Weekly Vulnerabilities Reports > November 25 to December 1, 2013

Overview

45 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 40 products from 27 vendors including IBM, Linux, Moodle, Cisco, and Jahia. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Information Exposure".

  • 34 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 19 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 34 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Thomsonreuters has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-28 CVE-2013-5912 Thomsonreuters Code Injection vulnerability in Thomsonreuters Velocity Analytics Vhayu Analytic Server 6.94

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.

10.0
2013-11-26 CVE-2013-6874 Vortexgroup Buffer Errors vulnerability in Vortexgroup Light Alloy 4.7.3

Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.

9.3

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-25 CVE-2013-3922 Gummybearstudios Path Traversal vulnerability in Gummybearstudios FTP Drive + Http Server 1.0.4

Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request.

7.8
2013-11-29 CVE-2013-4844 HP Remote Code Execution vulnerability in HP Service Manager and ServiceCenter

Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors.

7.5
2013-11-27 CVE-2013-5957 Civicrm SQL Injection vulnerability in Civicrm

Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.

7.5
2013-11-26 CVE-2013-6875 Nagios SQL Injection vulnerability in Nagios XI

SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.

7.5
2013-11-26 CVE-2013-6873 Testa SQL Injection vulnerability in Testa Online Test Management System 2.0.0.2

SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter.

7.5
2013-11-28 CVE-2013-5065 Microsoft Improper Input Validation vulnerability in Microsoft Windows 2003 Server and Windows XP

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

7.2

27 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-27 CVE-2013-6383 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.

6.9
2013-11-27 CVE-2013-6381 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size.

6.9
2013-11-26 CVE-2013-4524 Moodle Path Traversal vulnerability in Moodle

Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a ..

6.8
2013-12-01 CVE-2013-6718 IBM Cryptographic Issues vulnerability in IBM Advanced Management Module Firmware 3.64

The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface.

6.4
2013-11-30 CVE-2013-6918 Satechi Permissions, Privileges, and Access Controls vulnerability in Satechi Smart Travel Router 1.5

The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests.

5.8
2013-11-25 CVE-2013-6373 Jenkins CI Permissions, Privileges, and Access Controls vulnerability in Jenkins-Ci Exclusion 0.6/0.7/0.8

The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors.

5.5
2013-11-29 CVE-2013-6706 Cisco Improper Input Validation vulnerability in Cisco IOS XE

The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.

5.4
2013-12-01 CVE-2013-3708 Novell Unspecified vulnerability in Novell Iprint

The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors.

5.0
2013-11-29 CVE-2013-6700 Cisco Improper Input Validation vulnerability in Cisco IOS XR

The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.

5.0
2013-11-28 CVE-2013-6712 PHP
Apple
Opensuse
Buffer Errors vulnerability in PHP

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

5.0
2013-11-27 CVE-2013-4617 Jahia Information Exposure vulnerability in Jahia XCM 6.6.1

Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5.0
2013-11-26 CVE-2013-3923 Savysoda Path Traversal vulnerability in Savysoda Wifi Free HD 1.2

Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request.

5.0
2013-11-26 CVE-2013-4522 Moodle Information Exposure vulnerability in Moodle

lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy server.

5.0
2013-11-30 CVE-2013-6392 Codeaurora Resource Management Errors vulnerability in Codeaurora Android-Msm

The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted GENLOCK_IOC_EXPORT ioctl call.

4.9
2013-12-01 CVE-2013-2818 Alstom Improper Input Validation vulnerability in Alstom E-Terracontrol 3.5/3.6/3.7

The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line.

4.7
2013-11-29 CVE-2013-6885 AMD Resource Management Errors vulnerability in AMD products

The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.

4.7
2013-11-27 CVE-2013-6380 Linux Improper Input Validation vulnerability in Linux Kernel

The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.

4.7
2013-11-27 CVE-2013-6378 Linux Numeric Errors vulnerability in Linux Kernel

The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.

4.4
2013-12-01 CVE-2013-3707 Novell Improper Input Validation vulnerability in Novell Open Enterprise Server 11.0

The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009.

4.3
2013-11-29 CVE-2013-6791 Microsoft Information Exposure vulnerability in Microsoft Enhanced Mitigation Experience Toolkit 3.0

Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack.

4.3
2013-11-29 CVE-2013-5463 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager 7.0.0/7.0.1/7.1.0

The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file.

4.3
2013-11-27 CVE-2013-4624 Jahia Cross-Site Scripting vulnerability in Jahia XCM 6.6.1

Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.

4.3
2013-11-27 CVE-2013-3394 Cisco Cross-Site Scripting vulnerability in Cisco Prime Network Registrar

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka Bug ID CSCuh41429.

4.3
2013-11-25 CVE-2013-6870 Splunk Cross-Site Scripting vulnerability in Splunk

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-11-25 CVE-2013-4573 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php.

4.3
2013-11-25 CVE-2012-6608 Elastix Cross-Site Scripting vulnerability in Elastix 2.3.0

Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter.

4.3
2013-11-27 CVE-2013-6382 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-11-29 CVE-2013-6307 IBM Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.0.0

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-11-29 CVE-2013-5448 IBM Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0

Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-11-28 CVE-2013-6322 IBM Cross-Site Scripting vulnerability in IBM Sterling Selling and Fulfillment Foundation 8.0/8.5

Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-11-27 CVE-2013-3920 Jahia Cross-Site Scripting vulnerability in Jahia XCM 6.6.1

Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.

3.5
2013-11-27 CVE-2013-4036 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 FP13, and IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP7 and 11.0 before FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-11-26 CVE-2013-4525 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question.

3.5
2013-11-26 CVE-2013-4523 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.

3.5
2013-11-25 CVE-2013-6374 Jenkins CI Cross-Site Scripting vulnerability in Jenkins-Ci Build Failure Analyzer

Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-11-30 CVE-2013-5636 Checkpoint Credentials Management vulnerability in Checkpoint Endpoint Security

Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses.

3.3
2013-11-30 CVE-2013-5635 Checkpoint Credentials Management vulnerability in Checkpoint Endpoint Security

Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously.

3.3