Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-14 | CVE-2013-7376 | Cross-Site Request Forgery (CSRF) vulnerability in Openx 2.8.10 Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514. | 6.8 |
| 2014-05-14 | CVE-2013-5939 | Cross-Site Scripting vulnerability in PHPcms Guesbook Module Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to index.php. | 4.3 |
| 2014-05-14 | CVE-2013-5655 | Path Traversal vulnerability in Xiaowen Huang Yingzhi Python Programming Language 1.9 Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. | 6.4 |
| 2014-05-14 | CVE-2013-4471 | Improper Authentication vulnerability in Openstack Horizon 2013.1/2013.2 The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user. | 5.5 |
| 2014-05-14 | CVE-2013-4468 | Command Injection vulnerability in VICIDIAL 'manager_send.php' VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php. | 6.5 |
| 2014-05-14 | CVE-2013-4455 | Permissions, Privileges, and Access Controls vulnerability in Katello Installer Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file. | 2.1 |
| 2014-05-14 | CVE-2013-3514 | Path Traversal vulnerability in Openx Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. | 4.3 |
| 2014-05-14 | CVE-2013-2700 | Cross-Site Request Forgery (CSRF) vulnerability in Webmaster-Source Wp125 Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors. | 6.8 |
| 2014-05-14 | CVE-2013-2226 | SQL Injection vulnerability in Glpi-Project Glpi Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php. | 7.5 |
| 2014-05-14 | CVE-2013-2087 | Cross-Site Scripting vulnerability in Galleryproject Gallery Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movies.php or (2) key variable to modules/gallery/views/error_admin.html.php. | 4.3 |