Monthly Archive: August 2013

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2. Date...

The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network’s...

Integer overflow in Sagelight 4.4 and earlier allows remote attackers to execute arbitrary code via crafted width and height dimensions in a BMP file, which triggers a heap-based buffer overflow. Date published : 2013-08-09...

Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter. Date published : 2013-08-09 http://www.securityfocus.com/bid/61407...

Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch – My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings. Date...

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA. Date...

Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW. Date published : 2013-08-09...

Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. Date published : 2013-08-09...

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial...

Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. Date published : 2013-08-09 http://ics-cert.us-cert.gov/advisories/ICSA-13-219-01

Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file. Date published : 2013-08-09 http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html http://newsgroup.xnview.com/viewtopic.php?f=35&t=28400

Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file. Date published : 2013-08-09 http://archives.neohapsis.com/archives/bugtraq/2013-07/0154.html http://www.artweaver.de/en/help/80

Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot...

IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted HTTP (1) Range or (2) Request-Range header. Date published : 2013-08-09...