Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-24
High Risk

strings / libbfd (Chromium 37.0.2062.120) out of bounds read

Michal Zalewski
Medium Risk

Linux 3.17 guest-triggerable KVM OOPS PoC

(CVE)
Andy Lutomirski
Medium Risk

Linux 3.17 guest-triggerable KVM OOPS

(CVE)
Andy Lutomirski
High Risk

Feng Office 1.7.4 Arbitrary File Upload

AutoSec Tools
Low Risk

Feng Office 1.7.4 Cross Site Scripting Vulnerabilities

AutoSec Tools
Low Risk

TestLink 1.9.12 Path Disclosure

(CVE)
Egidio Romano
High Risk

TestLink 1.9.12 PHP Object Injection

(CVE)
Egidio Romano
Medium Risk

WordPress CP Multi View Event Calendar 1.01 SQL Injection

Claudio Viviani
High Risk

WordPress / Joomla Creative Contact Form 0.9.7 Shell Upload

Gianni Angelozzi
Medium Risk

ElectricCommander 4.2.4.71224 Privilege Escalation

(CVE)
Sean Wright
Medium Risk

Centreon SQL / Command Injection

(CVE)
Juan vazquez
Medium Risk

Wonderful World-Wide CMS SQL Injection / Default Credentials

eX-Sh1Ne
High Risk

Free WMA MP3 Converter 1.8 Buffer Overflow

metacom
2014-10-23
Low Risk

SAP BusinessObjects Explorer 14.0.5 Cross Site Flashing

(CVE)
Stefan Horlacher
Low Risk

SAP BusinessObjects Explorer 14.0.5 Information Disclosure

(CVE)
Stefan Horlacher
Low Risk

Dell SonicWall GMS v7.2.x Persistent Web Vulnerability

Vulnerability La...
High Risk

Cisco Ironport WSA telnetd Remote Code Execution

(CVE)
Glafkos Charalam...
Medium Risk

iFunBox Free 1.1 Local File Inclusion

Vulnerability La...
Medium Risk

iBackup 10.0.0.32 Local Privilege Escalation

(CVE)
Glafkos Charalam...
High Risk

DotNetNuke DNNspot Store (UploadifyHandler.ashx) 3.0.0 File Upload

Glafkos Charalam...
High Risk

File Manager 4.2.10 Code Execution

Vulnerability La...
Medium Risk

Mulesoft ESB Runtime 3.5.1 Privilege Escalation / Code Execution

Brandon Perry
2014-10-22
Medium Risk

Nova VMware instance in resize state may leak

(CVE)
Tristan Cacquera...
Medium Risk

KVM DoS triggerable by malicious host userspace

(CVE)
Andy
Medium Risk

RESTAURANT SCRIPT SQL Injection Vulnerabilty

jsass
High Risk

Incredible PBX 11 2.0.6.5.0 Remote Command Execution

Simo Ben
High Risk

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

Larry W. Cashdol...
2014-10-21
Medium Risk

AutoWeb v3.0 CMS SQL Injection

Hugo Santiago do...
High Risk

Files Document & PDF 2.0.2 iOS Multiple Vulnerabilities

Vulnerability La...
Medium Risk

FileBug v1.5.1 iOS Path Traversal Web Vulnerability

Vulnerability La...
High Risk

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

(CVE)
Pedro
Low Risk

LiteCart 1.1.2.1 Cross Site Scripting

(CVE)
Onur Yilmaz
Medium Risk

Huawei Mobile Partner DLL Hijacking

Osanda Malith Ja...
Low Risk

Newtelligence dasBlog 2.3 Open Redirect

(CVE)
Wang Jing
Medium Risk

OpenMRS 2.1 Access Bypass / XSS / CSRF

(CVE)
Mahendra
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-25
2014-10-24
 
CVE-2014-7298
( 4.9/10 )
 
  Centrify Centrify suite
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.
 
CVE-2014-8346
( 7.8/10 )
 
  Samsung Findmymobile
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggerin...
2014-10-23
 
CVE-2014-0619
( 6.9/10 )
 
  Hamstersoft Hamster free zip archiver
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.
 
CVE-2014-2230
( 5.8/10 )
 
  Openx Openx
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _max...
 
CVE-2014-7281
( 6.8/10 )
 
  Tenda A32
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/...
 
CVE-2014-7292
( 5.8/10 )
 
  Newtelligence Dasblog
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a U...
 
CVE-2014-8071
( 4.3/10 )
 
  Openmrs Openmrs
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/regi...
 
CVE-2014-8072
( 4/10 )
 
  Openmrs Openmrs
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
 
CVE-2014-8073
( 6.8/10 )
 
  Openmrs Openmrs
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form.
2014-10-22
 
CVE-2014-4448
( 1.9/10 )
 
  Apple Iphone os
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
 
CVE-2014-4449
( 6.8/10 )
 
  Apple Iphone os
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-4450
( 1.9/10 )
 
  Apple Iphone os
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within u...
 
CVE-2013-7407
( 6.8/10 )
 
  Drupal Mrbs module
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
 
CVE-2014-3675
( 5/10 )
 
  SHIM SHIM
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
 
CVE-2014-3676
( 7.5/10 )
 
  SHIM SHIM
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
 
CVE-2014-3677
( 7.5/10 )
 
  SHIM SHIM
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
 
CVE-2014-6352
( 9.3/10 )
 
  Microsoft Windows 7
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploit...
 
CVE-2014-6387
( 5/10 )
 
  Mantisbt Mantisbt
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
 
CVE-2014-7182
( 4.3/10 )
 
  Wpgmaps Wordpress google maps plugin
Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_m...
 
CVE-2014-7183
( 4.3/10 )
 
  Litecart Litecart
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com