CVE-2013-6922

CVE-2013-6922 concerns Seagate BlackArmor NAS sg2000-2000.1331. Multiple CSRF vulnerabilities allow an attacker to hijack administrator authentication and perform dangerous actions via crafted requests to admin/access_control_user_add.php and related endpoints. Affected device: BlackArmor NAS sg2...

CVE-2010-5297

WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a...

CVE-2010-5296

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...

CVE-2010-5296

CVE-2010-5296 affects WordPress core prior to 3.0.2 in Multisite deployments. The issue is in wp-includes/capabilities.php where the delete_users capability can be exercised without requiring the Super Admin role, allowing remote authenticated administrators to bypass intended access restrictions...

CVE-2014-0009

CVE-2014-0009 affects Moodle in SEPARATEGROUPS mode where outside-group users can perform a problematic LOGIN AS action due to not enforcing the moodle/site:accessallgroups capability. Versions affected: Moodle 2.2.11; 2.3.x before 2.3.11; 2.4.x before 2.4.8; 2.5.x before 2.5.4; 2.6.x before 2.6....

[ MDVSA-2014:004 ] nagios

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:004 http://www.mandriva.com/en/support/security/ Package : nagios Date : January 16, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovere...

Design/Logic Flaw

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876...

CVE-2013-5882

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures...

CVE-2013-3830

Unspecified vulnerability in the Hyperion Strategic Finance component in Oracle Hyperion 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server...

CVE-2014-0393

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB...

Code injection

Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human Resources component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Org and Workforce Dev...

Buffer overflow

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to DM Others...

CVE-2013-7205

Off-by-one error in the processcgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service crash via a long string in the last key value in the variable list,...

CVE-2013-5894

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to OID LDAP server...

CVE-2014-0401

CVE-2014-0401: Unspecified vulnerability in the MySQL Server component affects Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier. It allows remote authenticated users to affect availability via unknown vectors. The Connected documents (e.g., MiracleLinux AXSA advisory, R...

CVE-2014-0393

CVE-2014-0393 affects MySQL/MariaDB: unspecified vulnerability in InnoDB allowing remote authenticated users to affect data integrity in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier. Public advisories note fixes via updated packages (e.g., MariaDB 5.5.35+ per RHSA-2...

CVE-2014-0401

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors...

CVE-2013-7223

Multiple cross-site request forgery CSRF vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protectfromforgery line in app/controllers/applicationcontroller.rb...

Authorization

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...