Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-02
High Risk

Honeywell Falcon Administrative Bypass

(CVE)
Martin Jartelius
High Risk

FreePBX Authentication Bypass / Account Creation

FreePBX
High Risk

PXE Exploit Server

scriptjunkie
High Risk

Pure-FTPd External Authentication Bash Environment Variable Code Injection

(CVE)
Spencer
Medium Risk

WordPress Content Audit 1.6 Blind SQL Injection

(CVE)
Tom Adams
High Risk

PHPCompta/NOALYSS 6.7.1 5638 Remote Command Execution

(CVE)
Jerzy Kramarz
High Risk

Epicor Password Disclosure / Cross Site Scripting

(CVE)
Fara
Medium Risk

TestLink 1.9.11 SQL Injection

(CVE)
Jerzy Kramarz
Low Risk

WordPress Photo Gallery 1.1.30 Cross Site Scripting

(CVE)
Vulnerability La...
High Risk

Bash Me Some More

(CVE)
vixie
Low Risk

Textpattern 4.5.5 Cross Site Scripting

(CVE)
High-Tech Bridge...
2014-10-01
Medium Risk

TP-Link "2-series" switches, all TP-Link VxWorks-based product Multiple vulnerabilities

kvnjs
High Risk

ManageEngine OpManager / Social IT Arbitrary File Upload

(CVE)
Pedro Ribeiro
Low Risk

WordPress All In One Security And Firewall 3.8.3 XSS

Vulnerability La...
2014-09-30
High Risk

GNU Bash 4.3 Command Injection

JSacco
Medium Risk

AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling

indoushka
Low Risk

Internet Explorer 8 Fixed Col Span ID Full ASLR, DEP, And EMET 5.0 Bypass

(CVE)
sickness
Low Risk

Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure

Nate Power
Medium Risk

Bacula-web 5.2.10 SQL Injection

wishnusakti
Low Risk

PayPal Service Manager Script Insertion

Vulnerability La...
Low Risk

PayPal Bill Later Mail Encoding Cross Site Scripting

Vulnerability
2014-09-29
High Risk

DHCP Client Bash Environment Variable Code Injection

(CVE)
Ramon
Medium Risk

Typo3 JobControl 2.14.0 Cross Site Scripting / SQL Injection

Mogwai
Medium Risk

Exinda WAN Optimization Suite 7.0.0 CSRF / XSS

William Costa
Medium Risk

Comersus Sophisticated Cart Database Disclosure

indoushka
2014-09-28
Medium Risk

Oscommerce 2.3.4 XSS / HPP / File Inclusion

indoushka
Medium Risk

Openfiler 2.99.1 Denial Of Service

(CVE)
dolevff
High Risk

Apache mod_cgi Bash Environment Variable Code Injection

(CVE)
Juan vazquez
Low Risk

Get Simple CMS 3.3.3 Information Disclosure / XSS

indoushka
Medium Risk

NDBLOG 0.1 Cross Site Scripting / SQL Injection

indoushka
Low Risk

SmarterTools Smarter Track 6-10 Information Disclosure

Vulnerability La...
Medium Risk

GS Foto Uebertraeger 3.0 iOS File Include Vulnerability

Vulnerability La...
High Risk

Gnu Bash 4.3 CGI Scan Remote Command Injection

(CVE)
Stephane Chazela...
Medium Risk

Nucom ADSL ADSLR5000UN ISP Credential Disclosure

Sebasti&#161...
High Risk

Dhclient Bash Environment Variable Injection

(CVE)
egypt
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-02
2014-09-30
 
CVE-2014-6278
( 10/10 )
 
  GNU BASH
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the Force...
 
CVE-2012-5485
( 6.8/10 )
 
  Plone Plone
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.
 
CVE-2012-5486
( 5/10 )
 
  Plone Plone
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
 
CVE-2012-5487
( 8.5/10 )
 
  Plone Plone
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to...
 
CVE-2012-5488
( 5/10 )
 
  Plone Plone
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
 
CVE-2012-5489
( 6.5/10 )
 
  Plone Plone
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified...
 
CVE-2012-5490
( 4.3/10 )
 
  Plone Plone
Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2012-5491
( 4.3/10 )
 
  Plone Plone
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
 
CVE-2012-5492
( 5/10 )
 
  Plone Plone
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
 
CVE-2012-5493
( 8.5/10 )
 
  Plone Plone
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
 
CVE-2012-5494
( 4.3/10 )
 
  Plone Plone
Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."
 
CVE-2012-5495
( 5/10 )
 
  Plone Plone
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."
 
CVE-2012-5496
( 5/10 )
 
  Plone Plone
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.
 
CVE-2012-5497
( 5/10 )
 
  Plone Plone
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
 
CVE-2012-5498
( 5/10 )
 
  Plone Plone
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
 
CVE-2012-5499
( 5/10 )
 
  Plone Plone
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
 
CVE-2012-5501
( 5/10 )
 
  Plone Plone
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
 
CVE-2012-5502
( 3.5/10 )
 
  Plone Plone
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2012-5503
( 5/10 )
 
  Plone Plone
ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors.
 
CVE-2012-5504
( 4.3/10 )
 
  Plone Plone
Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com