Monthly Archive: January 2014

Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework...

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request. Date published :...

The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and...

Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string. Date published : 2014-01-22 http://www.securityfocus.com/archive/1/526168 http://sourceforge.net/p/e107/svn/13079

Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request. Date published : 2014-01-22 http://www.securityfocus.com/bid/64707 http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php,...

The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer...

The lfCheckError function in data/class/pages/shopping/LC_Page_Shopping_Multiple.php in LOCKON EC-CUBE 2.11.0 through 2.12.2 allows remote attackers to obtain sensitive shipping information via unspecified vectors. Date published : 2014-01-22 http://www.ec-cube.net/info/weakness/weakness.php?id=57 http://jvn.jp/en/jp/JVN51770585/index.html

data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors. Date published : 2014-01-22 http://www.ec-cube.net/info/weakness/weakness.php?id=56 http://jvn.jp/en/jp/JVN17849447/index.html

The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location...

The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851....

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. Date published : 2014-01-22 http://www.securityfocus.com/bid/65083 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers’ installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions...

The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632. Date published...