Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-03 | CVE-2014-8104 | Resource Management Errors vulnerability in multiple products OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | 6.8 |
| 2014-12-03 | CVE-2014-9220 | SQL Injection vulnerability in multiple products SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. | 7.5 |
| 2014-12-03 | CVE-2014-9141 | Permissions, Privileges, and Access Controls vulnerability in Thomsonreuters Fixed Assets CS The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. | 7.2 |
| 2014-12-03 | CVE-2014-3988 | Cross-Site Scripting vulnerability in Sunhater Kcfinder Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file. | 4.3 |
| 2014-12-02 | CVE-2014-9184 | Improper Authentication vulnerability in ZTE Zxdsl 831Cii ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. | 5.0 |
| 2014-12-02 | CVE-2014-9183 | Credentials Management vulnerability in ZTE Zxdsl 831Cii ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. | 10.0 |
| 2014-12-02 | CVE-2014-9182 | Cross-Site Scripting vulnerability in Anchorcms Anchor CMS 0.9.1 models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. | 4.3 |
| 2014-12-02 | CVE-2014-9181 | Path Traversal vulnerability in Plex Media Server 0.9.9.2 Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2014-12-02 | CVE-2014-9180 | Unspecified vulnerability in Eleanor-Cms Eleanor CMS Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING. | 5.0 |
| 2014-12-02 | CVE-2014-9179 | Cross-Site Scripting vulnerability in Supportezzy Ticket System Project Supportezzy Ticket System 1.2.5 Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket. | 4.0 |