CVE-2014-2622

Unspecified vulnerability in HP Intelligent Management Center iMC before 7.0 E02020P03 and Branch Intelligent Management System BIMS before 7.0 E0201P02 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors, aka ZDI-CAN-2312...

UBUNTU-CVE-2014-4260

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR...

CVE-2014-3317

Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer DNA component in Cisco Unified Communications Manager 10.01 allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314...

Sql injection

SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-3816

Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2, and 14.1 before 14.1...

CVE-2014-3992

Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the 1 entity parameter in an update action to user/fiche.php or 2 sortorder parameter to user/group/index.php...

CVE-2014-3485

The CVE-2014-3485 issue affects oVirt’s ovirt-engine REST API (RHEV/RHEVM 3.4). Affected component: REST API handling within the ovirt-engine/JBoss server. Root cause: XML External Entity (XXE) processing flaw in XML API calls. Impact: remote authenticated users could read arbitrary files accessi...

CVE-2014-3316

The CVE-2014-3316 issue concerns Cisco Unified Communications Manager’s Dialed Number Analyzer (DNA) where the Multip le Analyzer allows an authenticated, remote attacker to bypass upload restrictions by submitting crafted data. The root cause is insufficient parameter validation in the DNA compo...

Raritian PX power distribution software is vulnerable to the cipher zero attack.

Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password. Description CWE-287: Improper...

CVE-2014-2197

CVE-2014-2197 affects Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software prior to 8.1.4. The Admin GUI did not properly implement access control, allowing remote authenticated users to modify administrative credentials via a crafted URL (Privilege Escalation typ...

CVE-2014-3298

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976...

CVE-2014-4688

pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via 1 the hostname value to diagdns.php in a Create Alias action, 2 the smartmonemail value to diagsmart.php, or 3 the database value to statusrrdgraphimg.php...

Design/Logic Flaw

Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors...

LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10010/info It has been reported that LINBOX is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow access to web based administration scripts without proper...

Sagem Routers Remote Auth bypass Exploit

No description provided by source. !/usr/bin/perl Exploit Title: Sagem routers Remote auth bypass Exploit Date: 04/03/2010 Author: AlpHaNiX Software Link: null Version: Sagem Routers F@ST 1200/1240/1400/1400W/1500/1500-WG/2404 Tested on: Sagem F@ST 2404 Code : use HTTP::Request; use HTTP::Headers...

Solaris 10, 11 Telnet - Remote Authentication Bypass

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

Kerio Personal Firewall <= 2.1.4 - Remote Authentication Packet Overflow

No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...

CitrusDB 0.3.6 - Remote Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12560/info CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information. An attacker could exploit thi...

OCS Inventory NG Server <= 1.3.1 (login) Remote Authentication Bypass

No description provided by source. !-- OCS Inventory NG Server = 1.3.1 login Remote Authentication Bypass Software : Open Computer and Software OCS Inventory NG Download : http://www.ocsinventory-ng.org/ Discovered by : Nicolas DEROUET nicolas.derouetgmailcom Discover : 2010-02-05 Published :...

Kerio Personal Firewall 2.1.x Remote Authentication Packet Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/7180/info A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a...