VARIoT IoT vulnerabilities database

The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications

The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider-Electric ClearSCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of OPF files. The issue lies in a failure to validate a length specifier before using it as an index into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. Schneider Electric ClearSCADA is an open software platform that enables remote management of critical architectures. Schneider ClearSCADA has security holes in the implementation of parsing project files. To exploit this vulnerability you need to install the \"PLC Driver\". Schneider Electric ClearSCADA is prone to a remote code-execution vulnerability. Failed exploit attempts may result in a denial-of-service condition. 1a build 73.4903, 2013 R1.2 build 73.4955, 2013 R2 build 74.5094

Because the device fails to restrict access to certain scripts, the attacker is allowed direct access to get administrator account information or other sensitive settings. Allows an attacker to build a malicious URI, entice a user to parse, and perform malicious actions, such as changing settings. EE bright box Router is a router product of British EE company. Cross-site request forgery vulnerability and security bypass vulnerability exist in EE bright box router. A remote attacker could use this vulnerability to perform unauthorized operations, bypass security restrictions, and gain access to affected devices. There may also be other forms of attack. Other attacks are also possible

Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950. Vendors have confirmed this vulnerability Bug ID CSCud10943 and CSCud10950 It is released as.Skillfully crafted by a third party URL Through any Web Script or HTML May be inserted. Allows an attacker to build a malicious URI, entice a user to resolve, and obtain sensitive information or hijack a user session when malicious data is viewed. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID's CSCud10943 and CSCud10950

The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. Due to insufficient session management in the portal, authenticated remote attackers are allowed to access the portal interface in other user contexts. An authenticated remote attacker can leverage this issue to bypass security restrictions and perform unauthorized actions with the privileges of another user. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCue65951. The system can respectively control network access and network device access through RADIUS and TACACS protocols

The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code. GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY of CimWebServer.exe ( alias WebView component ) Contains a directory traversal vulnerability. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-1623 Was numbered.By a third party TCP port 10212 Arbitrary code could be executed via a crafted message to. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter validation on the szScreen field. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry's leading HMI/SCADA software. The following products are affected: Proficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2 Proficy Process Systems with CIMPLICITY

Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-1622 Was numbered.Skillfully crafted by a third party HTTP Arbitrary code may be executed via a request. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gefebt.exe component. This component performs insufficient parameter validation on an HTTP request. Successful exploitation will allow an attacker to upload and execute an arbitrary file on the target server. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry's leading HMI/SCADA software. GE Proficy CIMPLICITY CimWebServer The gefebt.exe component fails to properly check the location of shell files loaded into the system. By modifying the source location, an attacker can send shell code to CimWebServer and deploy it in a server-side script to execute arbitrary code. The following products are affected: Proficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2 Proficy Process Systems with CIMPLICITY

Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. (CWE-79). The Mediatrix 4402 Device is a VoIP adapter. Execute malicious script code to get sensitive information or hijack user sessions. Mediatrix 4402 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Mediatrix 4402 running firmware Dgw 1.1.13.186 is vulnerable; other versions may also be affected. Advisory ID: hag201476 Product: Mediatrix Web Management Interface Vendor: Media5 Corporation Vulnerable Version(s): Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 and probably prior Tested Version: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 Advisory Publication: January 23, 2014 Vendor Notification: November 13, 2013 Public Disclosure: January 23, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-1612 Risk Level: Medium CVSSv2 Base Score: 6.4 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Solution not yet released Discovered and Provided: Help AG Middle East ------------------------------------------------------------------------ ----------------------- about the vendor: Media5 products and technologies are deployed in millions of broadband connected devices including smartphones, set-top boxes, and a wide variety of telecommunications equipment and applications. Our VoIP expertise went on to deliver the Mediatrix family of VoIP ATAs and Gateways, and now includes a suite of voice and video mobility solutions and the M5T family of secure SIP-based solutions for the telecommunications marketplace. As the targeted Mediatrix device in our case is used for providing voice over IP (VoIP) connectivity to ISDN telephones, the attacker could even set up his rogue SIP server, replace the original one in the Mediatrix configuration and listen to all corporate calls if an administrative account is compromised via the XSS in the login page. ------------------------------------------------------------------------ ----------------------- Solution: The vendor was notified, contact the vendor for the patch details ------------------------------------------------------------------------ ----------------------- References: [1] help AG middle East http://www.helpag.com/. [2] Media5 Corporation http://www.mediatrix.com/en/company [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. ------------------------------------------------------------------------ ----------------------- Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible

The Motorola WiMAX CPEi25890 is a WiMax cat released by Motorola. A security vulnerability exists in the Motorola WiMAX CPEi25890 /cgi-bin/f1_fcgi_cgi.fcgi script. When /etc/www/html/wifi/wifi_security.html is called via the 'nextpage' parameter, the wireless plaintext ciphertext is leaked to an attacker who can conduct a man-in-the-middle attack, causing sensitive information to leak.

