Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2015-01-27
High Risk

OpenSchool Community Edition 2.2 XSS / Access Bypass

(CVE)
Mahendra
Medium Risk

WordPress Revolution Slider Local File Disclosure

JOK3R
2015-01-26
High Risk

Privoxy 3.0.22 Multiple Vulns

Fabian
High Risk

Wordpress RedSteel Theme Arbitrary File Download Vulnerability

Ashiyane Digital...
2015-01-25
Low Risk

SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability

Vulnerability La...
2015-01-24
High Risk

Cisco Ironport Appliances Privilege Escalation Vulnerability

Glafkos Charalam...
High Risk

Cisco Ironport Appliances Privilege Escalation Vulnerability Exploit

Glafkos Charalam...
Low Risk

SmartCMS 2 Cross Site Scripting

(CVE)
Wang Jing
Medium Risk

SmartCMS 2 SQL Injection

(CVE)
Wang Jing
Medium Risk

ferretCMS 1.0.4-alpha Cross Site Scripting / SQL Injection

Steffen R
2015-01-23
High Risk

libpng 1.6.15 Heap Overflow

(CVE)
Alex Eubanks
Medium Risk

USAA Mobile App Information Disclosure

David Longenecke...
High Risk

Program-O 2.4.6 XSS / LFI / HTTP Response Splitting

Vulnerability La...
Medium Risk

ecommerceMajor SQL Injection

Manish Kishan Ta...
Medium Risk

Alibaba Cross Site Scripting / Open Redirect

Wang Jing
2015-01-22
Low Risk

Jenkins Tomcat Secure and HttpOnly flags are not set for cookies

(CVE)
Yann Rouillard
Medium Risk

OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference

Google Security ...
High Risk

Exif Pilot 4.7.2 Buffer Overflow

Osanda M. Jayath...
Medium Risk

Mangallam SQL Injection

Ashiyane Digital...
High Risk

articleFR CMS 3.0.5 Arbitrary File Upload

Tran Dinh Tien
Medium Risk

RedaxScript 2.1.0 Privilege Escalation

shyamkumar soman...
Medium Risk

Google Drive Information Leak

kevin mcsheehan
High Risk

CAS Server 3.5.2 LDAP Authentication Bypass

(CVE)
Jose Tozo
2015-01-21
High Risk

LizardSquad DDoS Stresser Multiple Vulnerabilities

Vulnerability La...
High Risk

iExplorer 3.6.3 DLL Hijacking Exploit itunesmobiledevice.dll

(CVE)
Vulnerability La...
High Risk

PhotoSync v1.1.3 Android - Command Inject Vulnerability

Vulnerability La...
High Risk

OS X networkd "effective_audit_token" XPC Type Confusion Sandbox Escape

Google Security ...
Medium Risk

OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference

Google Security ...
Medium Risk

YourMembers Blind SQL Injection

(CVE)
Tien Tran Dinh
Medium Risk

ManageEngine Support Center Plus 7916 Directory Traversal

(CVE)
xistence
2015-01-20
Medium Risk

WP eCommerce 3.9.1 plugin XSS & CSRF Web Vulnerability

Neo Hapsis aka 0...
Medium Risk

Invem CMS Admin Bypass Vulnerability

Ashiyane Digital...
High Risk

N-Central Remote Support Manager 14.2.7.171 File Read / Code Execution

Thomas Hibbert
High Risk

VLC Player 2.1.5 Write Access / DEP Access Violation

(CVE)
Veysel HATAS
Medium Risk

McAfee Advanced Threat Defense Sandbox Fingerprinting / Bypass

David Coomber
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2015-01-26
2015-01-26
 
CVE-2014-8148
( 7.2/10 )
 
  Midgard-project Midguard2
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.
 
CVE-2014-8157
( 7.5/10 )
 
  Jasper project Jasper
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overf...
 
CVE-2014-8158
( 6.8/10 )
 
  Jasper project Jasper
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
 
CVE-2014-9571
( 4.3/10 )
 
  Mantisbt Mantisbt
Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.
 
CVE-2014-9572
( 7.5/10 )
 
  Mantisbt Mantisbt
MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.
 
CVE-2014-9573
( 6/10 )
 
  Mantisbt Mantisbt
SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.
 
CVE-2015-1178
( 4.3/10 )
 
  Qualiteam X-cart
Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter.
 
CVE-2015-1179
( 4.3/10 )
 
  Infinite automation systems Mango automation
Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.
 
CVE-2015-1307
( 4.3/10 )
 
  KDE Plasma-workspace
plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.
 
CVE-2015-1308
( 4.3/10 )
 
  KDE Kde-workspace
kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.
2015-01-23
 
CVE-2014-8802
( 5/10 )
 
  Genetechsolutions Pie register
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verif...
 
CVE-2014-9623
( 4/10 )
 
  Openstack Image registry and delivery se...
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.
 
CVE-2014-9638
( 5/10 )
 
  XIPH Vorbis-tools
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
 
CVE-2014-9639
( 5/10 )
 
  XIPH Vorbis-tools
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
 
CVE-2014-9640
( 5/10 )
 
  XIPH Vorbis-tools
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
 
CVE-2015-1176
( 4.3/10 )
 
  Osticket Osticket
Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.
 
CVE-2015-1180
( 4.3/10 )
 
  Eventsentry Eventsentry
Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet.
 
CVE-2015-1200
( 2.1/10 )
 
  Pxz project PXZ
Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions.
 
CVE-2015-1347
( 4.3/10 )
 
  Osticket Osticket
Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
 
CVE-2015-0310
( 10/10 )
 
  Adobe Flash player
Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2015, cxsecurity.com