Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2014-10-28 CVE-2014-4023 Cross-Site Scripting vulnerability in F5 products
Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
f5 CWE-79
4.3
2014-10-27 CVE-2014-4586 Cross-Site Scripting vulnerability in Wp-Football Project Wp-Football 1.0.1/1.1
Multiple cross-site scripting (XSS) vulnerabilities in the wp-football plugin 1.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the league parameter to (1) football_classification.php, (2) football_criteria.php, (3) templates/template_default_preview.php, or (4) templates/template_worldCup_preview.php; the (5) f parameter to football-functions.php; the id parameter in an "action" action to (6) football_groups_list.php, (7) football_matches_list.php, (8) football_matches_phase.php, or (9) football_phases_list.php; or the (10) id_league parameter in a delete action to football_matches_load.php.
4.3
2014-10-27 CVE-2012-5580 Code Injection vulnerability in Libproxy Project Libproxy 0.3.1
Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.
network
low complexity
libproxy-project CWE-94
7.5
2014-10-27 CVE-2012-1111 Information Exposure vulnerability in Robert Ancell Lightdm
lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.
local
low complexity
robert-ancell CWE-200
4.6
2014-10-27 CVE-2010-5077 Improper Input Validation vulnerability in multiple products
server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.
network
low complexity
ioquake3 openarena tremulous CWE-20
7.8
2014-10-27 CVE-2003-1599 Code Injection vulnerability in Wordpress 0.70
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.
network
low complexity
wordpress CWE-94
7.5
2014-10-27 CVE-2014-8327 Information Disclosure vulnerability in FAL Sftp Project FAL Sftp 0.2.4
The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
fal-sftp-project
4.0
2014-10-27 CVE-2014-3955 Improper Input Validation vulnerability in Freebsd
routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network.
network
low complexity
freebsd CWE-20
5.0
2014-10-27 CVE-2014-3954 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freebsd
Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message.
network
low complexity
freebsd CWE-119
critical
10.0
2014-10-27 CVE-2014-3711 Resource Management Errors vulnerability in Freebsd
namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.
network
low complexity
freebsd CWE-399
5.0