apache — cordova |
Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL. |
2014-11-15 |
6.4 |
CVE-2014-3500 BID |
apache — cordova |
Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView. |
2014-11-15 |
4.3 |
CVE-2014-3501 BID |
apache — cordova |
Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent. |
2014-11-15 |
4.3 |
CVE-2014-3502 BID |
apache — qpid |
XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. |
2014-11-17 |
4.3 |
CVE-2014-3629 XF BID BUGTRAQ SECUNIA MISC |
apple — apple_tv |
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. |
2014-11-18 |
5.4 |
CVE-2014-4452 |
apple — iphone_os |
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors. |
2014-11-18 |
5.0 |
CVE-2014-4453 |
apple — mac_os_x |
The “System Profiler About This Mac” component in Apple OS X before 10.10.1 includes extraneous cookie data in system-model requests, which might allow remote attackers to obtain sensitive information via unspecified vectors. |
2014-11-18 |
5.0 |
CVE-2014-4458 |
apple — mac_os_x |
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. |
2014-11-18 |
6.8 |
CVE-2014-4459 |
apple — apple_tv |
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452. |
2014-11-18 |
5.8 |
CVE-2014-4462 |
arubanetworks — clearpass |
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not disable the troubleshooting and diagnostics page in production systems, which allows remote attackers to obtain version numbers, module configuration, and other sensitive information by reading the page. |
2014-11-19 |
5.0 |
CVE-2014-6621 SECUNIA |
arubanetworks — clearpass |
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors. |
2014-11-19 |
5.0 |
CVE-2014-6622 SECUNIA |
arubanetworks — clearpass |
The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. |
2014-11-19 |
6.8 |
CVE-2014-6624 SECUNIA |
atlas_systems — aeon |
Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll. |
2014-11-19 |
4.3 |
CVE-2014-7290 XF MISC FULLDISC MISC |
bestpractical — rt-extension-mobileui |
The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors. |
2014-11-15 |
5.0 |
CVE-2013-3737 OSVDB SECUNIA |
cisco — ios |
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensitive credential information from process memory via a session on TCP port 2067, aka Bug ID CSCur14014. |
2014-11-17 |
5.0 |
CVE-2014-7992 |
cisco — unified_computing_system |
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Integrated Management Controller in Cisco Unified Computing System allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuq45477. |
2014-11-18 |
6.8 |
CVE-2014-7996 |
cisco — ios |
The DHCP implementation in Cisco IOS on Aironet access points does not properly handle error conditions with short leases and unsuccessful lease-renewal attempts, which allows remote attackers to cause a denial of service (device restart) by triggering a transition into a recovery state that was intended to involve a network-interface restart but actually involves a full device restart, aka Bug ID CSCtn16281. |
2014-11-14 |
6.1 |
CVE-2014-7997 |
cisco — unified_communications_manager_im_and_presence_service |
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. |
2014-11-20 |
5.0 |
CVE-2014-8000 |
codecanyon — phpsound |
Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php. |
2014-11-17 |
4.3 |
CVE-2014-8954 EXPLOIT-DB MISC |
commerceguys — commerce |
The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors. |
2014-11-20 |
5.0 |
CVE-2014-9025 |
docker — docker |
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. |
2014-11-17 |
5.0 |
CVE-2014-5277 CONFIRM SUSE |
dolibarr — dolibarr_erp/crm |
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4) lineid parameter in a deletecontact action, (5) ligne parameter in a swapstatut action, or (6) ref parameter to projet/contact.php; (7) id parameter to compta/bank/fiche.php, (8) contact/info.php, (9) holiday/index.php, (10) product/stock/fiche.php, (11) product/stock/info.php, or (12) in an edit action to product/stock/fiche.php; (13) productid parameter in an addline action to product/stock/massstockmove.php; (14) project_ref parameter to projet/tasks/note.php; (15) ref parameter to element.php, (16) ganttview.php, (17) note.php, or (18) tasks.php in projet/; (19) sall or (20) sref parameter to comm/mailing/liste.php; (21) search_bon, (22) search_ligne, (23) search_societ e, or (24) search_code parameter to compta/prelevement/liste.php; (25) search_label parameter to compta/sociales/index.php; (26) search_project parameter to projet/tasks/index.php; (27) search_societe parameter to compta/prelevement/demandes.php; (28) search_statut parameter to user/index.php; (29) socid parameter to compta/recap-compta.php, (30) societe/commerciaux.php, or (31) societe/rib.php; (32) sortorder, (33) sref, (34) sall, or (35) sortfield parameter to product/stock/liste.php; (36) statut parameter to adherents/liste.php or (37) compta/dons/liste.php; (38) tobuy or (39) tosell parameter to product/liste.php; (40) tobuy, (41) tosell, (42) search_categ, or (43) sref parameter to product/reassort.php; (44) type parameter to product/index.php; or the (a) sortorder or (b) sortfield parameter to (45) compta/paiement/cheque/liste.php, (46) compta/prelevement/bons.php, (47) compta/prelevement/rejets.php, (48) product/stats/commande.php, (49) product/stats/commande_fournis seur.php, (50) product/stats/contrat.php, (51) product/stats! /facture.php, (52) product/stats/facture_fournisseur.php, (53) product/stats/propal.php, or (54) product/stock/replenishorders.php. |
2014-11-21 |
6.5 |
CVE-2014-7137 MISC BID BUGTRAQ FULLDISC |
f5 — big-ip_local_traffic_manager |
Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the “Resource Administrator” or “Administrator” role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. |
2014-11-17 |
6.2 |
CVE-2014-8727 CONFIRM XF BID EXPLOIT-DB MISC |
freebsd — freebsd |
FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed. |
2014-11-18 |
4.3 |
CVE-2014-8475 XF BID SECUNIA MISC |
google — chrome |
Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. |
2014-11-19 |
5.0 |
CVE-2014-7899 CONFIRM CONFIRM |
google — chrome |
Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site. |
2014-11-19 |
5.0 |
CVE-2014-7905 CONFIRM |
google — chrome |
effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data. |
2014-11-19 |
5.0 |
CVE-2014-7909 CONFIRM CONFIRM |
haxx — curl |
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. |
2014-11-18 |
5.0 |
CVE-2014-3613 SUSE |
haxx — curl |
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. |
2014-11-18 |
5.0 |
CVE-2014-3620 SUSE |
haxx — libcurl |
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. |
2014-11-15 |
4.3 |
CVE-2014-3707 UBUNTU CONFIRM |
ibm — security_identity_manager |
Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. |
2014-11-17 |
5.0 |
CVE-2014-6095 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
ibm — security_identity_manager |
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
2014-11-17 |
4.3 |
CVE-2014-6096 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
ibm — security_identity_manager |
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. |
2014-11-17 |
5.0 |
CVE-2014-6098 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
ibm — security_identity_manager |
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
2014-11-17 |
4.3 |
CVE-2014-6105 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
ibm — security_identity_manager |
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. |
2014-11-17 |
4.3 |
CVE-2014-6107 AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR AIXAPAR |
imember360 — imember360 |
Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands. |
2014-11-16 |
6.8 |
CVE-2014-8948 EXPLOIT-DB SECUNIA FULLDISC MISC OSVDB |
imember360 — imember360 |
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges. |
2014-11-16 |
6.0 |
CVE-2014-8949 EXPLOIT-DB SECUNIA FULLDISC MISC OSVDB |
incrediblepbx — incredible_pbx_11 |
reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters. |
2014-11-20 |
6.5 |
CVE-2014-9001 FULLDISC |
ipa — ilogscanner |
Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file. |
2014-11-14 |
4.3 |
CVE-2014-7248 JVNDB JVN |
lantronix — xprintserver |
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action. |
2014-11-20 |
6.8 |
CVE-2014-9003 XF FULLDISC MISC |
maarch — letterbox |
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. |
2014-11-20 |
5.0 |
CVE-2014-8995 XF OSVDB MISC |
manageengine — password_manager_pro |
SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. |
2014-11-17 |
6.5 |
CVE-2014-8498 MISC XF BID EXPLOIT-DB FULLDISC MISC OSVDB |
manageengine — password_manager_pro |
Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc. |
2014-11-17 |
6.5 |
CVE-2014-8499 MISC XF XF BID EXPLOIT-DB FULLDISC MISC OSVDB OSVDB |
mantisbt — mantisbt |
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code. |
2014-11-18 |
6.4 |
CVE-2014-8598 XF BID MLIST |
megnicholas — clean_and_simple_contact_form |
Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscf[name] parameter to contact-us/. |
2014-11-17 |
4.3 |
CVE-2014-8955 XF MISC |
monstra — monstra |
Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values. |
2014-11-20 |
5.0 |
CVE-2014-9006 XF MISC |
mulesoft — mule_enterprise_management_console |
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC. |
2014-11-20 |
6.5 |
CVE-2014-9000 FULLDISC FULLDISC MISC |
mumble — mumble |
The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. |
2014-11-16 |
5.0 |
CVE-2014-3755 MISC BID MLIST MLIST |
mumble — mumble |
The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip. |
2014-11-16 |
5.0 |
CVE-2014-3756 BID MLIST MLIST |
nibbleblog — nibbleblog |
Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php. |
2014-11-20 |
4.3 |
CVE-2014-8996 XF BID FULLDISC MISC |
pandorafms — pandora_flexible_monitoring_system |
Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php. |
2014-11-19 |
4.3 |
CVE-2014-8629 XF FULLDISC MISC |
phpmemcachedadmin_project — phpmemcachedadmin |
Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
2014-11-17 |
4.3 |
CVE-2014-8732 XF BID BUGTRAQ BUGTRAQ MISC |
phpmoneybooks — phpmoneybooks |
Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. |
2014-11-17 |
4.3 |
CVE-2012-1669 BID BUGTRAQ EXPLOIT-DB FULLDISC MISC OSVDB |
phpmoneybooks — phpmoneybooks |
Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3. |
2014-11-17 |
4.3 |
