Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2015-03-27
Medium Risk

AMD Bulldozer Linux ASLR weakness Reducing entropy by 87.5%

Hector Marco
High Risk

Wordpress Aspose-Cloud-eBook-Generator Plugin Arbitrary File Download

Ashiyane Digital...
High Risk

QNAP Web server remote code execution via Bash Environment Variable Code Injection

(CVE)
Patrick Pellegri...
High Risk

QNAP admin shell via Bash Environment Variable Code Injection

(CVE)
Patrick Pellegri...
High Risk

WordPress Aspose Cloud eBook Generator File Download

Ashiyane Digital...
2015-03-26
Medium Risk

Apache Xerces-C XML Parser Crashes on Malformed Input

(CVE)
Anton Rager and ...
High Risk

Aruba Remote Access Point (RAP) Command Injection

(CVE)
Aruba
Low Risk

CS-Cart 4.2.4 CSRF

(CVE)
Luis Santana
Medium Risk

pfSense 2.2 Cross Site Request Forgery / Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

Realms Wiki Insecure Transport

Javantea
Low Risk

WordPress Marketplace 2.4.0 Add Administrator

Claudio Viviani
Medium Risk

EMC Isilon OneFS Privilege Escalation

(CVE)
EMC
High Risk

Mini-Stream RM-MP3 Converter 2.7.3.700 Buffer Overflow

TUNISIAN CYBER
Medium Risk

WSO2 Identity Server 4.5.0 / 4.6.0 / 5.0.0 Bypass / Cross Site Scripting

Bartlomiej Balce...
High Risk

Mini-Stream Ripper 2.7.7.100 Buffer Overflow

TUNISIAN CYBER
Low Risk

Realms Wiki Cross Site Request Forgery

Javantea
2015-03-25
High Risk

Wordpress Theme Arbitrary File Download Vulnerability

Iran Cyber Secur...
Medium Risk

Microsoft Windows Local WebDAV NTLM Reflection Privilege Escalation

James Forshaw
Medium Risk

Joomla Spider Random Article SQL Injection

IndiShell Lab
Low Risk

Unasjee CMS Cross Site Request Forgery

KnocKout
Low Risk

Anchor CMS 0.9.2 Cross Site Scripting

JoeV
Medium Risk

Joomla Random Article SQL Injection

IndiShell Lab
Low Risk

Question2Answer 1.7 Cross Site Scripting

s0w
2015-03-24
Low Risk

Firefox Proxy Prototype Privileged Javascript Injection

(CVE)
joev
High Risk

Belkin Play N750 login.cgi Buffer Overflow

(CVE)
Michael
Low Risk

DokuWiki 2014-09-29c Cross Site Scripting

Filippo Cavallar...
Low Risk

ManageEngine Network Configuration Management CSRF

Kaustubh G. Padw...
High Risk

Powershell Remoting Remote Command Execution

(CVE)
Ben Campbell
Low Risk

Manage Engine Device Expert 5.9.9.0 Cross Site Scripting

Kaustubh G. Padw...
Medium Risk

openEMR 4.2.0 Cross Site Scripting / SQL Injection

Steffen R
Medium Risk

WordPress MP3-Jplayer 2.1 Local File Disclosure

KedAns-Dz
High Risk

WordPress InBoundio Marketing Shell Upload

KedAns-Dz
Medium Risk

WordPress AB Google Map Travel CSRF / XSS

Kaustubh G. Padw...
2015-03-22
Medium Risk

OpenSSL DoS tester now available (CVE-2015-0291)

(CVE)
mancha140
Medium Risk

PHP SoapClient's __call() type confusion through unserialize()

Andrea Palazzo
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2015-03-27
2015-03-27
 
CVE-2013-2184
( 7.5/10 )
 
  Sixapart Movable type
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.
 
CVE-2014-3619
( 5/10 )
 
  Gluster Glusterfs
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
2015-03-26
 
CVE-2015-0635
( 9/10 )
 
  Cisco IOS
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) res...
 
CVE-2015-0636
( 7.8/10 )
 
  Cisco IOS
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoo...
 
CVE-2015-0637
( 7.8/10 )
 
  Cisco IOS
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN mes...
 
CVE-2015-0638
( 7.1/10 )
 
  Cisco IOS
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.
 
CVE-2015-0639
( 7.8/10 )
 
  Cisco Ios xe
The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, whe...
 
CVE-2015-0640
( 7.8/10 )
 
  Cisco Ios xe
The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device ...
 
CVE-2015-0641
( 7.8/10 )
 
  Cisco Ios xe
Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted ...
 
CVE-2015-0642
( 7.8/10 )
 
  Cisco IOS
Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of servi...
 
CVE-2015-0644
( 7.8/10 )
 
  Cisco Ios xe
AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device...
 
CVE-2015-0647
( 7.8/10 )
 
  Cisco IOS
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371.
 
CVE-2015-0648
( 7.8/10 )
 
  Cisco IOS
Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.
 
CVE-2015-0649
( 7.8/10 )
 
  Cisco IOS
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514.
 
CVE-2015-0279
( 6.8/10 )
 
  Redhat Richfaces
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
 
CVE-2015-2682
( 5/10 )
 
  Citrix Command center
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
 
CVE-2015-2683
( 7.5/10 )
 
  Citrix Command center
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlet...
 
CVE-2015-2746
( 6.5/10 )
 
  Websense Triton
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell me...
 
CVE-2015-2747
( 4.3/10 )
 
  Websense Triton
Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) emai...
 
CVE-2015-2748
( 5/10 )
 
  Websense Triton ap data
Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuratio...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2015, cxsecurity.com