Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-23
High Risk

Cisco Ironport WSA telnetd Remote Code Execution

(CVE)
Glafkos Charalam...
Medium Risk

iFunBox Free 1.1 Local File Inclusion

Vulnerability La...
Medium Risk

iBackup 10.0.0.32 Local Privilege Escalation

(CVE)
Glafkos Charalam...
High Risk

DotNetNuke DNNspot Store (UploadifyHandler.ashx) 3.0.0 File Upload

Glafkos Charalam...
High Risk

File Manager 4.2.10 Code Execution

Vulnerability La...
Medium Risk

Mulesoft ESB Runtime 3.5.1 Privilege Escalation / Code Execution

Brandon Perry
2014-10-22
Medium Risk

Nova VMware instance in resize state may leak

(CVE)
Tristan Cacquera...
Medium Risk

KVM DoS triggerable by malicious host userspace

(CVE)
Andy
Medium Risk

RESTAURANT SCRIPT SQL Injection Vulnerabilty

jsass
High Risk

Incredible PBX 11 2.0.6.5.0 Remote Command Execution

Simo Ben
High Risk

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

Larry W. Cashdol...
2014-10-21
Medium Risk

AutoWeb v3.0 CMS SQL Injection

Hugo Santiago do...
High Risk

Files Document & PDF 2.0.2 iOS Multiple Vulnerabilities

Vulnerability La...
Medium Risk

FileBug v1.5.1 iOS Path Traversal Web Vulnerability

Vulnerability La...
High Risk

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

(CVE)
Pedro
Low Risk

LiteCart 1.1.2.1 Cross Site Scripting

(CVE)
Onur Yilmaz
Medium Risk

Huawei Mobile Partner DLL Hijacking

Osanda Malith Ja...
Low Risk

Newtelligence dasBlog 2.3 Open Redirect

(CVE)
Wang Jing
Medium Risk

OpenMRS 2.1 Access Bypass / XSS / CSRF

(CVE)
Mahendra
2014-10-20
Medium Risk

Newtelligence dasBlog Open Redirect Vulnerability

(CVE)
Wang Jing
2014-10-19
High Risk

MacOS X 10.9 Hard Link Memory Corruption PoC

(CVE)
CXSECURITY
Medium Risk

Linux PolicyKit Race Condition Privilege Escalation

(CVE)
xi4oyu
Medium Risk

Centreon SQL Injection / Command Injection

(CVE)
MaZ
2014-10-18
High Risk

MacOSX 10.9/XNU HFS Kernel Multiple Vulnerabilities

(CVE)
CXSECURITY
High Risk

MS14-060 Microsoft Windows OLE Package Manager Code Execution

(CVE)
Juan vazquez
High Risk

Fonality Trixbox CE 2.8.0.4 Command Execution

Simo Ben youssef
High Risk

Elastix 2.4.0 Stable XSS / CSRF / Command Execution

Simo Ben youssef
High Risk

Drupal HTTP Parameter Key/Value SQL Injection

(CVE)
Brandon
2014-10-17
Medium Risk

Bypassing HTTP Strict Transport Security

Jose Selvi
Low Risk

Abusing TZ for fun (and little profit)

Jakub Wilk
High Risk

SAP BusinessObjects Explorer 14.0.5 XXE Injection

(CVE)
Stefan Horlacher
Medium Risk

IPy Blacklist Bypass

Nicolas
Medium Risk

NETIS DL4322D XSS / CSRF / DoS

AkaStep
Low Risk

New York Times Cross Site Scripting

Wang Jing
Low Risk

OpenX 2.8.10 Open Redirect

(CVE)
Wang Jing
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-23
2014-10-22
 
CVE-2014-4448
( 1.9/10 )
 
  Apple Iphone os
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
 
CVE-2014-4449
( 6.8/10 )
 
  Apple Iphone os
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-4450
( 1.9/10 )
 
  Apple Iphone os
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within u...
 
CVE-2013-7407
( 6.8/10 )
 
  Drupal Mrbs module
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
 
CVE-2014-7183
( 4.3/10 )
 
  Litecart Litecart
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
 
CVE-2014-8381
( 4.3/10 )
 
  Megapolis Megapolis.portal manager
Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter.
2014-10-21
 
CVE-2012-5242
( 6.8/10 )
 
  Bananadance Banana dance
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
 
CVE-2012-5243
( 5/10 )
 
  Bananadance Banana dance
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
 
CVE-2012-5702
( 4.3/10 )
 
  Dotproject Dotproject
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3...
 
CVE-2013-7406
( 7.5/10 )
 
  Drupal Mrbs module
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2014-4514
( 4.3/10 )
 
  Wordpress Alipay plugin
Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function...
 
CVE-2014-4517
( 4.3/10 )
 
  Wordpress Cbi referral manager
Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter.
 
CVE-2014-4577
( 5/10 )
 
  Wordpress Amasin plugin
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.
 
CVE-2014-5005
( 7.5/10 )
 
  Zohocorp Manageengine desktop central
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
 
CVE-2014-5006
( 7.5/10 )
 
  Zohocorp Manageengine desktop central
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
 
CVE-2014-7140
( 7.5/10 )
 
  Citrix Netscaler application delivery...
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vec...
 
CVE-2014-7280
( 4.3/10 )
 
  Tenable Web ui
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.
 
CVE-2014-8375
( 4.6/10 )
 
  Wordpress Gb gallery slideshow plugin
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php...
 
CVE-2014-8376
( 3.5/10 )
 
  Drupal Site banner module
Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web...
 
CVE-2014-8377
( 4.3/10 )
 
  Webasyst Shop-script
Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com