CVE-2014-0061

The validator functions for the procedural languages PLs in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is 1 defined in another language or 2 not allowed to b...

CVE-2014-0065

Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063...

Integer overflow

Multiple integer overflows in the pathin and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflo...

UBUNTU-CVE-2014-2669

Multiple integer overflows in contrib/hstore/hstoreio.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the 1 hstorerecv, 2 hstorefromarrays, and 3 hstorefromarray...

CVE-2014-0063

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via vectors related to an incorrect...

CVE-2014-0061

The validator functions for the procedural languages PLs in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is 1 defined in another language or 2 not allowed to b...

CVE-2013-2559

SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands...

CVE-2013-2559

Symphony CMS (before 2.3.2) is affected by a SQL injection in the sort parameter to system/authors/ that can be triggered by remote authenticated users; note that CSRF can enable remote unauthenticated attackers to execute arbitrary SQL commands. The issue is linked to CVE-2013-2559 and is also d...

CVE-2014-0887

The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors...

CVE-2014-0886

CVE-2014-0886 affects IBM Lotus Protector for Mail Security 2.8.x prior to 2.8.1-22905, where the Admin Web UI allows remote authenticated users to bypass access restrictions and execute arbitrary commands via unspecified vectors. Affected product: IBM Lotus Protector for Mail Security (Admin Web...

PYSEC-2014-113

The VMWare driver in OpenStack Compute Nova 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by requesting the VM be put into rescue and then deleting the imag...

CVE-2014-2585

ownCloud before 5.0.15 and 6.x before 6.0.2, when the fileexternal app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration...

CVE-2013-0303

Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered ...

CVE-2013-7344

Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions...

CVE-2011-3197

SQL injection vulnerability in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domaininfo.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272...

CVE-2014-0132

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind...

CVE-2014-2536

Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On MCSSO before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator passwo...

CVE-2014-0132

CVE-2014-0132 affects 389 Directory Server: SASL authentication can be abused via the authzid parameter in a SASL/GSSAPI bind to connect as an arbitrary user and gain privileges. Mageia advisory MGASA-2014-0145 indicates updated 389-ds-base packages fix this vulnerability; apply the vendor-provid...

Directory traversal

Directory traversal vulnerability in apps/filestrashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. dot dot in the dir parameter...

UBUNTU-CVE-2013-2085

Directory traversal vulnerability in apps/filestrashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. dot dot in the dir parameter...