Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-03-06 | CVE-2013-6719 | OS Command Injection vulnerability in IBM Tealeaf CX delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter. | 6.0 |
2014-03-06 | CVE-2013-6315 | Improper Input Validation vulnerability in IBM Enterprise Records and Infosphere Enterprise Records IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
2014-03-06 | CVE-2013-6314 | Cross-Site Scripting vulnerability in IBM Enterprise Records and Infosphere Enterprise Records Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2014-03-06 | CVE-2013-6304 | Path Traversal vulnerability in IBM Algo ONE and Algo Risk Application Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file. | 4.0 |
2014-03-06 | CVE-2013-6201 | Remote Code Execution vulnerability in HP Security Management System Unspecified vulnerability in HP Security Management System 3.3.0, 3.5.0 before patch 1, and 3.6.0 before patch 2 allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
2014-03-06 | CVE-2013-3706 | Path Traversal vulnerability in Novell Zenworks Configuration Management 11.2 Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. | 5.0 |
2014-03-05 | CVE-2014-2245 | SQL Injection vulnerability in Cmsmadesimple CMS Made Simple SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. | 6.0 |
2014-03-05 | CVE-2014-2238 | SQL Injection vulnerability in Mantisbt SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter. | 6.5 |
2014-03-05 | CVE-2014-2236 | Cross-Site Scripting vulnerability in Askbot Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms. | 4.3 |
2014-03-05 | CVE-2014-2235 | Cross-Site Scripting vulnerability in Askbot Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allows remote attackers to inject arbitrary web script or HTML via vectors related to the question search form. | 4.3 |