Tried, Tested and Proven

Portcullis security advisories are published for significant security issues that require an upgrade, fix, or other action.

In all security publications, we disclose the minimum amount of information required for an end-user to assess the
impact of a vulnerability and any potential steps needed to protect their environment.

Read our Co-ordinated Disclosure Policy.

CVE-2014-5370 – Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet

CVE-2014-7136 – Privilege Escalation In K7 Computing Multiple Products [K7FWFilt.sys]

CVE-2014-8956 – Privilege Escalation In K7 Computing Multiple Products [K7Sentry.sys]

CVE-2014-8608 – Null Pointer Dereference In K7 Computing Multiple Products [K7Sentry.sys]

CVE-2014-5462 – Multiple Authenticated SQL Injections In OpenEMR

CVE-2014-8600 – Insufficient Input Validation By IO Slaves In KDE e.V. KDE

CVE-2014-2382 – Arbitrary Code Execution In Faronics Deep Freeze Standard and Enterprise

CVE-2014-2630 – SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In Compaq/Hewlett Packard Glance For Linux

CVE-2014-4974 – Kernel Memory Leak In ESET Multiple Windows Products

CVE-2014-6033 – XML External Entity Injection In F5 Networks Big-IP

CVE-2014-6032 – XML External Entity Injection In F5 Networks Big-IP

CVE-2014-7178 – Remote Command Execution In Enalean Tuleap

CVE-2014-7177 – Authenticated External XML Entity Injection In Enalean Tuleap

CVE-2014-7176 – Authenticated Blind SQL Injection In Enalean Tuleap

CVE-2014-5387 – Multiple SQL Injection Vulnerabilities In EllisLab ExpressionEngine Core

CVE-2014-7137 – Multiple SQL Injection Vulnerabilities In Dolibarr ERP & CRM

CVE-2014-5308 – Multiple SQL Injection Vulnerabilities In Testlink

CVE-2014-6389 – Remote Command Execution In PHPCompta PHPCompta/NOALYSS

CVE-2014-5071 – SQL Injection In Symmetricom s350i

CVE-2014-5070 – Vertical Privilege Escalation In Symmetricom s350i

CVE-2014-5069 – Stored XSS In Symmetricom s350i

CVE-2014-5068 – Directory Traversal In Symmetricom s350i

CVE-2014-5067 – Arbitrary File Upload In Symmetricom s350i

CVE-2014-5066 – World-writable Files And Directories In Symmetricom s350i

CVE-2014-5065 – Insecure Sudo Configuration In Symmetricom s350i

CVE-2014-5064 – Postgresql Accessible In Symmetricom s350i

CVE-2014-5063 – Hardcoded Default Credentials In Symmetricom s350i

CVE-2014-5062 – Shell Breakout In Symmetricom s350i

CVE-2014-5061 – Remote Root Command Execution In Symmetricom s350i

CVE-2014-5307 – Privilege Escalation In Panda Security

CVE-2014-4973 – Privilege Escalation In ESET Products For Windows

CVE-2014-2595 – Authentication Bypass In Barracuda Web Application Firewall – under further review with the vendor

CVE-2014-2594 – Unauthenticated Configuration File Retrieval In Aruba OS

CVE-2014-2593 – Command Injection in Aruba ClearPass Policy Manager

CVE-2014-2592 – Arbitrary Code Execution In Aruba Web Management Portal

CVE-2014-3074 – Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes In IBM AIX

CVE-2014-2385 – Multiple Cross Site Scripting In Sophos Anti-Virus For Linux local Web UI

CVE-2014-3752 – Arbitrary Code Execution In G Data TotalProtection 2014

CVE-2014-3977 – Libodm Allows Privilege Escalation Via Arbitrary File Writes In IBM AIX

CVE-2014-0907 – SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In IBM DB2

CVE-2014-3445 – Unauthenticated Backup And Password Disclosure In HandsomeWeb SOS Webpages

CVE-2014-3450 – Privilege Escalation In Panda Security

CVE-2014-3449 – Insufficient ACLs In BSS Continuity CMS

CVE-2014-3448 – Remote Code Execution Via Unauthenticated File Upload In BSS Continuity CMS

CVE-2014-3447 – Remote Denial Of Service In BSS Continuity CMS

CVE-2014-3446 – Unauthenticated Blind SQL Injection In BSS Continuity CMS

CVE-2014-2046 – Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211

CVE-2014-2882 – Lack Of SSL Certificate Validation In Citrix Netscaler

CVE-2014-2881 – Poor Quality Implementation Of Diffie-Hellman Key Exchange In Citrix Netscaler

CVE-2014-0930 – Kernel Memory Leak And Denial Of Service Condition In IBM AIX

CVE-2014-2042 – Unrestricted File Upload In Livetecs Timelive

CVE-2014-1217 – Unauthenticated Access To Sensitive Information And Functionality In Livetecs Timelive

CVE-2014-2383 – Arbitrary File Read In dompdf

CVE-2014-2597 – Denial Of Service In PCNetSoftware RAC Server

CVE-2014-2591 – SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In BMC Patrol For AIX

CVE-2013-6216 – SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH In Multiple HP Products For Linux

CVE-2014-2384 – Invalid Pointer Dereference In VMware Workstation And Player

CVE-2014-1222 – Local File Inclusion In Vtiger CRM

CVE-2014-2043 – SQL Injection In Procentia IntelliPen

CVE-2014-2044 – Remote Code Execution In ownCloud

CVE-2014-0379 – Stored XSS In Oracle Demantra

CVE-2014-0372 – SQL Injection In Oracle Demantra

CVE-2014-0371 – Reflective XSS In Oracle Demantra

CVE-2013-5795 – Database Credentials Leak In Oracle Demantra

CVE-2013-5880 – Authentication Bypass In Oracle Demantra

CVE-2013-5877 – Arbitrary File Retrival In Oracle Demantra

CVE-2014-1216 – Remote Code Execution In Fitnesse Wiki

CVE-2014-1223 – Reflective XSS In Telligent Evolution

CVE-2014-1215 – Local Code Execution In Core FTP Server

CVE-2014-1220 – Disclosure Of Database Credentials In IT2 Workstation

CVE-2014-1643 – Unauthorised Access To Other Users Email Messages In Symantec PGP Universal Web Messenger

CVE-2014-1219 – Unauthenticated Privilege Escalation In CA 2E Web Option

CVE-2014-1221 – Local Code Execution In Dameware Mini Remote Control

CVE-2014-1214 – Remote Code Execution In Projoom NovaSFH Plugin

CVE-2014-1213 – Denial Of Service In Sophos Anti Virus