Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405. Date published : 2014-05-13 http://www.debian.org/security/2014/dsa-2912 http://secunia.com/advisories/58415
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists. Date published :...
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribute. Date published : 2014-05-12 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML. Date published : 2014-05-12 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file. Date published...
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter. Date published : 2014-05-12 https://github.com/microweber/microweber/commit/9177d134960c24cb642d5cf3b42a1fba286219cc http://packetstormsecurity.com/files/123652/Microweber-0.8-Arbitrary-File-Deletion.html
Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project parameter. Date published : 2014-05-12 https://github.com/simplerisk/documentation/raw/master/SimpleRisk%20Release%20Notes%2020130916-001.pdf http://packetstormsecurity.com/files/123455/SimpleRisk-20130915-01-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action. Date published : 2014-05-12 https://github.com/simplerisk/documentation/raw/master/SimpleRisk%20Release%20Notes%2020130916-001.pdf...
lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors. Date published : 2014-05-12 http://seclists.org/fulldisclosure/2013/Sep/18 http://www.vapid.dhs.org/advisories/fog-dragonfly-0.8.2-cmd-inj.html
D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. Date published : 2014-05-12 http://packetstormsecurity.com/files/122314/D-Link-DIR-505L-DIR-826L-Authentication-Bypass.html
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. Date published : 2014-05-12 https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/...
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. Date published :...
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file. Date published : 2014-05-12...
Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos....