Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2015-04-01
High Risk

Adobe Flash Player ByteArray With Workers Use After Free

(CVE)
Juan vazquez
Medium Risk

WordPress Business Intelligence Lite 1.6.1 SQL Injection

Jagriti Sahu AKA...
Medium Risk

Ericsson Drutt MSDP (Instance Monitor) Directory Traversal / File Access

(CVE)
Anastasios Monac...
Low Risk

Ericsson Drutt MSDP (Report Viewer) Cross Site Scripting

(CVE)
Anastasios Monac...
Medium Risk

Ericsson Drutt MSDP (3PI Manager) Open Redirect

(CVE)
Anastasios Monac...
Low Risk

Java.com Cross Site Scripting

Yann CAM @ Synet...
2015-03-31
High Risk

JBoss JMXInvokerServlet Remote Command Execution

_ikki
Medium Risk

FiyoCMS 2.0.1.8 XSS / SQL Injection / URL Bypass

(CVE)
Mahendra
Medium Risk

libtasn1 Stack Write Overflow

Hanno B
Medium Risk

Fedora 12 setroubleshootd Local Root Proof Of Concept

Sebastian Krahme...
Medium Risk

Windows Run Command As User

Ben Campbell, Kx...
Low Risk

Palo Alto Traps Server 3.1.2.1546 Cross Site Scripting

(CVE)
Michael Hendrick...
High Risk

VAMPSET 2.2.145 Stack / Heap Buffer Overflow

(CVE)
CORE
2015-03-30
High Risk

Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability

Ashiyane Digital...
Medium Risk

Joomla Gallery WD SQL Injection

Rafael Souza
2015-03-29
Medium Risk

WebGate WinRDS 2.0.8 StopSiteAllChannel Stack Overflow

(CVE)
Praveen Darshana...
2015-03-28
Medium Risk

Appweb Web Server 4.6.6, 5.2.1 remote DoS

(CVE)
Matthew Daley
High Risk

Acunetix OLE Automation Array Remote Code Execution

Naser Farhadi
High Risk

Internet Download Manager 6.20 Local Buffer Overflow

TUNISIAN CYBER
High Risk

AfterLogic WebMail Lite Authentication Bypass

Paulos Yibelo
High Risk

Manage Engine Desktop Central 9 Unauthorized Administrative Password Reset

Anonymous
Medium Risk

WebGate Control Center 4.8.7 GetThumbnail Stack Overflow

(CVE)
Praveen Darshana...
Medium Risk

CMS Builder 2.07 SQL Injection

Provensec
Medium Risk

WebGate eDVR Manager 2.6.4 SiteName Stack Overflow

Praveen Darshana...
2015-03-27
Medium Risk

AMD Bulldozer Linux ASLR weakness Reducing entropy by 87.5%

Hector Marco
High Risk

Wordpress Aspose-Cloud-eBook-Generator Plugin Arbitrary File Download

Ashiyane Digital...
High Risk

QNAP Web server remote code execution via Bash Environment Variable Code Injection

(CVE)
Patrick Pellegri...
High Risk

QNAP admin shell via Bash Environment Variable Code Injection

(CVE)
Patrick Pellegri...
High Risk

WordPress Aspose Cloud eBook Generator File Download

Ashiyane Digital...
2015-03-26
Medium Risk

Apache Xerces-C XML Parser Crashes on Malformed Input

(CVE)
Anton Rager and ...
High Risk

Aruba Remote Access Point (RAP) Command Injection

(CVE)
Aruba
Low Risk

CS-Cart 4.2.4 CSRF

(CVE)
Luis Santana
Medium Risk

pfSense 2.2 Cross Site Request Forgery / Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

Realms Wiki Insecure Transport

Javantea
Low Risk

WordPress Marketplace 2.4.0 Add Administrator

Claudio Viviani
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2015-04-01
2015-04-01
 
CVE-2012-2808
( 5/10 )
 
  Google Bionic
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to sp...
 
CVE-2015-0800
( 5/10 )
 
  Mozilla Firefox
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses b...
 
CVE-2015-0801
( 7.5/10 )
 
  Mozilla Firefox
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a sim...
 
CVE-2015-0802
( 5/10 )
 
  Mozilla Firefox
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content...
 
CVE-2015-0803
( 7.5/10 )
 
  Mozilla Firefox
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary c...
 
CVE-2015-0804
( 7.5/10 )
 
  Mozilla Firefox
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or c...
 
CVE-2015-0805
( 7.5/10 )
 
  Mozilla Firefox
The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execut...
 
CVE-2015-0806
( 7.5/10 )
 
  Mozilla Firefox
The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which al...
 
CVE-2015-0807
( 6.8/10 )
 
  Mozilla Firefox
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to b...
 
CVE-2015-0808
( 5/10 )
 
  Mozilla Firefox
The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of se...
 
CVE-2015-0810
( 4.3/10 )
 
  Mozilla Firefox
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaSc...
 
CVE-2015-0811
( 6.4/10 )
 
  Mozilla Firefox
The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation.
 
CVE-2015-0812
( 4.3/10 )
 
  Mozilla Firefox
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DN...
 
CVE-2015-0813
( 5.1/10 )
 
  Mozilla Firefox
Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbi...
 
CVE-2015-0814
( 7.5/10 )
 
  Mozilla Firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
 
CVE-2015-0815
( 7.5/10 )
 
  Mozilla Firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss...
 
CVE-2015-0816
( 5/10 )
 
  Mozilla Firefox
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the a...
 
CVE-2014-9713
( 4/10 )
 
  Openldap Openldap
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.
 
CVE-2015-0259
( 5.1/10 )
 
  Openstack Compute
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted we...
 
CVE-2015-2294
( 4.3/10 )
 
  Pfsense Pfsense
Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firew...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2015, cxsecurity.com