CVE-2014-9224

Cross-site scripting XSS vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection SCSP 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x through 6.0 MP1 allows remote authenticated users ...

CVE-2014-6528

Oracle Siebel CRM 8.1.1 and 8.2.2 are affected by an unspecified vulnerability in the Siebel Core - System Management component. The CVE description indicates remote authenticated access can affect confidentiality via unknown vectors related to Server Infrastructure. The connected Nessus/CNVD/NVD...

CVE-2014-4259

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to System management...

Oracle Solaris Third-Party Patch Update : nova (multiple_vulnerabilities_in_nova)

The remote Solaris system is missing necessary patches to address security updates : - The VMWare driver in OpenStack Compute Nova 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service...

Oracle Solaris Third-Party Patch Update : pidgin (multiple_vulnerabilities_in_pidgin)

The remote Solaris system is missing necessary patches to address security updates : - proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service application crash vi...

Design/Logic Flaw

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller AD DC is configured, allows remote authenticated users to set the LDB userAccountControl UFSERVERTRUSTACCOUNT bit, and consequently gain privileges, by leveraging delegation of...

CVE-2015-1029

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache...

Design/Logic Flaw

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache...

CVE-2014-7814

SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine CFME 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter...

CVE-2015-1029

The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache...

PT-2015-3930 · Red Hat · Red Hat Cloudforms

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms 3.1 Management Engine CFME version 5.3 Description: The issue allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter. This can be achieved by sending a malicious...

CVE-2014-8143

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller AD DC is configured, allows remote authenticated users to set the LDB userAccountControl UFSERVERTRUSTACCOUNT bit, and consequently gain privileges, by leveraging delegation of...

CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

PT-2015-3669 · D Link · D-Link Dap-1360

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 versions 2.5.4 and earlier Description: The issue allows remote attackers to hijack the authentication of unspecified users for requests that change various settings, including Enable Wireless, MBSSID, BSSID, Hide Access Point...

PT-2015-3671 · D Link · D-Link Dap-1360

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 router versions 2.5.4 and earlier Description: The issue allows remote attackers to hijack the authentication of unspecified users for requests, including changing the MAC filter restrict mode, adding a MAC address to the...

Default credentials

VDG Security SENSE formerly DIVA 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response...

CVE-2014-9577

Affected product/variant: VDG Security SENSE (formerly DIVA) version 2.3.13. Vulnerability type: information disclosure via the login process. Root cause / mechanism: the system sends the user database during login, enabling an authenticated remote user to read the response over TCP port 51410. I...

Design/Logic Flaw

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property...

DEBIAN-CVE-2014-8131

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service deadlock or segmentation fault and crash via a request to access...

WordPress Plugin Cart66 Lite 'models/Cart66.php' Directory Traversal Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A directory traversal vulnerability exists in WordPress plugin Cart66 Lite 'models/Cart66.php' versions prior to 1.5.4, which...