Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-22
Medium Risk

Nova VMware instance in resize state may leak

(CVE)
Tristan Cacquera...
Medium Risk

KVM DoS triggerable by malicious host userspace

(CVE)
Andy
Medium Risk

RESTAURANT SCRIPT SQL Injection Vulnerabilty

jsass
High Risk

Incredible PBX 11 2.0.6.5.0 Remote Command Execution

Simo Ben
High Risk

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

Larry W. Cashdol...
2014-10-21
Medium Risk

AutoWeb v3.0 CMS SQL Injection

Hugo Santiago do...
High Risk

Files Document & PDF 2.0.2 iOS Multiple Vulnerabilities

Vulnerability La...
Medium Risk

FileBug v1.5.1 iOS Path Traversal Web Vulnerability

Vulnerability La...
High Risk

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

(CVE)
Pedro
Low Risk

LiteCart 1.1.2.1 Cross Site Scripting

(CVE)
Onur Yilmaz
Medium Risk

Huawei Mobile Partner DLL Hijacking

Osanda Malith Ja...
Low Risk

Newtelligence dasBlog 2.3 Open Redirect

(CVE)
Wang Jing
Medium Risk

OpenMRS 2.1 Access Bypass / XSS / CSRF

(CVE)
Mahendra
2014-10-20
Medium Risk

Newtelligence dasBlog Open Redirect Vulnerability

(CVE)
Wang Jing
2014-10-19
High Risk

MacOS X 10.9 Hard Link Memory Corruption PoC

(CVE)
CXSECURITY
Medium Risk

Linux PolicyKit Race Condition Privilege Escalation

(CVE)
xi4oyu
Medium Risk

Centreon SQL Injection / Command Injection

(CVE)
MaZ
2014-10-18
High Risk

MacOSX 10.9/XNU HFS Kernel Multiple Vulnerabilities

(CVE)
CXSECURITY
High Risk

MS14-060 Microsoft Windows OLE Package Manager Code Execution

(CVE)
Juan vazquez
High Risk

Fonality Trixbox CE 2.8.0.4 Command Execution

Simo Ben youssef
High Risk

Elastix 2.4.0 Stable XSS / CSRF / Command Execution

Simo Ben youssef
High Risk

Drupal HTTP Parameter Key/Value SQL Injection

(CVE)
Brandon
2014-10-17
Medium Risk

Bypassing HTTP Strict Transport Security

Jose Selvi
Low Risk

Abusing TZ for fun (and little profit)

Jakub Wilk
High Risk

SAP BusinessObjects Explorer 14.0.5 XXE Injection

(CVE)
Stefan Horlacher
Medium Risk

IPy Blacklist Bypass

Nicolas
Medium Risk

NETIS DL4322D XSS / CSRF / DoS

AkaStep
Low Risk

New York Times Cross Site Scripting

Wang Jing
Low Risk

OpenX 2.8.10 Open Redirect

(CVE)
Wang Jing
Medium Risk

SAP Netweaver Enqueue Server Trace Pattern Denial Of Service

(CVE)
CORE
2014-10-16
High Risk

Drupal 7.x SQL Injection Exploit

fyukyuk
High Risk

Drupal 7.31 CORE pre Auth SQL Injection Vulnerability *youtube

Stefan Horst
Medium Risk

Microsoft Bluetooth Personal Area Networking Privilege Escalation

(CVE)
Jay Smith
Medium Risk

SEO Control Panel 3.6.0 SQL Injection

Tiago Carvalho
Low Risk

Tenda A32 Cross Site Request Forgery

(CVE)
zixian
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-22
2014-10-20
 
CVE-2012-2413
( 4.3/10 )
 
  Joomla Joomla!
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.
 
CVE-2012-5244
( 7.5/10 )
 
  Bananadance Banana dance
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to fu...
 
CVE-2012-5701
( 6.8/10 )
 
  Dotproject Dotproject
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a department...
 
CVE-2012-5865
( 6.5/10 )
 
  Achievo Achievo
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
 
CVE-2012-5866
( 4.3/10 )
 
  Achievo Achievo
Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
 
CVE-2012-5694
( 6.8/10 )
 
  Bulb security Smartphone pentest framework
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) pla...
 
CVE-2012-5695
( 5.1/10 )
 
  Bulb security Smartphone pentest framework
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter...
 
CVE-2012-5696
( 5/10 )
 
  Bulb security Smartphone pentest framework
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.
 
CVE-2012-5697
( 4.6/10 )
 
  Bulb security Smartphone pentest framework
The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary ...
2014-10-18
 
CVE-2014-2358
( 5.1/10 )
 
  Fox-it Fox datadiode
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that...
 
CVE-2014-2647
( 4.3/10 )
 
  HP Operations agent
Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-3021
( 5/10 )
 
  IBM Websphere application server
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP me...
 
CVE-2014-3368
( 7.8/10 )
 
  Cisco Expressway software
Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507.
 
CVE-2014-3369
( 7.1/10 )
 
  Cisco Expressway software
The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252.
 
CVE-2014-3370
( 7.1/10 )
 
  Cisco Expressway software
Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447.
 
CVE-2014-3381
( 5/10 )
 
  Cisco Asyncos
The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934.
 
CVE-2014-3397
( 7.8/10 )
 
  Cisco Telepresence mcu software
The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468.
 
CVE-2014-3406
( 7.1/10 )
 
  Cisco Intrusion prevention system
Race condition in the IP logging feature in Cisco Intrusion Prevention System (IPS) Software 7.1(7)E4 and earlier allows remote attackers to cause a denial of service (device reload) via crafted IP traffic that matches a problematic rule, aka Bug ID ...
 
CVE-2014-3408
( 6.8/10 )
 
  Cisco Prime optical
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763.
 
CVE-2014-3513
( 7.1/10 )
 
  Openssl Openssl
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com