Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-11 | CVE-2014-2848 | Race Condition vulnerability in Tenable Nessus and Plugin-Set A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program. | 6.9 |
| 2014-04-11 | CVE-2014-2847 | SQL Injection vulnerability in Construtiva CIS Manager CMS SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. | 7.5 |
| 2014-04-11 | CVE-2014-0172 | Numeric Errors vulnerability in Elfutils Project Elfutils Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow. | 6.8 |
| 2014-04-11 | CVE-2012-6131 | Cross-Site Scripting vulnerability in Roundup-Tracker Roundup Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1. | 4.3 |
| 2014-04-11 | CVE-2012-6130 | Cross-Site Scripting vulnerability in Roundup-Tracker Roundup Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. | 4.3 |
| 2014-04-11 | CVE-2014-2540 | SQL Injection vulnerability in Orbitscripts Orbit Open AD Server 1.1.0 SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory. | 7.5 |
| 2014-04-11 | CVE-2014-2333 | Cross-Site Scripting vulnerability in Marcel Brinkkemper Lazyest-Gallery Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. | 2.6 |
| 2014-04-11 | CVE-2014-1985 | Improper Input Validation vulnerability in Redmine Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter). | 5.8 |
| 2014-04-11 | CVE-2013-6369 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cambridge Enterprise Jbig-Kit Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file. | 6.8 |
| 2014-04-11 | CVE-2013-4795 | Cross-Site Scripting vulnerability in Reviewboard Review Board Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name. | 4.3 |