Weekly Vulnerabilities Reports > January 20 to 26, 2014

Overview

146 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 26 high severity vulnerabilities. This weekly summary report vulnerabilities in 236 products from 88 vendors including Cisco, Redhat, Wordpress, IBM, and Apple. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Input Validation", "Information Exposure", and "SQL Injection".

  • 115 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 38 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 127 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

10 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-26 CVE-2013-7248 Franklinfueling Credentials Management vulnerability in Franklinfueling Ts-550 EVO and Ts-550 EVO Firmware

Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.

10.0
2014-01-24 CVE-2013-5667 Thecus OS Command Injection vulnerability in Thecus N8800 NAS Server and N8800 NAS Server Firmware

The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter.

10.0
2014-01-23 CVE-2014-0494 Adobe Buffer Errors vulnerability in Adobe Digital Editions 2.0.1

Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

10.0
2014-01-22 CVE-2013-6343 Asus Buffer Errors vulnerability in Asus products

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.

10.0
2014-01-21 CVE-2013-5986 Nvidia Local Privilege Escalation vulnerability in NVIDIA Graphics Driver GPU Access

Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 has unknown impact and attack vectors, a different vulnerability than CVE-2013-5987.

10.0
2014-01-21 CVE-2013-0485 IBM Security vulnerability in IBM Java SDK

Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries.

10.0
2014-01-20 CVE-2013-3594 Dell Improper Input Validation vulnerability in Dell products

The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22.

10.0
2014-01-25 CVE-2014-1202 Eviware
Smartbear
Code Injection vulnerability in multiple products

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.

9.3
2014-01-21 CVE-2013-1361 Lenovo DLL Loading Arbitrary Code Execution vulnerability in Lenovo Thinkpad Bluetooth With Enhanced Data Rate Software 6.4.0.2900

Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth.

9.3
2014-01-21 CVE-2013-6040 Mw6Tech Unspecified vulnerability in Mw6Tech products

Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls allow remote attackers to execute arbitrary code via a crafted HTML document.

9.3

26 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-26 CVE-2014-1666 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.

8.3
2014-01-22 CVE-2014-0661 Cisco Code Injection vulnerability in Cisco products

The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.

8.3
2014-01-24 CVE-2013-5669 Thecus Credentials Management vulnerability in Thecus N8800 NAS Server and N8800 NAS Server Firmware

The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network.

7.8
2014-01-24 CVE-2013-5668 Thecus Credentials Management vulnerability in Thecus N8800 NAS Server and N8800 NAS Server Firmware

The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content.

7.8
2014-01-21 CVE-2014-0753 Ecava Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ecava Integraxor

Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.

7.8
2014-01-20 CVE-2013-3606 Dell Improper Input Validation vulnerability in Dell products

The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username.

7.8
2014-01-26 CVE-2013-4304 Brion Vibber
Mediawiki
Improper Authentication vulnerability in multiple products

The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password.

7.5
2014-01-26 CVE-2013-7137 Josh Fradley Improper Authentication vulnerability in Josh Fradley Burden

The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.

7.5
2014-01-25 CVE-2014-0751 GE Path Traversal vulnerability in GE products

Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623.

7.5
2014-01-25 CVE-2014-0750 GE Path Traversal vulnerability in GE products

Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.

7.5
2014-01-24 CVE-2014-1475 Drupal Multiple Security vulnerability in Drupal Core

The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.

7.5
2014-01-24 CVE-2013-1886 Redhat USE of Externally-Controlled Format String vulnerability in Redhat Certificate System and Dogtag Certificate System

Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates.

7.5
2014-01-24 CVE-2014-1252 Apple Double Free vulnerability in Apple Iphone OS, mac OS X and Pages

Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.

7.5
2014-01-24 CVE-2013-5350 Tejimaya Improper Input Validation vulnerability in Tejimaya Openpne 3.6.13/3.8.9

The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object.

7.5
2014-01-23 CVE-2013-6934 Live555
Videolan
Numeric Errors vulnerability in multiple products

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

7.5
2014-01-23 CVE-2013-6933 Live555 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Live555 Streaming Media

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

7.5
2014-01-22 CVE-2014-1636 Doug Poulin SQL Injection vulnerability in Doug Poulin Command School Student Management System 1.06.01

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.

7.5
2014-01-21 CVE-2013-7219 2Glux SQL Injection vulnerability in 2Glux COM Sexypolling

SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.

7.5
2014-01-21 CVE-2013-2594 Hornbill SQL Injection vulnerability in Hornbill Supportworks Itsm 1.0.0/3.4.14

SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter.

7.5
2014-01-21 CVE-2014-1619 Cubicfactory SQL Injection vulnerability in Cubicfactory Cubic CMS 5.1.1/5.1.2/5.2

Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario.

7.5
2014-01-21 CVE-2014-1618 Uaepd SQL Injection vulnerability in Uaepd Shopping Cart Script

Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.

7.5
2014-01-21 CVE-2013-5987 Nvidia
Apple
Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.
7.2
2014-01-21 CVE-2013-2152 Redhat Local Privilege Escalation vulnerability in Redhat Enterprise Virtualization 3.2

Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder.

7.2
2014-01-21 CVE-2013-2151 Redhat Local Privilege Escalation vulnerability in Red Hat Enterprise Virtualization Manager

Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder.

7.2
2014-01-22 CVE-2014-0662 Cisco Improper Input Validation vulnerability in Cisco products

The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.

7.1
2014-01-22 CVE-2014-0660 Cisco Improper Input Validation vulnerability in Cisco Telepresence Isdn Gateway Software

Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360.

7.1

97 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-26 CVE-2013-6429 Pivotal Software Cross-Site Request Forgery (CSRF) vulnerability in Pivotal Software Spring Framework

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

6.8
2014-01-25 CVE-2014-1670 Microsoft Code Injection vulnerability in Microsoft Bing 4.2.0

The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response.

6.8
2014-01-24 CVE-2013-6458 Redhat Race Condition vulnerability in Redhat Libvirt

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.

6.8
2014-01-24 CVE-2014-0674 Cisco Improper Authentication vulnerability in Cisco Video Surveillance Operations Manager

Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992.

6.8
2014-01-23 CVE-2013-7315 Springsource Permissions, Privileges, and Access Controls vulnerability in Springsource Spring Framework

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152.

6.8
2014-01-23 CVE-2013-4152 Springsource Permissions, Privileges, and Access Controls vulnerability in Springsource Spring Framework

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

6.8
2014-01-23 CVE-2013-7314 NEC Unspecified vulnerability in NEC products

The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

6.8
2014-01-23 CVE-2013-6443 Redhat Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms 3.0 Management Engine

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.

6.8
2014-01-22 CVE-2014-0676 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.

6.8
2014-01-21 CVE-2013-0340 Libexpat Project Permissions, Privileges, and Access Controls vulnerability in Libexpat Project Libexpat

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.

6.8
2014-01-21 CVE-2013-0339 Xmlsoft
Canonical
Debian
Suse
Permissions, Privileges, and Access Controls vulnerability in multiple products

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.

6.8
2014-01-21 CVE-2013-6922 Seagate Cross-Site Request Forgery (CSRF) vulnerability in Seagate Blackarmor NAS 220 and Blackarmor NAS 220 Firmware

Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes.

6.8
2014-01-20 CVE-2014-0010 Moodle
Fedoraproject
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.

6.8
2014-01-20 CVE-2013-3595 Dell Improper Input Validation vulnerability in Dell products

The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL.

6.8
2014-01-26 CVE-2014-1671 Dell SQL Injection vulnerability in Dell products

Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.

6.5
2014-01-24 CVE-2013-7175 Avanset SQL Injection vulnerability in Avanset Visual Certexam Manager

Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field.

6.5
2014-01-21 CVE-2013-6872 O DYN SQL Injection vulnerability in O-Dyn Collabtive

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.

6.5
2014-01-23 CVE-2014-0675 Cisco Credentials Management vulnerability in Cisco Telepresence Video Communication Server

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.

6.4
2014-01-22 CVE-2014-0807 Lockon Access Security Bypass vulnerability in EC-CUBE

data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.

6.4
2014-01-21 CVE-2012-6634 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.

6.4
2014-01-23 CVE-2014-1242 Apple Cryptographic Issues vulnerability in Apple Itunes

Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.

5.8
2014-01-22 CVE-2014-0671 Cisco Improper Input Validation vulnerability in Cisco Mediasense

Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749.

5.8
2014-01-21 CVE-2013-4200 Plone Permissions, Privileges, and Access Controls vulnerability in Plone

The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.

5.8
2014-01-21 CVE-2014-1452 Freebsd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freebsd

Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request.

5.8
2014-01-21 CVE-2010-5293 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.

5.8
2014-01-25 CVE-2014-0678 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System

The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.

5.5
2014-01-21 CVE-2013-2104 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Python-Keystoneclient 0.2.2/0.2.3

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

5.5
2014-01-20 CVE-2014-0009 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request.

5.5
2014-01-23 CVE-2013-7313 Juniper Unspecified vulnerability in Juniper Junos, Junose and Screenos

The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

5.4
2014-01-23 CVE-2013-7312 Enterasys Unspecified vulnerability in Enterasys products

The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

5.4
2014-01-23 CVE-2013-7311 Checkpoint Unspecified vulnerability in Checkpoint Gaia OS and Ipso OS

The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

5.4
2014-01-23 CVE-2013-7310 Yamaha Unspecified vulnerability in Yamaha products

The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

5.4
2014-01-23 CVE-2013-7309 Extremenetworks Unspecified vulnerability in Extremenetworks Exos

The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

5.4
2014-01-23 CVE-2013-7308 Dlink Unspecified vulnerability in Dlink Des-3810-28 and Des-3810-28 Firmware

The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

5.4
2014-01-23 CVE-2013-7307 Brocade Unspecified vulnerability in Brocade Vyatta Vrouter and Vyatta Vrouter Software

The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

5.4
2014-01-23 CVE-2013-7306 Brocade Improper Input Validation vulnerability in Brocade products

The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

5.4
2014-01-24 CVE-2013-6457 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt

The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.

5.2
2014-01-26 CVE-2014-1664 Citrix Information Exposure vulnerability in Citrix Gotomeeting 5.0.799.1238

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.

5.0
2014-01-26 CVE-2013-7299 Tntnet Information Exposure vulnerability in Tntnet 2.0/2.1/2.2

framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests.

5.0
2014-01-26 CVE-2013-7298 Tntnet Resource Management Errors vulnerability in Tntnet Cxxtools 2.2

query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters.

5.0
2014-01-26 CVE-2013-6467 Libreswan Remote Denial of Service vulnerability in Libreswan 'IKEv2' Payloads

Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

5.0
2014-01-26 CVE-2013-6466 Xelerance Remote Denial Of Service vulnerability in Openswan IKEv2 payloads

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

5.0
2014-01-26 CVE-2014-0022 Baseurl Improper Input Validation vulnerability in Baseurl YUM

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.

5.0
2014-01-26 CVE-2014-1673 Checkpoint Unspecified vulnerability in Checkpoint Session Authentication Agent

Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors.

5.0
2014-01-26 CVE-2014-1626 Galen Charlton Permissions, Privileges, and Access Controls vulnerability in Galen Charlton Marc-Xml 1.0/1.0.1

XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.

5.0
2014-01-26 CVE-2013-7296 Freedesktop Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freedesktop Poppler

The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.

5.0
2014-01-26 CVE-2013-7247 Franklinfueling Permissions, Privileges, and Access Controls vulnerability in Franklinfueling Ts-550 EVO and Ts-550 EVO Firmware

cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST.

5.0
2014-01-24 CVE-2013-6030 Emerson Path Traversal vulnerability in Emerson Network Power Avocent Mergepoint Unity 2016 Firmware 1.9.16473

Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file.

5.0
2014-01-23 CVE-2013-6448 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Seam 2 Framework

The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.

