Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-11 | CVE-2014-2333 | Cross-Site Scripting vulnerability in Marcel Brinkkemper Lazyest-Gallery Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. | 2.6 |
| 2014-04-05 | CVE-2001-1593 | Link Following vulnerability in GNU A2Ps The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file. | 2.1 |
| 2014-04-02 | CVE-2014-2553 | Cross-Site Scripting vulnerability in Otrs Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields. | 3.5 |
| 2014-04-02 | CVE-2014-0901 | Cross-Site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1 Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-04-01 | CVE-2012-0032 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Operations Network Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials. | 3.7 |
| 2014-04-01 | CVE-2011-4573 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Operations Network Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail. | 3.5 |
| 2014-03-31 | CVE-2013-7347 | Permissions, Privileges, and Access Controls vulnerability in Redhat Conga and Enterprise Linux Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. | 3.7 |
| 2014-03-29 | CVE-2014-2670 | Cross-Site Scripting vulnerability in Zohocorp Manageengine Opstor 8.3 Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344. | 3.5 |
| 2014-03-26 | CVE-2014-1826 | Cross-Site Scripting vulnerability in Ithoughts Ithoughtshd 4.19 Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML via a crafted map name. | 2.6 |
| 2014-03-26 | CVE-2014-0848 | Cryptographic Issues vulnerability in IBM Netezza Performance Portal The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | 3.5 |