Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-09-20
Medium Risk

ArticleFR 11.06.2014 (data.php) - Privilege Escalation

(CVE)
High-Tech Bridge...
Low Risk

Feng Office Cross Site Scripting

(CVE)
Provensec
Low Risk

Ganeti Insecure Archive Permission

(CVE)
Helga Velroyen
Low Risk

ntopng 1.2.0 Cross Site Scripting

(CVE)
Steffen Bauch
High Risk

PhpWiki Ploticus Command Injection

(CVE)
Benjamin Harris
Medium Risk

ace /tmp file vulnerability

(CVE)
Helmut
High Risk

Plogger Authenticated Arbitrary File Upload

(CVE)
b0z
Low Risk

MailEnable Enterprise 6.5 XSS

(CVE)
loneferret
High Risk

GetSimpleCMS PHP File Upload

Ahmed
Low Risk

Nokia Asha 501 Lock Bypass

Hammad Shamsi
Low Risk

M/Monit 3.2.2 Cross Site Request Forgery

(CVE)
Dolev Farhi
2014-09-19
Low Risk

Netgear Download Center Cross Site Scripting / Open Redirect

Claudio Viviani
High Risk

Apple Foundation NSXMLParser XML eXternal Entity (XXE)

(CVE)
George D. Gal
Low Risk

WatchGuard XTM 11.8.3 Cross Site Scripting

William
Low Risk

Oracle MyOracle Filter Bypass

Vulnerability La...
2014-09-18
Low Risk

Nokia Asha Lock Code Bypass

Muhammad Shahmee...
Medium Risk

webEdition 6.3.8.0 Path Traversal

(CVE)
High-Tech Bridge...
Medium Risk

seafile-server 3.1.5 Denial Of Service

retset
Low Risk

MODX Revolution 2.3.1-pl Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

Livefyre LiveComments 3.0 Cross Site Scripting

Brij Kishore Mis...
Low Risk

OsClass 3.4.1 Cross Site Scripting

(CVE)
Omar Kurt
Medium Risk

OsClass 3.4.1 Local File Inclusion

(CVE)
Omar Kurt
Low Risk

WordPress WP-Ban 1.62 Bypass

(CVE)
Tom Adams
Medium Risk

ClassApps SelectSurvey.net 4.124.004 SQL Injection

(CVE)
Anonymous
Medium Risk

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS

Tom Adams
Low Risk

MIUI Wifi Connection Message Wireless Enable

nipc
Low Risk

MIUI Torch Enable

nipc
Low Risk

Android Bluetooth Enable

nipc
2014-09-17
High Risk

Phpwiki Ploticus Remote Code Execution

(CVE)
us3r777
Low Risk

CM Browser SOP Bypass

Rafay Baloch
Medium Risk

OSSEC 2.8 umask Clear Text Passwords

aramosf
Medium Risk

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

Pietro Minniti
Low Risk

In-Portal CMS 5.2.0 Cross Site Scripting

MustLive
High Risk

Delphi And C++ Builder VCL Library Heap Buffer Overflow

(CVE)
Core
Medium Risk

Laravel 2.1 Hash::make() bcrypt Truncation

u0x
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-09-22
2014-09-22
 
CVE-2014-2942
( 7.2/10 )
 
  Cobham Aviator 700d
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal a...
 
CVE-2014-3637
( 2.1/10 )
 
  D-bus project D-bus
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descri...
 
CVE-2014-3638
( 2.1/10 )
 
  D-bus project D-bus
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
 
CVE-2014-7153
( 6.5/10 )
 
  Huge-it Image gallery
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/ad...
2014-09-21
 
CVE-2014-5316
( 4.3/10 )
 
  Dotclear Dotclear
Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.
 
CVE-2014-5320
( 5/10 )
 
  Bump project BUMP
The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application.
 
CVE-2014-5321
( 5.8/10 )
 
  Filemaker Filemaker pro
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability ex...
 
CVE-2014-5322
( 4.3/10 )
 
  Filemaker Filemaker pro
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exist...
 
CVE-2014-6602
( 6.6/10 )
 
  Microsoft Nokia asha 501 software
Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or dial arbitrary telephone numbers, by tapping the SOS...
2014-09-20
 
CVE-2014-0985
( 6.8/10 )
 
  Advantech Advantech webaccess
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.
 
CVE-2014-0986
( 6.8/10 )
 
  Advantech Advantech webaccess
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.
 
CVE-2014-0987
( 6.8/10 )
 
  Advantech Advantech webaccess
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.
 
CVE-2014-0988
( 6.8/10 )
 
  Advantech Advantech webaccess
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.
 
CVE-2014-0989
( 6.8/10 )
 
  Advantech Advantech webaccess
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.
 
CVE-2014-0990
( 6.8/10 )
 
  Advantech Advantech webaccess
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter.
 
CVE-2014-0991
( 6.8/10 )
 
  Advantech Advantech webaccess
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter.
 
CVE-2014-0992
( 6.8/10 )
 
  Advantech Advantech webaccess
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter.
 
CVE-2014-6421
( 5/10 )
 
  Wireshark Wireshark
Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissector...
 
CVE-2014-6422
( 5/10 )
 
  Wireshark Wireshark
The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.
 
CVE-2014-6423
( 5/10 )
 
  Wireshark Wireshark
The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com