5.0
2014-01-23 CVE-2013-6447 Redhat Information Exposure vulnerability in Redhat Jboss Seam 2 Framework

Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.

5.0
2014-01-22 CVE-2014-0808 Lockon Unspecified vulnerability in Lockon Ec-Cube

The lfCheckError function in data/class/pages/shopping/LC_Page_Shopping_Multiple.php in LOCKON EC-CUBE 2.11.0 through 2.12.2 allows remote attackers to obtain sensitive shipping information via unspecified vectors.

5.0
2014-01-22 CVE-2014-0677 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.

5.0
2014-01-22 CVE-2014-1637 Doug Poulin Information Exposure vulnerability in Doug Poulin Command School Student Management System 1.06.01

Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.

5.0
2014-01-22 CVE-2014-0669 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco ASR 5000 Series Software

The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371.

5.0
2014-01-21 CVE-2013-4160 Littlecms Unspecified vulnerability in Littlecms Little CMS Color Engine

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

5.0
2014-01-21 CVE-2013-1769 Simon Mcvittie Cryptographic Issues vulnerability in Simon Mcvittie Telepathy Gabble

A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message.

5.0
2014-01-21 CVE-2010-5296 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.

4.9
2014-01-23 CVE-2013-6412 Augeas Permissions, Privileges, and Access Controls vulnerability in Augeas 1.0.0/1.1.0

The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.

4.6
2014-01-26 CVE-2014-1642 XEN Resource Management Errors vulnerability in XEN

The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.

4.4
2014-01-26 CVE-2014-1607 Drupal Cross-Site Scripting vulnerability in Drupal 7.14

** DISPUTED ** Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/.

4.3
2014-01-26 CVE-2014-0794 Joomla Cross-Site Scripting vulnerability in Joomla COM Jvcomment 3.0.2

SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.

4.3
2014-01-26 CVE-2013-7143 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule.

4.3
2014-01-26 CVE-2013-7142 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.

4.3
2014-01-26 CVE-2013-7141 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.

4.3
2014-01-26 CVE-2013-6853 Yahoo
Mozilla
Apple
Cross-Site Scripting vulnerability in Yahoo Toolbar 2.5.9.2013418100420/3.1.0.20130813024103

Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim.

4.3
2014-01-25 CVE-2014-0673 Cisco Cross-Site Scripting vulnerability in Cisco Video Surveillance Indoor Fixed Dome IP HD Camera 5010/5011

Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950.

4.3
2014-01-24 CVE-2014-0028 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Libvirt

libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.

4.3
2014-01-24 CVE-2013-6434 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Virtualization Manager

The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.

4.3
2014-01-24 CVE-2013-1885 Redhat Cross-Site Scripting vulnerability in Redhat Certificate System and Dogtag Certificate System

Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) tus/ or (2) tus/tus/.

4.3
2014-01-24 CVE-2014-0809 Gapless Player Path Traversal vulnerability in Gapless Player Simzip 1.1/1.2

Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application before 1.2.1 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.

4.3
2014-01-24 CVE-2013-7317 CS Cart Cross-Site Scripting vulnerability in Cs-Cart

Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf.

4.3
2014-01-24 CVE-2013-7316 Gitlab Cross-Site Scripting vulnerability in Gitlab 6.0.0

Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html.

4.3
2014-01-24 CVE-2013-7184 Gomlab Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gomlab GOM Player

Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.

4.3
2014-01-23 CVE-2012-6447 Splunk Cross-Site Scripting vulnerability in Splunk 5.0/5.0.1/5.0.2

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-01-23 CVE-2014-0006 Openstack Information Exposure vulnerability in Openstack Swift

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.

4.3
2014-01-22 CVE-2014-0806 Fenrir INC Information Exposure vulnerability in Fenrir-Inc Sleipnir Mobile

The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls.

4.3
2014-01-22 CVE-2013-7305 E107 Credentials Management vulnerability in E107

fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.

4.3
2014-01-22 CVE-2013-7304 Checkpoint Cryptographic Issues vulnerability in Checkpoint Endpoint Security MI Server R73 3.0.0

Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client.

