Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-08-22
Low Risk

ArcGIS For Server 10.1.1 XSS / Open Redirect

(CVE)
CAaNES
Medium Risk

MyBB 1.8 Beta 3 Cross Site Scripting / SQL Injection

DemoLisH
Medium Risk

Dashing Times SQL Injection

3spi0n
2014-08-21
Medium Risk

Apache HttpComponents client Hostname verification MITM attack

(CVE)
Dirk-Willem van ...
Medium Risk

Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting

(CVE)
Nik
Medium Risk

ArticleFR 3.0.4 SQL Injection

(CVE)
High-Tech Bridge...
Medium Risk

ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection

(CVE)
Pedro
Low Risk

WordPress All In One SEO Pack 2.2.2 Cross Site Scripting

1N3
Medium Risk

ESET Windows Products 7.0 Privilege Escalation

(CVE)
Kyriakos Economo...
Medium Risk

Panda Security 2014 Privilege Escalation

(CVE)
Kyriakos Economo...
High Risk

Delphi And C++ Builder VCL Library Buffer Overflow

(CVE)
CORE
Low Risk

WordPress Mobile Pack 2.0.1 Information Disclosure

Tom Adams
2014-08-20
Low Risk

Apache OFBiz 11.04.04 / 12.04.03 Cross Site Scripting

(CVE)
Gregory Draperi
Medium Risk

RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass

(CVE)
ESA
High Risk

HybridAuth install.php PHP Code Execution

Brendan Coles
High Risk

BlazeDVD Pro 7.0 Buffer Overflow

metacom
Medium Risk

EMC Documentum D2 Privilege Escalation

(CVE)
EMC
Low Risk

EMC Documentum Cross Site Scripting

(CVE)
EMC
High Risk

EMC Documentum Code Execution / DQL Injection

(CVE)
EMC
Low Risk

EMC Documentum Cross Site Request Forgery

(CVE)
EMC
2014-08-19
Medium Risk

Firefox toString console.time Privileged Javascript Injection

(CVE)
joev
High Risk

Gitlab-shell Code Execution

(CVE)
Brandon
High Risk

Senkas Kolibri WebServer 2.0 Buffer Overflow

(CVE)
tekwizz123
Medium Risk

Outlook.com For Android Failed Validation

(CVE)
Yorick Koster
Low Risk

WordPress Disqus 2.7.7 Cross Site Request Forgery

Voxel
2014-08-18
Low Risk

Wordpress 3.9.1 pluggable.php CSRF vulnerability

(CVE)
nacin
High Risk

Tenda A5s Router Authentication Bypass Vulnerability

(CVE)
zixian
2014-08-17
Low Risk

RiverBed Stingray Traffic Manager Virtual Appliance 9.6 XSS

William Costa
Medium Risk

Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs

Stefan Kanthak
2014-08-15
Low Risk

Optical Society of America's Prism Information Leak

Peter Wiedekind
Low Risk

MyConnection Server (MCS) 9.7i Cross Site Scripting

(CVE)
1N3
Low Risk

Lyris ListManagerWeb 8.95a Cross Site Scripting

(CVE)
1N3
Medium Risk

WordPress Gallery Objects 0.4 SQL Injection

(CVE)
Claudio Viviani
Medium Risk

vBulletin 5.1.2 SQL Injection Exploit

(CVE)
Nytro
High Risk

VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution

(CVE)
Emilio Pinna
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-08-22
2014-08-21
 
CVE-2014-3562
( 5/10 )
 
  Fedoraproject 389 directory server
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
 
CVE-2014-3577
( 5.8/10 )
 
  Apache Httpasyncclient
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName fi...
 
CVE-2014-5158
( 10/10 )
 
  Alienvault Open source security informati...
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.
 
CVE-2014-5159
( 7.5/10 )
 
  Alienvault Open source security informati...
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.
 
CVE-2014-5210
( 10/10 )
 
  Alienvault Open source security informati...
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
 
CVE-2014-5383
( 6.5/10 )
 
  Alienvault Open source security informati...
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2009-5142
( 4.3/10 )
 
  Binarymoon Timthumb
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.
 
CVE-2010-5302
( 4.3/10 )
 
  Binarymoon Timthumb
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.
 
CVE-2014-3951
( 5/10 )
 
  Freebsd Freebsd
The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT p...
 
CVE-2014-5384
( 5/10 )
 
  Freebsd Freebsd
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPL...
2014-08-20
 
CVE-2014-0640
( 4/10 )
 
  EMC Rsa archer egrc
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.
 
CVE-2014-0641
( 6.8/10 )
 
  EMC Rsa archer egrc
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
 
CVE-2014-2505
( 5.4/10 )
 
  EMC Rsa archer egrc
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.
 
CVE-2014-2511
( 4.3/10 )
 
  EMC Digital assets manager
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.
 
CVE-2014-2515
( 8.5/10 )
 
  EMC Documentum d2
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain pr...
 
CVE-2014-2517
( 6.5/10 )
 
  EMC Rsa archer egrc
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors.
 
CVE-2014-2518
( 6.8/10 )
 
  EMC Digital assets manager
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.
 
CVE-2014-2520
( 6.3/10 )
 
  EMC Documentum content server
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content ...
 
CVE-2014-2521
( 6.3/10 )
 
  EMC Documentum content server
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.
 
CVE-2014-3331
( 4.3/10 )
 
  Cisco Asr 5000 series software
The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a craf...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com