• CVE-2013-2143 2014/04/17
    The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. (CVSS:6.5) (Last Update:2014-04-17)
  • CVE-2011-4089 2014/04/16
    The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. (CVSS:4.6) (Last Update:2014-04-17)
  • CVE-2013-4694 2014/04/16
    Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable […]
  • CVE-2014-2847 2014/04/11
    SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter. (CVSS:7.5) (Last Update:2014-04-14)
  • CVE-2014-2850 2014/04/11
    The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter. (CVSS:8.5) (Last Update:2014-04-14)
  • CVE-2014-2540 2014/04/11
    SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory. (CVSS:7.5) (Last Update:2014-04-14)
  • CVE-2012-6644 2014/04/08
    Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php. (CVSS:4.3) (Last Upd […]
  • CVE-2012-6643 2014/04/08
    Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information. (CVSS:7.5) (Last Update:2014-04-08) […]
  • CVE-2011-5278 2014/04/08
    SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter. (CVSS:7.5) (Last Update:2014-04-08)
  • CVE-2011-5277 2014/04/08
    Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_ […]
  • CVE-2012-2095 2014/04/07
    The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message. (CVSS:6.9) (Last Update:2014-04-08)
  • CVE-2014-2340 2014/04/03
    Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php. (CVSS:6.8) (Last Update:2014-04-19)
  • CVE-2013-7349 2014/03/31
    Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researcher […]
  • CVE-2014-2671 2014/03/31
    Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file. (CVSS:6.8) (Last Update:2014-04-14)
  • CVE-2014-1982 2014/03/31
    The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. (CVSS:10.0) (Last Update:2014-03-31)
  • CVE-2013-5640 2014/03/31
    Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and […]
  • CVE-2009-5141 2014/03/31
    Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 allows remote authenticated users to cause a denial of service (crash) via format string specifiers in a LIST command. (CVSS:4.0) (Last Update:2014-04-01)
  • CVE-2014-2668 2014/03/28
    Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. (CVSS:5.0) (Last Update:2014-04-19)
  • CVE-2013-1604 2014/03/25
    Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. (CVSS:5.0) (Last Update:2014-03-26)
  • CVE-2013-1605 2014/03/25
    Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request. (CVSS:7.5) (Last Update:2014-03-26)

Information Systems Security

Negation Networks is a full spectrum Information Systems Security Solutions provider committed to the absolute highest quality customer service and technical excellence.



 

Negation Networks LLC is a proud participant in the the HoneyNet Project: