Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-14 | CVE-2013-1765 | Cross-Site Scripting vulnerability in Smart-Flv Plugin Project Smart-Flv Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerready parameter. | 4.3 |
| 2014-05-14 | CVE-2011-5249 | Cross-Site Scripting vulnerability in Intersectalliance System Intrusion Analysis and Reporting Environment Cross-site scripting (XSS) vulnerability in the events page in the System iNtrusion Analysis and Reporting Environment (SNARE) for Linux agent before 1.7.0 allows remote attackers to inject arbitrary web script or HTML via a logged shell command. | 4.3 |
| 2014-05-14 | CVE-2014-1815 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0310. | 9.3 |
| 2014-05-14 | CVE-2014-1813 | Code Injection vulnerability in Microsoft web Applications 2010 Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability." | 8.5 |
| 2014-05-14 | CVE-2014-1812 | Credentials Management vulnerability in Microsoft products The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability." | 9.0 |
| 2014-05-14 | CVE-2014-1809 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Office 2007/2010/2013 The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability." | 6.8 |
| 2014-05-14 | CVE-2014-1808 | Information Exposure vulnerability in Microsoft Office 2013 Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka "Token Reuse Vulnerability." | 4.3 |
| 2014-05-14 | CVE-2014-1807 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka "Windows Shell File Association Vulnerability." | 7.2 |
| 2014-05-14 | CVE-2014-1806 | Code Injection vulnerability in Microsoft .Net Framework The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability." | 10.0 |
| 2014-05-14 | CVE-2014-1756 | Remote Code Execution vulnerability in Microsoft Office 2007/2010/2013 Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Microsoft Office Chinese Grammar Checking Vulnerability." Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path" | 9.3 |