Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-09 | CVE-2014-1991 | Improper Input Validation vulnerability in Intra-Mart Webplatform/Appframework Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2014-05-09 | CVE-2014-0946 | Information Exposure vulnerability in IBM Operational Decision Manager 7.5/8.0/8.5 The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | 4.3 |
2014-05-09 | CVE-2014-0945 | Cross-Site Scripting vulnerability in IBM Operational Decision Manager 7.5/8.0/8.5 Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-05-09 | CVE-2014-0944 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Operational Decision Manager 7.5/8.0/8.5 Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
2014-05-09 | CVE-2014-3214 | Improper Input Validation vulnerability in ISC Bind 9.10.0 The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes. | 5.0 |
2014-05-09 | CVE-2014-0913 | Cross-Site Scripting vulnerability in IBM Lotus Domino and Lotus Inotes Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE. | 4.3 |
2014-05-08 | CVE-2014-2854 | Cross-Site Scripting vulnerability in Semantictitle Project Semantictitle Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-05-08 | CVE-2013-5916 | Cross-Site Scripting vulnerability in Bradesco Gateway Plugin Project Bradesco Gateway 2.0 Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | 4.3 |
2014-05-08 | CVE-2014-3207 | Cross-Site Scripting vulnerability in SKS Keyserver Project SKS Keyserver Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1. | 4.3 |
2014-05-08 | CVE-2014-3123 | Cross-Site Scripting vulnerability in Wpgetready Nextcellent Gallery Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field. | 2.1 |