CVE List - 2014 / March
Showing 301 - 400 of 540 CVEs for March 2014 (Page 4 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2014-1701 | 2014-03-16 | The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to... |
| CVE-2014-1702 | 2014-03-16 | Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of... |
| CVE-2014-1703 | 2014-03-16 | Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging... |
| CVE-2014-1704 | 2014-03-16 | Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown... |
| CVE-2014-1705 | 2014-03-16 | Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption)... |
| CVE-2014-1706 | 2014-03-16 | crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors. |
| CVE-2014-1707 | 2014-03-16 | Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors. |
| CVE-2014-1708 | 2014-03-16 | The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2014-1710 | 2014-03-16 | The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory... |
| CVE-2014-1711 | 2014-03-16 | The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via... |
| CVE-2014-1713 | 2014-03-16 | Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows,... |
| CVE-2014-1714 | 2014-03-16 | The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote... |
| CVE-2014-1715 | 2014-03-16 | Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. |
| CVE-2014-2246 | 2014-03-16 | Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2014-2247 | 2014-03-16 | The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors. |
| CVE-2014-2248 | 2014-03-16 | Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and... |
| CVE-2014-2249 | 2014-03-16 | Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to... |
| CVE-2014-2251 | 2014-03-16 | The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection... |
| CVE-2014-2253 | 2014-03-16 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets. |
| CVE-2014-2255 | 2014-03-16 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets. |
| CVE-2014-2257 | 2014-03-16 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets. |
| CVE-2014-2259 | 2014-03-16 | Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets. |
| CVE-2013-6438 | 2014-03-18 | The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to... |
| CVE-2014-0098 | 2014-03-18 | The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash)... |
| CVE-2014-1975 | 2014-03-18 | Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. |
| CVE-2014-1976 | 2014-03-18 | The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-2532 | 2014-03-18 | sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before... |
| CVE-2014-2533 | 2014-03-18 | /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. |
| CVE-2014-2534 | 2014-03-18 | /sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root... |
| CVE-2012-5641 | 2014-03-18 | Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers... |
| CVE-2012-5650 | 2014-03-18 | Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2013-0201 | 2014-03-18 | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter... |
| CVE-2013-2619 | 2014-03-18 | Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI. |
| CVE-2013-2641 | 2014-03-18 | Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter. |
| CVE-2013-2642 | 2014-03-18 | Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in... |
| CVE-2013-2643 | 2014-03-18 | Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action... |
| CVE-2013-3938 | 2014-03-18 | Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a... |
| CVE-2014-0057 | 2014-03-18 | The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors. |
| CVE-2014-0132 | 2014-03-18 | The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI... |
| CVE-2014-1608 | 2014-03-18 | SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP... |
| CVE-2014-2087 | 2014-03-18 | Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute... |
| CVE-2014-2241 | 2014-03-18 | The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of... |
| CVE-2014-2535 | 2014-03-18 | Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request... |
| CVE-2014-2536 | 2014-03-18 | Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows... |
| CVE-2014-2537 | 2014-03-18 | Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. |
| CVE-2014-2121 | 2014-03-19 | The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667,... |
| CVE-2014-2122 | 2014-03-19 | Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka... |
| CVE-2014-2120 | 2014-03-19 | Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,... |
| CVE-2014-1493 | 2014-03-19 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a... |
| CVE-2014-1494 | 2014-03-19 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash)... |
| CVE-2014-1496 | 2014-03-19 | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during... |
| CVE-2014-1497 | 2014-03-19 | The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap... |
| CVE-2014-1498 | 2014-03-19 | The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service... |
| CVE-2014-1499 | 2014-03-19 | Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at... |
| CVE-2014-1500 | 2014-03-19 | Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. |
| CVE-2014-1501 | 2014-03-19 | Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu... |
| CVE-2014-1502 | 2014-03-19 | The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a... |
| CVE-2014-1504 | 2014-03-19 | The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers... |
| CVE-2014-1505 | 2014-03-19 | The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and... |
| CVE-2014-1506 | 2014-03-19 | Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial... |
| CVE-2014-1507 | 2014-03-19 | Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted... |
| CVE-2014-1508 | 2014-03-19 | The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory,... |
| CVE-2014-1509 | 2014-03-19 | Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers... |
| CVE-2014-1510 | 2014-03-19 | The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with... |
| CVE-2014-1511 | 2014-03-19 | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. |
| CVE-2014-1512 | 2014-03-19 | Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers... |
| CVE-2014-1513 | 2014-03-19 | TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object,... |
| CVE-2014-1514 | 2014-03-19 | vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy... |
| CVE-2013-5952 | 2014-03-19 | Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id... |
| CVE-2013-5953 | 2014-03-19 | Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or... |
| CVE-2013-5955 | 2014-03-19 | Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in... |
| CVE-2014-1977 | 2014-03-19 | The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of... |
| CVE-2014-1978 | 2014-03-19 | The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content... |
| CVE-2014-1979 | 2014-03-19 | The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods... |
| CVE-2014-2339 | 2014-03-19 | Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter. |
| CVE-2014-1970 | 2014-03-20 | Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. |
| CVE-2014-1971 | 2014-03-20 | Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-0805 | 2014-03-20 | Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML... |
| CVE-2013-3249 | 2014-03-20 | Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary... |
| CVE-2014-1609 | 2014-03-20 | Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function... |
| CVE-2014-1904 | 2014-03-20 | Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2014-2077 | 2014-03-20 | Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2014-2219 | 2014-03-20 | Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2014-2280 | 2014-03-20 | Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
| CVE-2013-6401 | 2014-03-20 | Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted... |
| CVE-2011-3195 | 2014-03-20 | shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options. |
| CVE-2011-3196 | 2014-03-20 | The setup script in Domain Technologie Control (DTC) before 0.34.1 uses world-readable permissions for /etc/apache2/apache2.conf, which allows local users to obtain the dtcdaemons MySQL password by reading the file. |
| CVE-2011-3197 | 2014-03-20 | SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT... |
| CVE-2011-3198 | 2014-03-20 | Domain Technologie Control (DTC) before 0.34.1 includes a password in the -b command line argument to htpasswd, which might allow local users to read the password by listing the process... |
| CVE-2011-3199 | 2014-03-20 | Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a... |
| CVE-2014-0002 | 2014-03-20 | The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing... |
| CVE-2014-0003 | 2014-03-20 | The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. |
| CVE-2011-5272 | 2014-03-20 | SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally... |
| CVE-2011-5273 | 2014-03-20 | Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter... |
| CVE-2011-5274 | 2014-03-20 | The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action... |
| CVE-2011-5275 | 2014-03-20 | The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges. |
| CVE-2011-5276 | 2014-03-20 | SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter. |
| CVE-2013-7340 | 2014-03-20 | VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file. |
| CVE-2014-0708 | 2014-03-20 | WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access... |
| CVE-2014-2119 | 2014-03-20 | The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before... |