Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-09-14
Medium Risk

MantisBT Null byte poisoning in LDAP authentication

(CVE)
Damien
2014-09-13
High Risk

Rooted SSH/SFTP Daemon Default Login Credentials

Larry W. Cashdol...
Medium Risk

Joomla Spider Form Maker 4.3 SQL Injection

Claudio Viviani
High Risk

HttpFileServer 2.3.x Remote Command Execution

(CVE)
Daniele Linguagl...
Low Risk

Food Order Portal 8.3 Cross Site Request Forgery

KnocKout
Low Risk

Travel Portal II 6.0 Cross Site Request Forgery

KnocKout
Low Risk

WordPress Photo Album Plus 5.4.4 Cross Site Scripting

Milhouse
2014-09-12
Low Risk

IBM WebSphere Application Server Cross Site Scripting

G. S. McNamara
Low Risk

Airties Air6372SO Modem Web Interface Cross Site Scripting

KnocKout
Low Risk

OroCRM Cross Site Scripting

Provensec Labs
Medium Risk

Photorange 1.0 Local File Inclusion

Vulnerability La...
High Risk

ManageEngine Eventlog Analyzer Arbitrary File Upload

(CVE)
Pedro
Low Risk

ChatSecure IM 2.2.4 iOS Persistent Web Vulnerability

Vulnerability La...
High Risk

SolarWinds Storage Manager Authentication Bypass

Juan vazquez
High Risk

Railo 4.2.1 Remote File Inclusion

(CVE)
Bryan Alexander
High Risk

WordPress Trinity Theme Arbitrary File Download

Mr.Doel
2014-09-10
High Risk

Apache Tomcat 7.0.39 Remote Code Execution

(CVE)
Pierre Ernst
High Risk

CHICKEN Scheme on the Android platform select() buffer overrun

Moritz
Medium Risk

PHP Stock Management System 1.02 Multiple Vulnerabilty

jsass
High Risk

XRMS Blind SQL Injection / Command Execution

(CVE)
Benjamin Harris
2014-09-09
High Risk

GDB Server Remote Payload Execution

joev
High Risk

Alcasar 2.8 Remote Root Command Execution

eF
High Risk

JobScheduler Path Traversal

(CVE)
Christian Schnei...
Medium Risk

JobScheduler XML eXternal Entity Injection

(CVE)
Christian Schnei...
Low Risk

JobScheduler Cross Site Scripting

(CVE)
Christian Schnei...
Low Risk

WordPress Antioch Arbitrary File Download

Ashiyane Digital...
2014-09-08
Low Risk

vBulletin 5.1.2 Cross Site Scripting

Smash_
Medium Risk

phpMyFAQ 2.8.12 Multiple Vulnerabilities

Smash_
Medium Risk

Joomla Spider Calendar <= 3.2.6 SQL Injection Exploit

Claudio Viviani
Medium Risk

Joomla Spider Calendar Lite SQL Injection

Daniel Barragan ...
Medium Risk

LoadedCommerce7 Systemic Query Factory Vulnerability

Breaking Technol...
Low Risk

IP Board 3.4.6 CSRF Token hjiacking

Piotr S.
High Risk

Wordpress Authentic Theme Arbitrary File Download Vulnerability

Ashiyane Digital...
High Risk

Wordpress epic theme Arbitrary File Download Vulnerability

Ashiyane Digital...
2014-09-07
High Risk

Microsoft Office 2010 registers command lines with unquoted pathnames

Stefan Kanthak
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-09-12
2014-09-12
 
CVE-2012-1556
( 4.3/10 )
 
  Synology Diskstation manager
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
2014-09-11
 
CVE-2011-4887
( 4.3/10 )
 
  Imperva Securesphere web application f...
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the usern...
 
CVE-2012-0984
( 4.3/10 )
 
  Xoops Xoops
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target par...
 
CVE-2012-4240
( 6.5/10 )
 
  Group-office Groupoffice
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
 
CVE-2014-2223
( 7.5/10 )
 
  Plogger Plogger
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then acce...
 
CVE-2014-5129
( 4.3/10 )
 
  Avolvesoftware Projectdox
Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox 8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-5391
( 4.3/10 )
 
  SOS Jobscheduler
Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).
 
CVE-2014-5393
( 4/10 )
 
  SOS Jobscheduler
Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecif...
 
CVE-2014-5460
( 6.5/10 )
 
  Tribulant Tibulant slideshow gallery
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-...
 
CVE-2014-5519
( 7.5/10 )
 
  Phpwiki Phpwiki
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party informatio...
 
CVE-2014-6043
( 6.5/10 )
 
  Zohocorp Manageengine eventlog analyzer
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do.
 
CVE-2014-6070
( 4.3/10 )
 
  Adiscon Loganalyzer
Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.
 
CVE-2014-6231
( 7.5/10 )
 
  Cwt frontend edit project Cwt frontend edit
Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
 
CVE-2014-6232
( 4/10 )
 
  Ldap project LDAP
Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors.
 
CVE-2014-6233
( 7.5/10 )
 
  Flat manager project Flat manager
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2014-6234
( 4.3/10 )
 
  Open graph protocol project Open graph protocol
Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-6235
( 7.5/10 )
 
  Kennziffer Ke dompdf
Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
 
CVE-2014-6236
( 7.5/10 )
 
  Lumonet php include project Lumonet php include
Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links.
 
CVE-2014-6237
( 3.5/10 )
 
  News pack project News pack
Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-6238
( 4.3/10 )
 
  Akronymmanager project Akronymmanager
Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com