4.3
2014-01-22 CVE-2013-2750 E107 Cross-Site Scripting vulnerability in E107

Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2014-01-22 CVE-2014-0670 Cisco Cross-Site Scripting vulnerability in Cisco Mediasense

Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.

4.3
2014-01-22 CVE-2013-6746 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-01-21 CVE-2013-4884 Mcafee Cross-Site Scripting vulnerability in Mcafee Superscan 4.0

Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.

4.3
2014-01-21 CVE-2014-1620 Hiox Cross-Site Scripting vulnerability in Hiox Guest Book 5.0

Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX Guest Book (HGB) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name1, (2) email, or (3) cmt parameter.

4.3
2014-01-21 CVE-2013-6305 IBM Cryptographic Issues vulnerability in IBM Platform Symphony 5.2/6.1.0.1

IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key.

4.3
2014-01-21 CVE-2013-4030 IBM Cryptographic Issues vulnerability in IBM products

Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.

4.3
2014-01-21 CVE-2012-6633 Wordpress Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.

4.3
2014-01-21 CVE-2010-5295 Wordpress Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.

4.3
2014-01-21 CVE-2010-5294 Wordpress Cross-Site Scripting vulnerability in Wordpress

Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.

4.3
2014-01-20 CVE-2014-0668 Cisco Cross-Site Scripting vulnerability in Cisco Secure Access Control System

Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.

4.3
2014-01-26 CVE-2013-7140 Open Xchange Information Disclosure vulnerability in Open-Xchange AppSuite XML External Entities

XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface.

4.0
2014-01-26 CVE-2014-1672 Checkpoint Permissions, Privileges, and Access Controls vulnerability in Checkpoint Management Server and Security Gateway

Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restrictions.

4.0
2014-01-24 CVE-2014-1476 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.

4.0
2014-01-22 CVE-2014-0672 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Mediasense

The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface.

4.0
2014-01-21 CVE-2012-2997 F5 Information Exposure vulnerability in F5 Big-Ip Configuration Utility

XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file.

4.0
2014-01-21 CVE-2012-6635 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.

4.0
2014-01-21 CVE-2011-5270 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.

4.0
2014-01-20 CVE-2014-0008 Moodle Credentials Management vulnerability in Moodle

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.

4.0

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-01-26 CVE-2013-5364 Secunia
Redhat
Permissions, Privileges, and Access Controls vulnerability in Secunia CSI Agent 6.0.0.15017/6.0.1.1007/7.0.0.21

Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file.

3.6
2014-01-26 CVE-2014-0027 CMU Link Following vulnerability in CMU Flite 1.4

The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav.

3.3
2014-01-24 CVE-2014-1447 Redhat Race Condition vulnerability in Redhat Libvirt

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.

3.3
2014-01-23 CVE-2013-7048 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Nova

OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

3.3
2014-01-24 CVE-2013-2192 Apache Improper Authentication vulnerability in Apache Hadoop

The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.

3.2
2014-01-21 CVE-2013-1923 Linux NFS Information Exposure vulnerability in Linux-Nfs Nfs-Utils

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.

3.2
2014-01-24 CVE-2013-1853 Almanah Project Cryptographic Issues vulnerability in Almanah Project Almanah 0.10.0/0.9.0

Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.

2.1
2014-01-23 CVE-2013-5371 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager 6.3.1/6.4.0

The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

2.1
2014-01-23 CVE-2014-0979 Opensuse
Lightdm GTK Greeter Project
Local Denial of Service vulnerability in LightDM GTK+ Greeter

The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username.

2.1
2014-01-21 CVE-2013-0157 Kernel Information Exposure vulnerability in Kernel Util-Linux 2.14.1/2.17.2

(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.

2.1
2014-01-21 CVE-2013-5429 IBM Improper Authentication vulnerability in IBM Tivoli Federated Identity Manager

The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.

2.1
2014-01-21 CVE-2010-5297 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.

2.1
2014-01-26 CVE-2013-6891 Apple
Canonical
Link Following vulnerability in multiple products

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.

1.2