Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-11-29
Low Risk

Microsoft IIS 7.5 error message XSS (20 chars)

A Z
Medium Risk

Microsoft no DEP in Windows filesystem (and ASLR barely used)

Stefan Kanthak
Medium Risk

D-Link DAP-1360 XSS and CSRF

MustLive
High Risk

Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability

(CVE)
Egidio Romano
Medium Risk

CCH Wolters Kluwer PFX Engagement <= v7.1 Local Privilege Escalation

(CVE)
singularitysec
High Risk

Digi Online Examination System 2.0 Shell Upload

(CVE)
Halil Dalabasmaz
High Risk

X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution

(CVE)
Juan
High Risk

ZTE ZXHN H108L Authentication Bypass

(CVE)
Project Zero Lab...
High Risk

DukaPress 2.5.2 Path Traversal

(CVE)
Kacper Szurek
2014-11-27
Low Risk

gassarit CMS Cross-Site Scripting Vulnerability

IeDb
Medium Risk

Undertow (on Windows) Information disclosure via directory traversal

(CVE)
Arun Babu Neelic...
Medium Risk

Pandora FMS SQLi Remote Code Execution

Jason Kratzer
Low Risk

Joomla Kunena Forum 3.0.5 Cross Site Scripting

(CVE)
Raymond Rizk
2014-11-26
High Risk

PHP 5.x / Bash Shellshock Proof Of Concept

(CVE)
ssbostan
Low Risk

PHP 5.6.1 open_basedir exist file check bypass

zuzzz
High Risk

Wordpress db-backup plugin File Download Vulnerability

Ashiyane Digital...
Low Risk

phpBB 3.1.1 deregister_globals() Bypass

Taoguang Chen
Medium Risk

Android Settings Pendingintent Leak

(CVE)
Baidu X-Team
Low Risk

Android SMS Resend

(CVE)
Baidu X-Team
Medium Risk

Android WAPPushManager SQL Injection

(CVE)
Baidu X-Team
Low Risk

xEpan 1.0.1 Cross Site Request Forgery

(CVE)
High-Tech Bridge...
Medium Risk

Device42 Embedded Credentials

Brandon Perry
High Risk

Device42 Ping Command Injection

Brendan Coles
High Risk

Device42 Traceroute Command Injection

Brendan Coles
High Risk

Slider Revolution/Showbiz Pro Shell Upload

Simo Ben youssef
Low Risk

WordPress Sexy Squeeze Pages Cross Site Scripting

KnocKout
Low Risk

WordPress Html5 Mp3 Player Full Path Disclosure

KnocKout
Medium Risk

Apadana CMS SQL Injection

SeRaVo.BlackHat
Medium Risk

KMPlayer 3.9.1.130 Denial Of Service

Ajin Abraham
High Risk

Mozilla Firefox 3.6 mChannel Use-After-Free

Juan Sacco
High Risk

libFLAC 1.3.0 Stack Overflow / Heap Overflow / Code Execution

(CVE)
Michele Spagnuol...
High Risk

Docker Privilege Escalation

(CVE)
Florian Weimer
2014-11-25
Medium Risk

Invision Power Board <= 3.4.7 password change

Dmitry Hitry
High Risk

iBanking botnet Shell Upload Vulnerability

Xylitol
High Risk

Atrax Botnet Shell Upload Vulnerability

Xylitol
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-11-28
2014-11-28
 
CVE-2014-7178
( 9.3/10 )
 
  Enalean Tuleap
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
 
CVE-2014-7850
( 4.3/10 )
 
  Redhat Freeipa
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.
 
CVE-2014-8423
( 10/10 )
 
  Arris Vap2500 firmware
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.
 
CVE-2014-8424
( 7.8/10 )
 
  Arris Vap2500 firmware
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
 
CVE-2014-8425
( 7.8/10 )
 
  Arris Vap2500 firmware
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.
 
CVE-2014-8429
( 6.8/10 )
 
  Xavoc Xepan cms
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafte...
 
CVE-2014-8799
( 5/10 )
 
  Dukapress project Dukapress
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
 
CVE-2014-8801
( 5/10 )
 
  Paidmembershipspro Paid memberships pro
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax...
 
CVE-2014-8994
( 3.6/10 )
 
  Check diskio project Check diskio
The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).
 
CVE-2014-9089
( 7.5/10 )
 
  Mantisbt Mantisbt
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
2014-11-27
 
CVE-2014-5426
( 5/10 )
 
  Matrikonopc Dnp3 opc server
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message.
 
CVE-2014-3407
( 5/10 )
 
  Cisco Adaptive security appliance so...
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) v...
 
CVE-2014-4829
( 6.8/10 )
 
  IBM Qradar risk manager
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the ...
 
CVE-2014-4831
( 5.8/10 )
 
  IBM Qradar risk manager
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.
 
CVE-2014-4832
( 4.3/10 )
 
  IBM Qradar risk manager
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network dur...
 
CVE-2014-4883
( 5/10 )
 
  Iwip project IWIP
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poiso...
 
CVE-2014-6075
( 5/10 )
 
  IBM Qradar risk manager
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information ...
2014-11-26
 
CVE-2014-8551
( 10/10 )
 
  Siemens Simatic pcs7
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via ...
 
CVE-2014-8552
( 5/10 )
 
  Siemens Simatic pcs7
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via cr...
 
CVE-2014-2037
( 5/10 )
 
  Openswan Openswan
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com