CVE-2013-4413

This is an entry in the Common Vulnerability Index under number CVE-2013-4413. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2013-4413

Description: Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.

Continue Reading …

CVE-2013-4204

This is an entry in the Common Vulnerability Index under number CVE-2013-4204. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2013-4204

Description: Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Continue Reading …

CVE-2013-1310

This is an entry in the Common Vulnerability Index under number CVE-2013-1310. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2013-1310

Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object,

Continue Reading …

CVE-2013-7343

This is an entry in the Common Vulnerability Index under number CVE-2013-7343. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2013-7343

Description: Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name.

Continue Reading …

CVE-2013-3339

This is an entry in the Common Vulnerability Index under number CVE-2013-3339. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2013-3339

Description: Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,

Continue Reading …

CVE-2013-5526

This is an entry in the Common Vulnerability Index under number CVE-2013-5526. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2013-5526

Description: Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets,

Continue Reading …

CVE-2013-7223

This is an entry in the Common Vulnerability Index under number CVE-2013-7223. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2013-7223

Description: Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors,

Continue Reading …

CVE-2013-3469

This is an entry in the Common Vulnerability Index under number CVE-2013-3469. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2013-3469

Description: Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port,

Continue Reading …

CVE-2013-5647

This is an entry in the Common Vulnerability Index under number CVE-2013-5647. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2013-5647

Description: lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.

Status: Candidate

Note for CVEs with status “Candidate”: Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list.Continue Reading …