Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-08-27
Medium Risk

Joomla Spider 2.8.3 SQL Injection

Claudio Viviani
Low Risk

vm-support 0.88 File Overwrite / Information Disclosure

(CVE)
dolevf
High Risk

RSA Identity Management And Governance Authentication Bypass

(CVE)
RSA
Medium Risk

Grand MA 300 Fingerprint Reader Weak PIN Verification

(CVE)
Eric
High Risk

WordPress WPtouch Mobile 3.4.5 Shell Upload

k4L0ng666
2014-08-26
Low Risk

ntopng 1.2.0 Cross Site Scripting

Steffen Bauch
Medium Risk

VTLS-Virtua SQL Injection

(CVE)
Tozo
High Risk

Dragonfly 1.0.5 Remote Code Execution

coco & leex
High Risk

WordPress KenBurner Slider Arbitrary File Download

MF0x and Daniel ...
Low Risk

SSDP Amplification Scanner

Anonymous
Low Risk

Online Time Tracking Cross Site Scripting

Provensec
High Risk

MEHR Automation System Arbitrary File Download

alieye
Medium Risk

CMS 2.1.1 SQL Injection

Felipe " Re...
2014-08-25
Medium Risk

MySQL token (Keystone) retain access via an expired token

(CVE)
Brant Knudson
Low Risk

Barracuda Networks Web Security Flex Appliance 4.x Filter Bypass *youtube

Vulnerability La...
Low Risk

Barracuda Networks Web Security Flex 4.1 Persistent Vulnerabilities

Vulnerability La...
Medium Risk

Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow (DoS)

(CVE)
Gjoko 'LiquidWor...
High Risk

IBM 1754 GCM KVM Code Execution / File Read / XSS

(CVE)
Alejandro Alvare...
Medium Risk

Apache Traffic Server releases for security incident

(CVE)
Bryan Call
High Risk

Zarafa Multiple incorrect default permissions

Robert Scheck
Medium Risk

Seafile local horizontal privilege escalation vulnerability

(CVE)
Henri Salo
2014-08-24
High Risk

Air Transfer Iphone 1.3.9 Multiple Vulnerabilities

Samandeep Singh
Medium Risk

WordPress 3.9 and Drupal 7.x Denial Of Service Vulnerability *video

(CVE)
breaksec
Low Risk

WordPress Disqus 2.7.7 Cross Site Request Forgery

(CVE)
Voxel
Medium Risk

WordPress Lead Octopus Power SQL Injection

(CVE)
Ashiyane Digital...
Medium Risk

WeBid 1.1.1 Cross Site Scripting / LDAP Injection

(CVE)
Govind Singh aka...
Medium Risk

OL-Commerce 2.1.1 Cross Site Scripting / SQL Injection

(CVE)
AtT4CKxT3rR0r1ST
Medium Risk

vBulletin 5.1.2 SQL Injection *youtube

(CVE)
RST
Medium Risk

vBulletin 5.1.2 SQL Injection Exploit

(CVE)
Nytro
Low Risk

RiverBed Stingray Traffic Manager Virtual Appliance 9.6 XSS

(CVE)
William Costa
Low Risk

EventLog Analyzer 9.0 Build #9000 Cross Site Scripting

(CVE)
A2SECURE
Low Risk

SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting

(CVE)
William Costa
2014-08-23
Low Risk

Innovaphone PBX Cross Site Request Forgery

(CVE)
Rainer
Medium Risk

OpenOffice Targeted Data Exposure Using Crafted OLE Objects

(CVE)
Herbert
High Risk

OpenOffice 4.1.0 Calc Command Injection

(CVE)
Herbert
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-08-27
2014-08-26
 
CVE-2013-6335
( 2.6/10 )
 
  IBM Tivoli storage manager for spa...
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, doe...
 
CVE-2014-3033
( 3.5/10 )
 
  IBM Emptoris sourcing portfolio
Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTM...
 
CVE-2014-3040
( 6/10 )
 
  IBM Emptoris contract management
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x befor...
 
CVE-2014-3335
( 4.6/10 )
 
  Cisco Asr 9000 rsp440 router
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet...
 
CVE-2014-4790
( 4.9/10 )
 
  IBM Emptoris sourcing portfolio
IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 does not p...
 
CVE-2014-0480
( 5.8/10 )
 
  Djangoproject Django
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slas...
 
CVE-2014-0481
( 4.3/10 )
 
  Djangoproject Django
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is up...
 
CVE-2014-0482
( 6/10 )
 
  Djangoproject Django
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticat...
 
CVE-2014-0483
( 3.5/10 )
 
  Djangoproject Django
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated use...
 
CVE-2014-2527
( 6.8/10 )
 
  Kdirstat project Kdirstat
kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528...
 
CVE-2014-2528
( 6.8/10 )
 
  Kdirstat project Kdirstat
kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527...
 
CVE-2014-3034
( 3.5/10 )
 
  IBM Emptoris contract management
Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to inject arb...
 
CVE-2014-3035
( 3.5/10 )
 
  IBM Emptoris spend analysis
Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
 
CVE-2014-3041
( 6.5/10 )
 
  IBM Emptoris contract management
SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL c...
 
CVE-2014-3061
( 6.8/10 )
 
  IBM Emptoris spend analysis
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that inse...
 
CVE-2014-3524
( 9.3/10 )
 
  Apache Openoffice
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
 
CVE-2014-3907
( 6.8/10 )
 
  Mailpoet Mailpoet newsletters
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
 
CVE-2014-5035
( 6.8/10 )
 
  Opendaylight Opendaylight
The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
 
CVE-2014-5263
( 6.8/10 )
 
  QEMU QEMU
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain p...
 
CVE-2014-5307
( 7.2/10 )
 
  Pandasecurity Panda av pro 2014
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL call.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com