• CVE-2014-5100 2014/07/25
    Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable fi […]
  • CVE-2014-4927 2014/07/24
    Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request. (CVSS:7.8) (Last Update:2014-07-25)
  • CVE-2014-4511 2014/07/22
    Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/. (CVSS:7.5) (Last Update:2014-07-24)
  • CVE-2014-4960 2014/07/21
    Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php. (CVSS:7.5) (Last Update:2014-07-22)
  • CVE-2014-2623 2014/07/17
    Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors. (CVSS:10.0) (Last Update:2014-07-24)
  • CVE-2014-4154 2014/07/16
    ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js. (CVSS:5.0) (Last Update:2014-07-16)
  • CVE-2014-4663 2014/07/15
    TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter. (CVSS:6.8) (Last Update:2014-07-15)
  • CVE-2014-3418 2014/07/15
    config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. (CVSS:10.0) (Last Update:2014-07-15)
  • CVE-2013-6117 2014/07/11
    Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. (CVSS:7.5) (Last Update:2014-07-14)
  • CVE-2014-4718 2014/07/03
    Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extens […]
  • CVE-2014-3857 2014/07/03
    Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php. (CVSS:6.5) (Last Update:2014-07-17)
  • CVE-2014-4716 2014/07/03
    Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity. (CVSS:6.8) (Last Update:2014-07-07)
  • CVE-2014-4644 2014/06/25
    SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter. (CVSS:7.5) (Last Update:2014-07-08)
  • CVE-2014-4643 2014/06/25
    Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command. (CVSS:5.0) (Last Update:2014-06-26)
  • CVE-2014-4645 2014/06/25
    Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. (CVSS:4.3) (Last Update:2014-06-26)
  • CVE-2012-2580 2014/06/20
    Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email. (CVSS:4.3) (Last Update:2014-06-23)
  • CVE-2012-2579 2014/06/20
    Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email. (CVSS:4.3) (Last Update:2014-06-23)
  • CVE-2012-2591 2014/06/20
    Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email. (CVSS:4.3) (Last Update:2014-06-23)
  • CVE-2012-5106 2014/06/20
    Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command. (CVSS:10.0) (Last Update:2014-06-23)
  • CVE-2014-4334 2014/06/19
    Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001. (CVSS:7.5) (Last Update:2014-06-20)

Information Systems Security

Negation Networks is a full spectrum Information Systems Security Solutions provider committed to the absolute highest quality customer service and technical excellence.



 

Negation Networks LLC is a proud participant in the the HoneyNet Project: