Weekly Vulnerabilities Reports > November 4 to 10, 2013

Overview

62 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 53 products from 30 vendors including Cisco, IBM, HP, Saltstack, and Wireshark. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "SQL Injection".

  • 60 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 50 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Saltstack has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-08 CVE-2013-5558 Cisco Credentials Management vulnerability in Cisco Telepresence VX Clinical Assistant 1.2

The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access via the administrative interface, aka Bug ID CSCuj17238.

10.0
2013-11-05 CVE-2013-6617 Saltstack Permissions, Privileges, and Access Controls vulnerability in Saltstack Salt

The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.

10.0
2013-11-05 CVE-2013-4437 Saltstack Insecure Temporary File Handling vulnerability in Saltstack Salt 0.17.0

Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."

10.0
2013-11-04 CVE-2013-4838 HP Remote Code Execution vulnerability in HP LoadRunner Virtual User Generator

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850.

10.0
2013-11-04 CVE-2013-4837 HP Remote Code Execution vulnerability in HP LoadRunner Virtual User Generator

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.

10.0
2013-11-06 CVE-2013-3626 Attachmate Path Traversal vulnerability in Attachmate Verastream Host Integrator

Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a crafted message.

9.3
2013-11-05 CVE-2013-4436 Saltstack Improper Input Validation vulnerability in Saltstack Salt 0.17.0

The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.

9.3

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-08 CVE-2013-4987 Pineapp Permissions, Privileges, and Access Controls vulnerability in Pineapp Mail-Secure 3.69

PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.

8.5
2013-11-08 CVE-2013-5553 Cisco Resource Management Errors vulnerability in Cisco IOS 15.1

Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.

7.8
2013-11-08 CVE-2013-5554 Cisco Path Traversal vulnerability in Cisco Wide Area Application Services Mobile

Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.

7.5
2013-11-06 CVE-2013-4715 Tiki SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware

SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2013-11-05 CVE-2013-5694 Opsview SQL Injection vulnerability in Opsview

SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter.

7.5
2013-11-05 CVE-2013-6172 Roundcube SQL Injection vulnerability in Roundcube Webmail

steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.

7.5
2013-11-05 CVE-2013-4438 Saltstack Code Injection vulnerability in Saltstack Salt

Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors.

7.5
2013-11-04 CVE-2013-4839 HP Remote Code Execution vulnerability in HP LoadRunner Virtual User Generator

Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1851.

7.5
2013-11-04 CVE-2013-4836 HP Remote Code Execution vulnerability in Application Lifecycle Management Synchronizer

Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759.

7.5
2013-11-04 CVE-2013-4835 HP Unspecified vulnerability in HP Sitescope

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.

7.5
2013-11-04 CVE-2013-4834 HP Remote Code Execution vulnerability in HP Application Lifecycle Management 11.00

Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1327.

7.5

38 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-08 CVE-2013-6230 ISC Permissions, Privileges, and Access Controls vulnerability in ISC Bind

The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask.

6.8
2013-11-05 CVE-2013-4419 Libguestfs
Suse
Novell
Permissions, Privileges, and Access Controls vulnerability in multiple products

The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.

6.8
2013-11-04 CVE-2013-5559 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client

Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.

6.8
2013-11-04 CVE-2013-6366 Vmware Code Injection vulnerability in VMWare Hyperic HQ 4.6.6

The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.

6.5
2013-11-05 CVE-2013-4497 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Folsom, Grizzly and Havana

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

6.4
2013-11-05 CVE-2013-3264 Smackcoders Permissions, Privileges, and Access Controls vulnerability in Smackcoders WP Ultimate Email Marketer Plugin

The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data.

6.4
2013-11-08 CVE-2013-4548 Openbsd Permissions, Privileges, and Access Controls vulnerability in Openbsd Openssh 6.2/6.3

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

6.0
2013-11-08 CVE-2013-4050 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Lotus Domino 8.5.0/9.0.0.0

Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

6.0
2013-11-05 CVE-2013-4435 Saltstack Improper Authentication vulnerability in Saltstack Salt

Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.

6.0
2013-11-05 CVE-2013-6077 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix Xendesktop 7.0

Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.

5.8
2013-11-05 CVE-2013-5688 Ajaxplorer Path Traversal vulnerability in Ajaxplorer

Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the file parameter in a (1) download or (2) get_content action, or (3) upload arbitrary files via a ../%00 (dot dot backslash encoded null byte) in the dir parameter in an upload action.

