CVE-2014-8558

CVE-2014-8558 affects JExperts Channel Platform 5.0.33_CCB. The vulnerability is an authorization bypass where the attacker can tamper with GET parameters named action and key to escalate privileges. authenticated users with restricted access (e.g., read-only) can access other users’ requests or ...

DEBIAN-CVE-2014-8417

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...

CVE-2014-8417

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...

CVE-2014-8417

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...

Xxe

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...

CVE-2014-8418

CVE-2014-8418 affects Asterisk Open Source: DB dialplan function allows remote authenticated users to gain privileges via a call from an external protocol (AMI). Affected: 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, 13.x before 13.0.1; Certified Asterisk 1.8.x before 1.8.28-cer...

CVE-2014-7834

CVE-2014-7834 – Moodle : Affected: Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3. Component: mod/forum/externallib.php. Issue: does not verify group permissions when using the forum_get_discussions web service. Root cause: missing verification of group permissions in the forum web service call...

Design/Logic Flaw

IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2014-8387

cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi...

CVE-2014-6625

CVE-2014-6625 concerns Aruba Networks ClearPass Policy Manager. The vulnerability affects ClearPass before 6.3.6 and 6.4.x before 6.4.1, where remote authenticated users can gain privileges. The available documents specify the impact (privilege escalation) and affected versions, but do not disclo...

CVE-2014-6324

The Kerberos Key Distribution Center KDC in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a...

mysql: unspecified vulnerability related to SERVER:MEMORY STORAGE ENGINE (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE...

mysql: unspecified vulnerability related to CLIENT:MYSQLDUMP (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP...

mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC...

mysql: unspecified vulnerability related to SERVER:CHARACTER SETS (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS...

mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML...

mysql: Remote Preauth User Enumeration flaw

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...

mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML...

mysql: Remote Preauth User Enumeration flaw

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...

mysql: unspecified vulnerability related to SRCHAR (CPU July 2014)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR...