09-30 CVE-2013-5693 X2Engine Cross-Site Scripting vulnerability in X2Engine X2Crm

Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.

4.3
2013-09-30 CVE-2013-4623 Polarssl Improper Input Validation vulnerability in Polarssl

The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.

4.3
2013-09-30 CVE-2013-4378 Emeric Vernat Cross-Site Scripting vulnerability in Emeric Vernat Javamelody

Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.

4.3
2013-09-30 CVE-2013-4372 Redhat Cross-Site Scripting vulnerability in Redhat Jboss A-Mq and Jboss Fuse

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.

4.3
2013-09-30 CVE-2013-4314 Jean Paul Calderone
Canonical
Improper Input Validation vulnerability in multiple products

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

4.3
2013-09-30 CVE-2013-4154 Redhat NULL 'mon' Pointer Dereference Remote Denial of Service vulnerability in libvirt

The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command.

4.3
2013-09-30 CVE-2013-5505 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software

Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275.

4.3
2013-09-30 CVE-2013-5504 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software

Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266.

4.3
2013-10-05 CVE-2012-4090 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089.

4.0
2013-10-01 CVE-2013-4708 IIJ Cryptographic Issues vulnerability in IIJ products

The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc.

4.0
2013-10-01 CVE-2012-5627 Mysql
Mariadb
Credentials Management vulnerability in multiple products

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

4.0
2013-10-01 CVE-2013-5383 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382.

4.0
2013-10-01 CVE-2013-5382 IBM Unspecified vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383.

4.0
2013-10-01 CVE-2013-4020 IBM Unspecified vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

4.0
2013-10-01 CVE-2013-3972 IBM Information Exposure vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0
2013-10-01 CVE-2013-3971 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049.

4.0
2013-10-01 CVE-2013-3049 IBM Unspecified vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971.

4.0
2013-09-30 CVE-2013-4297 Redhat Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat Libvirt

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.

4.0
2013-09-30 CVE-2013-4296 Redhat
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.

4.0
2013-09-30 CVE-2013-4239 Redhat Buffer Errors vulnerability in Redhat Libvirt 1.1.1

The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.

4.0
2013-09-30 CVE-2013-2230 Redhat Improper Input Validation vulnerability in Redhat Libvirt

The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."

4.0

15 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-04 CVE-2013-4157 Redhat Link Following vulnerability in Redhat Storage Server 2.0

Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp.

3.6
2013-10-03 CVE-2013-5690 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.

3.5
2013-10-01 CVE-2013-4019 IBM Cross-Site Scripting vulnerability in IBM Maximo Asset Management

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-10-01 CVE-2013-3048 IBM Cross-Site Scripting vulnerability in IBM Maximo Asset Management

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-10-01 CVE-2013-5572 Zabbix Permissions, Privileges, and Access Controls vulnerability in Zabbix 2.0.5

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.

3.5
2013-09-30 CVE-2013-1444 Debian
Marc Vertes
Link Following vulnerability in multiple products

A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.

3.3
2013-09-30 CVE-2013-5679 Owasp Cryptographic Issues vulnerability in Owasp Enterprise Security API 2.0/2.0.1

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.

2.6
2013-10-01 CVE-2013-2013 Openstack Information Exposure vulnerability in Openstack Python-Keystoneclient 0.2.2/0.2.3

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

2.1
2013-10-01 CVE-2013-4361 XEN Information Exposure vulnerability in XEN

The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.

2.1
2013-10-01 CVE-2013-5380 IBM Information Exposure vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors.

2.1
2013-09-30 CVE-2013-5964 Joachim Noreiko
Drupal
Cross-Site Scripting vulnerability in Joachim Noreiko Flag Module 7.X3.0

Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title.

2.1
2013-09-30 CVE-2013-4292 Redhat Resource Management Errors vulnerability in Redhat Libvirt 1.1.0/1.1.1

libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.

2.1
2013-10-04 CVE-2013-4829 HP Information Exposure vulnerability in HP products

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors.

1.5
2013-10-01 CVE-2013-4355 XEN Information Exposure vulnerability in XEN

Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory.

1.5
2013-09-30 CVE-2013-1442 XEN Information Exposure vulnerability in XEN

Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers.

1.2