Re: CVE-2013-2021 – vBulletin 5.x/4.x – persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth)

October 14, 2014 007admin Leave a comment

Posted by Henri Salo on Oct 14

Can you confirm that this should be CVE-2014-2021 and not 2013 ID, thank you.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021 says:

“pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial
of service (out-of-bounds-read) via a crafted length value in an encrypted PDF
file.”

—
Henri Salo

007 Software

Re: CVE-2013-2021 – vBulletin 5.x/4.x – persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth)

Leave a Reply Cancel reply

Software and Security Information