mysql: unspecified vulnerability related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML...

mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC...

CVE-2014-7246

The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service infinite loop via a crafted cookie in a request...

CVE-2014-8735

The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" permission to obtain sensitive information by reading a log file...

Design/Logic Flaw

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance IWSVA before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters...

CVE-2014-8510

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance IWSVA before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters...

Code injection

The Unified Messaging Service UMS in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493...

Design/Logic Flaw

OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...

UBUNTU-CVE-2014-0204

OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...

UBUNTU-CVE-2014-3684

The tmadopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager aka TORQUE Resource Manager 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary...

CVE-2014-3684

CVE-2014-3684 affects the TORQUE Resource Manager (lib/Libifl/tm.c, tm_adopt) across 5.0.x, 4.5.x, 4.2.x and earlier. The root cause is that the owner of a process is not validated to also own the adopted session id, enabling remote authenticated users to kill arbitrary processes via a crafted ex...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...

CVE-2014-3520

OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...

DEBIAN-CVE-2014-5026

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

CVE-2014-5026

CVE-2014-5026 is a cross-site scripting (XSS) vulnerability in Cacti, allowing remote authenticated users with console access to inject arbitrary script or HTML through multiple fields (Graph Tree Title, CDEF Name, Data Input Method Name, Host Templates Name, Data Source Title, Graph Title, Graph...

CVE-2014-5275

Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 password, 2 email, or 3 id parameter...

CVE-2014-3978

SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact...

CVE-2014-5276

Multiple cross-site scripting XSS vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via 1 an uploaded profile picture or 2 the edit parameter to profiles/index.php...

Aireplay-ng 1.2 beta3 - tcp_test Length Stack Overflow

Aireplay-ng 1.2 beta3 - tcptest Length Stack Overflow / Exploit Title: Aireplay "tcptest" Length Parameter Inconsistency Date: 10/3/2014 Exploit Author: Nick Sampanis Vendor Homepage: http://www.aircrack-ng.org/ Version: Aireplay-ng 1.2 beta3 Tested on: Kali Linux 1.0.9 x64 CVE : CVE-2014-8322...

CVE-2014-4446

CVE-2014-4446 affects Mail Service on Apple OS X Server prior to 4.0. The SACL changes are cached and not enforced until the Mail service restarts, enabling remote authenticated users to bypass access restrictions in opportunistic circumstances. No explicit remediation details are provided in the...