Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-12-22
High Risk

PHP 5.6.3 unserialize() execute arbitrary code

(CVE)
Stefan Esser
High Risk

Ekahau Multiple Vulnerabilities

(CVE)
Max Moser, David...
2014-12-21
Medium Risk

Subversion HTTPD servers 1.8.10 DoS vulnerability

(CVE)
Evgeny Kotkov
2014-12-20
Medium Risk

NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure

(CVE)
W. Ettlinger
Low Risk

Varnish Cache CLI Interface Remote Code Execution

Patrick Webster
High Risk

Cacti Superlinks 1.4-2 Code Execution / LFI / SQL Injection

(CVE)
Wireghoul
Low Risk

JCE-Tech 4.0 Cross Site Scripting

(CVE)
Wang Jing
Medium Risk

iBackup 10.0.0.45 Privilege Escalation

Vulnerability La...
High Risk

JasPer 1.900.1 Double-Free / Heap Overflow

(CVE)
Google Security ...
Low Risk

TennisConnect 9.927 Cross Site Scripting

(CVE)
Wang Jing
Medium Risk

Codiad 2.4.3 Cross Site Scripting / Local File Inclusion

(CVE)
TaurusOmar
Medium Risk

miniBB 3.1 Blind SQL Injection

(CVE)
Kacper Szurek
Medium Risk

Mobilis MobiConnect 3G ZDServer 1.0.1.2 Privilege Escalation

Vulnerability La...
Medium Risk

Piwigo 2.7.2 Cross Site Scripting / SQL Injection

(CVE)
TaurusOmar
Low Risk

ProjectSend r561 Ultimate Cross Site Scripting / Path Disclosure

(CVE)
TaurusOmar
Medium Risk

GQ File Manager 0.2.5 Cross Site Scripting / SQL Injection

(CVE)
TaurusOmar
Medium Risk

Ettercap 0.8.0 / 0.8.1 Denial Of Service

(CVE)
Nick Sampanis
2014-12-19
High Risk

Git 2.2.0 clients Critical Vulnerability

vmg
High Risk

G-Parted 0.14.1 Command Execution

(CVE)
W. Ettlinger
High Risk

NetIQ Access Manager 4.0 SP1 XSS / CSRF / XXE Injection / Disclosure

(CVE)
W. Ettlinger
High Risk

VDG Security SENSE 2.3.13 File Disclosure / Bypass / Buffer Overflow

Stefan
Medium Risk

WordPress iTwitter 0.04 Cross Site Request Forgery / Cross Site Scripting

(CVE)
Vulnerability La...
Medium Risk

WordPress PWG Random 1.11 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress TweetScribe 1.1 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress PictoBrowser 0.3.1 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress gSlideShow 0.1 CSRF / XSS

Manideep K
Medium Risk

WordPress Twitter 0.7 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress WP Limit Posts Automatically 0.7 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress Twitter LiveBlog 1.1.2 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress twimp-wp Cross Site Request Forgery / Cross Site Scripting

(CVE)
Manideep K
Medium Risk

WordPress SimpleFlickr 3.0.3 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress Simplelife 1.2 CSRF / XSS

(CVE)
Manideep K
Low Risk

TWiki 6.0.1 QUERYSTRING / QUERYPARAMSTRING XSS

(CVE)
Peter09
Low Risk

TWiki 6.0.0 / 6.0.1 WebSearch Cross Site Scripting

(CVE)
Peter09
Low Risk

Facebook Studio Cross Site Scripting

Vulnerability La...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-12-22
2014-12-22
 
CVE-2014-7286
( 7.2/10 )
 
  Symantec Deployment solution
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.
2014-12-20
 
CVE-2014-8142
( 7.5/10 )
 
  PHP PHP
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call th...
2014-12-19
 
CVE-2014-7241
( 6.8/10 )
 
  Tsutaya Tsutaya
The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.
 
CVE-2014-7249
( 10/10 )
 
  Alliedtelesis Ar440s
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S,...
 
CVE-2014-7267
( 3.5/10 )
 
  Ricksoft Wbs gantt-chart
Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vuln...
 
CVE-2014-7268
( 4.3/10 )
 
  Ricksoft Wbs gantt-chart
Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability th...
 
CVE-2014-8272
( 5/10 )
 
  DELL Idrac6 modular
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-f...
 
CVE-2013-4440
( 5/10 )
 
  Pwgen project Pwgen
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.
 
CVE-2013-4442
( 5/10 )
 
  Pwgen project Pwgen
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.
 
CVE-2014-2026
( 4.3/10 )
 
  Unitedplanet Intrexx professional
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the reques...
 
CVE-2014-2716
( 4.3/10 )
 
  Ekahau Activator
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on...
 
CVE-2014-6395
( 7.5/10 )
 
  Ettercap project Ettercap
Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is i...
 
CVE-2014-6396
( 7.5/10 )
 
  Ettercap project Ettercap
The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written ...
 
CVE-2014-7208
( 7.2/10 )
 
  Gparted Gparted
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
 
CVE-2014-8135
( 2.1/10 )
 
  Redhat Libvirt
The storageVolUpload function in storage/storage_driver.c in libvirt does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-u...
 
CVE-2014-8136
( 2.1/10 )
 
  Redhat Libvirt
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
 
CVE-2014-8724
( 4.3/10 )
 
  W3edge Total cache
Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated b...
 
CVE-2014-8793
( 4.3/10 )
 
  Revive-adserver Revive adserver
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
 
CVE-2014-8875
( 5/10 )
 
  Revive-adserver Revive adserver
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
 
CVE-2014-9135
( 4.3/10 )
 
  Huawei P7-l10 firmware
The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted package.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com