[VIM] [CVENEW] New CVE CANs: 2013/03/20 11:00 ; count=5
coley at mitre.org
coley at mitre.org
Wed Mar 20 10:04:28 CDT 2013
======================================================
Name: CVE-2013-0232
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0232
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20121206
Category:
Reference: EXPLOIT-DB:24310
Reference: URL:http://www.exploit-db.com/exploits/24310
Reference: MLIST:[oss-security] 20130128 Re: CVE Request: zoneminder: arbitrary command execution vulnerability
Reference: URL:http://www.openwall.com/lists/oss-security/2013/01/28/2
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698910
Reference: MISC:http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/
Reference: MISC:http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771
Reference: DEBIAN:DSA-2640
Reference: URL:http://www.debian.org/security/2013/dsa-2640
Reference: OSVDB:89529
Reference: URL:http://www.osvdb.org/89529
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and
earlier allows remote attackers to execute arbitrary commands via
shell metacharacters in the (1) runState parameter in the
packageControl function; or (2) key or (3) command parameter in the
setDeviceStatusX10 function.
======================================================
Name: CVE-2013-0332
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0332
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20121206
Category:
Reference: MLIST:[oss-security] 20130220 Re: CVE request: zoneminder: local file inclusion vulnerability
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/21/8
Reference: MLIST:[oss-security] 20130221 Re: CVE request: zoneminder: local file inclusion vulnerability
Reference: URL:http://www.openwall.com/lists/oss-security/2013/02/21/9
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700912
Reference: CONFIRM:http://www.zoneminder.com/forums/viewtopic.php?f=1&t=17979
Reference: CONFIRM:http://www.zoneminder.com/wiki/index.php/Change_History
Reference: DEBIAN:DSA-2640
Reference: URL:http://www.debian.org/security/2013/dsa-2640
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x
before 1.24.4 allow remote attackers to read arbitrary files via a ..
(dot dot) in the (1) view, (2) request, or (3) action parameter.
======================================================
Name: CVE-2013-1766
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1766
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20130219
Category:
Reference: DEBIAN:DSA-2650
Reference: URL:http://www.debian.org/security/2013/dsa-2650
Reference: BID:58178
Reference: URL:http://www.securityfocus.com/bid/58178
Reference: SECUNIA:52628
Reference: URL:http://secunia.com/advisories/52628
libvirt 1.0.2 and earlier sets the group owner to kvm for device
files, which allows local users to write to these files via
unspecified vectors.
======================================================
Name: CVE-2013-1842
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1842
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20130219
Category:
Reference: MLIST:[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/12/3
Reference: CONFIRM:http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/
Reference: DEBIAN:DSA-2646
Reference: URL:http://www.debian.org/security/2013/dsa-2646
Reference: BID:58330
Reference: URL:http://www.securityfocus.com/bid/58330
Reference: OSVDB:90925
Reference: URL:http://osvdb.org/90925
Reference: SECUNIA:52433
Reference: URL:http://secunia.com/advisories/52433
Reference: SECUNIA:52638
Reference: URL:http://secunia.com/advisories/52638
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x
before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x
before 6.0.3 allows remote attackers to execute arbitrary SQL commands
via unspecified vectors, related to "the Query Object Model and
relation values."
======================================================
Name: CVE-2013-1843
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1843
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20130219
Category:
Reference: MLIST:[oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/12/3
Reference: CONFIRM:http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/
Reference: DEBIAN:DSA-2646
Reference: URL:http://www.debian.org/security/2013/dsa-2646
Reference: BID:58330
Reference: URL:http://www.securityfocus.com/bid/58330
Reference: OSVDB:90924
Reference: URL:http://www.osvdb.org/90924
Reference: SECUNIA:52433
Reference: URL:http://secunia.com/advisories/52433
Reference: SECUNIA:52638
Reference: URL:http://secunia.com/advisories/52638
Open redirect vulnerability in the Access tracking mechanism in TYPO3
4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and
6.0.x before 6.0.3 allows remote attackers to redirect users to
arbitrary web sites and conduct phishing attacks via unspecified
vectors.
More information about the VIM
mailing list