CVE-2014-3132

CVE-2014-3132 affects SAP Solution Manager 7.1 through SAP Background Processing. The issue is improper access restriction that allows remote authenticated users to disclose sensitive information via an unspecified RFC function. Impact is information disclosure with a CVSS v2 base score of 4.0 (M...

CVE-2014-3131

CVE-2014-3131 affects SAP Solution Manager 7.1 through SAP Profile Maintenance, where access rights are not properly restricted. This allows remote authenticated users to obtain sensitive information via an unspecified RFC function. The available records indicate the vulnerability stems from inad...

CVE-2013-7068

The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field...

CVE-2013-7068

The issue CVE-2013-7068 affects the Drupal Organic Groups (OG) module for Drupal 7.x-2.x, specifically versions prior to 7.x-2.3. The vulnerability allows remote authenticated users to bypass group restrictions on nodes when all groups are configured as optional via an empty group field, enabling...

mongodb: memory over-read via incorrect BSON object length

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service crash or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read...

Code injection

Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php...

CVE-2014-0162

The Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location...

CVE-2012-5017

CVE-2012-5017 affects Cisco IOS before 15.1(1)SY1. The issue arises in the VPN/IKEv2 processing where remote authenticated users can trigger a denial of service (device reload) by establishing a VPN session and sending malformed IKEv2 packets. Connected documents confirm the vulnerable condition,...

CVE-2014-2719

AdvancedSystemContent.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code...

CVE-2013-6469

JBoss Overlord Run Time Governance RTGov 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language MVEL expression. NOTE: some of these details are obtained from third party information...

Code injection

The Network Analysis tab MainAnalysisContent.asp in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field destIP parameter...

CVE-2013-5459

Unspecified vulnerability in IBM Rational Software Architect RSA Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking...

CVE-2013-5948

CVE-2013-5948 documents concrete details: Affected devices are ASUS RT-AC68U and other RT-series routers with firmware before 3.0.0.4.374.5047. The issue resides in the Network Analysis tab (Main_Analysis_Content.asp), where remote authenticated users can cause arbitrary commands to run via shell...

Advantech WebAccess Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from the Zero Day Initiative ZDI concerning vulnerabilities affecting the Advantech WebAccess application. These vulnerabilities were reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others. Advantech has produced an...

CVE-2014-2287

channels/chansip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chansip has a certain configuration, allows remote authenticated users to cause a denial of service...

CVE-2013-7196

PHPFox 3.7.3–3.7.5 contains a flaw in static/ajax.php that allows remote authenticated users to bypass the "Only Me" privacy setting and post a comment on private publications by manipulating the val[item_id] parameter. The root cause is insufficient access control in AJAX comment/like handling, ...

CVE-2014-2879

Dell SonicWall Email Security 7.4.5 and earlier suffer multiple cross-site scripting (XSS) vulnerabilities in the web interface. Remote authenticated administrators can inject arbitrary web script or HTML via the uploadPatch parameter on System/Advanced (settings_advanced.html) or the uploadLicen...

CVE-2013-2143

Summary: CVE-2013-2143 records a privilege-escalation flaw in Katello 1.5.0-14 and earlier (and Red Hat Satellite) where the users controller’s update_roles action does not enforce authorization. This allows remote authenticated users to elevate a normal account to administrator by manipulating t...

CVE-2014-2467

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2445...

CVE-2014-2445

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2467...