Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-07-31
Medium Risk

dhcpcd DoS attack

Roy
Low Risk

D-Link DWR-113 Cross Site Request Forgery

(CVE)
Blessen Thomas
High Risk

D-Link AP 3200 Missing Authentication / Cleartext Secret Storage

pws
Low Risk

SkaDate Lite 2.0 CSRF / Cross Site Scripting

Gjoko 'LiquidWor...
High Risk

SkaDate Lite 2.0 Remote Code Execution

Gjoko 'LiquidWor...
High Risk

Elastic Search 1.1.1 Arbitrary File Read

(CVE)
Bouke van der Bi...
Low Risk

Joomla Kunena Forum 3.0.5 Cross Site Scripting

Raymond Rizk
Medium Risk

Joomla Kunena Forum 3.0.5 SQL Injection

Raymond Rizk
Low Risk

Facebook For Android Information Disclosure / Open Proxy

Dr. Manuel Sados...
2014-07-30
Medium Risk

SVN local privilege escalation

(CVE)
Daniel
Low Risk

Lyris ListManagerWeb 8.95a Cross Site Scripting

1N3
Medium Risk

J&W Communications SQL Injection

Hekt0r
High Risk

micro_httpd by ACME Buffer Overflow

(CVE)
Yuval tisf Nativ
Low Risk

ZeroCMS Persistent Cross-Site Scripting Vulnerability

(CVE)
Mayuresh Dani
Medium Risk

DirPHP - version 1.0 Local File Inclusion

(CVE)
Chosen
Medium Risk

Wireshark Read Access Violation NULL Pointer Deref

(CVE)
Osanda Malith Ja...
High Risk

WiFi HD 7.3.0 LFI / Traversal / Command Injection / CSRF

Vulnerability La...
Low Risk

Barracuda WAF 6.1.5 / LoadBalancer 4.2.2 Filter Bypass / XSS

Vulnerability La...
Medium Risk

WordPress WhyDoWork AdSense 1.2 XSS / CSRF

Dylan Irzi
High Risk

SAP Netweaver Business Warehouse Missing Authorization

Onapsis
Low Risk

SAP HANA XS Administration Tool Cross Site Scripting

Onapsis
Medium Risk

SAP HANA XS Missing Encryption

Onapsis
Low Risk

SAP FI Manager Self-Service Hardcoded Username

Onapsis
Medium Risk

SAP_JTECHS HTTP Verb Tampering

Onapsis
High Risk

SAP HANA IU5 SDK Authentication Bypass

Onapsis
2014-07-29
Medium Risk

Parallels Tools 9.0 Privilege Escalation

Anastasios
High Risk

CMSimple 4.4.4 RFI / Code Execution / Default Password

Indian Haxors Te...
High Risk

Web Encryption Extension Authentication Bypass

Senderek
Low Risk

Barracuda Networks Spam / Virus Firewall 5.1.3 XSS

Vulnerability La...
Low Risk

MasterCard Open Redirect

Anastasios
High Risk

WordPress Slider Revolution Responsive 4.1.4 File Download

Claudio Viviani
Medium Risk

WordPress Lead Octopus Power SQL Injection

Ashiyane Digital...
Medium Risk

WordPress FBGorilla SQL Injection

Ashiyane Digital...
2014-07-28
Low Risk

MyBB 1.6.14 search.php Full Path Disclosure

DemoLisH
High Risk

Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload

(CVE)
Christian Mehlma...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-07-31
2014-07-30
 
CVE-2014-0914
( 3.5/10 )
 
  IBM Maximo asset management
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management ...
 
CVE-2014-0915
( 3.5/10 )
 
  IBM Maximo asset management
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control D...
 
CVE-2014-0947
( 6.5/10 )
 
  IBM Rational software architect de...
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.
 
CVE-2014-0948
( 6/10 )
 
  IBM Rational software architect de...
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.
 
CVE-2014-3025
( 3.5/10 )
 
  IBM Maximo asset management
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control D...
2014-07-29
 
CVE-2014-3541
( 7.5/10 )
 
  Moodle Moodle
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data as...
 
CVE-2014-3542
( 4.3/10 )
 
  Moodle Moodle
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity ref...
 
CVE-2014-3543
( 4.3/10 )
 
  Moodle Moodle
mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity ...
 
CVE-2014-3544
( 3.5/10 )
 
  Moodle Moodle
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via th...
 
CVE-2014-3545
( 6/10 )
 
  Moodle Moodle
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
 
CVE-2014-3546
( 5/10 )
 
  Moodle Moodle
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentia...
 
CVE-2014-3547
( 4.3/10 )
 
  Moodle Moodle
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.
 
CVE-2014-3548
( 4.3/10 )
 
  Moodle Moodle
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a...
 
CVE-2014-3549
( 4.3/10 )
 
  Moodle Moodle
Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly ...
 
CVE-2014-3550
( 4.3/10 )
 
  Moodle Moodle
Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message f...
 
CVE-2014-3551
( 3.5/10 )
 
  Moodle Moodle
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitr...
 
CVE-2014-3552
( 6/10 )
 
  Moodle Moodle
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via craft...
 
CVE-2014-3553
( 4.9/10 )
 
  Moodle Moodle
mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all...
 
CVE-2014-0103
( 2.1/10 )
 
  Zarafa Webapp
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
 
CVE-2014-0475
( 6.8/10 )
 
  GNU Glibc
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com