Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-08-29
Low Risk

F5 BIG-IP 11.5.1 Cross Site Scripting

(CVE)
Stefan
High Risk

Aerohive Hive Manager / Hive OS Complete Fail Multiple Vulns

Multiple
High Risk

Plogger Authenticated Arbitrary File Upload

b0z
High Risk

NRPE 2.15 Remote Command Execution

(CVE)
Claudio Viviani
High Risk

ActualAnalyzer Remote Command Execution

Benjamin Harris
High Risk

PhpWiki Ploticus Command Injection

Benjamin Harris
High Risk

XRMS Blind SQL Injection / Command Execution

Benjamin Harris
Medium Risk

DomainTrader Domain Parking / Auction Script 2.5.3 CSRF / XSS

Haider Mahmood
Low Risk

Jappix Cross Site Scripting

Provensec
2014-08-28
Medium Risk

glibc Off-by-One NUL Byte gconv_translit_find Exploit

Tavis and Chris
Low Risk

Firefox WebIDL Privileged Javascript Injection

(CVE)
joev
Low Risk

ManageEngine DeviceExpert 5.9 Credential Disclosure

(CVE)
Pedro
Low Risk

ManageEngine EventLog Analyzer 7 Cross Site Scripting

(CVE)
Rodrigo Contarin...
Low Risk

Encore Discovery Solution 4.3 Open Redirect / Session Token In URL

(CVE)
CAaNES
Medium Risk

WordPress ShortCode 1.1 Local File Inclusion

(CVE)
Mehdi & Chris
Medium Risk

Furniture Site Manager SQL Injection

KnocKout
Low Risk

WooCommerce Store Exporter 1.7.5 Cross Site Scripting

Mike Manzotti Di...
2014-08-27
Medium Risk

Joomla Spider 2.8.3 SQL Injection

Claudio Viviani
Low Risk

vm-support 0.88 File Overwrite / Information Disclosure

(CVE)
dolevf
High Risk

RSA Identity Management And Governance Authentication Bypass

(CVE)
RSA
Medium Risk

Grand MA 300 Fingerprint Reader Weak PIN Verification

(CVE)
Eric
High Risk

WordPress WPtouch Mobile 3.4.5 Shell Upload

k4L0ng666
2014-08-26
Low Risk

ntopng 1.2.0 Cross Site Scripting

Steffen Bauch
Medium Risk

VTLS-Virtua SQL Injection

(CVE)
Tozo
High Risk

Dragonfly 1.0.5 Remote Code Execution

coco & leex
High Risk

WordPress KenBurner Slider Arbitrary File Download

MF0x and Daniel ...
Low Risk

SSDP Amplification Scanner

Anonymous
Low Risk

Online Time Tracking Cross Site Scripting

Provensec
High Risk

MEHR Automation System Arbitrary File Download

alieye
Medium Risk

CMS 2.1.1 SQL Injection

Felipe " Re...
2014-08-25
Medium Risk

MySQL token (Keystone) retain access via an expired token

(CVE)
Brant Knudson
Low Risk

Barracuda Networks Web Security Flex Appliance 4.x Filter Bypass *youtube

Vulnerability La...
Low Risk

Barracuda Networks Web Security Flex 4.1 Persistent Vulnerabilities

Vulnerability La...
Medium Risk

Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow (DoS)

(CVE)
Gjoko 'LiquidWor...
High Risk

IBM 1754 GCM KVM Code Execution / File Read / XSS

(CVE)
Alejandro Alvare...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-08-29
2014-08-28
 
CVE-2014-4199
( 6.3/10 )
 
  Vmware Tools
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.
 
CVE-2014-4200
( 4.7/10 )
 
  Vmware Tools
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archiv...
2014-08-27
 
CVE-2014-0761
( 7.1/10 )
 
  Qeiinc Epaq-9410 substation gateway
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.
 
CVE-2014-0762
( 4.7/10 )
 
  Qeiinc Epaq-9410 substation gateway
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line.
 
CVE-2014-2380
( 7.8/10 )
 
  Invensys Wonderware information server
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.
 
CVE-2014-2381
( 2.1/10 )
 
  Invensys Wonderware information server
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.
 
CVE-2014-3344
( 4.3/10 )
 
  Cisco Transport gateway installation...
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unsp...
 
CVE-2014-4619
( 9.3/10 )
 
  EMC Rsa identity management and go...
EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username...
 
CVE-2014-5397
( 4.3/10 )
 
  Invensys Wonderware information server
Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-5398
( 2.1/10 )
 
  Invensys Wonderware information server
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to ...
 
CVE-2014-5399
( 7.5/10 )
 
  Invensys Wonderware information server
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
2014-08-26
 
CVE-2013-6335
( 2.6/10 )
 
  IBM Tivoli storage manager for spa...
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, doe...
 
CVE-2014-3033
( 3.5/10 )
 
  IBM Emptoris sourcing portfolio
Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTM...
 
CVE-2014-3040
( 6/10 )
 
  IBM Emptoris contract management
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x befor...
 
CVE-2014-3335
( 4.6/10 )
 
  Cisco Asr 9000 rsp440 router
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet...
 
CVE-2014-4790
( 4.9/10 )
 
  IBM Emptoris sourcing portfolio
IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 does not p...
 
CVE-2014-0480
( 5.8/10 )
 
  Djangoproject Django
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slas...
 
CVE-2014-0481
( 4.3/10 )
 
  Djangoproject Django
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is up...
 
CVE-2014-0482
( 6/10 )
 
  Djangoproject Django
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticat...
 
CVE-2014-0483
( 3.5/10 )
 
  Djangoproject Django
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated use...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com