Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-07-29
Medium Risk

Parallels Tools 9.0 Privilege Escalation

Anastasios
High Risk

CMSimple 4.4.4 RFI / Code Execution / Default Password

Indian Haxors Te...
High Risk

Web Encryption Extension Authentication Bypass

Senderek
Low Risk

Barracuda Networks Spam / Virus Firewall 5.1.3 XSS

Vulnerability La...
Low Risk

MasterCard Open Redirect

Anastasios
High Risk

WordPress Slider Revolution Responsive 4.1.4 File Download

Claudio Viviani
Medium Risk

WordPress Lead Octopus Power SQL Injection

Ashiyane Digital...
Medium Risk

WordPress FBGorilla SQL Injection

Ashiyane Digital...
2014-07-28
Low Risk

MyBB 1.6.14 search.php Full Path Disclosure

DemoLisH
High Risk

Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload

(CVE)
Christian Mehlma...
High Risk

Oxwall 1.7.0 Remote Code Execution Exploit

Gjoko 'LiquidWor...
Medium Risk

Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities

Gjoko 'LiquidWor...
Medium Risk

Linux Kernel sctp inherit auth_capable on INIT collisions

Jason
Low Risk

rsync vulnerable to collisions

Michael
Medium Risk

CMS Studyo10 Blind Sql Injection

Felipe Andrian P...
Medium Risk

DirPHP - version 1.0 Local File Inclusion

Chosen
Medium Risk

Sagem F@st 3304-V1 denial of service Vulnerability

Z3ro0ne
Medium Risk

Omeka 2.2 Cross Site Request Forgery / Cross Site Scripting

(CVE)
Gjoko 'LiquidWor...
Medium Risk

Bugzilla 3.x / 4.x Cross Site Request Forgery

(CVE)
Mario Gomes, Byr...
2014-07-27
High Risk

Netgear DGN2200 Password Disclosure

Dolev Farhi
High Risk

Ubiquiti UbiFi Controller 2.4.5 Password Hash Disclosure

(CVE)
Seth Art
Low Risk

Zenoss Monitoring System 4.2.5-2108 Cross Site Scripting

(CVE)
Dolev
Low Risk

Easy File Sharing Persistent Cross Site Scripting

Joseph Giron
2014-07-25
High Risk

Windows Mail Rogue Program.exe Execution

Stefan Kanthak
High Risk

Make 3.81 Heap Overflow

HyP
High Risk

Plesk Sitebuilder XSS / Bypass / Shell Upload / File Download

alieye
High Risk

Pligg <= 2.0.1 SQL Injection / PWD disclosure / RCE

BlackHawk
Medium Risk

MQAC.sys Arbitrary Write Privilege Escalation

(CVE)
Spencer
Low Risk

Ubiquiti AirVision Controller 2.1.3 Weak Settings

(CVE)
Seth
High Risk

BulletProof FTP Client 2010 Buffer Overflow

(CVE)
Gabor Seljan
Low Risk

UniFi / mFi / AirVision Cross Site Request Forgery

(CVE)
sethsec
Medium Risk

WordPress Video Gallery 2.5 Cross Site Scripting / SQL Injection

Claudio Viviani
High Risk

Lian Li NAS Hardcoded Cookie / Bypass / Privilege Escalation

pws
2014-07-24
High Risk

Omeka 2.2.1 Remote Code Execution Exploit

Gjoko 'LiquidWor...
High Risk

TimThumb 2.8.13 Remote Code Execution

(CVE)
u0x
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-07-29
2014-07-27
 
CVE-2014-4725
( 7.5/10 )
 
  Mailpoet Mailpoet newsletters
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-c...
 
CVE-2014-4726
( 7.5/10 )
 
  Mailpoet Mailpoet newsletters
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.
2014-07-26
 
CVE-2014-2363
( 10/10 )
 
  Morpho Itemiser 3
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.
 
CVE-2014-3071
( 4.3/10 )
 
  IBM Infosphere information server
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.
 
CVE-2014-3301
( 5/10 )
 
  Cisco Webex meetings server
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.
 
CVE-2014-3305
( 6.8/10 )
 
  Cisco Webex meetings server
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.
 
CVE-2014-3324
( 4.3/10 )
 
  Cisco Telepresence server software
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID...
 
CVE-2014-3326
( 6.5/10 )
 
  Cisco Security manager
SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.
 
CVE-2014-3328
( 5/10 )
 
  Cisco Unified presence server
The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125.
 
CVE-2014-4858
( 7.5/10 )
 
  Sabreairlinesolutions Crew management
Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
 
CVE-2014-4979
( 9.3/10 )
 
  Apple Quicktime
Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.
 
CVE-2014-2625
( 8.5/10 )
 
  HP Network virtualization
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.
 
CVE-2014-2626
( 9.4/10 )
 
  HP Network virtualization
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-202...
 
CVE-2014-2966
( 5/10 )
 
  Caucho Resin
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism.
 
CVE-2014-4747
( 2.1/10 )
 
  IBM Sametime
The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser.
 
CVE-2014-4748
( 4.3/10 )
 
  IBM Sametime
Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
 
CVE-2014-4857
( 4.3/10 )
 
  Gurock Testrail
Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity.
 
CVE-2014-4971
( 7.2/10 )
 
  Microsoft Windows xp
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the M...
2014-07-25
 
CVE-2014-2227
( 6/10 )
 
  UBNT Unifi video
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin P...
 
CVE-2014-5027
( 4.3/10 )
 
  Reviewboard Review board
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com