Vulnerability title: Multiple Instances Of Cross-site Scripting In Viprinet
Multichannel VPN Router 300
CVE: CVE-2014-2045
Vendor: Viprinet
Product: Multichannel VPN Router 300
Affected version: 2013070830/2013080900
Fixed version: 2014013131/2014020702
Reported by: Tim Brown
Details:
Vulnerability title: Privilege Escalation Via Symlink Attacks On POSIX Shared
Memory With Insecure Permissions In AMD fglrx-driver
CVE: CVE-2015-7723
Vendor: AMD
Product: fglrx-driver
Affected version: 14.4.2
Fixed version: 15.7
Reported by: Tim Brown
Details:
It has been identified that the
Vulnerability title: Privilege Escalation Via Symlink Attacks On POSIX Shared
Memory With Insecure Permissions In AMD fglrx-driver
CVE: CVE-2015-7724
Vendor: AMD
Product: fglrx-driver
Affected version: 15.7
Fixed version: 15.9
Reported by: Tim Brown
Details:
In the process of validating the fix
Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine
CVE: CVE-2015-5075
Vendor: X2Engine Inc.
Product: X2Engine
Affected version: 4.2
Fixed version: 5.2
Reported by: Simone Quatrini
Details:
It was discovered that no protection against Cross-site Request Forgery attacks
was
Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine
CVE: CVE-2015-5074
Vendor: X2Engine Inc.
Product: X2Engine
Affected version: 4.2
Fixed version: 5.2
Reported by: Simone Quatrini
Details:
It was discovered that authenticated users were able to upload files of any
type
Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine
CVE: CVE-2015-5076
Vendor: X2Engine Inc.
Product: X2Engine
Affected version: 4.2
Fixed version: 5.2
Reported by: Simone Quatrini
Details:
It was discovered that the web application was vulnerable to reflective
Cross-Site Scripting
Vulnerability title: Multiple SQL Injections in Dolibarr ERP CRM
CVE: CVE-2014-7137
Vendor: Dolibarr ERP CRM
Product: Dolibarr ERP CRM
Affected version: 3.5.3
Fixed version: 3.6.1
Reported by: Jerzy Kramarz
Details:
SQL injection has been found and confirmed within the software as an
Vulnerability title: Privilege Escalation in Panda Security
CVE: CVE-2014-5307
Vendor: Panda Security
Product: Multiple
Affected version: Panda 2014 Products
Fixed version: Hotfix hft131306s24_r1
Reported by: Kyriakos Economou
Details:
Latest, and possibly earlier builds, of the PavTPK.sys
Vulnerability title: Privilege Escalation in ESET Windows Products
CVE: CVE-2014-4973
Vendor: ESET
Product: ESET Windows Products
Affected version: v5.0 - 7.0 (Firewall Module Build 1183 (20140214) and
earlier)
Fixed version: v6 - v7 (Firewall Module Build 1212 (20140609))
Reported by: Kyriakos
Vulnerability title: Authentication Bypass in Barracuda Web Application
Firewall
CVE: CVE-2014-2595
Vendor: Barracuda
Product: Web Application Firewall
Affected version: Firmware v7.8.1.013
Fixed version: N/A
Reported by: Nick Hayes
Details:
It is possible to re-use a link which includes a
Vulnerability title: Runtime Linker Allows Privilege Escalation Via
Arbitrary File Writes in IBM AIX
CVE: CVE-2014-3074
Vendor: IBM
Product: AIX
Affected version: AIX 6.1 and 7.1 and VIOS 2.2.*
Reported by: Tim Brown
Details:
It has been identified that the runtime linker allows privilege
Vulnerability title: Multiple Cross Site Scripting in Sophos Antivirus
Configuration Console (Linux)
CVE: CVE-2014-2385
Vendor: Sophos
Product: Antivirus
Affected version: 9.5.1
Fixed version: 9.6.1
Reported by: Pablo Catalina
Details:
The Configuration Console of Sophos Antivirus 9.5.1 (Linux)
Vulnerability title: Arbitrary Code Execution in G Data TotalProtection 2014
CVE: CVE-2014-3752
Vendor: G Data
Product: TotalProtection 2014
Affected version: v24.0.2.1
Fixed version: N/A
Reported by: Kyriakos Economou
Details:
G Data TotalProtection 2014 v24.0.2.1 and possibly earlier versions
Vulnerability title: Privilege Escalation in IBM AIX
CVE: CVE-2014-3977
Vendor: IBM
Product: AIX
Affected version: 6.1.8 and later
Fixed version: N/A
Reported by: Tim Brown
Details:
It has been identified that libodm allows privilege escalation via
arbitrary file writes with elevated privileges
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation
Via Insecure RPATH In IBM DB2
CVE: CVE-2014-0907
Vendor: IBM
Product: DB2
Affected version: V9.1, V9.5, V9.7, V10.1 and V10.5
Fixed version: V9.7 FP9a, V10.1 FP3a, V10.1 FP4 and V10.5 FP3a
Reported by: Tim Brown
Details:
It
Vulnerability title: Unauthenticated Backup and Password Disclosure in
HandsomeWeb SOS Webpages
CVE: CVE-2014-3445
Vendor: HandsomeWeb
Product: SOS Webpages
Affected version: 1.1.11 and earlier
Fixed version: 1.1.12
Reported by: Freakyclown
Details:
The default setup allows an unauthenticated
Vulnerability title: Remote Code Execution Via Unauthenticated File
Upload in BSS Continuity CMS
CVE: CVE-2014-3448
Vendor: BSS
Product: Continuity CMS
Affected version: 4.2.22640.0
Fixed version: N/A
Reported by: Jerzy Kramarz
Details:
The ASPX executable which is responsible for handling file
Vulnerability title: Privilege Escalation in Panda Security
CVE: CVE-2014-3450
Vendor: Panda
Product: Security
Affected version: See below
Fixed version: See below
Reported by: Kyriakos Economou
Details:
All users of the following (and possibly earlier) versions of Panda
security products for
Vulnerability title: Remote Denial Of Service in BSS Continuity CMS
CVE: CVE-2014-3447
Vendor: BSS
Product: Continuity CMS
Affected version: 4.2.22640.0
Fixed version: N/A
Reported by: Jerzy Kramarz
Details:
By repeatedly calling node enumeration script, a remote unauthenticated
attacker can
Vulnerability title: Unauthenticated Blind SQL Injection in BSS
Continuity CMS
CVE: CVE-2014-3446
Vendor: BSS
Product: Continuity CMS
Affected version: 4.2.22640.0
Fixed version: N/A
Reported by: Jerzy Kramarz
Details:
he following URL and parameters have been confirmed to suffer from Blind
SQL
Vulnerability title: Unauthenticated Credential And Configuration
Retrieval In Broadcom Ltd PIPA C211
CVE: CVE-2014-2046
Vendor: Broadcom Ltd
Product: PIPA C211
Affected version: Soft Rev: SR1.1, HW Rev: PIPA C211 rev2
Fixed version: N/A
Reported by: Jerzy Kramarz
Details:
By sending a crafted
Vulnerability title: Poor Quality Implementation of Diffie-Hellman Key
Exchange in Citrix Netscaler
CVE: CVE-2014-2881
Vendor: Citrix
Product: Netscaler
Affected version: All prior to 10.1-122.17/9.3-66.5
Fixed version: 10.1-122.17/9.3-66.5
Reported by: Graham Sutherland
Details:
The remote
Vulnerability title: Lack of SSL Certificate Validation in Citrix Netscaler
CVE: CVE-2014-2882
Vendor: Citrix
Product: Netscaler
Affected version: All prior to 10.1-122.17/9.3-66.5
Fixed version: 10.1-122.17/9.3-66.5
Reported by: Graham Sutherland
Details:
The remote configuration Java applet
Vulnerability title: Kernel Memory Leak And Denial Of Service Condition
in IBM AIX
CVE: CVE-2014-0930
Vendor: IBM
Product: AIX
Affected version: 5.3, 6.1 and 7.1 releases VIOS 2.2.*
Fixed version: Interim version
Reported by: Tim Brown
Details:
It has been identified that the ptrace() system
Vulnerability title: Unauthenticated access to sensitive information and
functionality in Livetecs Timelive
CVE: CVE-2014-1217
Vendor: Livetecs
Product: Timelive
Affected version: 6.2.71
Fixed version: 6.2.8
Reported by: Richard Hatch
Details:
It was possible to access a URL that allowed
Vulnerability title: Arbitrary file read in dompdf
CVE: CVE-2014-2383
Vendor: dompdf
Product: dompdf
Affected version: v0.6.0
Fixed version: v0.6.1 (partial fix)
Reported by: Alejo Murillo Moyas
Details:
An arbitrary file read vulnerability is present on dompdf.php file that
allows remote or
Vulnerability title: Unrestricted file upload in Livetecs Timelive
CVE: CVE-2014-2042
Vendor: Livetecs
Product: Timelive
Affected version: 6.2.71
Fixed version: 6.5.1
Reported by: Richard Hatch
Details:
It was discovered that it was possible for low-level TimeLive
application users to upload
Vulnerability title: Denial of Service in PCNetSoftware RAC Server
CVE: CVE-2014-2597
Vendor: PCNetSoftware
Product: RAC Server
Affected version: 4.0.4, 4.0.5
Fixed version: N/A
Reported by: Kyriakos Economou
Details:
Latest and possibly earlier versions of RAC Server software are
vulnerable to
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation
Via Insecure RPATH in HP Array Configuration Utility, HP Array
Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear
Gauge Utility Running on Linux
CVE: CVE-2013-6216
Vendor: HP
Product: HP Array Configuration
Vulnerability title: Invalid Pointer Dereference in VMware Workstation
and Player
CVE: CVE-2014-2384
Vendor: VMware
Product: Workstation, Player
Affected version: VMware WorkStation v10.0.1 build-1379776 and VMware
Player v6.0.1 build-1379776
Fixed version: N/A
Reported by: Kyriakos Economou
Vulnerability title: Local File Inclusion in Vtiger CRM
CVE: CVE-2014-1222
Vendor: Vtiger
Product: CRM
Affected version: Vtiger CRM 5.4.0, 6.0 RC 6.0.0 GA
Fixed version: Vtiger CRM 6.0.0 Security patch 1
Reported by: Jerzy Kramarz
Details:
A local file inclusion vulnerability was discovered in
Vulnerability title: SQL Injection in Procentia IntelliPen
CVE: CVE-2014-2043
Vendor: Procentia
Product: IntelliPen
Affected version: 1.1.12.1520
Fixed version: 1.1.18.1658
Reported by: Jerzy Kramarz
Details:
SQL injection has been found and confirmed within the software as an
authenticated
Vulnerability title: Remote Code Execution in ownCloud
CVE: CVE-2014-2044
Vendor: ownCloud
Product: ownCloud
Affected version: 4.0.x 4.5.x
Fixed version: 5.0
Reported by: Alejo Murillo Moya
Details:
A remote code execution has been found and confirmed within ownCloud as
an authenticated user. A
Vulnerability title: Remote Command Execution in Fitnesse Wiki
CVE: CVE-2014-1216
Vendor: Fitnesse
Product: Wiki
Affected version: v20131110 and earlier
Fixed version: N/A
Reported by: Jerzy Kramarz
Details:
The Fitnesse wiki does not validate the syntax of edited pages to
validate whether the
Vulnerability title: Authentication Bypass in Oracle Demantra
CVE: CVE-2014-5880
Vendor: Oracle
Product: Demantra
Affected version: 12.2.1
Fixed version: 12.2.3
Reported by: Oliver Gruskovnjak
Details:
The authentication filter in Oracle Demantra is broken by design.
For example the page:
Vulnerability title: SQL Injection in Oracle Demantra
CVE: CVE-2014-0372
Vendor: Oracle
Product: Demantra
Affected version: 12.2.1
Fixed version: 12.2.3
Reported by: Oliver Gruskovnjak
Details:
The Oracle Demantra application is vulnerable to SQL injection.
An attacker with access to the
Vulnerability title: Database Credentials Leak in Oracle Demantra
CVE: CVE-2014-5795
Vendor: Oracle
Product: Demantra
Affected version: 12.2.1
Fixed version: 12.2.3
Reported by: Oliver Gruskovnjak
Details:
Oracle Demantra version 12.2.1 has a backend function that allows anyone
to retrieve the
Vulnerability title: Cross-site Scripting in Telligent Evolution
CVE: CVE-2014-1223
Vendor: Telligent
Product: Evolution
Affected version: 7.5.0.32466
Fixed version: 7.6.7.36651
Reported by: Jerzy Kramarz
Details:
It is possible for an attacker to inject JavaScript by manipulating the
'msg'
Vulnerability title: Local Code Execution in CoreFTP Core FTP Server
CVE: CVE-2014-1215
Vendor: CoreFTP
Product: Core FTP Server
Affected version: v1.2 build 505
Fixed version: v1.2 build 508
Reported by: Kyriakos Economou
Details:
Core FTP Server v1.2 build 505 (latest version) and possibly
39 matches
Mail list logo