api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force...
Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property. Date published : 2014-08-07 http://zerodayinitiative.com/advisories/ZDI-14-133/
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page....
Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors. Date published : 2014-08-06 http://wordpress.org/plugins/all-video-gallery/changelog/
ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and...
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. Date published : 2014-08-06 http://codevigilant.com/disclosure/wp-plugin-tom-m8te-local-file-inclusion
SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page...
SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page...
SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. Date...
SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to...
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated...
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter. Date published : 2014-08-06...
SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to...
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information...