[VIM] [CVENEW] New CVE CANs: 2013/03/21 17:00 ; count=5

coley at mitre.org coley at mitre.org
Thu Mar 21 16:04:25 CDT 2013


======================================================
Name: CVE-2013-0123
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0123
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: CERT-VN:VU#406596
Reference: URL:http://www.kb.cert.org/vuls/id/406596

Multiple SQL injection vulnerabilities in the administration interface
in ASKIA askiaweb allow remote attackers to execute arbitrary SQL
commands via (1) the nHistoryId parameter to
WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to
WebProd/pages/pgadmin.asp.



======================================================
Name: CVE-2013-0124
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0124
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20121206
Category: 
Reference: CERT-VN:VU#406596
Reference: URL:http://www.kb.cert.org/vuls/id/406596

Multiple cross-site scripting (XSS) vulnerabilities in the
administration interface in ASKIA askiaweb allow remote attackers to
inject arbitrary web script or HTML via the (1) Number or (2)
UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll.



======================================================
Name: CVE-2013-1844
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1844
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130311 Re: CVE request: XSS in piwik 1.11
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/12/4
Reference: CONFIRM:http://piwik.org/blog/2013/03/piwik-1-11/

Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows
remote attackers to inject arbitrary web script or HTML via
unspecified vectors.



======================================================
Name: CVE-2013-2632
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2632
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130321
Category: 
Reference: CONFIRM:http://code.google.com/p/v8/source/browse/trunk/ChangeLog
Reference: CONFIRM:http://googlechromereleases.blogspot.com/2013/03/dev-channel-update_18.html
Reference: CONFIRM:https://code.google.com/p/chromium/issues/detail?id=194749

Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3,
allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via crafted
JavaScript code, as demonstrated by the Bejeweled game.



======================================================
Name: CVE-2013-2633
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2633
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130321
Category: 
Reference: CONFIRM:http://piwik.org/blog/2013/03/piwik-1-11/

Piwik before 1.11 accepts input from a POST request instead of a GET
request in unspecified circumstances, which might allow attackers to
obtain sensitive information by leveraging the logging of parameters.





More information about the VIM mailing list