Weekly Vulnerabilities Reports > October 7 to 13, 2013

Overview

115 new vulnerabilities reported during this period, including 28 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 47 vendors including Microsoft, Cisco, Redhat, IBM, and HP. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Resource Management Errors", and "SQL Injection".

  • 90 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 97 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 26 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 17 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

28 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-13 CVE-2013-5511 Cisco Improper Authentication vulnerability in Cisco Adaptive Security Appliance Software

The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815.

10.0
2013-10-13 CVE-2013-5509 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance Software 9.0/9.1

The SSL implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0 before 9.0(2.6) and 9.1 before 9.1(2) allows remote attackers to bypass authentication, and obtain VPN access or administrative access, via a crafted X.509 client certificate, aka Bug ID CSCuf52468.

10.0
2013-10-13 CVE-2013-4822 HP Remote Code Execution vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.

10.0
2013-10-13 CVE-2013-4804 IBM Information Disclosure vulnerability in IBM Business Process Monitor 9.13.1/9.22

Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors.

10.0
2013-10-13 CVE-2013-2366 IBM Remote Code Execution vulnerability in IBM Business Process Monitor 9.13.1/9.22

Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZDI-CAN-1802.

10.0
2013-10-11 CVE-2013-3686 Ovislink Permissions, Privileges, and Access Controls vulnerability in Ovislink Airlive Wl2600Cam

cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action.

10.0
2013-10-11 CVE-2013-2579 TP Link Credentials Management vulnerability in Tp-Link products

TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session.

10.0
2013-10-11 CVE-2013-2578 TP Link OS Command Injection vulnerability in Tp-Link products

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters.

10.0
2013-10-10 CVE-2013-4767 Eucalyptus Remote Command Injection vulnerability in Eucalyptus

Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.

10.0
2013-10-09 CVE-2013-5327 Adobe Buffer Errors vulnerability in Adobe Robohelp 10.0

MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2013-10-09 CVE-2013-3195 Microsoft Resource Management Errors vulnerability in Microsoft products

The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka "Comctl32 Integer Overflow Vulnerability."

10.0
2013-10-09 CVE-2013-5325 Adobe
Microsoft
Code Injection vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document.

9.3
2013-10-09 CVE-2013-3897 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2013-10-09 CVE-2013-3894 Microsoft Code Injection vulnerability in Microsoft products

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability."

9.3
2013-10-09 CVE-2013-3892 Microsoft Buffer Errors vulnerability in Microsoft Word 2007

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."

9.3
2013-10-09 CVE-2013-3891 Microsoft Buffer Errors vulnerability in Microsoft Word 2003

Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."

9.3
2013-10-09 CVE-2013-3890 Microsoft Buffer Errors vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack

Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."

9.3
2013-10-09 CVE-2013-3889 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."

9.3
2013-10-09 CVE-2013-3886 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/9

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2013-10-09 CVE-2013-3885 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3873, and CVE-2013-3882.

9.3
2013-10-09 CVE-2013-3882 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3873, and CVE-2013-3885.

9.3
2013-10-09 CVE-2013-3875 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 8/9

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2013-10-09 CVE-2013-3874 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 9

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2013-10-09 CVE-2013-3873 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3882, and CVE-2013-3885.

9.3
2013-10-09 CVE-2013-3872 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3873, CVE-2013-3882, and CVE-2013-3885.

9.3
2013-10-09 CVE-2013-3871 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2013-10-09 CVE-2013-3128 Microsoft Unspecified vulnerability in Microsoft products

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability."

9.3
2013-10-11 CVE-2013-4319 Adaptivecomputing Permissions, Privileges, and Access Controls vulnerability in Adaptivecomputing Torque Resource Manager

pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command.

9.0

33 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-11 CVE-2013-3693 Blackberry Permissions, Privileges, and Access Controls vulnerability in Blackberry Enterprise Service 10.0/10.1.0/10.1.2

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.

7.9
2013-10-13 CVE-2013-5515 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Adaptive Security Appliance Software

The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), and 9.1.x before 9.1(1.7) allows remote attackers to cause a denial of service (device reload) via crafted HTTPS requests, aka Bug ID CSCua22709.

