Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-19 | CVE-2013-6214 | Information Disclosure vulnerability in HP Universal Configuration Management Database 10.01/10.10/9.05 Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042. | 4.0 |
2014-04-19 | CVE-2013-6213 | Remote Code Execution vulnerability in HP LoadRunner Virtual User Generator Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833. | 10.0 |
2014-04-18 | CVE-2014-2597 | Improper Input Validation vulnerability in Remote-Rac RAC Server 4.0.4/4.0.5 PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys, which triggers a buffer over-read. | 4.9 |
2014-04-18 | CVE-2014-2522 | Improper Input Validation vulnerability in Haxx Curl and Libcurl curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | 4.0 |
2014-04-18 | CVE-2014-2289 | Improper Input Validation vulnerability in Digium Asterisk 12.0.0/12.1.0 res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference. | 3.5 |
2014-04-18 | CVE-2014-2288 | Improper Input Validation vulnerability in Digium Asterisk 12.0.0/12.1.0 The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request. | 4.3 |
2014-04-18 | CVE-2014-2287 | Improper Input Validation vulnerability in multiple products channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value. | 3.5 |
2014-04-18 | CVE-2014-2286 | Improper Input Validation vulnerability in multiple products main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. | 7.5 |
2014-04-18 | CVE-2013-7196 | Permissions, Privileges, and Access Controls vulnerability in PHPfox 3.7.3/3.7.4/3.7.5 static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication. | 5.5 |
2014-04-18 | CVE-2013-7195 | Permissions, Privileges, and Access Controls vulnerability in PHPfox 3.7.3/3.7.4 PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication. | 5.5 |