Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet. Date published : 2014-06-16 http://www.securityfocus.com/bid/68023 http://www.securityfocus.com/archive/1/532410/100/0/threaded
The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 through 3.10, SEIL/X1 routers 1.00 through 4.50, SEIL/X2 routers 1.00 through 4.50, SEIL/B1 routers 1.00 through 4.50, SEIL/Turbo routers 1.80 through 2.17, and SEIL/neu...
JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a...
The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a...
Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed...
Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2014-06-14 http://jvn.jp/en/jp/JVN58029817/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000051
IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine. Date published :...
A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists...
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request. Date published : 2014-06-13 http://www.securityfocus.com/bid/45579 http://www.exploit-db.com/exploits/15834
Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2014-06-13 http://sourceforge.net/p/geshi/code/2508/ http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105317.html
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter. Date...
Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict access to unspecified AJAX functionality, which allows remote attackers to bypass authentication via unknown vectors. Date published : 2014-06-13 http://www.securityfocus.com/bid/64102 http://secunia.com/secunia_research/2013-12/
Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request...
Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to services/comments/set, which is not properly handled when executing the...