7.8
2013-10-13 CVE-2013-3415 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Adaptive Security Appliance Software

Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine's IP address, aka Bug ID CSCtt36737.

7.8
2013-10-13 CVE-2013-2787 Alstom Improper Input Validation vulnerability in Alstom E-Terracontrol 3.5/3.6/3.7

Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets.

7.8
2013-10-11 CVE-2013-3687 Ovislink Cryptographic Issues vulnerability in Ovislink products

AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and other sensitive information by reading an unspecified backup file.

7.8
2013-10-11 CVE-2013-2581 TP Link Permissions, Privileges, and Access Controls vulnerability in Tp-Link products

cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.

7.8
2013-10-09 CVE-2013-3861 Microsoft Improper Input Validation vulnerability in Microsoft .Net Framework

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."

7.8
2013-10-09 CVE-2013-3860 Microsoft Improper Input Validation vulnerability in Microsoft .Net Framework

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity Expansion Vulnerability."

7.8
2013-10-10 CVE-2013-4342 Xinetd
Redhat
Permissions, Privileges, and Access Controls vulnerability in multiple products

xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.

7.6
2013-10-13 CVE-2013-4827 HP SQL Injection vulnerability in HP products

SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664.

7.5
2013-10-13 CVE-2013-4825 HP Permissions, Privileges, and Access Controls vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645.

7.5
2013-10-13 CVE-2013-4824 HP Improper Authentication vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644.

7.5
2013-10-11 CVE-2013-4203 Richard Cook Code Injection vulnerability in Richard Cook Rgpg 0.2.0/0.2.1/0.2.2

The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

7.5
2013-10-11 CVE-2013-4137 Status SQL Injection vulnerability in Status Statusnet 1.0.0/1.0.1/1.1.0

Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format."

7.5
2013-10-10 CVE-2013-4271 Restlet Deserialization of Untrusted Data vulnerability in Restlet

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.

7.5
2013-10-10 CVE-2013-4221 Restlet Configuration vulnerability in Restlet

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

7.5
2013-10-10 CVE-2013-2240 Menalto Unspecified vulnerability in Menalto Gallery

lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138.

7.5
2013-10-10 CVE-2013-2138 Menalto Improper Input Validation vulnerability in Menalto Gallery

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.

7.5
2013-10-09 CVE-2012-4412 GNU Numeric Errors vulnerability in GNU Glibc

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.

7.5
2013-10-09 CVE-2013-5967 Alienvault SQL Injection vulnerability in Alienvault Open Source Security Information Management

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.

7.5
2013-10-09 CVE-2013-4385 Call CC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Call-Cc Chicken

Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.

7.5
2013-10-09 CVE-2013-4258 Radscan USE of Externally-Controlled Format String vulnerability in Radscan Network Audio System 1.9.3

Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog.

7.5
2013-10-11 CVE-2013-6079 Mostgear Buffer Errors vulnerability in Mostgear Easy LAN Folder Share 3.2.0.100

Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in the (1) registration code field in the activate license window or the (2) HKLM\SOFTWARE\MostGear\EasyLanFolderShare_V1\License registry key.

7.2
2013-10-09 CVE-2013-3888 Microsoft Resource Management Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."

7.2
2013-10-09 CVE-2013-3881 Microsoft Resource Management Errors vulnerability in Microsoft Windows 7 and Windows Server 2008

win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."

7.2
2013-10-09 CVE-2013-3879 Microsoft Resource Management Errors vulnerability in Microsoft products

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."

7.2
2013-10-09 CVE-2013-3200 Microsoft Code Injection vulnerability in Microsoft products

The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability."

7.2
2013-10-13 CVE-2013-5513 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Adaptive Security Appliance Software

Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(7), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.3), and 9.1.x before 9.1(1.8), when the DNS ALPI engine is enabled for TCP, allows remote attackers to cause a denial of service (device reload) via crafted TCP DNS packets, aka Bug ID CSCug03975.

7.1
2013-10-13 CVE-2013-5512 Cisco Race Condition vulnerability in Cisco Adaptive Security Appliance Software

Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.5), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.4), 9.0.x before 9.0(1.4), and 9.1.x before 9.1(1.2), in certain conditions involving the spoof-server option or ActiveX or Java response inspection, allows remote attackers to cause a denial of service (device reload) via a crafted HTTP response, aka Bug ID CSCud37992.

