CVE-2014-8886CVE-2014-8886

Affected configuration(s):

cpe:/o:avm:fritz%21_os:6.23

Date published: 2016-01-08T15:59:00.123-05:00

Date last modified: 2016-12-06T22:01:21.440-05:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.html

Summary: AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image.

CVE-2014-7151CVE-2014-7151

Affected configuration(s):

cpe:/a:nex-forms_lite_project:nex-forms_lite:2.1.0::~~~wordpress~~

Date published: 2016-01-08T16:59:01.387-05:00

Date last modified: 2016-01-11T20:22:11.287-05:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://research.g0blin.co.uk/cve-2014-7151/

Summary: Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.

CVE-2014-6444CVE-2014-6444

Affected configuration(s):

cpe:/a:titan_framework_project:titan_framework:1.5::~~~wordpress~~

Date published: 2016-01-08T16:59:00.120-05:00

Date last modified: 2016-01-11T20:21:16.257-05:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://research.g0blin.co.uk/cve-2014-6444/

Summary: Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-preview.php.

CVE-2014-5040CVE-2014-5040

Affected configuration(s):

cpe:/a:eucalyptus:eucalyptus:4.1.1
cpe:/a:eucalyptus:eucalyptus:4.2.0

Date published: 2016-01-04T21:59:00.113-05:00

Date last modified: 2016-01-05T14:42:07.010-05:00

CVSS Score: 4.6

Principal attack vector: NETWORK

Complexity:  HIGH

Reference URL: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04926463

Summary: HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID.