CVE-2014-0978CVE-2014-0978

Affected configuration(s):

cpe:/a:graphviz:graphviz:2.34.0

Date published: 2014-01-10T12:55:03.237-05:00

Date last modified: 2017-08-28T21:34:23.217-04:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://seclists.org/oss-sec/2014/q1/28

Summary: Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.

CVE-2014-1234CVE-2014-1234

Affected configuration(s):

cpe:/a:paratrooper-newrelic_project:paratrooper-newrelic:1.0.1:-:~-~-~ruby~~

Date published: 2014-01-10T07:02:51.777-05:00

Date last modified: 2014-01-10T12:57:30.427-05:00

CVSS Score: 2.1

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://openwall.com/lists/oss-security/2014/01/08/2

Summary: The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.

CVE-2014-1233CVE-2014-1233

Affected configuration(s):

cpe:/a:tobias_maier:paratrooper-pingdom:1.0.0:-:~-~-~ruby~~

Date published: 2014-01-10T07:02:51.747-05:00

Date last modified: 2014-01-10T12:53:31.767-05:00

CVSS Score: 2.1

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://openwall.com/lists/oss-security/2014/01/08/1

Summary: The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.

CVE-2014-1408CVE-2014-1408

Affected configuration(s):

cpe:/h:conceptronic:c54apm:v2
cpe:/o:conceptronic:c54apm_firmware:1.26

Date published: 2014-01-10T11:47:06.333-05:00

Date last modified: 2014-05-05T11:28:55.473-04:00

CVSS Score: 7.8

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf

Summary: The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.

CVE-2014-1406CVE-2014-1406

Affected configuration(s):

cpe:/h:conceptronic:c54apm:v2
cpe:/o:conceptronic:c54apm_firmware:1.26

Date published: 2014-01-10T11:47:06.160-05:00

Date last modified: 2014-05-05T11:29:18.567-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf

Summary: CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.

CVE-2014-0752CVE-2014-0752

Affected configuration(s):

cpe:/a:ecava:integraxor:3.5.3900.5
cpe:/a:ecava:integraxor:3.5.3900.10
cpe:/a:ecava:integraxor:3.6.4000.0
cpe:/a:ecava:integraxor:3.60.4061
cpe:/a:ecava:integraxor:3.71
cpe:/a:ecava:integraxor:3.71.4200
cpe:/a:ecava:integraxor:3.72
cpe:/a:ecava:integraxor:4.00
cpe:/a:ecava:integraxor:4.1
cpe:/a:ecava:integraxor:4.1.4360

Date published: 2014-01-09T13:07:26.597-05:00

Date last modified: 2014-01-10T09:56:26.270-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01

Summary: The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.

CVE-2014-0621CVE-2014-0621

Affected configuration(s):

cpe:/h:technicolor:tc7200:-
cpe:/o:technicolor:tc7200_firmware:std6.01.12

Date published: 2014-01-08T10:30:02.730-05:00

Date last modified: 2014-05-05T11:23:52.383-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.exploit-db.com/exploits/30667

Summary: Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.