NetIQ Access Manager Directory Traversal Vulnerability

NetIQ Access Manager is a solution for controlling access to resources from American NetIQ. A directory traversal vulnerability in HF3, version 4.x prior to NetIQ Access Manager 4.0.1, allows remotely authenticated novlwww users to read arbitrary files via external entity declarations containing...

CVE-2014-5215

NetIQ Access Manager (NAM) 4.x prior to 4.0.1 HF3 is affected by CVE-2014-5215. An authenticated administrator can disclose service-account passwords via requests to roma/jsp/volsc/monitoring/dev_services.jsp or roma/jsp/debug/debug.jsp, constituting an information-disclosure vulnerability (impac...

CVE-2014-8007

Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019...

Server side request forgery (ssrf)

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request...

CVE-2014-9355

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint...

DEBIAN-CVE-2014-9324

The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors...

UBUNTU-CVE-2014-9403

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash by adding a channel with the same name as an existing channel but without the leading character, related to a...

CVE-2014-6089

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service disrupted system operations by uploading a file to a protected area...

Code injection

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service disrupted system operations by uploading a file to a protected area...

CVE-2014-6082

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service administration UI outage via unspecified vectors...

Cross site scripting

Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive 1 user account, 2 e-mail address, and 3 role information by visiting the ZenUsers aka User Manager page, aka ZEN-15389...

CVE-2014-6145

CVE-2014-6145 is an XSS flaw in IBM Cognos Business Intelligence server. The vulnerability arises from improper validation of user-supplied input, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Affected versions include IBM Cognos BI 10.1 (before IF1...

CVE-2014-8373

The VMware Remote Console VMRC function in VMware vCloud Automation Center vCAC 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect by Using VMRC" function...

CVE-2014-8010

The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205...

CVE-2014-8103

X.Org Server aka xserver and xorg-server 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index value to the 1 sprocdri3queryversion, 2 sprocdri3open, 3...

DEBIAN-CVE-2014-8093

Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System aka X11 or X X11R6.7, and X.Org Server aka xserver and xorg-server before 1.16.3 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via a crafted request to th...

CVE-2014-8095

CVE-2014-8095 affects X.Org X Server/X11R4 and later up to versions before 1.16.3. A crafted length or index value to a large set of X server/extension handlers (including XInput, DRI2/GLX, Render, XFixes, XI/others) can cause out-of-bounds reads/writes, leading to Denial of Service and potential...

CVE-2014-8098

The GLX extension in XFree86 4.0, X.Org X Window System aka X11 or X X11R6.7, and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index valu...

PT-2014-1849 · X.Org +5 · X.Org Server +5

Name of the Vulnerable Software and Affected Versions: xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-debuginfo version 1.15.0 xorg-x11-server-Xnest version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-Xvfb version 1.15.0...

PT-2014-1853 · X.Org +5 · Xorg-X11-Server +5

Name of the Vulnerable Software and Affected Versions: xorg-x11-server versions 1.7.0 through 1.16.x before 1.16.3 xorg-x11-server-Xdmx version 1.15.0 xorg-x11-server-debuginfo version 1.15.0 xorg-x11-server-Xephyr version 1.15.0 xorg-x11-server-source version 1.15.0 xorg-x11-server-Xnest version...