Weekly Vulnerabilities Reports > December 2 to 8, 2013

Overview

107 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 38 vendors including Cybozu, Ffmpeg, Apache, Google, and Cisco. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".

  • 99 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 38 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 93 reported vulnerabilities are exploitable by an anonymous user.
  • Cybozu has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • Ffmpeg has the most reported critical vulnerabilities, with 16 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-07 CVE-2013-6920 Siemens Improper Authentication vulnerability in Siemens products

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.

10.0
2013-12-02 CVE-2012-0434 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Suse Cloud 1.0

The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.

10.0
2013-12-07 CVE-2013-0859 Ffmpeg Numeric Errors vulnerability in Ffmpeg

The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access.

9.3
2013-12-07 CVE-2013-0858 Debian
Ffmpeg
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.
9.3
2013-12-07 CVE-2013-0857 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.

9.3
2013-12-07 CVE-2013-0856 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.

9.3
2013-12-07 CVE-2013-0855 Ffmpeg Numeric Errors vulnerability in Ffmpeg

Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access.

9.3
2013-12-07 CVE-2013-0854 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.

9.3
2013-12-07 CVE-2013-0853 Ffmpeg Numeric Errors vulnerability in Ffmpeg

The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.

9.3
2013-12-07 CVE-2013-0852 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.

9.3
2013-12-07 CVE-2013-0851 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.

9.3
2013-12-07 CVE-2013-0850 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.

9.3
2013-12-07 CVE-2013-0849 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data.

9.3
2013-12-07 CVE-2013-0848 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access.

9.3
2013-12-07 CVE-2013-0847 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.

9.3
2013-12-07 CVE-2013-0846 Ffmpeg Improper Input Validation vulnerability in Ffmpeg

Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.

9.3
2013-12-07 CVE-2013-0845 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.

9.3
2013-12-07 CVE-2013-0844 Ffmpeg Numeric Errors vulnerability in Ffmpeg

Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.

9.3
2013-12-04 CVE-2013-6935 Videocharge Buffer Errors vulnerability in Videocharge Watermark Master 2.2.23

Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.

9.3
2013-12-02 CVE-2012-6535 Djvulibre Project Code Injection vulnerability in Djvulibre Project Djvulibre

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.

9.3

17 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-04 CVE-2013-3519 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare products

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.

7.9
2013-12-02 CVE-2012-0425 Opensuse Information Exposure vulnerability in Opensuse 12.1

LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.

7.8
2013-12-07 CVE-2012-6612 Apache Unspecified vulnerability in Apache Solr

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

7.5
2013-12-07 CVE-2013-6410 Wouter Verhelst
Debian
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.

7.5
2013-12-07 CVE-2013-6640 Google Buffer Errors vulnerability in Google Chrome

The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.

7.5
2013-12-07 CVE-2013-6639 Google Buffer Errors vulnerability in Google Chrome

The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.

7.5
2013-12-07 CVE-2013-6638 Google Buffer Errors vulnerability in Google Chrome

Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large typed array, related to the (1) Runtime_TypedArrayInitialize and (2) Runtime_TypedArrayInitializeFromArrayLike functions.

7.5
2013-12-07 CVE-2013-6637 Google Unspecified vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2013-12-05 CVE-2013-6341 Dokeos SQL Injection vulnerability in Dokeos 2.0/2.1

SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.

7.5
2013-12-04 CVE-2013-6945 Osehra Permissions, Privileges, and Access Controls vulnerability in Osehra Vista

The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."

7.5
2013-12-04 CVE-2013-6936 Mybb SQL Injection vulnerability in Mybb Ajax Forum Stat 2.0

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.

7.5
2013-12-06 CVE-2013-1090 Opensuse Permissions, Privileges, and Access Controls vulnerability in Opensuse 12.3

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors.

7.2
2013-12-02 CVE-2012-0427 Opensuse Permissions, Privileges, and Access Controls vulnerability in Opensuse 11.4

yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.

7.2
2013-12-02 CVE-2012-0426 Novell Race Condition vulnerability in Novell Suse Linux Enterprise for SAP Applications 11

Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory.

7.2
2013-12-03 CVE-2013-6704 Cisco Resource Management Errors vulnerability in Cisco IOS XE

Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.