5.5
2013-11-08 CVE-2013-5566 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Nx-Os

Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874.

5.0
2013-11-06 CVE-2013-5562 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution

The ITM web server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (temporary HTTP service outage) via a flood of TCP packets, aka Bug ID CSCuh36313.

5.0
2013-11-04 CVE-2013-5564 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution

The Java process in the Impact server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (process crash) via a flood of TCP packets, aka Bug ID CSCug57345.

5.0
2013-11-04 CVE-2013-5561 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance CX Context-Aware Security Software

The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622.

5.0
2013-11-04 CVE-2013-6114 Apple Integer Overflow OR Wraparound vulnerability in Apple Motion 5.0.7

Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file.

5.0
2013-11-05 CVE-2013-4439 Saltstack Permissions, Privileges, and Access Controls vulnerability in Saltstack Salt

Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.

4.9
2013-11-08 CVE-2013-3986 IBM Buffer Errors vulnerability in IBM Lotus Sametime 8.5.2/8.5.2.1

IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session.

4.3
2013-11-08 CVE-2013-5565 Cisco Buffer Errors vulnerability in Cisco IOS XR 5.1.0

The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.

4.3
2013-11-08 CVE-2013-4716 Tattyan Cross-Site Scripting vulnerability in Tattyan Hptown 593

Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2013-11-08 CVE-2013-4508 Lighttpd
Debian
Opensuse
Inadequate Encryption Strength vulnerability in multiple products

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.

4.3
2013-11-06 CVE-2013-5563 Cisco Cross-Site Scripting vulnerability in Cisco Security Monitoring Analysis and Response System

Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173.

4.3
2013-11-06 CVE-2013-5387 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Platform Symphony 5.2/6.1/6.1.1

Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data.

4.3
2013-11-06 CVE-2013-4714 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware

Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-11-06 CVE-2013-3286 EMC Cross-Site Scripting vulnerability in EMC Documentum Eroom

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2013-11-06 CVE-2013-3281 EMC Cross-Site Scripting vulnerability in EMC products

Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.

4.3
2013-11-05 CVE-2013-4135 Openafs
Debian
Cryptographic Issues vulnerability in multiple products

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

4.3
2013-11-05 CVE-2013-4134 Openafs
Debian
Cryptographic Issues vulnerability in multiple products

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

4.3
2013-11-05 CVE-2013-5695 Opsview Cross-Site Scripting vulnerability in Opsview

Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to info/host/ or (3) viewport/, (4) back parameter to login, or (5) "from" parameter to status/service/recheck.

4.3
2013-11-05 CVE-2013-4453 Ldap Account Manager Cross-Site Scripting vulnerability in Ldap-Account-Manager Ldap Account Manager 4.2.1/4.3

Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.

4.3
2013-11-05 CVE-2013-3263 Smackcoders Cross-Site Scripting vulnerability in Smackcoders WP Ultimate Email Marketer Plugin

Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php.

4.3
2013-11-05 CVE-2013-5670 S9Y Cross-Site Scripting vulnerability in S9Y Serendipity

Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.

4.3
2013-11-05 CVE-2011-5267 Wikiwig Project Cross-Site Scripting vulnerability in Wikiwig Project Wikiwig 5.0.1

Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter.

4.3
2013-11-04 CVE-2013-6340 Wireshark Improper Input Validation vulnerability in Wireshark

epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2013-11-04 CVE-2013-6339 Wireshark Improper Input Validation vulnerability in Wireshark

The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet.

4.3
2013-11-04 CVE-2013-6338 Wireshark Improper Input Validation vulnerability in Wireshark

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2013-11-04 CVE-2013-6337 Wireshark Denial of Service vulnerability in Wireshark NBAP Dissector

Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2013-11-04 CVE-2013-6336 Wireshark Improper Input Validation vulnerability in Wireshark

The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-09 CVE-2013-3045 IBM Improper Input Validation vulnerability in IBM Lotus Sametime 8.5.2/8.5.2.1

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function.

3.5
2013-11-09 CVE-2013-3044 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Sametime 8.5.2/8.5.2.1

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges.

3.5
2013-11-09 CVE-2013-0537 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Sametime 8.5.2/8.5.2.1

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges.

3.5
2013-11-08 CVE-2013-4055 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino 8.5.0/9.0.0.0

Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051.

3.5
2013-11-08 CVE-2013-4051 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino 8.5.0/9.0.0.0

Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055.

3.5
2013-11-09 CVE-2013-3985 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Sametime 8.5.2/8.5.2.1

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable.

2.9