Monthly Archive: April 2013

The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7000 devices allows remote attackers to cause a denial of service (forwarding loop and service outage) via a crafted frame, aka Bug ID CSCug47098. Date...

SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3)...

Memory leak in the SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (memory consumption and process restart) via crafted SNMP packets, aka Bug ID CSCue31546. Date...

Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud15430. Date published...

Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2013-04-27 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03737200 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03737200

The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to...

Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Date published : 2013-04-27 http://www-01.ibm.com/support/docview.wss?uid=swg21633620...

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows local users to gain privileges via unknown vectors. Date published : 2013-04-26 http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03570121-2 http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03570121-2

Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Date published : 2013-04-26...

The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site. Date published : 2013-04-26 https://play.google.com/store/apps/details?id=jp.co.yahoo.android.ybrowser http://jvn.jp/en/jp/JVN55074201/index.html

The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site. Date published : 2013-04-26 https://play.google.com/store/apps/details?id=jp.jig.product.browser_plus http://jvn.jp/en/jp/JVN01313594/index.html

Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via...

Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a...

Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS SamplePower 3.0 before 3.0-IM-S3SAMPC-WIN32-FP001 allows remote attackers to execute arbitrary code via unknown vectors. Date published : 2013-04-26 http://www-01.ibm.com/support/docview.wss?uid=swg21635503 https://exchange.xforce.ibmcloud.com/vulnerabilities/83382