CVE-2015-1476 (ecommercemajor)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1476 Original release date: 02/04/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php. Impact […]

CVE-2015-1475 (mylittleforum)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1475 Original release date: 02/04/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to […]

CVE-2015-1381 (debian_linux, privoxy)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1381 Original release date: 02/03/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Impact CVSS Severity (version 2.0): Impact […]

CVE-2014-9574 (fluxbb)

National Cyber Awareness System Vulnerability Summary for CVE-2014-9574 Original release date: 02/03/2015 Last revised: 02/03/2015 Source: US-CERT/NIST Overview Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter. Impact CVSS Severity […]

CVE-2014-9328 (clamav, fedora)

National Cyber Awareness System Vulnerability Summary for CVE-2014-9328 Original release date: 02/03/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a “heap out of bounds condition.” Impact CVSS Severity (version 2.0): Impact Subscore: 6.4 […]

CVE-2015-0313 (flash_player)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0313 Original release date: 02/02/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Unspecified vulnerability in Adobe Flash Player through 13.0.0.264 and 14.x, 15.x, and 16.x through 16.0.0.296 on Windows and OS X and through 11.2.202.440 on Linux allows remote attackers to execute arbitrary code […]

CVE-2015-0223 (qpid)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0223 Original release date: 02/02/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. Impact CVSS Severity (version 2.0): Impact Subscore: […]

CVE-2014-8613 (freebsd)

National Cyber Awareness System Vulnerability Summary for CVE-2014-8613 Original release date: 02/02/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel […]

CVE-2014-8612 (freebsd)

National Cyber Awareness System Vulnerability Summary for CVE-2014-8612 Original release date: 02/02/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) […]

CVE-2014-0998 (freebsd)

National Cyber Awareness System Vulnerability Summary for CVE-2014-0998 Original release date: 02/02/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 10.1 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in […]