Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-16 | CVE-2014-1649 | Permissions, Privileges, and Access Controls vulnerability in Symantec Workspace Streaming 6.1/7.5.0 The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. | 7.9 |
2014-05-16 | CVE-2014-0964 | Resource Management Errors vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. | 7.1 |
2014-05-16 | CVE-2014-0933 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Infosphere Information Server Metadata Workbench Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2014-05-16 | CVE-2014-0918 | Path Traversal vulnerability in IBM Websphere Portal Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL. | 7.1 |
2014-05-16 | CVE-2014-0917 | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2014-05-16 | CVE-2014-0782 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yokogawa products Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet. | 8.3 |
2014-05-16 | CVE-2014-0643 | Improper Authentication vulnerability in EMC RSA Netwitness and RSA Security Analytics EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name. | 7.6 |
2014-05-15 | CVE-2014-3757 | SQL Injection vulnerability in PHPmanufaktur Kitform SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter. | 7.5 |
2014-05-15 | CVE-2014-3247 | Cross-Site Scripting vulnerability in O-Dyn Collabtive 1.2 Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php. | 4.3 |
2014-05-15 | CVE-2014-0211 | Numeric Errors vulnerability in multiple products Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. | 7.5 |