Weekly Vulnerabilities Reports > December 30, 2013 to January 5, 2014
Overview
51 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 35 products from 27 vendors including HP, HOT, Wordpress, Fatfreecrm, and OP5. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "Information Exposure", "Improper Input Validation", and "SQL Injection".
- 44 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 46 reported vulnerabilities are exploitable by an anonymous user.
- HP has the most reported vulnerabilities, with 10 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
12 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-01-04 | CVE-2013-6195 | HP | Unspecified vulnerability in HP Storage Data Protector 6.20/6.21 Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008. | 10.0 |
2014-01-04 | CVE-2013-6194 | HP | Unspecified vulnerability in HP Storage Data Protector 6.20/6.21 Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905. | 10.0 |
2014-01-04 | CVE-2013-2350 | HP | Unspecified vulnerability in HP Storage Data Protector 6.20/6.21 Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897. | 10.0 |
2014-01-04 | CVE-2013-2349 | HP | Unspecified vulnerability in HP Storage Data Protector 6.20/6.21 Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896. | 10.0 |
2014-01-04 | CVE-2013-2348 | HP | Unspecified vulnerability in HP Storage Data Protector 6.20/6.21 Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892. | 10.0 |
2014-01-04 | CVE-2013-2347 | HP | Unspecified vulnerability in HP Storage Data Protector 6.20/6.21 The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885. | 10.0 |
2014-01-04 | CVE-2013-2346 | HP | Unspecified vulnerability in HP Storage Data Protector 6.20/6.21 Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870. | 10.0 |
2014-01-04 | CVE-2013-2345 | HP | Unspecified vulnerability in HP Storage Data Protector 6.20/6.21 Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869. | 10.0 |
2014-01-04 | CVE-2013-2344 | HP | Unspecified vulnerability in HP Storage Data Protector 6.20/6.21 Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866. | 10.0 |
2013-12-31 | CVE-2012-0264 | OP5 | Permissions, Privileges, and Access Controls vulnerability in OP5 Monitor 5.3.5/5.4.0/5.4.2 op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors. | 10.0 |
2013-12-31 | CVE-2012-0262 | OP5 | Code Injection vulnerability in OP5 Monitor and System-Op5Config op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. | 10.0 |
2013-12-31 | CVE-2012-0261 | OP5 | Code Injection vulnerability in OP5 Monitor and System-Portal license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action. | 10.0 |
4 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-01-02 | CVE-2013-5385 | IBM | Improper Input Validation vulnerability in IBM I and Z/Os The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | 8.5 |
2014-01-03 | CVE-2013-7260 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877. | 7.5 |
2014-01-03 | CVE-2009-5137 | Mini Stream | Buffer Errors vulnerability in Mini-Stream Castripper 2.50.70 Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667. | 7.5 |
2013-12-31 | CVE-2013-6987 | Synology | Path Traversal vulnerability in Synology Diskstation Manager 4.33810 Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. | 7.5 |
29 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-01-05 | CVE-2013-7262 | Osgeo UMN | SQL Injection vulnerability in multiple products SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter. | 6.8 |
2014-01-03 | CVE-2014-0791 | Freerdp | Numeric Errors vulnerability in Freerdp 1.0.0/1.0.1/1.0.2 Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet. | 6.8 |
2014-01-03 | CVE-2013-7256 | Opsview | Cross-Site Request Forgery (CSRF) vulnerability in Opsview Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2014-01-03 | CVE-2013-6992 | Askapache Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Askapache Firefox Adsense 3.0 Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php. | 6.8 |
2014-01-02 | CVE-2013-7251 | Projectforge | Cross-Site Request Forgery (CSRF) vulnerability in Projectforge Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) web/admin/, (2) web/core/, (3) web/dialog/, (4) web/fibu/, (5) web/mobile/, (6) web/task/, or (7) web/wicket/. | 6.8 |
2014-01-02 | CVE-2013-7223 | Fatfreecrm | Cross-Site Request Forgery (CSRF) vulnerability in Fatfreecrm FAT Free CRM Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_controller.rb. | 6.8 |
2013-12-30 | CVE-2013-7209 | Jforum | Cross-Site Request Forgery (CSRF) vulnerability in Jforum Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action. | 6.8 |
