• CVE-2014-5455 2014/08/25
    Unquoted Windows search path vulnerability in the ptservice service in PrivateTunnel 2.3.8, as bundled in OpenVPN 2.1.28.0 allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder. (CVSS:0.0) (Last Update:2014-08-25)
  • CVE-2014-5453 2014/08/25
    Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privileges via a Trojan horse file. (CVSS:0.0) (Last Update:2014-08-25)
  • CVE-2014-5246 2014/08/22
    The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. (CVSS:10.0) (Last Update:2014-08-25)
  • CVE-2014-5349 2014/08/19
    Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function. (CVSS:5.0) (Last Update:2014-08-20)
  • CVE-2014-5347 2014/08/19
    Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comme
  • CVE-2014-3080 2014/08/17
    Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php. (CVSS:4.3) (Last Update:2014-08-18)
  • CVE-2014-3081 2014/08/17
    prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter. (CVSS:6.3) (Last Update:2014-08-21)
  • CVE-2014-3085 2014/08/17
    systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter. (CVSS:7.1) (Last Update:2014-08-21)
  • CVE-2012-5683 2014/08/14
    Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users via a CreateFTP action in the ftp_management module to the default URI, (2) conduct cross-site scripting (XSS) attacks via the inFullname parameter in an Updat
  • CVE-2012-5684 2014/08/14
    Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/. (CVSS:4.3) (Last Update:2014-08-14)
  • CVE-2012-5685 2014/08/14
    SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI. (CVSS:7.5) (Last Update:2014-08-14)
  • CVE-2011-2944 2014/08/12
    SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter. (CVSS:7.5) (Last Update:2014-08-13)
  • CVE-2014-3914 2014/08/07
    Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear
  • CVE-2014-5192 2014/08/07
    SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter. (CVSS:7.5) (Last Update:2014-08-07)
  • CVE-2014-5193 2014/08/07
    Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082. (CVSS:4.3) (Last Update:2014-08-22)
  • CVE-2014-3434 2014/08/06
    Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. (CVSS:6.9) (Last Update:2014-08-07)
  • CVE-2014-5082 2014/08/06
    Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Spider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter. (CVSS:7.5) (Last Update:2014-08-14)
  • CVE-2013-5758 2014/08/03
    cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files. (CVSS:9.0) (Last Update:2014-08-04)
  • CVE-2013-5756 2014/08/03
    Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx. (CVSS:4.0) (Last Update:2014-08-04)
  • CVE-2013-5757 2014/08/03
    Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx. (CVSS:4.0) (Last Update:2014-08-04)

Information Systems Security

Negation Networks is a full spectrum Information Systems Security Solutions provider committed to the absolute highest quality customer service and technical excellence.


 


Real Time DDOS Map Courtesy of ShadowServer.org