2015-04-18
Med.
PHP 5.6.6 move_uploaded_file() NULL byte filename truncation
habte 
High
Oracle Outside-In DOCX File Parsing Memory Corruption
Francis Provenc... 
Low
Oracle Hyperion Smart View for Office Buffer Overflow
sajith 
Low
Apache Http Server 2.2.29 / 2.4.12 NULL Pointer Dereference
Nicholas Lemoni... 
High
PHP 5.6.7 apache2handler remote code execution vulnerability
Marc 
Med.
ADB backup archive path traversal file overwrite
Imre Rad 
High
Android backup agent arbitrary code execution
Imre Rad 
2015-04-17
Low
Opoint Media Intelligence Open Redirect
Wang Jing 
High
Lychee 2.7.1 remote code execution
Filippo Cavalla... 
Med.
Nodes Studio CMS SQL Injection, XSS and FPD vulnerabilities
MustLive 
Med.
Wordpress Ajax Store Locator <= 1.2 SQL Injection Vulnerability
Claudio Viviani 
2015-04-16
Med.
gnutls 3.3.13 double-free in parsing CRL distribution points
Robert Święck... 
Med.
Microsoft Windows 8.1/7/others HTTP.sys Request Parsing DoS (MS15-034)
laurent gaffie 
Low
Comsenz SupeSite CMS 7.0 Cross Site Scripting
Wang Jing 
Low
WordPress WP Statistics 9.1.2 Cross Site Scripting
Kaustubh G. Pad... 
High
SQLite Multiple Vulns.
Michal Zalewski 
High
Huawei SEQ Analyst - XML External Entity Injection (XXE)
Ugur Cihan Koc 
Low
Huawei SEQ Analyst - Multiple Reflected Cross Site Scripting (XSS)
Ugur Cihan Koc 
2015-04-15
High
Microsoft Windows 8.1/7 others HTTP.sys Remote Code Execution
rhcp011235 
Low
ProFTPd 1.3.5 Remote File Copy
TJ 
High
Samsung iPOLiS 1.12.2 ReadConfigValue Remote Code Execution
Praveen Darshan... 
High
Panda Antivirus Pro 2015 15.1.0 Authentication Bypass
Matthias Deeg 
High
Panda Internet Security 2015 15.0.1 Authentication Bypass
Matthias Deeg 
High
Panda Gold Protection 2015 15.1.0 Authentication Bypass
Matthias Deeg 
High
Panda Global Protection 2015 15.1.0 Authentication Bypass
Matthias Deeg 
Med.
Hancom Office Hwp 2014 Integer Overflow
Daniel Regalado 
Low
log2space 6.2 Cross Site Scripting
provensec 
2015-04-14
High
Samba < 3.6.2 x86 Buffer Overflow PoC
sleepya 
High
Apport/Abrt Local Root Exploit
Tavis Ormandy 
Med.
Fedora abrt Race Condition Exploit
Tavis Ormandy 
High
OBECLMS (fckeditor) Arbitrary File Upload Vulnerability
Ashiyane Digita... 
High
NETVIDADE CMS (FCKEDITOR) Arbitrary File Upload Vulnerability
Ashiyane Digita... 
Med.
WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit (RCE)
Gjoko 'LiquidWo... 
Med.
WordPress MiwoFTP Plugin 1.0.5 Multiple CSRF XSS Vulnerabilities
Gjoko 'LiquidWo... 
Low
WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit
Gjoko 'LiquidWo... 

Read More

Top CWE:

  
CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  
 
[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

2015-04-16
CVE-2015-1821  Tuxfamily Chrony
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.
CVE-2015-1822  Tuxfamily Chrony
chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.
CVE-2015-3319  Hotspotexpress Hotex billing manager
Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2015-0405  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.
CVE-2015-0423  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2015-0433  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
CVE-2015-0438  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
CVE-2015-0439  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2015-0440  Oracle Right now service cloud
Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console.
CVE-2015-0441  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.
CVE-2015-0447  Oracle E-business suite
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Configurator DMZ rules.
CVE-2015-0448  Oracle Solaris
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system.
CVE-2015-0449  Oracle Fusion middleware
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.
CVE-2015-0450  Oracle Fusion middleware
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to WebCenter Spaces Application.
CVE-2015-0451  Oracle Fusion middleware
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents.
CVE-2015-0452  Oracle Vm server
Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to Ldom Manager.
CVE-2015-0453  Oracle Peoplesoft products
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via vectors related to PORTAL.
CVE-2015-0455  Oracle Database server
Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2015-0456  Oracle Fusion middleware
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Portlet Services.
CVE-2015-0457  Oracle Database server
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Read More

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  
 
Full List of Vendors  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  
 

Full List of Products  



Copyright 2015, cxsecurity.com