2013-12-30 | CVE-2013-7233 | Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list. | 6.8 |
2014-01-02 | CVE-2013-7225 | Fatfreecrm | SQL Injection vulnerability in Fatfreecrm FAT Free CRM Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature. | 6.5 |
2013-12-31 | CVE-2013-6983 | Cisco | SQL Injection vulnerability in Cisco Unified Presence Server SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. | 6.5 |
2013-12-30 | CVE-2013-5220 | HOT | Improper Input Validation vulnerability in HOT Hotbox Router and Hotbox Router Firmware goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data. | 6.1 |
2014-01-03 | CVE-2013-7255 | Opsview | Improper Input Validation vulnerability in Opsview Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2013-12-30 | CVE-2013-5038 | HOT | Improper Authentication vulnerability in HOT Hotbox Router and Hotbox Router Firmware The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session. | 5.8 |
2013-12-30 | CVE-2013-5039 | HOT | Cross-Site Request Forgery (CSRF) vulnerability in HOT Hotbox Router and Hotbox Router Firmware Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter. | 5.4 |
2014-01-03 | CVE-2013-6953 | Dotnetblogengine | Information Exposure vulnerability in Dotnetblogengine Blogengine.Net BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. | 5.0 |
2014-01-03 | CVE-2013-7240 | Westerndeal Wordpress | Path Traversal vulnerability in multiple products Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-01-02 | CVE-2013-7249 | Fatfreecrm | Information Exposure vulnerability in Fatfreecrm FAT Free CRM Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224. | 5.0 |
2014-01-02 | CVE-2013-7224 | Fatfreecrm | Information Exposure vulnerability in Fatfreecrm FAT Free CRM Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json. | 5.0 |
2014-01-02 | CVE-2013-7222 | Fatfreecrm | Cryptographic Issues vulnerability in Fatfreecrm FAT Free CRM config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code. | 5.0 |
2014-01-03 | CVE-2013-7258 | Web2Ldap | Cross-Site Scripting vulnerability in Web2Ldap Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and entry data in group administration UI." | 4.3 |
2014-01-03 | CVE-2013-7257 | Codiad | Cross-Site Scripting vulnerability in Codiad 2.0.7 Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. | 4.3 |
2014-01-03 | CVE-2013-7254 | Opsview | Cross-Site Scripting vulnerability in Opsview Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-01-03 | CVE-2013-6993 | AD Minister Project Wordpress | Cross-Site Scripting vulnerability in Ad-Minister Project Ad-Minister Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php. | 4.3 |
2014-01-03 | CVE-2013-6991 | Wokamoto Wordpress | Cross-Site Scripting vulnerability in Wokamoto Wp-Cron Dashboard Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php. | 4.3 |
2013-12-31 | CVE-2013-6459 | Mislav Marohnic | Cross-Site Scripting vulnerability in Mislav Marohnic Will Paginate Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. | 4.3 |
2013-12-31 | CVE-2013-5573 | Jenkins | Cross-Site Scripting vulnerability in Jenkins 1.523 Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration. | 4.3 |
2013-12-30 | CVE-2013-5210 | Adtran | Cross-Site Scripting vulnerability in Adtran Aos, Netvanta 7060 and Netvanta 7100 Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-12-30 | CVE-2013-4858 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows Movie Maker 2.1.4026.0 Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav. | 4.3 |
2013-12-31 | CVE-2012-0263 | OP5 | Information Exposure vulnerability in OP5 Monitor monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-01-02 | CVE-2013-7250 | Projectforge | Cross-Site Scripting vulnerability in Projectforge Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java. | 3.5 |
2014-01-02 | CVE-2011-5269 | Projectforge | Cross-Site Scripting vulnerability in Projectforge Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message. | 3.5 |
2013-12-30 | CVE-2013-5219 | HOT | Path Traversal vulnerability in HOT Hotbox Router and Hotbox Router Firmware Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. | 3.3 |
2013-12-30 | CVE-2013-5037 | HOT | Credentials Management vulnerability in HOT Hotbox Router and Hotbox Router Firmware The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. | 3.3 |
2013-12-30 | CVE-2013-5218 | HOT | Cross-Site Scripting vulnerability in HOT Hotbox Router and Hotbox Router Firmware Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp. | 2.9 |
2014-01-05 | CVE-2013-6402 | HP | Link Following vulnerability in HP Linux Imaging and Printing Project base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. | 2.1 |