CVE-2012-6665 SECUNIA OSVDB |
phpscriptlerim — php_scriptlerim_who’s_who |
Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who’s Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php. |
2014-11-17 |
6.8 |
CVE-2014-8953 XF EXPLOIT-DB MISC |
pivotal — spring_framework |
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling. |
2014-11-20 |
5.0 |
CVE-2014-3625 CONFIRM |
puppetlabs — facter |
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine. |
2014-11-16 |
6.2 |
CVE-2014-3248 BID SECUNIA SECUNIA MISC |
qemu — qemu |
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. |
2014-11-15 |
4.6 |
CVE-2014-5388 MLIST CONFIRM UBUNTU MLIST MLIST CONFIRM |
redhat — openshift |
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. |
2014-11-16 |
6.5 |
CVE-2014-0233 CONFIRM |
redhat — tcpdump |
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. |
2014-11-20 |
5.0 |
CVE-2014-8767 XF BID BUGTRAQ FULLDISC MISC |
redhat — tcpdump |
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. |
2014-11-20 |
5.0 |
CVE-2014-8768 XF BID BUGTRAQ FULLDISC MISC |
redhat — tcpdump |
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. |
2014-11-20 |
6.4 |
CVE-2014-8769 XF BID BUGTRAQ FULLDISC MISC |
rubyonrails — ruby_on_rails |
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string. |
2014-11-16 |
5.0 |
CVE-2014-3916 XF BID MLIST MLIST |
rubyonrails — ruby_on_rails |
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. |
2014-11-15 |
5.0 |
CVE-2014-4975 CONFIRM XF UBUNTU MLIST |
rubyonrails — ruby_on_rails |
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a (backslash) character, a similar issue to CVE-2014-7818. |
2014-11-18 |
5.0 |
CVE-2014-7829 MLIST |
simple_email_form_project — simple_email_form |
Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php. |
2014-11-21 |
4.3 |
CVE-2014-8539 MISC BID BUGTRAQ MISC |
tibco — managed_file_transfer_command_center |
TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access. |
2014-11-20 |
6.4 |
CVE-2014-7194 |
tibco — silver_fabric_enabler |
Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors. |
2014-11-20 |
4.0 |
CVE-2014-7195 |
twilio_project — twilio |
The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restirct access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the “access administration pages” Drupal permission. |
2014-11-20 |
5.5 |
CVE-2014-9023 |
ubercart — ubercart |
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the “administer product classes” permission to execute arbitrary PHP code via unspecified vectors. |
2014-11-15 |
6.0 |
CVE-2012-2301 BID MLIST MLIST SECUNIA |
ubercart — ubercart |
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the “view own orders” permission to obtain sensitive information via unspecified vectors. |
2014-11-20 |
4.0 |
CVE-2014-9026 |
uninett — mod_auth_mellon |
The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a “session overflow” involving “sessions overlapping in memory.” |
2014-11-15 |
6.4 |
CVE-2014-8566 SECUNIA SECUNIA REDHAT CONFIRM |
vld_interactive — vldpersonals |
Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php. |
2014-11-20 |
4.3 |
CVE-2014-9004 XF EXPLOIT-DB |
vtiger — vtiger_crm |
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. |
2014-11-15 |
5.0 |
CVE-2014-2268 MISC BID EXPLOIT-DB |
web_component_roles_project — web_component_roles |
The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the “disabled” restriction and modify read-only components via a crafted form. |
2014-11-20 |
6.4 |
CVE-2014-9022 |
x7chat — x7_chat |
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch. |
2014-11-20 |
6.5 |
CVE-2014-8998 XF BID EXPLOIT-DB MISC |
xen — xen |
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer derference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). |
2014-11-19 |
5.4 |
CVE-2014-8594 |
xoops — xoops |
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. |
2014-11-20 |
6.5 |
CVE-2014-8999 BID FULLDISC MISC |
zend — zend_framework |
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. |
2014-11-15 |
6.4 |
CVE-2014-2681 MANDRIVA MLIST CONFIRM |
zend — zend_framework |
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. |
2014-11-15 |
6.8 |
CVE-2014-2682 MANDRIVA MLIST CONFIRM |
zend — zend_framework |
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532. |
2014-11-15 |
5.0 |
CVE-2014-2683 MANDRIVA MLIST CONFIRM |
zend — zend_framework |
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values. |
2014-11-15 |
6.4 |
CVE-2014-2684 MANDRIVA MLIST CONFIRM |
zte — zxdsl |
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi. |
2014-11-20 |
6.8 |
CVE-2014-9019 XF BID BUGTRAQ MISC |
zteusa — zxhn_h108l_firmware |
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. |
2014-11-20 |
5.0 |
CVE-2014-8493 MISC XF EXPLOIT-DB EXPLOIT-DB FULLDISC MISC |
zteusa — zxdsl_831 |
Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases. |
2014-11-20 |
4.3 |
CVE-2014-9020 XF BID BID BUGTRAQ BUGTRAQ MISC MISC |
zteusa — zxdsl_831 |
Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases. |
2014-11-20 |
4.3 |
CVE-2014-9021 XF BID BUGTRAQ MISC |
zteusa — zxdsl_831cii |
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd. |
2014-11-20 |
6.8 |
CVE-2014-9027 XF MISC |