Weekly Vulnerabilities Reports > December 30, 2013 to January 5, 2014

Overview

51 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 35 products from 27 vendors including HP, HOT, Wordpress, Fatfreecrm, and OP5. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "Information Exposure", "Improper Input Validation", and "SQL Injection".

  • 44 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 46 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-04 CVE-2013-6195 HP Unspecified vulnerability in HP Storage Data Protector 6.20/6.21

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008.

10.0
2014-01-04 CVE-2013-6194 HP Unspecified vulnerability in HP Storage Data Protector 6.20/6.21

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.

10.0
2014-01-04 CVE-2013-2350 HP Unspecified vulnerability in HP Storage Data Protector 6.20/6.21

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897.

10.0
2014-01-04 CVE-2013-2349 HP Unspecified vulnerability in HP Storage Data Protector 6.20/6.21

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896.

10.0
2014-01-04 CVE-2013-2348 HP Unspecified vulnerability in HP Storage Data Protector 6.20/6.21

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892.

10.0
2014-01-04 CVE-2013-2347 HP Unspecified vulnerability in HP Storage Data Protector 6.20/6.21

The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.

10.0
2014-01-04 CVE-2013-2346 HP Unspecified vulnerability in HP Storage Data Protector 6.20/6.21

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870.

10.0
2014-01-04 CVE-2013-2345 HP Unspecified vulnerability in HP Storage Data Protector 6.20/6.21

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869.

10.0
2014-01-04 CVE-2013-2344 HP Unspecified vulnerability in HP Storage Data Protector 6.20/6.21

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866.

10.0
2013-12-31 CVE-2012-0264 OP5 Permissions, Privileges, and Access Controls vulnerability in OP5 Monitor 5.3.5/5.4.0/5.4.2

op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.

10.0
2013-12-31 CVE-2012-0262 OP5 Code Injection vulnerability in OP5 Monitor and System-Op5Config

op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.

10.0
2013-12-31 CVE-2012-0261 OP5 Code Injection vulnerability in OP5 Monitor and System-Portal

license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.

10.0

4 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-02 CVE-2013-5385 IBM Improper Input Validation vulnerability in IBM I and Z/Os

The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

8.5
2014-01-03 CVE-2013-7260 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer

Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.

7.5
2014-01-03 CVE-2009-5137 Mini Stream Buffer Errors vulnerability in Mini-Stream Castripper 2.50.70

Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667.

7.5
2013-12-31 CVE-2013-6987 Synology Path Traversal vulnerability in Synology Diskstation Manager 4.33810

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a ..

7.5

29 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-05 CVE-2013-7262 Osgeo
UMN
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.

6.8
2014-01-03 CVE-2014-0791 Freerdp Numeric Errors vulnerability in Freerdp 1.0.0/1.0.1/1.0.2

Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.

6.8
2014-01-03 CVE-2013-7256 Opsview Cross-Site Request Forgery (CSRF) vulnerability in Opsview

Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2014-01-03 CVE-2013-6992 Askapache
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Askapache Firefox Adsense 3.0

Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php.

6.8
2014-01-02 CVE-2013-7251 Projectforge Cross-Site Request Forgery (CSRF) vulnerability in Projectforge

Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) web/admin/, (2) web/core/, (3) web/dialog/, (4) web/fibu/, (5) web/mobile/, (6) web/task/, or (7) web/wicket/.

6.8
2014-01-02 CVE-2013-7223 Fatfreecrm Cross-Site Request Forgery (CSRF) vulnerability in Fatfreecrm FAT Free CRM

Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_controller.rb.

6.8
2013-12-30 CVE-2013-7209 Jforum Cross-Site Request Forgery (CSRF) vulnerability in Jforum

Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action.

6.8
2013-12-30 CVE-2013-7233 Wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wordpress

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.

6.8
2014-01-02 CVE-2013-7225 Fatfreecrm SQL Injection vulnerability in Fatfreecrm FAT Free CRM

Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature.

