Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-18 | CVE-2014-6078 | Improper Access Control vulnerability in IBM products IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack. | 5.0 |
| 2014-12-18 | CVE-2014-6077 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
| 2014-12-18 | CVE-2014-6076 | 7PK - Security Features vulnerability in IBM products IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
| 2014-12-18 | CVE-2014-9406 | Credentials Management vulnerability in Arris Touchstone Tg862G/Ct Firmware 7.6.59S.Ct ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php. | 10.0 |
| 2014-12-18 | CVE-2014-8108 | Remote Denial of Service vulnerability in Apache Subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. | 5.0 |
| 2014-12-18 | CVE-2014-3580 | Remote Denial of Service vulnerability in Apache Subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. | 5.0 |
| 2014-12-17 | CVE-2014-9388 | Improper Access Control vulnerability in Mantisbt bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. | 5.0 |
| 2014-12-17 | CVE-2014-9387 | Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 4.1 SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | 10.0 |
| 2014-12-17 | CVE-2014-8553 | Information Exposure vulnerability in Mantisbt The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request. | 5.0 |
| 2014-12-17 | CVE-2014-8117 | Resource Management Errors vulnerability in multiple products softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. | 5.0 |