Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-22 | CVE-2013-2187 | Cross-Site Scripting vulnerability in Apache Archiva Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page. | 4.3 |
| 2014-04-22 | CVE-2013-2105 | Link Following vulnerability in Jonathan Leung Show in Browser 0.0.3 The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html. | 3.3 |
| 2014-04-22 | CVE-2013-1421 | Cross-Site Scripting vulnerability in Webcalendar Project Webcalendar Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php. | 4.3 |
| 2014-04-22 | CVE-2014-2925 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi. | 4.3 |
| 2014-04-22 | CVE-2014-2735 | Improper Input Validation vulnerability in Winscp WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
| 2014-04-22 | CVE-2014-2719 | Information Exposure vulnerability in multiple products Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. | 6.3 |
| 2014-04-22 | CVE-2014-2341 | Improper Authentication vulnerability in Cubecart Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | 6.8 |
| 2014-04-22 | CVE-2014-2269 | Improper Input Validation vulnerability in Vtiger CRM 6.0.0 modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters. | 6.4 |
| 2014-04-22 | CVE-2014-1216 | Remote Code Execution vulnerability in Fitnesse FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page. | 7.5 |
| 2014-04-22 | CVE-2014-0173 | Permissions, Privileges, and Access Controls vulnerability in Automattic Jetpack The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. | 5.8 |