6.5
2013-12-31 CVE-2013-6983 Cisco SQL Injection vulnerability in Cisco Unified Presence Server

SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615.

6.5
2013-12-30 CVE-2013-5220 HOT Improper Input Validation vulnerability in HOT Hotbox Router and Hotbox Router Firmware

goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.

6.1
2014-01-03 CVE-2013-7255 Opsview Improper Input Validation vulnerability in Opsview

Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2013-12-30 CVE-2013-5038 HOT Improper Authentication vulnerability in HOT Hotbox Router and Hotbox Router Firmware

The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session.

5.8
2013-12-30 CVE-2013-5039 HOT Cross-Site Request Forgery (CSRF) vulnerability in HOT Hotbox Router and Hotbox Router Firmware

Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter.

5.4
2014-01-03 CVE-2013-6953 Dotnetblogengine Information Exposure vulnerability in Dotnetblogengine Blogengine.Net

BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.

5.0
2014-01-03 CVE-2013-7240 Westerndeal
Wordpress
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2014-01-02 CVE-2013-7249 Fatfreecrm Information Exposure vulnerability in Fatfreecrm FAT Free CRM

Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.

5.0
2014-01-02 CVE-2013-7224 Fatfreecrm Information Exposure vulnerability in Fatfreecrm FAT Free CRM

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.

5.0
2014-01-02 CVE-2013-7222 Fatfreecrm Cryptographic Issues vulnerability in Fatfreecrm FAT Free CRM

config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.

5.0
2014-01-03 CVE-2013-7258 Web2Ldap Cross-Site Scripting vulnerability in Web2Ldap

Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and entry data in group administration UI."

4.3
2014-01-03 CVE-2013-7257 Codiad Cross-Site Scripting vulnerability in Codiad 2.0.7

Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field.

4.3
2014-01-03 CVE-2013-7254 Opsview Cross-Site Scripting vulnerability in Opsview

Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-01-03 CVE-2013-6993 AD Minister Project
Wordpress
Cross-Site Scripting vulnerability in Ad-Minister Project Ad-Minister

Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php.

4.3
2014-01-03 CVE-2013-6991 Wokamoto
Wordpress
Cross-Site Scripting vulnerability in Wokamoto Wp-Cron Dashboard

Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php.

4.3
2013-12-31 CVE-2013-6459 Mislav Marohnic Cross-Site Scripting vulnerability in Mislav Marohnic Will Paginate

Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.

4.3
2013-12-31 CVE-2013-5573 Jenkins Cross-Site Scripting vulnerability in Jenkins 1.523

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

4.3
2013-12-30 CVE-2013-5210 Adtran Cross-Site Scripting vulnerability in Adtran Aos, Netvanta 7060 and Netvanta 7100

Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-12-30 CVE-2013-4858 Microsoft Improper Input Validation vulnerability in Microsoft Windows Movie Maker 2.1.4026.0

Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav.

4.3
2013-12-31 CVE-2012-0263 OP5 Information Exposure vulnerability in OP5 Monitor

monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-02 CVE-2013-7250 Projectforge Cross-Site Scripting vulnerability in Projectforge

Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java.

3.5
2014-01-02 CVE-2011-5269 Projectforge Cross-Site Scripting vulnerability in Projectforge

Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message.

3.5
2013-12-30 CVE-2013-5219 HOT Path Traversal vulnerability in HOT Hotbox Router and Hotbox Router Firmware

Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a ..

3.3
2013-12-30 CVE-2013-5037 HOT Credentials Management vulnerability in HOT Hotbox Router and Hotbox Router Firmware

The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages.

3.3
2013-12-30 CVE-2013-5218 HOT Cross-Site Scripting vulnerability in HOT Hotbox Router and Hotbox Router Firmware

Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp.

2.9
2014-01-05 CVE-2013-6402 HP Link Following vulnerability in HP Linux Imaging and Printing Project

base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.

2.1