7.1
2013-12-03 CVE-2013-6703 Cisco Improper Input Validation vulnerability in Cisco ONS 15454

The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787.

7.1
2013-12-02 CVE-2013-6696 Cisco Improper Input Validation vulnerability in Cisco products

Cisco Adaptive Security Appliance (ASA) Software does not properly handle errors during the processing of DNS responses, which allows remote attackers to cause a denial of service (device reload) via a malformed response, aka Bug ID CSCuj28861.

7.1

61 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-07 CVE-2013-6386 Drupal Cryptographic Issues vulnerability in Drupal

Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.

6.8
2013-12-07 CVE-2013-4479 Supmua Code Injection vulnerability in Supmua SUP

lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.

6.8
2013-12-07 CVE-2013-4478 Supmua Code Injection vulnerability in Supmua SUP

Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.

6.8
2013-12-07 CVE-2013-4446 Steven Jones
Drupal
Code Injection vulnerability in Steven Jones Context

The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.

6.8
2013-12-07 CVE-2013-4212 Apache Code Injection vulnerability in Apache Roller

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."

6.8
2013-12-07 CVE-2013-6635 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp.

6.8
2013-12-07 CVE-2013-6634 Google Improper Authentication vulnerability in Google Chrome

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.

6.8
2013-12-05 CVE-2013-6004 Cybozu Permissions, Privileges, and Access Controls vulnerability in Cybozu Garoon

Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.

6.8
2013-12-04 CVE-2013-6029 ATT Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ATT Connect Participant Application

Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file.

6.8
2013-12-04 CVE-2013-6937 Videocharge Buffer Errors vulnerability in Videocharge Watermark Master 2.2.23

Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.

6.8
2013-12-05 CVE-2013-6001 Cybozu SQL Injection vulnerability in Cybozu Garoon

SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2013-12-07 CVE-2013-6408 Apache XML External Entity Injection vulnerability in Apache Solr

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

6.4
2013-12-07 CVE-2013-6407 Apache XML External Entity Injection vulnerability in Apache Solr

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

6.4
2013-12-07 CVE-2013-6417 Rubyonrails Permissions, Privileges, and Access Controls vulnerability in Rubyonrails Rails and Ruby ON Rails

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware.

6.4
2013-12-07 CVE-2013-6409 Debian Permissions, Privileges, and Access Controls vulnerability in Debian Adequate

Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.

6.2
2013-12-03 CVE-2013-6705 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.

6.1
2013-12-05 CVE-2013-6787 Chamilo SQL Injection vulnerability in Chamilo LMS

SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.

6.0
2013-12-07 CVE-2013-6389 Drupal Improper Input Validation vulnerability in Drupal

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2013-12-06 CVE-2013-2133 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat products

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

5.5
2013-12-07 CVE-2013-6385 Drupal Code Injection vulnerability in Drupal

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors.

5.1
2013-12-07 CVE-2013-6414 Rubyonrails Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails

actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.

5.0
2013-12-05 CVE-2013-3921 Easytimestudio Path Traversal vulnerability in Easytimestudio Easy File Manager 1.1

Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI.

5.0
2013-12-05 CVE-2013-6002 Cybozu Resource Management Errors vulnerability in Cybozu Garoon

The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

5.0
2013-12-05 CVE-2013-6000 Tattyan Path Traversal vulnerability in Tattyan Hptown 510/593

Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a ..

5.0
2013-12-07 CVE-2013-4445 Steven Jones
Drupal
Permissions, Privileges, and Access Controls vulnerability in Steven Jones Context

The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access.

4.9
2013-12-07 CVE-2013-5455 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Smartcloud Provisioning 2.1.0

IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command.

4.9
2013-12-02 CVE-2012-0420 Opensuse Unspecified vulnerability in Opensuse Zypper 0.11.6/1.0.2/1.6.16

zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable.

4.4
2013-12-07 CVE-2013-7001 Nowsms Improper Input Validation vulnerability in Nowsms NOW SMS & MMS Gateway 2013.09.26/2013.11.11

The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4 or (2) MM7 connection.

4.3
2013-12-07 CVE-2013-7000 Nowsms Improper Input Validation vulnerability in Nowsms NOW SMS & MMS Gateway 2013.09.26

The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection.

4.3
2013-12-07 CVE-2013-6397 Apache Path Traversal vulnerability in Apache Solr

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a ..

