Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-08-22
Medium Risk

ICMPv6 DoS attacks resulting from IPv6 EH drops

Fernando Gont
Medium Risk

SMF Incorrect Flood Filter Headers

Daniel Godoy
Low Risk

ArcGIS For Server 10.1.1 XSS / Open Redirect

(CVE)
CAaNES
Medium Risk

MyBB 1.8 Beta 3 Cross Site Scripting / SQL Injection

DemoLisH
Medium Risk

Dashing Times SQL Injection

3spi0n
2014-08-21
Medium Risk

Apache HttpComponents client Hostname verification MITM attack

(CVE)
Dirk-Willem van ...
Medium Risk

Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting

(CVE)
Nik
Medium Risk

ArticleFR 3.0.4 SQL Injection

(CVE)
High-Tech Bridge...
Medium Risk

ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection

(CVE)
Pedro
Low Risk

WordPress All In One SEO Pack 2.2.2 Cross Site Scripting

1N3
Medium Risk

ESET Windows Products 7.0 Privilege Escalation

(CVE)
Kyriakos Economo...
Medium Risk

Panda Security 2014 Privilege Escalation

(CVE)
Kyriakos Economo...
High Risk

Delphi And C++ Builder VCL Library Buffer Overflow

(CVE)
CORE
Low Risk

WordPress Mobile Pack 2.0.1 Information Disclosure

Tom Adams
2014-08-20
Low Risk

Apache OFBiz 11.04.04 / 12.04.03 Cross Site Scripting

(CVE)
Gregory Draperi
Medium Risk

RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass

(CVE)
ESA
High Risk

HybridAuth install.php PHP Code Execution

Brendan Coles
High Risk

BlazeDVD Pro 7.0 Buffer Overflow

metacom
Medium Risk

EMC Documentum D2 Privilege Escalation

(CVE)
EMC
Low Risk

EMC Documentum Cross Site Scripting

(CVE)
EMC
High Risk

EMC Documentum Code Execution / DQL Injection

(CVE)
EMC
Low Risk

EMC Documentum Cross Site Request Forgery

(CVE)
EMC
2014-08-19
Medium Risk

Firefox toString console.time Privileged Javascript Injection

(CVE)
joev
High Risk

Gitlab-shell Code Execution

(CVE)
Brandon
High Risk

Senkas Kolibri WebServer 2.0 Buffer Overflow

(CVE)
tekwizz123
Medium Risk

Outlook.com For Android Failed Validation

(CVE)
Yorick Koster
Low Risk

WordPress Disqus 2.7.7 Cross Site Request Forgery

Voxel
2014-08-18
Low Risk

Wordpress 3.9.1 pluggable.php CSRF vulnerability

(CVE)
nacin
High Risk

Tenda A5s Router Authentication Bypass Vulnerability

(CVE)
zixian
2014-08-17
Low Risk

RiverBed Stingray Traffic Manager Virtual Appliance 9.6 XSS

William Costa
Medium Risk

Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs

Stefan Kanthak
2014-08-15
Low Risk

Optical Society of America's Prism Information Leak

Peter Wiedekind
Low Risk

MyConnection Server (MCS) 9.7i Cross Site Scripting

(CVE)
1N3
Low Risk

Lyris ListManagerWeb 8.95a Cross Site Scripting

(CVE)
1N3
Medium Risk

WordPress Gallery Objects 0.4 SQL Injection

(CVE)
Claudio Viviani
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-08-22
2014-08-22
 
CVE-2014-0232
( 4.3/10 )
 
  Apache Ofbiz
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecifie...
 
CVE-2014-3525
( 10/10 )
 
  Apache Traffic server
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.
 
CVE-2014-3594
( 3.5/10 )
 
  Openstack Horizon
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new h...
 
CVE-2014-4197
( 7.5/10 )
 
  Bssys Rbs bs-client
Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter.
 
CVE-2014-5097
( 7.5/10 )
 
  Freereprintables Articlefr
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.
 
CVE-2014-5121
( 4.3/10 )
 
  ESRI Arcgis for server
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
 
CVE-2014-5122
( 5.8/10 )
 
  ESRI Arcgis for server
Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login.
2014-08-21
 
CVE-2014-3562
( 5/10 )
 
  Fedoraproject 389 directory server
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
 
CVE-2014-3577
( 5.8/10 )
 
  Apache Httpasyncclient
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName fi...
 
CVE-2014-5158
( 10/10 )
 
  Alienvault Open source security informati...
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.
 
CVE-2014-5159
( 7.5/10 )
 
  Alienvault Open source security informati...
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.
 
CVE-2014-5210
( 10/10 )
 
  Alienvault Open source security informati...
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
 
CVE-2014-5383
( 6.5/10 )
 
  Alienvault Open source security informati...
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2009-5142
( 4.3/10 )
 
  Binarymoon Timthumb
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.
 
CVE-2010-5302
( 4.3/10 )
 
  Binarymoon Timthumb
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.
 
CVE-2010-5303
( 4.3/10 )
 
  Binarymoon Timthumb
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $erro...
 
CVE-2014-3951
( 5/10 )
 
  Freebsd Freebsd
The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT p...
 
CVE-2014-5384
( 5/10 )
 
  Freebsd Freebsd
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPL...
 
CVE-2014-5385
( 5/10 )
 
  Shopizer Shopizer
com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack.
 
CVE-2014-0965
( 4.3/10 )
 
  IBM Websphere application server
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com