Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-22
Medium Risk

Nova VMware instance in resize state may leak

(CVE)
Tristan Cacquera...
Medium Risk

KVM DoS triggerable by malicious host userspace

(CVE)
Andy
Medium Risk

RESTAURANT SCRIPT SQL Injection Vulnerabilty

jsass
High Risk

Incredible PBX 11 2.0.6.5.0 Remote Command Execution

Simo Ben
High Risk

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

Larry W. Cashdol...
2014-10-21
Medium Risk

AutoWeb v3.0 CMS SQL Injection

Hugo Santiago do...
High Risk

Files Document & PDF 2.0.2 iOS Multiple Vulnerabilities

Vulnerability La...
Medium Risk

FileBug v1.5.1 iOS Path Traversal Web Vulnerability

Vulnerability La...
High Risk

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

(CVE)
Pedro
Low Risk

LiteCart 1.1.2.1 Cross Site Scripting

(CVE)
Onur Yilmaz
Medium Risk

Huawei Mobile Partner DLL Hijacking

Osanda Malith Ja...
Low Risk

Newtelligence dasBlog 2.3 Open Redirect

(CVE)
Wang Jing
Medium Risk

OpenMRS 2.1 Access Bypass / XSS / CSRF

(CVE)
Mahendra
2014-10-20
Medium Risk

Newtelligence dasBlog Open Redirect Vulnerability

(CVE)
Wang Jing
2014-10-19
High Risk

MacOS X 10.9 Hard Link Memory Corruption PoC

(CVE)
CXSECURITY
Medium Risk

Linux PolicyKit Race Condition Privilege Escalation

(CVE)
xi4oyu
Medium Risk

Centreon SQL Injection / Command Injection

(CVE)
MaZ
2014-10-18
High Risk

MacOSX 10.9/XNU HFS Kernel Multiple Vulnerabilities

(CVE)
CXSECURITY
High Risk

MS14-060 Microsoft Windows OLE Package Manager Code Execution

(CVE)
Juan vazquez
High Risk

Fonality Trixbox CE 2.8.0.4 Command Execution

Simo Ben youssef
High Risk

Elastix 2.4.0 Stable XSS / CSRF / Command Execution

Simo Ben youssef
High Risk

Drupal HTTP Parameter Key/Value SQL Injection

(CVE)
Brandon
2014-10-17
Medium Risk

Bypassing HTTP Strict Transport Security

Jose Selvi
Low Risk

Abusing TZ for fun (and little profit)

Jakub Wilk
High Risk

SAP BusinessObjects Explorer 14.0.5 XXE Injection

(CVE)
Stefan Horlacher
Medium Risk

IPy Blacklist Bypass

Nicolas
Medium Risk

NETIS DL4322D XSS / CSRF / DoS

AkaStep
Low Risk

New York Times Cross Site Scripting

Wang Jing
Low Risk

OpenX 2.8.10 Open Redirect

(CVE)
Wang Jing
Medium Risk

SAP Netweaver Enqueue Server Trace Pattern Denial Of Service

(CVE)
CORE
2014-10-16
High Risk

Drupal 7.x SQL Injection Exploit

fyukyuk
High Risk

Drupal 7.31 CORE pre Auth SQL Injection Vulnerability *youtube

Stefan Horst
Medium Risk

Microsoft Bluetooth Personal Area Networking Privilege Escalation

(CVE)
Jay Smith
Medium Risk

SEO Control Panel 3.6.0 SQL Injection

Tiago Carvalho
Low Risk

Tenda A32 Cross Site Request Forgery

(CVE)
zixian
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-22
2014-10-18
 
CVE-2014-2358
( 5.1/10 )
 
  Fox-it Fox datadiode
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that...
 
CVE-2014-2647
( 4.3/10 )
 
  HP Operations agent
Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-3021
( 5/10 )
 
  IBM Websphere application server
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP me...
 
CVE-2014-3368
( 7.8/10 )
 
  Cisco Expressway software
Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507.
 
CVE-2014-3513
( 7.1/10 )
 
  Openssl Openssl
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
 
CVE-2014-3567
( 7.1/10 )
 
  Openssl Openssl
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an...
 
CVE-2014-3568
( 4.3/10 )
 
  Openssl Openssl
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr...
 
CVE-2014-4825
( 4.3/10 )
 
  IBM Qradar security information an...
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors.
 
CVE-2014-4827
( 4.3/10 )
 
  IBM Qradar security information an...
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
 
CVE-2014-4828
( 4.3/10 )
 
  IBM Qradar security information an...
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request.
 
CVE-2014-4830
( 4.3/10 )
 
  IBM Qradar security information an...
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to thi...
 
CVE-2014-4833
( 6.5/10 )
 
  IBM Qradar security information an...
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input.
 
CVE-2014-4836
( 3.5/10 )
 
  IBM Tririga application platform
Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary ...
 
CVE-2014-4837
( 3.5/10 )
 
  IBM Tririga application platform
Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web s...
 
CVE-2014-4838
( 3.5/10 )
 
  IBM Tririga application platform
Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject ...
2014-10-17
 
CVE-2013-7330
( 4/10 )
 
  Cloudbees Jenkins
CloudBees Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.
 
CVE-2014-2058
( 6.5/10 )
 
  Cloudbees Jenkins
BuildTrigger in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of a...
 
CVE-2014-2060
( 7.5/10 )
 
  Cloudbees Jenkins
The Winstone servlet container in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.
 
CVE-2014-2061
( 5/10 )
 
  Cloudbees Jenkins
The input control in PasswordParameterDefinition in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.
 
CVE-2014-2062
( 6.5/10 )
 
  Cloudbees Jenkins
CloudBees Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com