Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-22 | CVE-2014-2899 | Improper Input Validation vulnerability in Yassl Cyassl wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found. | 5.0 |
2014-04-22 | CVE-2014-2892 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libmms Project Libmms Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response. | 7.5 |
2014-04-22 | CVE-2014-2890 | Cross-Site Scripting vulnerability in Siege PHPmyid 0.9 Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error message. | 4.3 |
2014-04-22 | CVE-2014-2737 | SQL Injection vulnerability in Knowledgetree SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function. | 7.5 |
2014-04-22 | CVE-2014-2659 | Cross-Site Request Forgery (CSRF) vulnerability in Papercut MF and Papercut NG Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
2014-04-22 | CVE-2014-2654 | SQL Injection vulnerability in Mobfox Madserve 2.0 Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/. | 6.5 |
2014-04-22 | CVE-2014-1615 | Cross-Site Request Forgery (CSRF) vulnerability in Carbonblack Carbon Black 4.0.3/4.1.0 Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user. | 6.8 |
2014-04-22 | CVE-2013-7338 | Improper Input Validation vulnerability in multiple products Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. | 7.1 |
2014-04-22 | CVE-2013-4472 | Link Following vulnerability in Freedesktop Poppler The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | 3.3 |
2014-04-22 | CVE-2013-4116 | Link Following vulnerability in Npmjs Node Packaged Modules 1.3.2 lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives. | 3.3 |