Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request. Date published : 2014-07-30 http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive. Date published...
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site. Date published : 2014-07-30 http://www-01.ibm.com/support/docview.wss?uid=swg21678323 https://exchange.xforce.ibmcloud.com/vulnerabilities/92620
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud...
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo...
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. Date published : 2014-07-29 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9761 http://www.exploit-db.com/exploits/33384
Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php. Date published : 2014-07-29 http://www.exploit-db.com/exploits/34173 http://packetstormsecurity.com/files/127642/DirPHP-1.0-Local-File-Inclusion.html
WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter. Date published : 2014-07-29 http://www.securityfocus.com/bid/68519 http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. Date published : 2014-07-29 http://advisories.mageia.org/MGASA-2014-0313.html https://cups.org/str.php?L4455
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. Date published : 2014-07-29 http://advisories.mageia.org/MGASA-2014-0313.html https://cups.org/str.php?L4455
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability...
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an...
Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field. Date published : 2014-07-29 http://www.exploit-db.com/exploits/34170 http://packetstormsecurity.com/files/127634/ZeroCMS-1.0-Cross-Site-Scripting.html
Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2014-07-29 http://www.din.or.jp/~hideyuki/home/cgi/mailer.html http://jvn.jp/en/jp/JVN85748534/index.html