Weekly Vulnerabilities Reports > January 6 to 12, 2014

Overview

95 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 94 products from 52 vendors including Cisco, Linux, Atmail, Google, and XEN. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Permissions, Privileges, and Access Controls".

  • 71 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 34 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 86 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Atmail has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-12 CVE-2014-0659 Cisco OS Command Injection vulnerability in Cisco products

The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.

10.0
2014-01-12 CVE-2013-5034 Atmail Security vulnerability in Atmail

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033.

10.0
2014-01-12 CVE-2013-5033 Atmail Security vulnerability in Atmail

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034.

10.0
2014-01-12 CVE-2013-5032 Atmail Security vulnerability in Atmail

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034.

10.0
2014-01-12 CVE-2013-5031 Atmail Security vulnerability in Atmail

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034.

10.0
2014-01-10 CVE-2014-1236 Graphviz Buffer Errors vulnerability in Graphviz 2.34.0

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."

10.0
2014-01-10 CVE-2013-7282 Nisuta Improper Authentication vulnerability in Nisuta products

The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header.

10.0
2014-01-09 CVE-2013-6955 Synology Permissions, Privileges, and Access Controls vulnerability in Synology Diskstation Manager

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.

10.0
2014-01-07 CVE-2013-6884 CRU INC Credentials Management vulnerability in Cru-Inc products

The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.

10.0
2014-01-07 CVE-2013-6881 CRU INC OS Command Injection vulnerability in Cru-Inc products

CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.

10.0
2014-01-10 CVE-2014-0978 Graphviz Buffer Errors vulnerability in Graphviz 2.34.0

Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.

9.3
2014-01-09 CVE-2013-6462 X Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X Libxfont

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.

9.3
2014-01-09 CVE-2013-7283 Libreswan Race Condition vulnerability in Libreswan 3.6

Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file.

9.3

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-11 CVE-2014-0618 Juniper Denial of Service vulnerability in Juniper Junos

Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message.

7.8
2014-01-10 CVE-2014-1408 Conceptronic Credentials Management vulnerability in Conceptronic C54Apm and C54Apm Firmware

The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.

7.8
2014-01-09 CVE-2013-7174 Qnap Path Traversal vulnerability in Qnap QTS 4.0/4.0.3

Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter.

7.8
2014-01-07 CVE-2011-1763 XEN Unspecified vulnerability in XEN

The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.

7.7
2014-01-11 CVE-2013-2050 Redhat SQL Injection vulnerability in Redhat products

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.

7.5
2014-01-10 CVE-2013-6321 IBM SQL Injection vulnerability in IBM products

SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-01-09 CVE-2013-7139 Cynthia Fridsma SQL Injection vulnerability in Cynthia Fridsma Horizon Quick Content Management System

SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.

7.5
2014-01-09 CVE-2013-5359 Google Buffer Errors vulnerability in Google Picasa 3.9.0

Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file with a certain size.

7.5
2014-01-09 CVE-2013-5358 Google Buffer Errors vulnerability in Google Picasa 3.9.0

Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory corruption via a crafted TIFF tag, as demonstrated using a KDC file with a DSLR-A100 model and certain sequences of tags.

7.5
2014-01-09 CVE-2013-5357 Google Buffer Errors vulnerability in Google Picasa 3.9.0

Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag.

7.5
2014-01-09 CVE-2013-5349 Google Buffer Errors vulnerability in Google Picasa 3.9.0

Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size.

7.5
2014-01-08 CVE-2013-7278 Naxtech SQL Injection vulnerability in Naxtech CMS Afroditi 1.0

SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp.

7.5
2014-01-07 CVE-2013-6888 Devscripts Devel Team Remote Code Execution vulnerability in Debian devscripts 'uscan'

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.

7.5
2014-01-10 CVE-2013-5009 Symantec Improper Authentication vulnerability in Symantec Endpoint Protection

The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.

7.4
2014-01-10 CVE-2013-5011 Symantec Path Traversal vulnerability in Symantec Endpoint Protection

Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory.

7.2

59 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-12 CVE-2013-6028 Atmail Cross-Site Request Forgery (CSRF) vulnerability in Atmail

Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service.

6.8
2014-01-10 CVE-2014-0664 Cisco Resource Management Errors vulnerability in Cisco Unity Connection

The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976.

6.8
2014-01-08 CVE-2014-0621 Technicolor Cross-Site Request Forgery (CSRF) vulnerability in Technicolor Tc7200 and Tc7200 Firmware

Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.

6.8
2014-01-10 CVE-2010-5291 Amberdms Permissions, Privileges, and Access Controls vulnerability in Amberdms Billing System

Amberdms Billing System (ABS) before 1.4.1 does not properly implement blacklisting after detection of invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.

6.4
2014-01-10 CVE-2013-6334 IBM Improper Input Validation vulnerability in IBM products

IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) do not properly validate sessions, which allows remote attackers to bypass intended access restrictions, and visit PolicyAtlas/ResponseDraftServlet (aka the Compliance Questionnaire Save Draft servlet), via unspecified vectors.

6.4
2014-01-07 CVE-2011-1780 XEN Improper Input Validation vulnerability in XEN 3.0.3

The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread.

6.1
2014-01-12 CVE-2014-0805 Skyarts Path Traversal vulnerability in Skyarts Neofiler 2.4.2/5.4.3

Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free application 5.4.3 and earlier, and NeoFiler Lite application 2.4.2 and earlier for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.

5.8
2014-01-12 CVE-2014-0804 Cgene Path Traversal vulnerability in Cgene Security File Manager 1.0.6

Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.

5.8
2014-01-12 CVE-2014-0803 Yuichiro Okuyama
Google
Path Traversal vulnerability in Yuichiro Okuyama Tetra Filer and Tetra Filer Free

Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors.

5.8
2014-01-12 CVE-2014-0802 Aokitaka Path Traversal vulnerability in Aokitaka ZIP With Pass and ZIP With Pass PRO

Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.

5.8
2014-01-10 CVE-2014-1405 Conceptronic Improper Input Validation vulnerability in Conceptronic C54Apm and C54Apm Firmware

Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.

5.8
2014-01-07 CVE-2011-1166 XEN Improper Input Validation vulnerability in XEN

Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.

5.5
2014-01-10 CVE-2014-0658 Cisco Improper Input Validation vulnerability in Cisco products

Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898.

5.4
2014-01-12 CVE-2013-6954 Libpng Denial of Service vulnerability in libpng 'png_read_transform_info()' Function NULL Pointer Dereference

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.

5.0
2014-01-09 CVE-2013-7138 Horizon Quick Content Management System Project Path Traversal vulnerability in Horizon Quick Content Management System Project Horizon Quick Content Management System

Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2014-01-09 CVE-2014-0752 Ecava Permissions, Privileges, and Access Controls vulnerability in Ecava Integraxor

The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.

5.0
2014-01-08 CVE-2013-7097 7Mediaws Path Traversal vulnerability in 7Mediaws Edutrac

Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a ..

5.0
2014-01-07 CVE-2013-6419 Openstack Information Exposure vulnerability in Openstack Havana 2013.2.1/Havana1

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.

5.0
2014-01-07 CVE-2013-4564 Libreswan Numeric Errors vulnerability in Libreswan 3.6

Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.

5.0
2014-01-08 CVE-2014-0651 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Context Directory Agent

The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347.

4.9
2014-01-08 CVE-2013-7281 Linux Information Exposure vulnerability in Linux Kernel

The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

4.9
2014-01-06 CVE-2013-7271 Linux Improper Input Validation vulnerability in Linux Kernel

The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

4.9
2014-01-06 CVE-2013-7270 Linux Improper Input Validation vulnerability in Linux Kernel

The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

4.9
2014-01-06 CVE-2013-7269 Linux Improper Input Validation vulnerability in Linux Kernel

The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

4.9
2014-01-06 CVE-2013-7268 Linux Improper Input Validation vulnerability in Linux Kernel

The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

4.9
2014-01-06 CVE-2013-7267 Linux Improper Input Validation vulnerability in Linux Kernel

The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

4.9
2014-01-06 CVE-2013-7266 Linux Improper Input Validation vulnerability in Linux Kernel

The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

4.9
2014-01-06 CVE-2013-7265 Linux Improper Input Validation vulnerability in Linux Kernel

The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

4.9
2014-01-06 CVE-2013-7264 Linux Improper Input Validation vulnerability in Linux Kernel

The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

4.9
2014-01-06 CVE-2013-7263 Linux Improper Input Validation vulnerability in Linux Kernel

The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.

4.9
2014-01-10 CVE-2013-5010 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Endpoint Protection

The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors.

4.6
2014-01-07 CVE-2011-1936 XEN Denial-Of-Service vulnerability in Xen

Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors.

4.6
2014-01-11 CVE-2013-3713 Opensuse Information Exposure vulnerability in Opensuse 13.1

The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensitive information and possibly have other unspecified impacts, as demonstrated by reading /etc/shadow.

4.4
2014-01-12 CVE-2013-6017 Atmail Cross-Site Scripting vulnerability in Atmail

Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.

4.3
2014-01-11 CVE-2013-4517 Apache Resource Management Errors vulnerability in Apache XML Security for Java

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

4.3
2014-01-10 CVE-2014-0977 Sixapart Cross-Site Scripting vulnerability in Sixapart Movabletype

Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-01-10 CVE-2014-1407 Conceptronic Cross-Site Scripting vulnerability in Conceptronic C54Apm and C54Apm Firmware

Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.

4.3
2014-01-10 CVE-2014-1406 Conceptronic Improper Input Validation vulnerability in Conceptronic C54Apm and C54Apm Firmware

CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.

4.3
2014-01-10 CVE-2014-0663 Cisco Cross-Site Scripting vulnerability in Cisco Secure Access Control System

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625.

4.3
2014-01-10 CVE-2013-7289 Aphpkb Cross-Site Scripting vulnerability in Aphpkb

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) email, or (4) username parameter.

4.3
2014-01-10 CVE-2013-7288 Mybb Cross-Site Scripting vulnerability in Mybb

Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via vectors related to Yahoo video URLs.

4.3
2014-01-10 CVE-2013-6974 Cisco Cross-Site Scripting vulnerability in Cisco Secure Access Control System

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431.

4.3
2014-01-09 CVE-2013-6923 Seagate Cross-Site Scripting vulnerability in Seagate Blackarmor NAS 220 and Blackarmor NAS 220 Firmware

Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php.

4.3
2014-01-09 CVE-2013-4353 Openssl Improper Input Validation vulnerability in Openssl

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

4.3
2014-01-09 CVE-2013-6997 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."

4.3
2014-01-08 CVE-2014-0655 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332.

4.3
2014-01-08 CVE-2014-0654 Cisco Improper Input Validation vulnerability in Cisco Context Directory Agent

Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383.

4.3
2014-01-08 CVE-2014-0653 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance

The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.

4.3
2014-01-08 CVE-2014-0652 Cisco Cross-Site Scripting vulnerability in Cisco Context Directory Agent

Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358.

4.3
2014-01-08 CVE-2013-6982 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174.

4.3
2014-01-08 CVE-2014-1232 Foliovision
Wordpress
Cross-Site Scripting vulnerability in Foliovision Foliopress Wysiwyg

Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-01-08 CVE-2014-0620 Technicolor Cross-Site Scripting vulnerability in Technicolor Tc7200 and Tc7200 Firmware

Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.

4.3
2014-01-08 CVE-2013-7280 Hansotools Buffer Errors vulnerability in Hansotools Hanso Player 2.1.0/2.5.0

Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.

4.3
2014-01-08 CVE-2013-7279 Anthony Mills
Wordpress
Cross-Site Scripting vulnerability in Anthony Mills S3 Video 0.98/0.981/0.982

Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter.

4.3
2014-01-08 CVE-2013-7277 Aphpkb Cross-Site Scripting vulnerability in Aphpkb

Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php.

4.3
2014-01-08 CVE-2013-7276 Recommend TO A Friend Project
Wordpress
Cross-Site Scripting vulnerability in Recommend TO A Friend Project Recommend TO A Friend 2.0.2

Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter.

4.3
2014-01-08 CVE-2013-7275 Mybb Cross-Site Scripting vulnerability in Mybb

Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie list popup.

4.3
2014-01-08 CVE-2014-0657 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.

4.0
2014-01-08 CVE-2014-0656 Cisco Improper Input Validation vulnerability in Cisco Context Directory Agent

Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-10 CVE-2013-4460 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.

3.5
2014-01-08 CVE-2013-7274 Wallpaperscript Cross-Site Scripting vulnerability in Wallpaperscript 3.5.0082

Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload.

3.5
2014-01-10 CVE-2014-1234 Paratrooper Newrelic Project Information Exposure vulnerability in Paratrooper-Newrelic Project Paratrooper-Newrelic 1.0.1

The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.

2.1
2014-01-10 CVE-2014-1233 Tobias Maier Information Exposure vulnerability in Tobias Maier Paratrooper-Pingdom 1.0.0

The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.

2.1
2014-01-07 CVE-2013-6436 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt

The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.

2.1
2014-01-07 CVE-2013-6480 Apache Information Exposure vulnerability in Apache Libcloud

Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.

2.1
2014-01-07 CVE-2013-4969 Puppetlabs
Puppet
Debian
Canonical
Link Following vulnerability in multiple products

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

2.1
2014-01-10 CVE-2010-5292 Amberdms Information Exposure vulnerability in Amberdms Billing System

Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job.

1.9