CVE-2014-0802CVE-2014-0802

Affected configuration(s):

cpe:/a:aokitaka:zip_with_pass:4.5.7:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.2.1:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.2.2:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.3.0:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.3.4:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.3.5:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.3.7:-:~-~-~android~~
cpe:/a:aokitaka:zip_with_pass_pro:6.3.8:-:~-~-~android~~

Date published: 2014-01-12T13:34:56.000-05:00

Date last modified: 2014-01-13T14:07:31.053-05:00

CVSS Score: 5.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://jvn.jp/en/jp/JVN88313872/index.html

Summary: Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-0618CVE-2014-0618

Affected configuration(s):

cpe:/h:juniper:srx100:-
cpe:/h:juniper:srx110:-
cpe:/h:juniper:srx1400:-
cpe:/h:juniper:srx210:-
cpe:/h:juniper:srx220:-
cpe:/h:juniper:srx240:-
cpe:/h:juniper:srx3400:-
cpe:/h:juniper:srx3600:-
cpe:/h:juniper:srx550:-
cpe:/h:juniper:srx5600:-
cpe:/h:juniper:srx5800:-
cpe:/h:juniper:srx650:-
cpe:/o:juniper:junos:10.4
cpe:/o:juniper:junos:11.4
cpe:/o:juniper:junos:12.1r
cpe:/o:juniper:junos:12.1×44
cpe:/o:juniper:junos:12.1×45

Date published: 2014-01-10T23:44:42.617-05:00

Date last modified: 2017-08-28T21:34:13.090-04:00

CVSS Score: 7.8

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/64769

Summary: Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message.

CVE-2014-0977CVE-2014-0977

Affected configuration(s):

cpe:/a:sixapart:movabletype:5.0:rc2
cpe:/a:sixapart:movabletype:5.01
cpe:/a:sixapart:movabletype:5.2
cpe:/a:sixapart:movabletype:5.2.2
cpe:/a:sixapart:movabletype:5.2.3
cpe:/a:sixapart:movabletype:5.2.6
cpe:/a:sixapart:movabletype:5.2.7
cpe:/a:sixapart:movabletype:5.03
cpe:/a:sixapart:movabletype:5.04
cpe:/a:sixapart:movabletype:5.11
cpe:/a:sixapart:movabletype:5.12
cpe:/a:sixapart:movabletype:5.13
cpe:/a:sixapart:movabletype:5.14
cpe:/a:sixapart:movabletype:5.15
cpe:/a:sixapart:movabletype:5.031
cpe:/a:sixapart:movabletype:6.0

Date published: 2014-01-10T12:55:03.113-05:00

Date last modified: 2017-08-28T21:34:23.153-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304

Summary: Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-0978CVE-2014-0978

Affected configuration(s):

cpe:/a:graphviz:graphviz:2.34.0

Date published: 2014-01-10T12:55:03.237-05:00

Date last modified: 2017-08-28T21:34:23.217-04:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://seclists.org/oss-sec/2014/q1/28

Summary: Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.

CVE-2014-1234CVE-2014-1234

Affected configuration(s):

cpe:/a:paratrooper-newrelic_project:paratrooper-newrelic:1.0.1:-:~-~-~ruby~~

Date published: 2014-01-10T07:02:51.777-05:00

Date last modified: 2014-01-10T12:57:30.427-05:00

CVSS Score: 2.1

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://openwall.com/lists/oss-security/2014/01/08/2

Summary: The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.

CVE-2014-1233CVE-2014-1233

Affected configuration(s):

cpe:/a:tobias_maier:paratrooper-pingdom:1.0.0:-:~-~-~ruby~~

Date published: 2014-01-10T07:02:51.747-05:00

Date last modified: 2014-01-10T12:53:31.767-05:00

CVSS Score: 2.1

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://openwall.com/lists/oss-security/2014/01/08/1

Summary: The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.

CVE-2014-1408CVE-2014-1408

Affected configuration(s):

cpe:/h:conceptronic:c54apm:v2
cpe:/o:conceptronic:c54apm_firmware:1.26

Date published: 2014-01-10T11:47:06.333-05:00

Date last modified: 2014-05-05T11:28:55.473-04:00

CVSS Score: 7.8

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf

Summary: The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.

CVE-2014-1406CVE-2014-1406

Affected configuration(s):

cpe:/h:conceptronic:c54apm:v2
cpe:/o:conceptronic:c54apm_firmware:1.26

Date published: 2014-01-10T11:47:06.160-05:00

Date last modified: 2014-05-05T11:29:18.567-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf

Summary: CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.

CVE-2014-0752CVE-2014-0752

Affected configuration(s):

cpe:/a:ecava:integraxor:3.5.3900.5
cpe:/a:ecava:integraxor:3.5.3900.10
cpe:/a:ecava:integraxor:3.6.4000.0
cpe:/a:ecava:integraxor:3.60.4061
cpe:/a:ecava:integraxor:3.71
cpe:/a:ecava:integraxor:3.71.4200
cpe:/a:ecava:integraxor:3.72
cpe:/a:ecava:integraxor:4.00
cpe:/a:ecava:integraxor:4.1
cpe:/a:ecava:integraxor:4.1.4360

Date published: 2014-01-09T13:07:26.597-05:00

Date last modified: 2014-01-10T09:56:26.270-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01

Summary: The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.

CVE-2014-0621CVE-2014-0621

Affected configuration(s):

cpe:/h:technicolor:tc7200:-
cpe:/o:technicolor:tc7200_firmware:std6.01.12

Date published: 2014-01-08T10:30:02.730-05:00

Date last modified: 2014-05-05T11:23:52.383-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.exploit-db.com/exploits/30667

Summary: Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.