Weekly Vulnerabilities Reports > November 25 to December 1, 2013
Overview
39 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 34 products from 23 vendors including IBM, Moodle, Cisco, Jahia, and Microsoft. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Information Exposure", and "SQL Injection".
- 33 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 19 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 29 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Thomsonreuters has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-11-28 | CVE-2013-5912 | Thomsonreuters | Code Injection vulnerability in Thomsonreuters Velocity Analytics Vhayu Analytic Server 6.94 VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action. | 10.0 |
2013-11-26 | CVE-2013-6874 | Vortexgroup | Buffer Errors vulnerability in Vortexgroup Light Alloy 4.7.3 Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file. | 9.3 |
6 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-11-28 | CVE-2013-5065 | Microsoft | Unspecified vulnerability in Microsoft Windows 2003 Server and Windows XP NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013. | 7.8 |
2013-11-25 | CVE-2013-3922 | Gummybearstudios | Path Traversal vulnerability in Gummybearstudios FTP Drive + Http Server 1.0.4 Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. | 7.8 |
2013-11-29 | CVE-2013-4844 | HP | Remote Code Execution vulnerability in HP Service Manager and ServiceCenter Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
2013-11-27 | CVE-2013-5957 | Civicrm | SQL Injection vulnerability in Civicrm Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty. | 7.5 |
2013-11-26 | CVE-2013-6875 | Nagios | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php. | 7.5 |
2013-11-26 | CVE-2013-6873 | Testa | SQL Injection vulnerability in Testa Online Test Management System 2.0.0.2 SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter. | 7.5 |
21 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-11-26 | CVE-2013-4524 | Moodle | Path Traversal vulnerability in Moodle Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. | 6.8 |
2013-12-01 | CVE-2013-6718 | IBM | Cryptographic Issues vulnerability in IBM Advanced Management Module Firmware 3.64 The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3.64G for IBM BladeCenter systems allows remote attackers to discover account names and passwords via use of an unspecified interface. | 6.4 |
2013-11-30 | CVE-2013-6918 | Satechi | Permissions, Privileges, and Access Controls vulnerability in Satechi Smart Travel Router 1.5 The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests. | 5.8 |
2013-11-25 | CVE-2013-6373 | Jenkins CI | Permissions, Privileges, and Access Controls vulnerability in Jenkins-Ci Exclusion 0.6/0.7/0.8 The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors. | 5.5 |
2013-11-29 | CVE-2013-6706 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. | 5.4 |
2013-12-01 | CVE-2013-3708 | Novell | Unspecified vulnerability in Novell Iprint The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
2013-11-29 | CVE-2013-6700 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. | 5.0 |
2013-11-27 | CVE-2013-4617 | Jahia | Information Exposure vulnerability in Jahia XCM 6.6.1 Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 5.0 |
2013-11-26 | CVE-2013-3923 | Savysoda | Path Traversal vulnerability in Savysoda Wifi Free HD 1.2 Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. | 5.0 |
2013-11-26 | CVE-2013-4522 | Moodle | Information Exposure vulnerability in Moodle lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy server. | 5.0 |
2013-11-30 | CVE-2013-6392 | Codeaurora | Resource Management Errors vulnerability in Codeaurora Android-Msm The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted GENLOCK_IOC_EXPORT ioctl call. | 4.9 |
2013-12-01 | CVE-2013-2818 | Alstom | Improper Input Validation vulnerability in Alstom E-Terracontrol 3.5/3.6/3.7 The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line. | 4.7 |
2013-12-01 | CVE-2013-3707 | Novell | Improper Input Validation vulnerability in Novell Open Enterprise Server 11.0 The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009. | 4.3 |
2013-11-29 | CVE-2013-6791 | Microsoft | Information Exposure vulnerability in Microsoft Enhanced Mitigation Experience Toolkit 3.0 Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack. | 4.3 |
2013-11-29 | CVE-2013-5463 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager 7.0.0/7.0.1/7.1.0 The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file. | 4.3 |
2013-11-27 | CVE-2013-4624 | Jahia | Cross-Site Scripting vulnerability in Jahia XCM 6.6.1 Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action. | 4.3 |
2013-11-27 | CVE-2013-3394 | Cisco | Cross-Site Scripting vulnerability in Cisco Prime Network Registrar Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka Bug ID CSCuh41429. | 4.3 |
2013-11-25 | CVE-2013-6870 | Splunk | Cross-Site Scripting vulnerability in Splunk Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-11-25 | CVE-2013-4573 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php. | 4.3 |
2013-11-25 | CVE-2012-6608 | Elastix | Cross-Site Scripting vulnerability in Elastix 2.3.0 Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter. | 4.3 |
2013-11-27 | CVE-2013-6382 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. | 4.0 |
10 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-11-29 | CVE-2013-6307 | IBM | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.0.0 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-11-29 | CVE-2013-5448 | IBM | Cross-Site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-11-28 | CVE-2013-6322 | IBM | Cross-Site Scripting vulnerability in IBM Sterling Selling and Fulfillment Foundation 8.0/8.5 Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-11-27 | CVE-2013-3920 | Jahia | Cross-Site Scripting vulnerability in Jahia XCM 6.6.1 Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field. | 3.5 |
2013-11-27 | CVE-2013-4036 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 FP13, and IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP7 and 11.0 before FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-11-26 | CVE-2013-4525 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question. | 3.5 |
2013-11-26 | CVE-2013-4523 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message. | 3.5 |
2013-11-25 | CVE-2013-6374 | Jenkins CI | Cross-Site Scripting vulnerability in Jenkins-Ci Build Failure Analyzer Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2013-11-30 | CVE-2013-5636 | Checkpoint | Credentials Management vulnerability in Checkpoint Endpoint Security Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses. | 3.3 |
2013-11-30 | CVE-2013-5635 | Checkpoint | Credentials Management vulnerability in Checkpoint Endpoint Security Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously. | 3.3 |