[VIM] [CVENEW] New CVE CANs: 2013/03/21 16:00 ; count=3

coley at mitre.org coley at mitre.org
Thu Mar 21 15:04:25 CDT 2013 

======================================================
Name: CVE-2012-5757
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5757
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121102
Category: 
Reference: CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21619993
Reference: AIXAPAR:PM77153
Reference: URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM77153
Reference: XF:rcq-reflected-xss(80061)
Reference: URL:http://xforce.iss.net/xforce/xfdb/80061

Cross-site scripting (XSS) vulnerability in the Web Client in IBM
Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6
allows remote attackers to inject arbitrary web script or HTML via a
crafted URL.



======================================================
Name: CVE-2013-0126
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0126
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: EXPLOIT-DB:24860
Reference: URL:http://www.exploit-db.com/exploits/24860/
Reference: MISC:http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html
Reference: CERT-VN:VU#278204
Reference: URL:http://www.kb.cert.org/vuls/id/278204

Multiple cross-site request forgery (CSRF) vulnerabilities in
index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router allow
remote attackers to hijack the authentication of administrators for
requests that (1) add administrative accounts via the username and
user_level parameters or (2) enable remote administration via the
is_telnet_primary and is_telnet_secondary parameters.



======================================================
Name: CVE-2013-0453
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0453
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121216
Category: 
Reference: CONFIRM:http://www.ibm.com/support/docview.wss?uid=swg21631351
Reference: AIXAPAR:IV37766
Reference: URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV37766
Reference: XF:tem-web-reports-xss(80969)
Reference: URL:http://xforce.iss.net/xforce/xfdb/80969

Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli
Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated
users to inject arbitrary web script or HTML via a crafted URL.

More information about the VIM mailing list