2015-04-19
High
Wolf CMS Arbitrary File Upload Exploit
CWH Underground 
Low
Pandora FMS 5.1SP1 Cross Site Scripting
William Costa 
Low
Yourls 1.7 Cross Site Scripting
Alvaro Diaz 
Med.
Zoph 0.9.1 Cross Site Scripting / SQL Injection
Manuel Garcia C... 
Med.
WebsiteBaker 2.8.3 XSS / SQL Injection / HTTP Response Splitting
Manuel Garcia C... 
Med.
MyBB 1.8.1 Cross Site Scripting / SQL Injection
Smash_ 
Low
Snowfox CMS 1.0 Cross Site Request Forgery
Gjoko 'LiquidWo... 
Med.
Snowfox CMS 1.0 Open Redirect
Gjoko 'LiquidWo... 
Low
WordPress Html5 Mp3 Player Full Path Disclosure
KnocKout 
Med.
Digicom DG-5514T ADSL Session Hijacking
Nabin k.c 
Med.
Apache Struts 2.3.20 Security Fixes
Lukasz 
Med.
Asterisk WebSocket Server Remote Crash
oshua Colp 
Low
RedCloth Cross Site Scripting
Kousuke Ebihara 
Med.
WordPress Timed Popup 1.3 CSRF / XSS
Morten 
Med.
Sefrengo CMS 1.6.0 SQL Injection
Steffen R 
High
SysAid Server Arbitrary File Disclosure
Bernhard Muelle... 
Low
e107 v.2 alpha2 CSRF vulnerability
Steffen 
Low
WordPress Frontend Uploader 0.9.2 Cross Site Scripting
SECUPENT 
Low
Crea8Social 2.0 Cross Site Scripting
r0seMary 
Low
Sefrengo CMS 1.6.0 Cross Site Scripting
Steffen R 
Low
phpTrafficA 2.3 Cross Site Scripting
Daniel Geerts 
2015-04-18
Med.
PHP 5.6.6 move_uploaded_file() NULL byte filename truncation
habte 
High
Oracle Outside-In DOCX File Parsing Memory Corruption
Francis Provenc... 
Low
Oracle Hyperion Smart View for Office Buffer Overflow
sajith 
Low
Apache Http Server 2.2.29 / 2.4.12 NULL Pointer Dereference
Nicholas Lemoni... 
High
PHP 5.6.7 apache2handler remote code execution vulnerability
Marc 
Med.
ADB backup archive path traversal file overwrite
Imre Rad 
High
Android backup agent arbitrary code execution
Imre Rad 
2015-04-17
Low
Opoint Media Intelligence Open Redirect
Wang Jing 
High
Lychee 2.7.1 remote code execution
Filippo Cavalla... 
Med.
Nodes Studio CMS SQL Injection, XSS and FPD vulnerabilities
MustLive 
Med.
Wordpress Ajax Store Locator <= 1.2 SQL Injection Vulnerability
Claudio Viviani 
2015-04-16
Med.
gnutls 3.3.13 double-free in parsing CRL distribution points
Robert Święck... 
Med.
Microsoft Windows 8.1/7/others HTTP.sys Request Parsing DoS (MS15-034)
laurent gaffie 
Low
Comsenz SupeSite CMS 7.0 Cross Site Scripting
Wang Jing 

Read More

Top CWE:

  
CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  
 
[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

2015-04-16
CVE-2015-1821  Tuxfamily Chrony
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.
CVE-2015-1822  Tuxfamily Chrony
chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.
CVE-2015-3319  Hotspotexpress Hotex billing manager
Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2015-0405  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.
CVE-2015-0423  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2015-0433  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
CVE-2015-0438  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
CVE-2015-0439  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2015-0440  Oracle Right now service cloud
Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console.
CVE-2015-0441  Oracle Mysql
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.
CVE-2015-0447  Oracle E-business suite
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Configurator DMZ rules.
CVE-2015-0448  Oracle Solaris
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system.
CVE-2015-0449  Oracle Fusion middleware
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.
CVE-2015-0450  Oracle Fusion middleware
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to WebCenter Spaces Application.
CVE-2015-0451  Oracle Fusion middleware
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents.
CVE-2015-0452  Oracle Vm server
Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to Ldom Manager.
CVE-2015-0453  Oracle Peoplesoft products
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via vectors related to PORTAL.
CVE-2015-0455  Oracle Database server
Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2015-0456  Oracle Fusion middleware
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Portlet Services.
CVE-2015-0457  Oracle Database server
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Read More

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  
 
Full List of Vendors  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  
 

Full List of Products  



Copyright 2015, cxsecurity.com