Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-11-21
High Risk

Microsoft Internet Explorer OLE Pre-IE11 Code Execution

GradiusX
High Risk

Paid Memberships Pro 1.7.14.2 Path Traversal

(CVE)
Kacper Szurek
High Risk

Advantech EKI-6340 2.05 Command Injection

(CVE)
CORE
High Risk

Advantech AdamView 4.3 Buffer Overflow

(CVE)
CORE
High Risk

WordPress CM Download Manager 2.0.0 Code Injection

(CVE)
Phi Le Ngoc
High Risk

Hikvision DVR RTSP Request Remote Code Execution

Mark Schloesser
Low Risk

WordPress 3.9.2 Cross Site Scripting

Jouko Pynnonen
Medium Risk

Zenario CMS 7.0.2d Cross Site Scripting / Open Redirect

Gjoko 'LiquidWor...
2014-11-20
Medium Risk

Android <5.0 java.io.ObjectInputStream Privilege Escalation

Jann Horn
Low Risk

Joomla Simple Email Form 1.8.5 Cross Site Scripting

(CVE)
High-Tech Bridge...
High Risk

Faronics Deep Freeze Arbitrary Code Execution

(CVE)
Kyriakos Economo...
Medium Risk

Compaq/Hewlett Packard Glance 11.00 Privilege Escalation

(CVE)
Tim Brown
Medium Risk

IO Slaves KDE Insufficient Input Validation

(CVE)
T. Brown and D. ...
Medium Risk

Dolibarr ERP And CRM 3.5.3 SQL Injection

(CVE)
Jerzy Kramarz
2014-11-19
Low Risk

tcpdump 4.6.2 AOVD Unreliable Output

(CVE)
Steffen Bauch
Medium Risk

tcpdump 4.6.2 Geonet Denial Of Service

(CVE)
Steffen Bauch
Medium Risk

tcpdump 4.6.2 OSLR Denial Of Service

(CVE)
Steffen Bauch
Low Risk

phpSound Music Sharing Platform 1.0.5 Cross Site Scripting

(CVE)
Halil Dalabasmaz
Low Risk

Who's Who Script Cross Site Request Forgery

(CVE)
ZoRLu
Medium Risk

Snowfox CMS 1.0 Open Redirect

Gjoko 'LiquidWor...
Low Risk

Snowfox CMS 1.0 Cross Site Request Forgery

Gjoko 'LiquidWor...
2014-11-18
High Risk

Internet Explorer 8 Fixed Col Span ID full ASLR, DEP and EMET 5.1 bypass

(CVE)
ryujin & sic...
High Risk

Samsung Galaxy KNOX Android Browser Remote Code Execution

joev
High Risk

ZTE ZXHN H108L Access Bypass

projectzero
Low Risk

Maarch LetterBox 2.8 Insecure Cookie Handling

ZoRLu
Medium Risk

D-Link DCS-2103 Directory Traversal

MustLive
High Risk

XOOPS 2.5.6 SQL Injection

Manuel Garcia Ca...
Low Risk

Nibbleblog 4.0.1 Cross Site Scripting

Manuel Garcia Ca...
High Risk

MantisBT XmlImportExport Plugin PHP Code Injection

(CVE)
Juan Escobar
Medium Risk

WebsiteBaker 2.8.3 XSS / SQL Injection / HTTP Response Splitting

Manuel Garcia Ca...
Medium Risk

Zoph 0.9.1 Cross Site Scripting / SQL Injection

Manuel Garcia Ca...
Low Risk

Openkm Document Management System 6.4.17 Cross Site Scripting

khalil
Low Risk

FlatNuke 3.1.x Cross Site Scripting

Juri Gianni
2014-11-17
Medium Risk

Linux user namespaces can bypass group-based restrictions

Andy
Medium Risk

Safari 8.0 / OS X 10.10 Crash PoC

w3bd3vil
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-11-21
2014-11-20
 
CVE-2014-2382
( 7.2/10 )
 
  Faronics Deep freeze
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations...
 
CVE-2014-8387
( 9/10 )
 
  Advantech Eki-6340
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.
 
CVE-2014-8995
( 5/10 )
 
  Maarch Letterbox
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
 
CVE-2014-8996
( 4.3/10 )
 
  Nibbleblog Nibbleblog
Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php.
 
CVE-2014-8997
( 7.5/10 )
 
  Digitalvidhya Digi online examination system
Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct r...
 
CVE-2014-8998
( 6.5/10 )
 
  X7chat X7 chat
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
 
CVE-2014-8999
( 6.5/10 )
 
  Xoops Xoops
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
 
CVE-2014-9000
( 6.5/10 )
 
  Mulesoft Mule enterprise management con...
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user....
 
CVE-2014-9001
( 6.5/10 )
 
  Incrediblepbx Incredible pbx 11
reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.
 
CVE-2014-9002
( 10/10 )
 
  Lantronix Xprintserver
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
 
CVE-2014-9003
( 6.8/10 )
 
  Lantronix Xprintserver
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c param...
 
CVE-2014-9004
( 4.3/10 )
 
  Vld interactive Vldpersonals
Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.
 
CVE-2014-9005
( 7.5/10 )
 
  Vld interactive Vldpersonals
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
 
CVE-2014-9006
( 5/10 )
 
  Monstra Monstra
Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.
 
CVE-2014-3625
( 5/10 )
 
  Pivotal Spring framework
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
 
CVE-2014-8493
( 5/10 )
 
  Zteusa Zxhn h108l firmware
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
 
CVE-2014-8767
( 5/10 )
 
  Redhat Tcpdump
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.
 
CVE-2014-8768
( 5/10 )
 
  Redhat Tcpdump
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
 
CVE-2014-8769
( 6.4/10 )
 
  Redhat Tcpdump
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of...
 
CVE-2014-9019
( 6.8/10 )
 
  ZTE Zxdsl
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks vi...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com