Weekly Vulnerabilities Reports > December 16 to 22, 2013

Overview

107 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 156 products from 41 vendors including IBM, Apple, Cisco, Typo3, and HP. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", and "Permissions, Privileges, and Access Controls".

  • 91 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 40 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 86 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 37 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-19 CVE-2013-5946 D Link OS Command Injection vulnerability in D-Link products

The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.

10.0
2013-12-20 CVE-2013-7186 Steinberg Buffer Errors vulnerability in Steinberg Mymp3Pro 5.0

Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.

9.3
2013-12-19 CVE-2013-7136 UPC Cryptographic Issues vulnerability in UPC Ireland Cisco Epc2425

The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.

9.3
2013-12-19 CVE-2013-6877 Realnetworks Buffer Errors vulnerability in Realnetworks Realplayer 16.0.2.32/16.0.3.51

Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260.

9.3
2013-12-16 CVE-2013-3140 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 9

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet Explorer Use After Free Vulnerability."

9.3

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-17 CVE-2013-6925 Siemens Unspecified vulnerability in Siemens Ruggedcom Rugged Operating System

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.

8.3
2013-12-17 CVE-2013-6926 Siemens Permissions, Privileges, and Access Controls vulnerability in Siemens Ruggedcom Rugged Operating System

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.

8.0
2013-12-19 CVE-2013-7004 D Link Credentials Management vulnerability in D-Link products

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.

7.8
2013-12-19 CVE-2013-4776 Netgear Remote Denial of Service vulnerability in Multiple NetGear ProSafe Switches

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.

7.8
2013-12-19 CVE-2013-4775 Netgear Information Exposure vulnerability in Netgear products

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.

7.8
2013-12-17 CVE-2013-6329 IBM Cryptographic Issues vulnerability in IBM products

IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session.

7.8
2013-12-21 CVE-2013-7193 Etoshop SQL Injection vulnerability in Etoshop C2C Forward Auction Creator 2.0

Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.

7.5
2013-12-21 CVE-2013-7192 Etoshop SQL Injection vulnerability in Etoshop Dynamic BIZ Website Builder Quickweb 1.0

Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.

7.5
2013-12-21 CVE-2013-2627 Idleman SQL Injection vulnerability in Idleman Leed 1.4

SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.

7.5
2013-12-20 CVE-2013-7189 Iscripts SQL Injection vulnerability in Iscripts Autohoster 2.4

Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.

7.5
2013-12-20 CVE-2013-7187 Ncrafts SQL Injection vulnerability in Ncrafts Formcraft

SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2013-12-19 CVE-2013-7086 Webbynode Code Injection vulnerability in Webbynode

The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.

7.5
2013-12-19 CVE-2013-6824 Zabbix Code Injection vulnerability in Zabbix

Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.

7.5
2013-12-17 CVE-2013-6420 PHP
Opensuse
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

7.5
2013-12-20 CVE-2013-6767 Quickheal Buffer Errors vulnerability in Quickheal Antivirus PRO 7.0.0.1

Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file.

7.2
2013-12-18 CVE-2013-5416 IBM Local Privilege Escalation vulnerability in IBM Rational ClearCase

Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors.

7.2
2013-12-18 CVE-2013-5415 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Rational Clearcase

Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors.

7.2
2013-12-21 CVE-2013-2821 Novatech Improper Input Validation vulnerability in Novatech products

NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow remote attackers to cause a denial of service (driver crash and process restart) via a crafted DNP3 TCP packet.

7.1
2013-12-17 CVE-2013-2814 Cooperindustries Improper Input Validation vulnerability in Cooperindustries Dnp3 Master OPC Server

Cooper Power Systems Cybectec DNP3 Master OPC Server allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors.

7.1
2013-12-17 CVE-2013-2813 Cooperindustries Improper Input Validation vulnerability in Cooperindustries products

The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows remote attackers to cause a denial of service (reboot or link outage) via a crafted DNP3 TCP packet.

7.1

65 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-21 CVE-2013-2628 Idleman Cross-Site Request Forgery (CSRF) vulnerability in Idleman Leed 1.4

Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token.

6.8
2013-12-19 CVE-2013-6976 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Epc3925

Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.

6.8
2013-12-18 CVE-2013-5228 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8
2013-12-18 CVE-2013-5225 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8
2013-12-18 CVE-2013-5199 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8
2013-12-18 CVE-2013-5198 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8
2013-12-18 CVE-2013-5197 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8
2013-12-18 CVE-2013-5196 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8
2013-12-18 CVE-2013-5195 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes, Safari and Webkit

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8
2013-12-17 CVE-2013-6883 CRU INC Cross-Site Request Forgery (CSRF) vulnerability in Cru-Inc products

Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.

6.8
2013-12-17 CVE-2013-6038 Trimble Buffer Errors vulnerability in Trimble Sketchup Viewer 13.0.4124

Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 allows remote attackers to execute arbitrary code via a crafted .SKP file.

6.8
2013-12-17 CVE-2013-6192 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Operations Orchestration 7.1/7.2/7.5

Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2013-12-21 CVE-2013-5409 IBM SQL Injection vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2013-12-18 CVE-2013-5227 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Safari

Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields.

6.4
2013-12-21 CVE-2013-4046 IBM Improper Input Validation vulnerability in IBM Spss Collaboration and Deployment Services

Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2013-12-19 CVE-2013-7067 Mike Stefanello
Drupal
Permissions, Privileges, and Access Controls vulnerability in Mike Stefanello OG Features

The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request.

5.8
2013-12-17 CVE-2013-6966 Cisco Improper Input Validation vulnerability in Cisco Webex Training Center

Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031.

5.8
2013-12-22 CVE-2013-6735 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.

5.0
2013-12-22 CVE-2013-6723 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal 8.0.0.1

IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors.

5.0
2013-12-21 CVE-2013-4070 IBM Information Exposure vulnerability in IBM Spss Collaboration and Deployment Services

The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors.

5.0
2013-12-21 CVE-2013-4069 IBM Information Exposure vulnerability in IBM Spss Collaboration and Deployment Services

The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.0
2013-12-20 CVE-2013-7190 Iscripts Path Traversal vulnerability in Iscripts Autohoster 2.4

Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.

5.0
2013-12-19 CVE-2013-7114 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet.

5.0
2013-12-19 CVE-2013-7113 Wireshark Improper Input Validation vulnerability in Wireshark

epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

5.0
2013-12-19 CVE-2013-7112 Wireshark Improper Input Validation vulnerability in Wireshark

The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

5.0
2013-12-19 CVE-2013-7100 Digium Buffer Errors vulnerability in Digium Asterisk, Asterisk Digiumphones and Certified Asterisk

Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.

5.0
2013-12-18 CVE-2013-6701 Cisco Improper Input Validation vulnerability in Cisco products

The tNetTaskLimit process on the Transport Node Controller (TNC) on Cisco ONS 15454 devices with software 9.6 and earlier does not properly prioritize health pings, which allows remote attackers to cause a denial of service (watchdog timeout and TNC reset) via a flood of network traffic, aka Bug ID CSCud97155.

5.0
2013-12-17 CVE-2013-6193 HP Remote Denial of Service vulnerability in HP LaserJet Printers

Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows remote attackers to cause a denial of service via unknown vectors.

5.0
2013-12-22 CVE-2013-4012 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1

IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

4.9
2013-12-22 CVE-2013-3705 Novell Improper Input Validation vulnerability in Novell Client 2.0

The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL.

4.9
2013-12-21 CVE-2013-5407 IBM Improper Input Validation vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue.

4.9
2013-12-19 CVE-2013-5426 IBM Improper Authentication vulnerability in IBM products

Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors.

4.9
2013-12-19 CVE-2013-7005 D Link Information Exposure vulnerability in D-Link products

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.

4.9
2013-12-21 CVE-2013-2822 Novatech Improper Input Validation vulnerability in Novatech products

NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow physically proximate attackers to cause a denial of service (driver crash and process restart) via crafted input over a serial line.

4.7
2013-12-17 CVE-2013-2816 Cooperindustries Improper Input Validation vulnerability in Cooperindustries products

The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows physically proximate attackers to cause a denial of service (reboot or link outage) via crafted input over a serial line.

4.7
2013-12-21 CVE-2012-4135 Cisco Path Traversal vulnerability in Cisco Nx-Os

Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.

4.6
2013-12-21 CVE-2012-4131 Cisco Path Traversal vulnerability in Cisco Nx-Os

Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.

4.6
2013-12-22 CVE-2013-6328 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal

Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.

4.3
2013-12-22 CVE-2013-6316 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal

IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor.

4.3
2013-12-22 CVE-2013-5421 IBM Cross-Site Scripting vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2

Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.

4.3
2013-12-21 CVE-2013-5413 IBM Improper Authentication vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation.

4.3
2013-12-21 CVE-2013-5411 IBM Improper Input Validation vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors.

4.3
2013-12-21 CVE-2013-4063 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP.

4.3
2013-12-21 CVE-2013-4045 IBM Cross-Site Scripting vulnerability in IBM Spss Collaboration and Deployment Services

Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-21 CVE-2013-7191 Tenmiles Cross-Site Scripting vulnerability in Tenmiles Helpdesk Pilot 5.0

Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI for a ticket.

