CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2014

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2013-1941 310 2014-06-04 2014-06-04
5.0
None Remote Low Not required None Partial None
The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack.
402 CVE-2013-1841 264 Bypass 2014-06-13 2017-08-28
4.3
None Remote Medium Not required None Partial None
Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter.
403 CVE-2013-1818 200 +Info 2014-06-02 2017-08-28
5.0
None Remote Low Not required Partial None None
maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.
404 CVE-2013-1756 94 Exec Code 2014-06-09 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
405 CVE-2013-1412 94 2 Exec Code 2014-06-02 2014-06-03
7.5
None Remote Low Not required Partial Partial Partial
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
406 CVE-2013-1397 94 Exec Code 2014-06-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.
407 CVE-2013-1348 94 Exec Code 2014-06-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.
408 CVE-2013-1068 264 +Priv 2014-06-19 2014-06-20
5.0
None Remote Low Not required None Partial None
The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.
409 CVE-2013-0733 Exec Code 2014-06-05 2019-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file.
410 CVE-2013-0304 264 CSRF 2014-06-05 2014-06-05
4.0
None Remote Low Single system Partial None None
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.
411 CVE-2013-0302 +Info 2014-06-05 2014-06-24
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK.
412 CVE-2013-0250 DoS 2014-06-06 2014-06-09
5.0
None Remote Low Not required None None Partial
The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.
413 CVE-2013-0204 94 Exec Code 2014-06-04 2014-06-04
4.6
None Remote High Single system Partial Partial Partial
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.
414 CVE-2013-0191 287 Bypass 2014-06-03 2017-08-28
5.0
None Remote Low Not required None Partial None
libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.
415 CVE-2012-6143 94 Exec Code 2014-06-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
416 CVE-2012-6142 94 Exec Code 2014-06-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
417 CVE-2012-6141 94 Exec Code 2014-06-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized.
418 CVE-2012-5583 310 2014-06-06 2017-08-28
5.8
None Remote Medium Not required Partial Partial None
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
419 CVE-2012-5395 2014-06-02 2014-06-03
6.8
None Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.
420 CVE-2012-5391 2014-06-02 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.
421 CVE-2012-5390 264 +Priv 2014-06-06 2014-06-09
10.0
None Remote Low Not required Complete Complete Complete
The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.
422 CVE-2012-5336 20 2014-06-04 2014-06-04
4.0
None Remote Low Single system Partial None None
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
423 CVE-2012-5106 119 1 Exec Code Overflow 2014-06-20 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.
424 CVE-2012-5057 Http R.Spl. 2014-06-04 2014-06-04
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.
425 CVE-2012-5056 79 XSS 2014-06-04 2014-06-04
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.
426 CVE-2012-4728 DoS 2014-06-05 2017-08-28
4.3
None Remote Medium Not required None None Partial
The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file.
427 CVE-2012-3522 79 XSS 2014-06-13 2014-06-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
428 CVE-2012-3521 22 Dir. Trav. 2014-06-13 2014-06-13
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.
429 CVE-2012-2592 79 1 XSS 2014-06-18 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
430 CVE-2012-2591 79 2 XSS 2014-06-20 2017-08-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.
431 CVE-2012-2580 79 1 XSS 2014-06-20 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email.
432 CVE-2012-2579 79 1 XSS 2014-06-20 2017-08-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email.
433 CVE-2012-2572 79 1 XSS 2014-06-19 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.
434 CVE-2012-2569 79 1 XSS 2014-06-19 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
435 CVE-2012-2052 119 Exec Code Overflow 2014-06-19 2014-06-20
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments element.
436 CVE-2012-1621 79 XSS 2014-06-19 2018-05-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information.
437 CVE-2012-0273 119 Exec Code Overflow 2014-06-20 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c.
438 CVE-2011-5280 119 DoS Overflow 2014-06-02 2014-06-03
5.0
None Remote Low Not required None None Partial
Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.
439 CVE-2011-4821 22 Dir. Trav. 2014-06-20 2014-06-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors.
440 CVE-2011-4367 22 Dir. Trav. 2014-06-19 2017-08-28
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
441 CVE-2011-3625 119 DoS Exec Code Overflow 2014-06-11 2014-06-12
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.
442 CVE-2011-2592 119 Exec Code Overflow 2014-06-18 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header.
443 CVE-2011-1381 264 Bypass 2014-06-27 2014-06-30
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors.
444 CVE-2010-5301 119 1 Exec Code Overflow 2014-06-13 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request.
445 CVE-2010-5300 119 1 DoS Exec Code Overflow 2014-06-11 2014-06-12
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.
446 CVE-2010-5111 119 DoS Exec Code Overflow 2014-06-16 2014-06-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted reply in the (1) TLS_readline or (2) SSL_readline function, related to the EchoPingHttps Smokeping probe.
447 CVE-2009-5023 59 2014-06-10 2014-06-24
4.7
None Local Medium Not required None Complete None
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.
Total number of vulnerabilities : 447   Page : 1 2 3 4 5 6 7 8 9 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.