Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-06-03 | CVE-2014-3280 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. | 4.0 |
2014-06-02 | CVE-2014-2959 | OS Command Injection vulnerability in multiple products logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter. | 9.0 |
2014-06-02 | CVE-2014-2946 | Cross-Site Request Forgery (CSRF) vulnerability in Huawei E303 Modem, E303 Modem Firmware and Webui Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document. | 6.8 |
2014-06-02 | CVE-2014-2939 | Cross-Site Scripting vulnerability in Alfresco 4.1.6 Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit. | 4.3 |
2014-06-02 | CVE-2014-3937 | SQL Injection vulnerability in Ajaydsouza Contextual Related Posts SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-06-02 | CVE-2013-7387 | Unspecified vulnerability in Dleviet Datalife Engine 9.7 Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie. network dleviet | 6.8 |
2014-06-02 | CVE-2013-6470 | Improper Authentication vulnerability in Redhat Openstack 4.0 The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid. | 5.0 |
2014-06-02 | CVE-2013-6433 | Permissions, Privileges, and Access Controls vulnerability in multiple products The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file. | 7.6 |
2014-06-02 | CVE-2013-4596 | Permissions, Privileges, and Access Controls vulnerability in Danielkorte Nodeaccesskeys 7.X1.0 The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing. | 5.8 |
2014-06-02 | CVE-2013-3476 | Cross-Site Request Forgery (CSRF) vulnerability in Zemanta Related Posts Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors. | 6.8 |