Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-29 | CVE-2014-2183 | Improper Input Validation vulnerability in Cisco products The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. | 6.3 |
2014-04-29 | CVE-2014-2180 | Improper Input Validation vulnerability in Cisco products The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133. | 4.0 |
2014-04-29 | CVE-2014-1843 | Path Traversal vulnerability in Southrivertech Titan FTP Server Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. | 5.0 |
2014-04-29 | CVE-2014-1842 | Path Traversal vulnerability in Southrivertech Titan FTP Server Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. | 5.0 |
2014-04-29 | CVE-2014-1841 | Path Traversal vulnerability in Southrivertech Titan FTP Server Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. | 5.0 |
2014-04-29 | CVE-2014-0515 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014. | 10.0 |
2014-04-29 | CVE-2014-0113 | Permissions, Privileges, and Access Controls vulnerability in Apache Struts CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. | 7.5 |
2014-04-29 | CVE-2014-0112 | Permissions, Privileges, and Access Controls vulnerability in Apache Struts ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. | 7.5 |
2014-04-28 | CVE-2014-3008 | OS Command Injection vulnerability in Unitrends Enterprise Backup 7.3.0 Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php. | 10.0 |
2014-04-28 | CVE-2014-2986 | Improper Input Validation vulnerability in XEN 4.4.0 The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors. | 5.5 |