Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-30
High Risk

GNU Wget FTP Symlink Arbitrary Filesystem Access

(CVE)
HD Moore
Medium Risk

Maarch 1.4 SQL Injection

Adrien Thierry
High Risk

Maarch 1.4 Arbitrary file upload

Adrien Thierry
Medium Risk

IBM Tivoli Monitoring V6.2.2 kbbacf1 privilege escalation exploit

Robert Jaroszuk
High Risk

Konke Smart Plug K Authentication Bypass Vulnerability

(CVE)
gamehacker&z...
High Risk

EspoCRM 2.5.2 XSS / LFI / Access Control

(CVE)
High-Tech Bridge...
2014-10-29
High Risk

MacOS X 10.10 & FreeBSD10 ftp Remote Comand Execution

(CVE)
Jared Mcneill
Medium Risk

ASUS wireless router updates are vulnerable to a MITM attack

(CVE)
David
Medium Risk

Nova network DoS through API filtering

(CVE)
Tristan
Medium Risk

ESET 7.0 Kernel Memory Leak

(CVE)
Kyriakos Economo...
High Risk

CUPS Filter Bash Environment Variable Code Injection

(CVE)
Brendan Coles
Medium Risk

phpfusion (Search Page) Denial of Service Vulnerability

Amir
Medium Risk

ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation

(CVE)
Osanda Malith Ja...
High Risk

Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) Buffer Overflow

ZoRLu
High Risk

Tuleap 7.4.99.5 Remote Command Execution

(CVE)
Jerzy Kramarz
High Risk

Tuleap 7.2 XXE Injection

(CVE)
Jerzy Kramarz
Medium Risk

Tuleap 7.4.99.5 Blind SQL Injection

(CVE)
Jerzy Kramarz
2014-10-28
Medium Risk

vBulletin Verify Email Before Registration Plugin SQL Injection

Dave
High Risk

Pro Chat Rooms 8.2.0 XSS / Shell Upload / SQL Injection

(CVE)
Mike Manzotti @ ...
Medium Risk

Windows TrackPopupMenu Win32k NULL Pointer Dereference

(CVE)
Spencer McIntyre
Medium Risk

Apple iOS 8.0.2 Denial Of Service

Vulnerability La...
Medium Risk

Filemaker Login Bypass / Privilege Escalation

(CVE)
Giuseppe D'Amore...
Low Risk

Google Youtube Filter Bypass / Cross Site Scripting

Vulnerability La...
Low Risk

Folder Plus 2.5.1 Script Injection

Vulnerability La...
High Risk

WebDisk+ 2.1 Code Execution

Vulnerability La...
Medium Risk

iFileExplorer 6.51 File Inclusion

Vulnerability La...
Low Risk

Yourls 1.7 Cross Site Scripting

Alvaro Diaz
Medium Risk

vBulletin 4.x Tapatalk Blind SQL Injection

tintinweb
2014-10-27
High Risk

libbfd Vulnerabilities

Michal Zalewski
Medium Risk

CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities

Gjoko 'LiquidWor...
High Risk

WordPress Count-per-Day Plugin (notes.php) Remote Code Upload

Hugo Santiago do...
High Risk

WordPress Download Manager Plugin Arbitrary File Download

Hugo Santiago do...
High Risk

Wordpress gallery-bank Plugin Upload Vulnerability

Mohit Amn
Medium Risk

XRMS Blind SQLi via $_SESSION poisoning, then command exec

(CVE)
Benjamin Harris ...
High Risk

DeepOfix SMTP Bypass authentication and gain unauthorized access

(CVE)
Gerardo
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-30
2014-10-29
 
CVE-2014-3051
( 4.3/10 )
 
  IBM Tivoli composite application m...
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, w...
 
CVE-2014-3668
( 5/10 )
 
  PHP PHP
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (app...
 
CVE-2014-3669
( 7.5/10 )
 
  PHP PHP
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary...
 
CVE-2014-3670
( 6.8/10 )
 
  PHP PHP
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory ...
 
CVE-2014-3694
( 6.4/10 )
 
  Pidgin Pidgin
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows m...
 
CVE-2014-3695
( 5/10 )
 
  Pidgin Pidgin
markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.
 
CVE-2014-3696
( 5/10 )
 
  Pidgin Pidgin
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.
 
CVE-2014-3697
( 6.4/10 )
 
  Pidgin Pidgin
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
 
CVE-2014-3698
( 5/10 )
 
  Pidgin Pidgin
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
 
CVE-2014-4839
( 6/10 )
 
  IBM Tririga application platform
Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the aut...
 
CVE-2014-4877
( 9.3/10 )
 
  GNU WGET
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two...
 
CVE-2014-6149
( 5/10 )
 
  IBM Tivoli application dependency ...
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files v...
2014-10-28
 
CVE-2014-4023
( 4.3/10 )
 
  F5 Big-ip access policy manager
Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before ...
 
CVE-2014-8505
( 4.3/10 )
 
  Etiko Etiko cms
Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow remote attackers to inject arbitrary web script or HTML via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php.
 
CVE-2014-8506
( 7.5/10 )
 
  Etiko Etiko cms
Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php.
 
CVE-2014-3293
( 5/10 )
 
  Cisco Asr901
Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to use the CPU for IPv4 packet processing, which allows remote attackers to cause a denial of service (BGP neighbor flapping) by sending many crafted IPv4 packets, aka Bug ID CSCuo29736...
 
CVE-2014-4808
( 6.5/10 )
 
  IBM Websphere portal
Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknow...
 
CVE-2014-4814
( 3.5/10 )
 
  IBM Websphere portal
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users...
 
CVE-2014-4821
( 5/10 )
 
  IBM Websphere portal
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 provides different web-server error codes depending on whether a requested file exists, which allow...
 
CVE-2014-6125
( 6.8/10 )
 
  IBM Websphere portal
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com