Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-25 | CVE-2014-2579 | Cross-Site Request Forgery (CSRF) vulnerability in Xcloner 3.5 Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. | 7.6 |
| 2014-04-25 | CVE-2013-5660 | Buffer Errors vulnerability in Powersoftware Winarchiver 3.2 Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file. | 9.3 |
| 2014-04-25 | CVE-2013-4726 | Cross-Site Request Forgery (CSRF) vulnerability in Ddsn CM3 Acora Content Management System Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
| 2014-04-25 | CVE-2013-4723 | Improper Input Validation vulnerability in Ddsn CM3 Acora Content Management System Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx. | 5.8 |
| 2014-04-25 | CVE-2013-4722 | Cross-Site Scripting vulnerability in Ddsn CM3 Acora Content Management System Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter. | 4.3 |
| 2014-04-25 | CVE-2013-4565 | Buffer Errors vulnerability in Debian Ppthtml 0.5.1 Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file. | 6.8 |
| 2014-04-25 | CVE-2013-3069 | Cross-Site Scripting vulnerability in Netgear Wndr4700 and Wndr4700 Firmware Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page. | 3.5 |
| 2014-04-25 | CVE-2013-2025 | Cross-Site Scripting vulnerability in Ushahidi Platform 2.5/2.6/2.6.1 Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-04-25 | CVE-2014-2729 | Cross-Site Scripting vulnerability in Ektron Content Management System 8.7.0 Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option. | 3.5 |
| 2014-04-25 | CVE-2013-5956 | Cross-Site Scripting vulnerability in Joomlaboat COM Youtubegallery 3.4.0 Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter. | 4.3 |