4.3
2013-12-07 CVE-2013-6050 Twibright Numeric Errors vulnerability in Twibright Links 2.3/2.7

Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables.

4.3
2013-12-07 CVE-2013-4171 Apache Cross-Site Scripting vulnerability in Apache Roller

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates.

4.3
2013-12-07 CVE-2013-6707 Cisco Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software

Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol management outage) by making multiple management session requests, aka Bug ID CSCug33233.

4.3
2013-12-07 CVE-2013-6636 Google Improper Input Validation vulnerability in Google Chrome

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.

4.3
2013-12-07 CVE-2013-6416 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails

Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.

4.3
2013-12-07 CVE-2013-6415 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails

Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.

4.3
2013-12-07 CVE-2013-4492 I18N Project Cross-Site Scripting vulnerability in I18N Project I18N

Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.

4.3
2013-12-07 CVE-2013-4491 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.

4.3
2013-12-05 CVE-2013-6804 Jamroom Cross-Site Scripting vulnerability in Jamroom Search Module 1.0.0/1.1.0

Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4.

4.3
2013-12-05 CVE-2013-6395 Ganglia Cross-Site Scripting vulnerability in Ganglia Ganglia-Web 3.5.10/3.5.8

Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.

4.3
2013-12-05 CVE-2013-6267 Claroline Cross-Site Scripting vulnerability in Claroline

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php.

4.3
2013-12-05 CVE-2013-5108 Rockmongo Cross-Site Scripting vulnerability in Rockmongo

Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters.

4.3
2013-12-05 CVE-2013-6916 Cybozu
Microsoft
Google
Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-05 CVE-2013-6910 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-05 CVE-2013-6909 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-05 CVE-2013-6908 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon 3.0/3.1/3.5

Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-05 CVE-2013-6907 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-05 CVE-2013-6906 Cybozu
Microsoft
Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-05 CVE-2013-6905 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-05 CVE-2013-6904 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-05 CVE-2013-6903 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-05 CVE-2013-6902 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-05 CVE-2013-6901 Cybozu
Mozilla
Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-05 CVE-2013-6900 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-04 CVE-2013-2825 Elecsyscorp Improper Input Validation vulnerability in Elecsyscorp products

The DNP3 service in the Outstation component on Elecsys Director Gateway devices with kernel 2.6.32.11ael1 and earlier allows remote attackers to cause a denial of service (CPU consumption and communication outage) via crafted input.

4.3
2013-12-04 CVE-2013-6702 Cisco Improper Input Validation vulnerability in Cisco ONS 15454 and ONS 15454 Firmware

The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902.

4.3
2013-12-04 CVE-2013-5449 IBM Cross-Site Scripting vulnerability in IBM Filenet Content Manager

Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-03 CVE-2013-6690 Cisco Cross-Site Scripting vulnerability in Cisco Prime Collaboration

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161.

4.3
2013-12-02 CVE-2012-0414 Novell Cross-Site Scripting vulnerability in Novell Suse Manager 1.2

Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name.

4.3
2013-12-07 CVE-2013-6999 Microsoft Local Denial of Service vulnerability in Microsoft Windows Kernel 'IsHandleEntrySecure()' Function

** DISPUTED ** The IsHandleEntrySecure function in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 SP2 does not properly validate the tagPROCESSINFO pW32Job field, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted NtUserValidateHandleSecure call for an owned object.

4.0
2013-12-02 CVE-2013-6695 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System

The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-03 CVE-2012-6150 Samba Improper Input Validation vulnerability in Samba

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.

3.6
2013-12-07 CVE-2013-4558 Apache Improper Input Validation vulnerability in Apache MOD DAV SVN and Subversion

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.

3.5
2013-12-05 CVE-2013-6915 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-12-05 CVE-2013-6914 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-12-05 CVE-2013-6913 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-12-05 CVE-2013-6912 Cybozu
Microsoft
Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-12-05 CVE-2013-6911 Cybozu Cross-Site Scripting vulnerability in Cybozu Garoon

Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-12-05 CVE-2013-6003 Cybozu Improper Input Validation vulnerability in Cybozu Garoon 3.1/3.5

CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.

3.5
2013-12-07 CVE-2013-4505 Apache Permissions, Privileges, and Access Controls vulnerability in Apache MOD Dontdothat and Subversion

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.

2.6