7.1
2013-10-13 CVE-2013-5508 Cisco Improper Input Validation vulnerability in Cisco products

The SQL*Net inspection engine in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.6), 9.0.x before 9.0(2.10), and 9.1.x before 9.1(2) and Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(27) and 4.x before 4.1(14) allows remote attackers to cause a denial of service (device reload) via crafted segmented Transparent Network Substrate (TNS) packets, aka Bug ID CSCub98434.

7.1
2013-10-13 CVE-2013-5507 Cisco Cryptographic Issues vulnerability in Cisco Adaptive Security Appliance Software 9.1

The IPsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(1.7), when an IPsec VPN tunnel is enabled, allows remote attackers to cause a denial of service (device reload) via a (1) ICMP or (2) ICMPv6 packet that is improperly handled during decryption, aka Bug ID CSCue18975.

7.1
2013-10-11 CVE-2013-2580 TP Link Unspecified vulnerability in Tp-Link products

Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory.

7.1
2013-10-10 CVE-2013-5526 Cisco Improper Input Validation vulnerability in Cisco Unified IP Phone 9951 and Unified IP Phone 9971

Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID CSCuf06698.

7.1

50 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-13 CVE-2012-4709 Invensys Buffer Errors vulnerability in Invensys Wonderware Intouch 2012

Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

6.9
2013-10-13 CVE-2013-4056 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server

Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.

6.8
2013-10-13 CVE-2012-4108 Cisco OS Command Injection vulnerability in Cisco Unified Computing System

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554.

6.8
2013-10-13 CVE-2012-4106 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System

The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477.

6.8
2013-10-11 CVE-2013-4388 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

6.8
2013-10-11 CVE-2013-4306 Mediawiki Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki

Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors.

6.8
2013-10-09 CVE-2013-4237 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Glibc

sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.

6.8
2013-10-09 CVE-2013-0736 Cartpauj
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Cartpauj Mingle-Forum

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors.

6.8
2013-10-09 CVE-2013-5576 Joomla Improper Input Validation vulnerability in Joomla Joomla!

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing .

6.8
2013-10-09 CVE-2013-3895 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Office web Apps and Sharepoint Server

Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."

6.8
2013-10-13 CVE-2013-5506 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Firewall Services Module Software

The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or modify any context's configuration via unspecified commands, aka Bug ID CSCue46080.

6.6
2013-10-11 CVE-2013-5028 Kwoksys SQL Injection vulnerability in Kwoksys Information Server 2.8.3/2.8.4

SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command.

6.5
2013-10-10 CVE-2013-5525 Cisco SQL Injection vulnerability in Cisco Identity Services Engine Software

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502.

6.5
2013-10-10 CVE-2013-4396 X Resource Management Errors vulnerability in X X.Org X11

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.

6.5
2013-10-09 CVE-2013-4379 Sebastien Corbin
Drupal
Permissions, Privileges, and Access Controls vulnerability in Sebastien Corbin Make Meeting Scheduler Module

The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL.

6.4
2013-10-10 CVE-2013-4387 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.

6.1
2013-10-11 CVE-2013-5533 Cisco Improper Input Validation vulnerability in Cisco products

The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334.

6.0
2013-10-11 CVE-2007-6755 RSA
Dell
Cryptographic Issues vulnerability in multiple products

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values.

5.8
2013-10-10 CVE-2013-4345 Linux
Fedoraproject
Redhat
Numeric Errors vulnerability in multiple products

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.

5.8
2013-10-10 CVE-2013-4351 Gnupg Cryptographic Issues vulnerability in Gnupg

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.

5.8
2013-10-10 CVE-2013-5527 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

The OSPF functionality in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted options in an LSA type 11 packet, aka Bug ID CSCui21030.

5.7
2013-10-10 CVE-2013-5499 Cisco Remote Denial of Service vulnerability in Cisco IOS

The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822.

5.7
2013-10-09 CVE-2013-4356 XEN Permissions, Privileges, and Access Controls vulnerability in XEN 4.3.0

Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).

