Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-04-23
Low Risk

ASUS RT-AC68U Cross Site Scripting

(CVE)
Joaquim Brasil d...
High Risk

ASUS RT-AC68U Remote Command Execution

(CVE)
Joaquim Brasil d...
High Risk

Parallels Plesk Panel 12.x Key Disclosure

Tim Rots
Medium Risk

Sixnet Sixview 2.4.1 Directory Traversal

daniel svartman
High Risk

No-CMS 0.6.6 Rev 1 Account Hijack / Remote Command Execution

Mehmet Ince
Low Risk

Symantec Messaging Gateway 10.5.1 Cross Site Scripting

illiam Costa
Medium Risk

iDevAffiliate 5.x SQL Injection

Robert Cooper
2014-04-22
Medium Risk

KnowledgeTree Blind SQL Injection

(CVE)
Craig Arendt
Low Risk

WordPress JS External Link Info Cross Site Scripting

Ashiyane Digital...
Medium Risk

PTCeffect 4.6 Local File Inclusion / SQL Injection

Walidz
Low Risk

DuBose Web Group CMS Cross Site Scripting

Renzi
Medium Risk

Wapoweb SQL Injection

Renzi
2014-04-21
Medium Risk

systemd create or overwrite arbitrary files

(CVE)
Sebastian Krahme...
High Risk

Wordpress Themes Theagency File Upload Vulnerability

AnonBoy
Medium Risk

phpManufaktur / kitForm <= 0.43 SQL Injection

xoxo chapp
Medium Risk

Media Player Classic Memory Corruption

(CVE)
Aryan Bayanineja...
Low Risk

mojoPortal 2.4.0.3 Multiple XSS Vulnerabilities

Smash_
Medium Risk

WordPress File Disclosure Vulnerability

Th3 R0cksT3r
Medium Risk

CGR BRASIL CMS Sql Injection

Felipe Andrian P...
Low Risk

Teracom Modem CSRF Vulnerability

Rakesh S
2014-04-19
Medium Risk

clang-3.5 scan-build insecure use of /tmp

(CVE)
Jakub Wilk
High Risk

Adobe Flash Player Regular Expression Heap Overflow

(CVE)
Juan vazquez
Low Risk

CU3ER 1.24 Cross Site Scripting / Content Spoofing

MustLive
High Risk

Sercomm TCP/32674 Backdoor Reactivation

Eloi Vanderbeken
Medium Risk

Linux group_info Denial Of Service

(CVE)
Thomas Pollet
Low Risk

vBulletin 5.1 Cross Site Scripting

Romanian Securit...
High Risk

Ruby Gem sfpagent 0.4.14 Command Injection

Larry W. Cashdol...
2014-04-18
Low Risk

bzip2 1.0.5 local users execute arbitrary code

(CVE)
Tavis Ormandy
Low Risk

Oracle Identity Manager Unvalidated Redirects

(CVE)
Giuseppe D'Amore...
High Risk

Nagios Remote Plugin Executor 2.15 Remote Command Execution

Dawid Golunski
High Risk

ASUS RT Password Disclosure

(CVE)
David Longenecke...
Low Risk

McAfee Security Scanner Plus Rogue Binary Execution

Stefan Kanthak
Medium Risk

D-Link DAP-1320 Directory Traversal / Cross Site Scripting

K Lovett
High Risk

CMSimple 4.4.2 Remote File Inclusion

NoGe
Low Risk

F-Secure Messaging Security Gateway 7.5.0.892 Cross Site Scripting

William Costa
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-04-22
2014-04-22
 
CVE-2013-5948
( 8.5/10 )
 
  ASUS Rt-ac68u
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (...
 
CVE-2013-6370
( 5/10 )
 
  Json-c project Json-c
Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.
 
CVE-2013-6371
( 5/10 )
 
  Json-c project Json-c
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
 
CVE-2013-6469
( 6.5/10 )
 
  Redhat Jboss fuse service works
JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details are obtained from third party information.
 
CVE-2014-0173
( 5.8/10 )
 
  Automattic Jetpack
The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for...
 
CVE-2014-1216
( 7.5/10 )
 
  Fitnesse Fitnesse wiki
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
 
CVE-2014-2269
( 6.4/10 )
 
  Vtiger Vtiger crm
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.
 
CVE-2014-2341
( 6.8/10 )
 
  Cubecart Cubecart
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
 
CVE-2014-2719
( 6.3/10 )
 
  ASUS Rt-ac68u
Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.
 
CVE-2014-2735
( 5.8/10 )
 
  Winscp Winscp
WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL s...
 
CVE-2014-2925
( 4.3/10 )
 
  ASUS Rt-ac68u
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter...
2014-04-21
 
CVE-2013-5459
( 5.5/10 )
 
  IBM Rational software architect de...
Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by leveraging improper parameter checking.
 
CVE-2014-0361
( 3/10 )
 
  Toshibacommerce 4690 point of sale operating s...
The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information vi...
 
CVE-2014-0932
( 3.5/10 )
 
  IBM Sterling order management
Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
 
CVE-2014-2921
( 7.5/10 )
 
  Pimcore Pimcore
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object ...
 
CVE-2014-2922
( 6.4/10 )
 
  Pimcore Pimcore
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injectio...
2014-04-19
 
CVE-2013-6213
( 10/10 )
 
  HP Loadrunner
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.
 
CVE-2013-6214
( 4/10 )
 
  HP Universal configuration manage...
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.
 
CVE-2014-0778
( 5/10 )
 
  Progea Movicon
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.
 
CVE-2014-1974
( 6.4/10 )
 
  Lyesoft Andexplorer
Directory traversal vulnerability in LYSESOFT AndExplorer before 20140403 and AndExplorerPro before 20140405 allows attackers to overwrite or create arbitrary files via unspecified vectors.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com