The Brocade ServerIron ADX Series switches provide intelligent application delivery controllers with industry-leading Layer 2 to 7 switching performance. Brocade ServerIron ADX switches include telnet service access without a password, allowing remote attackers to exploit vulnerabilities without having to authenticate access devices.

The Motorola WiMAX CPEi25890 is a WiMax cat released by Motorola. The Motorola WiMAX CPEi25890 is installed with the default user credentials. This administrator account has a password for 'motorola'. Allow remote attackers to gain privileged access to the device.

Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCud10992. Cisco Video Surveillance Operations Manager (VSOM) is an enterprise-level video configuration and management solution from Cisco. This solution can provide secure configuration and management for web portal video, media server instances, cameras, etc. in the IP network

Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file. CWE-23: Relative Path Traversal http://cwe.mitre.org/data/definitions/23.htmlThe product is /etc/passwd Information such as may be obtained. As a result, the product may be accessed with administrator privileges. Avocent MergePoint Unity 2016 KVM is a new generation of managed switches from Emerson. A remote attacker can exploit this issue to obtain sensitive information that could aid in further attacks. An attacker can use directory traversal to download critical files such as /etc/passwd to obtain the credentials for the device. Author: ====== Shady.liu@dbappsecurity.com.cn Description: ====== A remote unauthenticated attacker can download the configuration files of the device and use the obtained administrator credentials to access the interface. The attacker may then modify the settings of the device with unrestricted access. Abstract: ====== http://www.securityfocus.com/bid/65105 http://osvdb.org/show/osvdb/102408 http://www.kb.cert.org/vuls/id/168751 Exploit: ====== DBAppSecurity Co.Ltd. ----------------------------------------------------------- Email:Shady.liu@dbappsecurity.com.cn ----------------------------------------------------------

Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. Apple Pages is prone to a remote code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Apple Pages is a set of word processing and page layout applications (APP) of Apple (Apple), which supports the creation and sharing of documents, newsletters, reports and many other contents. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-03-10-1 iOS 7.1 iOS 7.1 is now available and addresses the following: Backup Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted backup can alter the filesystem Description: A symbolic link in a backup would be restored, allowing subsequent operations during the restore to write to the rest of the filesystem. Configuration Profiles Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Profile expiration dates were not honored Description: Expiration dates of mobile configuration profiles were not evaluated correctly. CVE-ID CVE-2014-1271 : Filippo Bigarella Crash Reporting Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to change permissions on arbitrary files Description: CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files. CVE-ID CVE-2014-1272 : evad3rs dyld Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Code signing requirements may be bypassed Description: Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. CVE-ID CVE-2014-1273 : evad3rs FaceTime Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to access FaceTime contacts from the lock screen Description: FaceTime contacts on a locked device could be exposed by making a failed FaceTime call from the lock screen. CVE-ID CVE-2013-6629 : Michal Zalewski IOKit HID Event Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may monitor on user actions in other apps Description: An interface in IOKit framework allowed malicious apps to monitor on user actions in other apps. CVE-ID CVE-2014-1276 : Min Zheng, Hui Xue, and Dr. Tao (Lenx) Wei of FireEye iTunes Store Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A man-in-the-middle attacker may entice a user into downloading a malicious app via Enterprise App Download Description: An attacker with a privileged network position could spoof network communications to entice a user into downloading a malicious app. This issue was mitigated by using SSL and prompting the user during URL redirects. CVE-ID CVE-2014-1252 : Felix Groebert of the Google Security Team Photos Backend Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Deleted images may still appear in the Photos app underneath transparent images Description: Deleting an image from the asset library did not delete cached versions of the image. CVE-ID CVE-2014-1281 : Walter Hoelblinger of Hoelblinger.com, Morgan Adams, Tom Pennington Profiles Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A configuration profile may be hidden from the user Description: A configuration profile with a long name could be loaded onto the device but was not displayed in the profile UI. CVE-ID CVE-2014-1282 : Assaf Hefetz, Yair Amit and Adi Sharabani of Skycure Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: User credentials may be disclosed to an unexpected site via autofill Description: Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. CVE-ID CVE-2013-5227 : Niklas Malmgren of Klarna AB Settings - Accounts Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. CVE-ID CVE-2014-1284 Springboard Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see the home screen of the device even if the device has not been activated Description: An unexpected application termination during activation could cause the phone to show the home screen. CVE-ID CVE-2014-1285 : Roboboi99 SpringBoard Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause the lock screen to become unresponsive Description: A state management issue existed in the lock screen. CVE-ID CVE-2014-1286 : Bogdan Alecu of M-sec.net TelephonyUI Framework Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A webpage could trigger a FaceTime audio call without user interaction Description: Safari did not consult the user before launching facetime-audio:// URLs. CVE-ID CVE-2013-2909 : Atte Kettunen of OUSPG CVE-2013-2926 : cloudfuzzer CVE-2013-2928 : Google Chrome Security Team CVE-2013-5196 : Google Chrome Security Team CVE-2013-5197 : Google Chrome Security Team CVE-2013-5198 : Apple CVE-2013-5199 : Apple CVE-2013-5225 : Google Chrome Security Team CVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day Initiative CVE-2013-6625 : cloudfuzzer CVE-2013-6635 : cloudfuzzer CVE-2014-1269 : Apple CVE-2014-1270 : Apple CVE-2014-1289 : Apple CVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day Initiative, Google Chrome Security Team CVE-2014-1291 : Google Chrome Security Team CVE-2014-1292 : Google Chrome Security Team CVE-2014-1293 : Google Chrome Security Team CVE-2014-1294 : Google Chrome Security Team Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001 OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses the following: Apache Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.26. CVE-ID CVE-2013-1862 CVE-2013-1896 App Sandbox Available for: OS X Mountain Lion v10.8.5 Impact: The App Sandbox may be bypassed Description: The LaunchServices interface for launching an application allowed sandboxed apps to specify the list of arguments passed to the new process. A compromised sandboxed application could abuse this to bypass the sandbox. This issue was addressed by preventing sandboxed applications from specifying arguments. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2013-5179 : Friedrich Graeter of The Soulmen GbR ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of handling of Type 1 fonts. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1254 : Felix Groebert of the Google Security Team ATS Available for: OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: A memory corruption issue existed in the handling of Mach messages passed to ATS. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1262 : Meder Kydyraliev of the Google Security Team ATS Available for: OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: An arbitrary free issue existed in the handling of Mach messages passed to ATS. This issue was addressed through additional validation of Mach messages. CVE-ID CVE-2014-1255 : Meder Kydyraliev of the Google Security Team ATS Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: A buffer overflow issue existed in the handling of Mach messages passed to ATS. This issue was addressed by additional bounds checking. CVE-ID CVE-2014-1256 : Meder Kydyraliev of the Google Security Team Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Root certificates have been updated Description: The set of system root certificates has been updated. The complete list of recognized system roots may be viewed via the Keychain Access application. CFNetwork Cookies Available for: OS X Mountain Lion v10.8.5 Impact: Session cookies may persist even after resetting Safari Description: Resetting Safari did not always delete session cookies until Safari was closed. This issue was addressed through improved handling of session cookies. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreAnimation's handling of images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1258 : Karl Smith of NCC Group CoreText Available for: OS X Mavericks 10.9 and 10.9.1 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in CoreText in the handling of Unicode fonts. This issue is addressed through improved bounds checking. CVE-ID CVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs curl Available for: OS X Mavericks 10.9 and 10.9.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: When using curl to connect to an HTTPS URL containing an IP address, the IP address was not validated against the certificate. This issue does not affect systems prior to OS X Mavericks v10.9. CVE-ID CVE-2014-1263 : Roland Moriz of Moriz GmbH Data Security Available for: OS X Mavericks 10.9 and 10.9.1 Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. CVE-ID CVE-2014-1266 Date and Time Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: An unprivileged user may change the system clock Description: This update changes the behavior of the systemsetup command to require administrator privileges to change the system clock. CVE-ID CVE-2014-1265 File Bookmark Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a file with a maliciously crafted name may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of file names. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1259 Finder Available for: OS X Mavericks 10.9 and 10.9.1 Impact: Accessing a file's ACL via Finder may lead to other users gaining unauthorized access to files Description: Accessing a file's ACL via Finder may corrupt the ACLs on the file. This issue was addressed through improved handling of ACLs. CVE-ID CVE-2014-1264 ImageIO Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a maliciously crafted JPEG file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in libjpeg's handling of JPEG markers, resulting in the disclosure of memory contents. This issue was addressed by better JPEG handling. CVE-ID CVE-2013-6629 : Michal Zalewski IOSerialFamily Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. This issue does not affect systems running OS X Mavericks v10.9 or later. CVE-ID CVE-2013-5139 : @dent1zt LaunchServices Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: A file could show the wrong extension Description: An issue existed in the handling of certain unicode characters that could allow filenames to show incorrect extensions. The issue was addressed by filtering unsafe unicode characters from display in filenames. This issue does not affect systems running OS X Mavericks v10.9 or later. CVE-ID CVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre of Intego NVIDIA Drivers Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Executing a malicious application could result in arbitrary code execution within the graphics card Description: An issue existed that allowed writes to some trusted memory on the graphics card. This issue was addressed by removing the ability of the host to write to that memory. CVE-ID CVE-2013-5986 : Marcin Kościelnicki from the X.Org Foundation Nouveau project CVE-2013-5987 : Marcin Kościelnicki from the X.Org Foundation Nouveau project PHP Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP, the most serious of which may have led to arbitrary code execution. These issues were addressed by updating PHP to version 5.4.22 on OS X Mavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion. CVE-ID CVE-2013-4073 CVE-2013-4113 CVE-2013-4248 CVE-2013-6420 QuickLook Available for: OS X Mountain Lion v10.8.5 Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may have led to an unexpected application termination or arbitrary code execution. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2014-1260 : Felix Groebert of the Google Security Team QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Downloading a maliciously crafted Microsoft Word document may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in QuickLook's handling of Microsoft Word documents. This issue was addressed through improved memory management. CVE-ID CVE-2014-1252 : Felix Groebert of the Google Security Team QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ftab' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1246 : An anonymous researcher working with HP's Zero Day Initiative QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ldat' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1248 : Jason Kratzer working with iDefense VCP QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PSD images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1249 : dragonltx of Tencent Security Team QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of 'ttfo' elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1250 : Jason Kratzer working with iDefense VCP QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of 'stsz' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative Secure Transport Available for: OS X Mountain Lion v10.8.5 Impact: An attacker may be able to decrypt data protected by SSL Description: There were known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode. To address these issues for applications using Secure Transport, the 1-byte fragment mitigation was enabled by default for this configuration. CVE-ID CVE-2011-3389 : Juliano Rizzo and Thai Duong OS X Mavericks v10.9.2 includes the content of Safari 7.0.2. OS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn mlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6 U0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb OlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ 3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8 C6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY Y7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O t2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX iB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ q5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv kBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI aiYIh+SzR0rBdMZRgyzv =+DAJ -----END PGP SIGNATURE-----

Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. http://cwe.mitre.org/data/definitions/601.htmlBy a third party URL Any user through Web You may be redirected to a site and run a phishing attack. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. Other attacks are possible. Drupal is a free and open source content management system developed in PHP language maintained by the Drupal community

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471. The issue is documented by Cisco Bug ID CSCue07471. Cisco TelePresence Video Communication Server (VCS) is a telepresence video communication server of Cisco (Cisco), which can be integrated with unified communication and voice communication environment, so as to provide the best experience for end users using various communication tools

Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360. The Cisco TelePresence ISDN Gateway is prone to a denial-of-service vulnerability. A remote attacker may exploit this issue to cause drop of the D-channel, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCui50360. The solution provides features such as high-definition (HD) video, content sharing and encryption. The vulnerability is caused by the program not correctly handling the Q.931 STATUS message

The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796. Cisco TelePresence System is prone to an arbitrary command-execution vulnerability. Remote attackers can exploit this issue to execute arbitrary calls through stack corruption with the privilege of the root user. This issue being tracked by Cisco Bug ID CSCui32796. The solution provides components such as audio and video space, which can provide remote participants with a face-to-face virtual meeting room effect. The following versions are affected: Cisco TelePresence System 500-37, 1000, 1300-65, 3xxx prior to 1.10.2(42), 500-32, 1300-47, TX1310 65, TX9xxx prior to 6.0.4(11)

The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632. An attacker can exploit this issue to cause a denial-of-service condition. The issue is documented by Cisco Bug ID CSCue97632

Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. Cisco NX-OS Is TACACS+ A vulnerability exists that circumvents command restrictions. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. The vulnerability is due to the failure to properly filter the sequence of strings provided by the user, executing multiple commands in a sequence, allowing an attacker to execute unauthorized commands. Cisco NX-OS is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. This issue is being tracked by Cisco Bug ID CSCum47367. Cisco NX-OS is a data center-oriented operating system developed by Cisco