5.4
2013-10-10 CVE-2013-0577 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite

The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or delete documents or scripts via unspecified vectors.

5.2
2013-10-09 CVE-2012-4424 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Glibc

Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.

5.1
2013-10-13 CVE-2013-4826 HP Information Exposure vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.

5.0
2013-10-13 CVE-2013-4823 HP Information Disclosure vulnerability in HP products

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1607.

5.0
2013-10-11 CVE-2013-4173 Xymon Path Traversal vulnerability in Xymon

Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a ..

5.0
2013-10-11 CVE-2013-5532 Cisco Improper Input Validation vulnerability in Cisco products

Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343.

5.0
2013-10-10 CVE-2013-2241 Menalto Permissions, Privileges, and Access Controls vulnerability in Menalto Gallery

modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in the size parameter.

5.0
2013-10-09 CVE-2013-4284 Redhat Resource Management Errors vulnerability in Redhat Enterprise MRG 2.4

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request.

5.0
2013-10-10 CVE-2013-0580 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Optim Data Growth FOR Oracle E-Business Suite

Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users.

4.9
2013-10-13 CVE-2012-4107 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Computing System

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489.

4.6
2013-10-13 CVE-2012-4105 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted "debug hardware" parameters, aka Bug ID CSCtq86468.

4.6
2013-10-10 CVE-2013-5008 Symantec Information Exposure vulnerability in Symantec Management Platform 7.0/7.1

The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across different customers' installations, which makes it easier for local users to obtain sensitive information about package-server access, or cause a denial of service, by leveraging knowledge of this key.

4.6
2013-10-09 CVE-2013-4256 Canonical
Radscan
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.

4.6
2013-10-13 CVE-2013-5510 Cisco Improper Authentication vulnerability in Cisco Adaptive Security Appliance Software

The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.5), when an override-account-disable option is enabled, does not properly parse AAA LDAP responses, which allows remote attackers to bypass authentication via a VPN connection attempt, aka Bug ID CSCug83401.

4.3
2013-10-11 CVE-2013-4167 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple

Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-10-11 CVE-2013-4305 Mediawiki Cross-Site Scripting vulnerability in Mediawiki 1.19.7/1.20.6/1.21.1

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2013-10-10 CVE-2013-5524 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine Software

Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.

4.3
2013-10-10 CVE-2013-5523 Cisco Improper Input Validation vulnerability in Cisco Identity Services Engine Software

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.

4.3
2013-10-10 CVE-2013-3409 Cisco Credentials Management vulnerability in Cisco Prime Central for Hosted Collaboration Solution

The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230.

4.3
2013-10-10 CVE-2013-0579 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Optim Data Growth for Oracle E-Business Suite

The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's web browser either (1) before or (2) after authentication.

4.3
2013-10-10 CVE-2013-1881 Gnome Improper Input Validation vulnerability in Gnome Librsvg

GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

4.3
2013-10-09 CVE-2013-4332 GNU
Redhat
Numeric Errors vulnerability in multiple products

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.

4.3
2013-10-09 CVE-2013-4384 Google Site Search Project
Drupal
Cross-Site Scripting vulnerability in Google Site Search Project Google Site Search Module

Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API.

4.3
2013-10-09 CVE-2013-3896 Microsoft Improper Input Validation vulnerability in Microsoft Silverlight

Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."

4.3
2013-10-09 CVE-2013-2099 Python
Canonical
Resource Management Errors vulnerability in multiple products

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

4.3
2013-10-11 CVE-2009-5136 Condor Project
Redhat
Improper Input Validation vulnerability in multiple products

The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.

4.0
2013-10-11 CVE-2013-5528 Cisco Path Traversal vulnerability in Cisco Unified Communications Manager

Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-10-11 CVE-2013-4255 Condor Project
Redhat
Improper Input Validation vulnerability in multiple products

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.

3.5
2013-10-09 CVE-2013-3880 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 8, Windows RT and Windows Server 2012

The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka "App Container Elevation of Privilege Vulnerability."

3.5
2013-10-09 CVE-2013-2207 GNU
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in multiple products

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.

2.6
2013-10-11 CVE-2013-4377 Qemu Resource Management Errors vulnerability in Qemu

Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.

2.3