Lucene search
K

10159 matches found

NVD
NVD
added 2014/12/17 12:59 a.m.15 views

CVE-2014-4844

The import/export functionality in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a 1 process application or 2 toolkit...

6.5CVSS6AI score0.01241EPSS
Exploits0References3
Huawei
Huawei
added 2014/12/17 12:0 a.m.38 views

Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product

Huawei eSpace Desktop products have the following vulnerabilities: 1 The program does not implement comprehensive validity check on the QES file imported into the system, causing the system to exit unexpectedly. Vulnerability ID: HWPSIRT-2014-1151 This vulnerability has been assigned Common...

4.4CVSS6.1AI score0.0083EPSS
Exploits15Affected Software1
CVE
CVE
added 2014/12/17 12:0 a.m.55 views

CVE-2014-4844

CVE-2014-4844 affects IBM BPM and WebSphere Lombardi Edition: import/export of process applications and toolkits can be abused by remote authenticated users due to insufficient authorization checks. Affected versions include IBM BPM Standard/Express/Advanced 7.5.x, 8.0.x, and 8.5.x; the issue exi...

6.5CVSS6.2AI score0.01241EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/12/17 12:0 a.m.19 views

CVE-2014-4844

The import/export functionality in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a 1 process application or 2 toolkit...

6AI score0.01241EPSS
Exploits0References3
Prion
Prion
added 2014/12/16 11:59 p.m.19 views

Code injection

IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which...

4.3CVSS6.5AI score0.01822EPSS
Exploits0References5Affected Software3
Fedora
Fedora
added 2014/12/12 4:10 a.m.39 views

[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.13.1-1.fc21

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

5CVSS1.3AI score0.11055EPSS
Exploits6
Fedora
Fedora
added 2014/12/06 10:15 a.m.36 views

[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.12-1.fc21

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

6.5CVSS1.3AI score0.02725EPSS
Exploits3
Fedora
Fedora
added 2014/12/01 6:58 p.m.38 views

[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.12-1.fc19

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

6.5CVSS1.3AI score0.02725EPSS
Exploits3
OwnCloud
OwnCloud
added 2014/11/25 6:40 p.m.36 views

CSRF in "bookmarks" application - ownCloud

Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...

6.8CVSS5.9AI score0.00828EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/11/25 3:0 p.m.49 views

Server: CSRF in "bookmarks" application

Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...

6.8CVSS5.9AI score0.00828EPSS
Exploits0Affected Software1
NVD
NVD
added 2014/11/18 3:59 p.m.26 views

CVE-2014-8598

The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to 1 upload arbitrary XML files via the import page or 2 obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code...

6.4CVSS6AI score0.38463EPSS
Exploits2References7
UbuntuCve
UbuntuCve
added 2014/11/18 3:59 p.m.26 views

CVE-2014-8598

The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to 1 upload arbitrary XML files via the import page or 2 obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code...

6.4CVSS6.3AI score0.38463EPSS
Exploits2References3
Prion
Prion
added 2014/11/18 3:59 p.m.30 views

Code injection

The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to 1 upload arbitrary XML files via the import page or 2 obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code...

6.4CVSS7.5AI score0.50561EPSS
Exploits8References7Affected Software1
Cvelist
Cvelist
added 2014/11/18 3:0 p.m.28 views

CVE-2014-8598

The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to 1 upload arbitrary XML files via the import page or 2 obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code...

5.9AI score0.38463EPSS
Exploits2References7
CVE
CVE
added 2014/11/18 3:0 p.m.67 views

CVE-2014-8598

CVE-2014-8598 affects MantisBT 1.2.x via the XML Import/Export plugin, which could allow unauthorized attackers to upload arbitrary XML files or obtain sensitive information due to insufficient access restrictions. This is explicitly stated in connected documents as part of multiple vulnerabiliti...

6.4CVSS5.9AI score0.38463EPSS
Exploits2References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/11/17 12:0 a.m.40 views

RHEL 5 : vdsm (RHSA-2010:0473)

Updated vdsm packages that fix one security issue, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

2.1CVSS5.5AI score0.00374EPSS
Exploits0References3
NVD
NVD
added 2014/11/16 5:59 p.m.17 views

CVE-2014-0228

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for 1 import and 2 export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI...

3.5CVSS6.1AI score0.03498EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2014/11/12 12:0 a.m.51 views

mantisbt: arbitrary code execution and unrestricted access

CVE-2014-7146 arbitrary code execution When importing data with the plugin, user input passed through the "description" field and the "issuelink" attribute of the uploaded XML file isn't properly sanitized before being used in a call to the pregreplace function which uses the 'e' modifier. This...

7.5CVSS2.6AI score0.50561EPSS
Exploits8References7
OSV
OSV
added 2014/10/29 11:30 a.m.5 views

MGASA-2014-0433 Updated zabbix package fixes security vulnerability

It was reported that the Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local...

9.8CVSS9AI score0.05303EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2014/10/21 12:0 a.m.247 views

openSUSE Security Update : bash (openSUSE-SU-2014:1308-1) (Shellshock)

Replace patches bash-4.2-heredoc-eof-delim.patch and bash-4.2-parse-exportfunc.patch with the official upstream patch levels bash42-052 and bash42-053 - Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level bash42-051 - Make bash-4.2-extra-import-func.patch an optional patch due...

10CVSS7.6AI score0.99999EPSS
Exploits141References6
Rows per page
Query Builder