Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-02 | CVE-2012-5391 | Session Fixation vulnerability in MediaWiki Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id. network mediawiki | 6.8 |
| 2014-06-02 | CVE-2014-3935 | SQL Injection vulnerability in Xoops Glossaire Module 1.0 SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter. | 7.5 |
| 2014-06-02 | CVE-2014-3934 | SQL Injection vulnerability in PHPnuke PHP-Nuke and Submit News Module SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. | 7.5 |
| 2014-06-02 | CVE-2014-3933 | Cross-Site Scripting vulnerability in Newsignature Addressfield Tokens Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field. | 3.5 |
| 2014-06-02 | CVE-2014-3932 | SQL Injection vulnerability in Cososys Endpoint Protector 4.3.0.4/4.4.0.2 SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
| 2014-06-01 | CVE-2014-3925 | Credentials Management vulnerability in multiple products sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | 5.0 |
| 2014-06-01 | CVE-2014-3790 | Permissions, Privileges, and Access Controls vulnerability in VMWare Vcenter Server Appliance 5.1/5.5 Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. | 9.0 |
| 2014-05-31 | CVE-2014-3793 | Local Privilege Escalation vulnerability in Multiple VMware Products VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. low complexity vmware | 5.8 |
| 2014-05-31 | CVE-2014-0095 | Improper Input Validation vulnerability in Apache Tomcat 8.0.0/8.0.1/8.0.3 java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing. | 5.0 |
| 2014-05-30 | CVE-2014-2354 | Credentials Management vulnerability in Cogentdatahub Cogent Datahub Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | 5.0 |