Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-22 | CVE-2013-5948 | OS Command Injection vulnerability in multiple products The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). | 8.5 |
2014-04-21 | CVE-2014-2922 | Improper Input Validation vulnerability in Pimcore 1.4.9/1.5.0/2.1.0 The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors involving a Zend_Http_Response_Stream object. | 6.4 |
2014-04-21 | CVE-2014-2921 | Code Injection vulnerability in Pimcore The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a Zend_Pdf_ElementFactory_Proxy object and a pathname with a trailing \0 character. | 7.5 |
2014-04-21 | CVE-2014-0932 | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-04-21 | CVE-2014-0361 | Cryptographic Issues vulnerability in Toshibacommerce 4690 Point of Sale Operating System 6.2/6.3/6.4 The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified cryptanalysis of an ADXCSOUF.DAT file. | 3.0 |
2014-04-21 | CVE-2013-5459 | Security vulnerability in IBM products Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking. | 5.5 |
2014-04-20 | CVE-2014-2665 | Improper Authentication vulnerability in Mediawiki includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue. | 4.0 |
2014-04-19 | CVE-2014-2155 | Improper Input Validation vulnerability in Cisco CNS Network Registrar 7.1 The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437. | 5.0 |
2014-04-19 | CVE-2013-6219 | Local Unauthorized Access vulnerability in HP Hp-Ux Whitelisting A.01.02 Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors. | 3.8 |
2014-04-19 | CVE-2013-6218 | Unspecified vulnerability in HP Network Node Manager I Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |