CORE-2013-0618 - Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. *Advisory Information* Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:

Open-Xchange Security Advisory 2013-07-31

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 27473 (Bug ID) Vulnerability type: Phishing / Data injection Vulnerable version: 7.2.2 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev9, 7.2.1-rev10, 7.2.0-rev11, 7.0.2-rev14 Solution status: Fixed by

SQL Injection in Cotonti

Advisory ID: HTB23164 Product: Cotonti Vendor: Cotonti Team Vulnerable Version(s): 0.9.13 and probably prior Tested Version: 0.9.13 Vendor Notification: July 10, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: SQL Injection [CWE-89] CVE Reference:

[security bulletin] HPSBMU02902 rev.1 - HP Integrated Lights-Out iLO3, iLO4 IPMI Cipher Suite 0 Authentication Bypass Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03844348 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03844348 Version: 1 HPSBMU02902

Multiple XSS Vulnerabilities in Jahia xCM

Advisory ID: HTB23159 Product: Jahia xCM Vendor: Jahia Solutions Group SA Vulnerable Version(s): 6.6.1.0 r43343 and probably prior Tested Version: 6.6.1.0 r43343 Vendor Notification: June 5, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: Cross-Site

Cisco Security Advisory: Cisco WAAS Central Manager Remote Code Execution Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Cisco WAAS Central Manager Remote Code Execution Vulnerability Advisory ID: cisco-sa-20130731-waascm Revision 1.0 For Public Release 2013 July 31 16:00 UTC (GMT)

[KIS-2013-05] vtiger CRM = 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities

- vtiger CRM = 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities - [-] Software Link: http://www.vtiger.com/ [-]

[KIS-2013-07] vtiger CRM = 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability

-- vtiger CRM = 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability -- [-] Software Link: http://www.vtiger.com/ [-] Affected Versions:

[KIS-2013-08] vtiger CRM = 5.4.0 (SOAP Services) Authentication Bypass Vulnerability

--- vtiger CRM = 5.4.0 (SOAP Services) Authentication Bypass Vulnerability --- [-] Software Link: http://www.vtiger.com/ [-] Affected Versions: All

Cisco Security Advisory: Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Cisco Security Advisory: Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products Advisory ID: cisco-sa-20130731-cm Revision 1.0 For Public Release 2013 July 31 16:00 UTC (GMT)

Update: Full Disclosure - WD My Net N600, N750, N900, N900C - Plain Text Disclosure of Admin Credentials

Vulnerable Systems: Western Digital My Net Series Wireless Routers: N600 Firmware 1.03.12 N600 Firmware 1.04.16 N750 Firmware 1.03.12 N750 Firmware 1.04.16 N900 Firmware 1.05.12 N900 Firmware 1.06.18 N900 Firmware 1.06.28 N900C Firmware 1.05.12 N900C Firmware 1.06.18 N900C Firmware