Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-04-17
High Risk

OpenSSL 1.0.1 Missing critical flag for extended key usage

Stephan Muehlstr...
High Risk

SAP Router Password Timing Attack

(CVE)
CORE
Medium Risk

PCNetSoftware RAC Server 4.0.4 / 4.0.5 Denial Of Service

(CVE)
Kyriakos Economo...
Low Risk

Ektron CMS 8.7 Cross Site Scripting

(CVE)
Joseph Zeng Xian...
Medium Risk

WinSCP 5.5.2.4130 Missing X.509 Validation

(CVE)
Micha Borrmann
Medium Risk

MobFox mAdserver 2.0 SQL Injection

(CVE)
High-Tech Bridge...
High Risk

EMC Cloud Tiering Appliance XXE / Information Disclosure

(CVE)
EMC
Low Risk

CMS Studio Cross Site Scripting

Renzi
2014-04-16
High Risk

libmms heap-based buffer overflow

Alex Chapman
Medium Risk

clang-3.5 scan-build insecure use of /tmp

Jakub Wilk
High Risk

Microsoft Internet Explorer CMarkup Use-After-Free Metasploit

(CVE)
Juan vazquez
Medium Risk

MyBB Advanced Forum Signatures 2.0.4 SQL Injection

(CVE)
Mario_Vs
Medium Risk

OpenSSL use-after-free race condition read buffer

(CVE)
Pawel Kolodziej
Medium Risk

Apache HTTPD 2.2.22/ModSecurity 2.7.5 bypass RequestHeader unset

(CVE)
Martin
High Risk

Apache Syncope 1.0.8 / 1.1.6 Code Execution

(CVE)
Draperi
High Risk

Ruckus OpenSSL 1.0.1 Heartbleed Issue

(CVE)
Ruckus Wireless
Medium Risk

Xerox DocuShare SQL Injection

Brandon Perry
High Risk

Unitrends Unauthenticated Root Command Execution

Brandon Perry
High Risk

Adobe Flash ExternalInterface Use-After-Free

(CVE)
VUPEN
High Risk

Netgear N600 Password Disclosure / Account Reset

Santhosh Kumar
High Risk

WebTitan 4.01 Command Execution / Directory Traversal

Brandon Perry
Low Risk

Joomla SMF Cross Site Scripting

Renzi
Low Risk

CMS iCAT Cross Site Scripting

Renzi
2014-04-15
High Risk

TrueCrypt Multiple Vulnerabilities

iSEC
Medium Risk

Adobe Reader For Android Javascript Insecure

Yorick Koster
Medium Risk

PDF Album 1.7 Local File Inclusion

Vulnerability La...
Low Risk

HP Insecure RPATH Use

(CVE)
Tim Brown
High Risk

BMC Patrol For AIX Insecure RPATH Use

(CVE)
Tim Brown
Medium Risk

WordPress LineNity Local File Inclusion

Felipe Andrian P...
Medium Risk

Madss Software Solution SQL Injection

Ashiyane Digital...
Low Risk

PrestaShop 1.5.6.2 Cross Site Scripting

Renzi
Medium Risk

CMS Int24 SQL Injection

Renzi
Low Risk

Joomla BeaconDecode Cross Site Scripting

Renzi
Low Risk

Joomla EWriting Cross Site Scripting

Renzi
2014-04-14
High Risk

Internet Explorer 10 CMarkup Use-After-Free Exploit

(CVE)
Jean-Jamil Khali...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-04-17
2014-04-16
 
CVE-2011-0460
( 6.3/10 )
 
  Kbd-project KBD
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.
2014-04-15
 
CVE-2008-3277
( 4.4/10 )
 
  Openfabrics Ibutils
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows l...
 
CVE-2013-5704
( 5/10 )
 
  Apache Http server
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a s...
 
CVE-2013-5705
( 5/10 )
 
  Modsecurity Modsecurity
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
 
CVE-2014-0341
( 3.5/10 )
 
  Pivotx Pivotx
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templa...
 
CVE-2014-0342
( 7.5/10 )
 
  Pivotx Pivotx
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecifie...
 
CVE-2014-0348
( 3.5/10 )
 
  Ontariosystems Artiva architect
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to ar...
 
CVE-2014-0353
( 6.1/10 )
 
  Zyxel N300 netusb nbg-419n
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters.
 
CVE-2014-0354
( 7.8/10 )
 
  Zyxel N300 netusb nbg-419n
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request.
 
CVE-2014-0355
( 7.9/10 )
 
  Zyxel N300 netusb nbg-419n
Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp attribute in a yweather:condition element in a forecas...
 
CVE-2014-0356
( 7.9/10 )
 
  Zyxel N300 netusb nbg-419n
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost funct...
 
CVE-2014-0357
( 5/10 )
 
  Amtelco Misecuremessages
Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.
 
CVE-2014-0358
( 7.8/10 )
 
  Xangati Xangati software release
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download ...
 
CVE-2014-0359
( 9/10 )
 
  Xangati Xangati software release
Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.
 
CVE-2010-2236
( 6/10 )
 
  Redhat Network proxy
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to ex...
 
CVE-2011-3628
( 6.9/10 )
 
  Canonical Libpam-modules
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04...
 
CVE-2012-0214
( 4.3/10 )
 
  Advanced package tool Advanced package tool
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to i...
 
CVE-2013-4768
( 5/10 )
 
  Eucalyptus Eucalyptus
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) V...
 
CVE-2013-6456
( 5.8/10 )
 
  Redhat Libvirt
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virD...
 
CVE-2013-7368
( 4.3/10 )
 
  Raoul proenca GNEW
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com