4.3
2013-12-21 CVE-2013-7082 Typo3 Cross-Site Scripting vulnerability in Typo3 Flow 1.1.0/2.0.0

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow (formerly FLOW3) 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.

4.3
2013-12-21 CVE-2013-7077 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-21 CVE-2013-7076 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-21 CVE-2013-7002 Livezilla Cross-Site Scripting vulnerability in Livezilla

Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter.

4.3
2013-12-21 CVE-2013-6162 Code Crafters Cross-Site Scripting vulnerability in Code-Crafters Ability Mail Server 3.1.1

Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.

4.3
2013-12-20 CVE-2013-7188 Hostbillapp Cross-Site Scripting vulnerability in Hostbillapp Hostbill

Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-19 CVE-2013-6178 EMC Cross-Site Scripting vulnerability in EMC RSA Archer Egrc

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-19 CVE-2013-5462 IBM Improper Input Validation vulnerability in IBM Content Navigator 2.0.0/2.0.1/2.0.2

IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements.

4.3
2013-12-19 CVE-2013-5422 IBM Information Exposure vulnerability in IBM Rational Clearcase

The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors.

4.3
2013-12-19 CVE-2013-6837 NO Margin FOR Errors Cross-Site Scripting vulnerability in No-Margin-For-Errors Prettyphoto 3.1.4

Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI.

4.3
2013-12-19 CVE-2013-6836 Gnome Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Gnumeric

Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.

4.3
2013-12-17 CVE-2013-7129 Themebeans Cross-Site Scripting vulnerability in Themebeans Blooog Theme 1.1

Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf.

4.3
2013-12-17 CVE-2013-6882 CRU INC Cross-Site Scripting vulnerability in Cru-Inc products

Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields.

4.3
2013-12-17 CVE-2013-6733 IBM Cross-Site Scripting vulnerability in IBM Sametime

Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-17 CVE-2013-6327 IBM Cross-Site Scripting vulnerability in IBM Sterling Connect Enterprise Http Option 1.3.02/1.4.00

Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue.

4.3
2013-12-17 CVE-2013-6191 HP Cross-Site Scripting vulnerability in HP Operations Orchestration 7.1/7.2/7.5

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-21 CVE-2013-6978 Cisco Information Exposure vulnerability in Cisco Unified Communications Manager

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.

4.0
2013-12-21 CVE-2013-4044 IBM Information Exposure vulnerability in IBM Spss Collaboration and Deployment Services

IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request.

4.0
2013-12-19 CVE-2013-6717 IBM Remote Denial of Service vulnerability in IBM Db2, DB2 Connect and DB2 Purescale Feature 9.8

The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors.

4.0
2013-12-18 CVE-2013-5466 IBM Remote Denial of Service vulnerability in IBM Db2, DB2 Connect and DB2 Purescale Feature 9.8

The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.

4.0

17 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-12-22 CVE-2013-6745 IBM Cross-Site Scripting vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2

Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.

3.5
2013-12-21 CVE-2013-6196 HP Cross-Site Scripting vulnerability in HP Autonomy Ultraseek 5.0

Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-12-21 CVE-2013-5406 IBM Cross-Site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler.

3.5
2013-12-21 CVE-2013-5405 IBM Cross-Site Scripting vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

3.5
2013-12-21 CVE-2013-7194 Efrontlearning Cross-Site Scripting vulnerability in Efrontlearning Efront 3.6.14

Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.

3.5
2013-12-21 CVE-2013-7074 Typo3 Cross-Site Scripting vulnerability in Typo3

Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

3.5
2013-12-19 CVE-2013-5452 IBM Information Exposure vulnerability in IBM Filenet Business Process Framework 4.1.0

IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

3.5
2013-12-18 CVE-2013-5402 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2013-12-17 CVE-2013-6721 IBM Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository

Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets.

3.5
2013-12-18 CVE-2013-5398 IBM Information Disclosure vulnerability in IBM Rational Focal Point Webservice Axis Gateway

Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5397.

3.3
2013-12-18 CVE-2013-5397 IBM Information Disclosure vulnerability in IBM Rational Focal Point Webservice Axis Gateway

Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5398.

3.3
2013-12-21 CVE-2013-4065 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP.

2.6
2013-12-21 CVE-2013-4064 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA.

2.1
2013-12-20 CVE-2013-4576 Gnupg Credentials Management vulnerability in Gnupg

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption.

2.1
2013-12-18 CVE-2013-5440 IBM Information Exposure vulnerability in IBM Infosphere Information Server

IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.

2.1
2013-12-17 CVE-2013-7128 Valvesoftware Cryptographic Issues vulnerability in Valvesoftware Steamos

Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file.

2.1
2013-12-17 CVE-2013-7127 Apple Cryptographic Issues vulnerability in Apple mac OS X and Safari

Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.

2.1