Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-11-25
Medium Risk

Invision Power Board <= 3.4.7 password change

Dmitry Hitry
High Risk

iBanking botnet Shell Upload Vulnerability

Xylitol
High Risk

Atrax Botnet Shell Upload Vulnerability

Xylitol
Medium Risk

phpMyRecipes 1.2.2 (dosearch.php, words_exact param) SQL Injection

bard
High Risk

TRENDnet SecurView Wireless Network Camera TV-IP422WN Stack BoF

Gjoko 'LiquidWor...
Medium Risk

PHP 5.5.12 Locale::parseLocale Memory Corruption

John Leitch
Medium Risk

CodeMeter Weak Service Permissions

(CVE)
Andrew Smith and...
High Risk

WordPress WP-DB-Backup 2.2.4 Backup Theft

Larry W. Cashdol...
Medium Risk

RobotStats 1.0 SQL Injection

ZoRLu
Low Risk

RobotStats 1.0 Cross Site Scripting

ZoRLu
Medium Risk

WordPress wpDataTables 1.5.3 SQL Injection

Claudio Viviani
High Risk

WordPress wpDataTables 1.5.3 Shell Upload

Claudio Viviani
Medium Risk

FluxBB 1.5.6 SQL Injection

secthrowaway
2014-11-24
High Risk

Linux 'less' can probably get you owned

Michal Zalewski
High Risk

Hikvision DVR RTSP Request Remote Code Execution

(CVE)
Mark Schloesser
Medium Risk

Firefox 31 Integer Overflow

Stakenvicius
High Risk

Linux kernel LDT handling bugs

Andy
2014-11-23
Medium Risk

lesspipe cpio bug to back up the argument

Michal Zalewski
High Risk

MyBB <= 1.8.2 unset_globals() Function Bypass and Remote

Taoguang Chen
Medium Risk

WordPress SP Client Document Manager 2.4.1 SQL Injection

ITAS Team
2014-11-22
High Risk

ClamAV heap buffer overflow scanning a specially crafted file

(CVE)
Damien
Medium Risk

TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service

Gjoko 'LiquidWor...
High Risk

glibc command execution in wordexp() with WRDE_NOCMD specified

Francisco
Medium Risk

TIBCO Managed File Transfer vulnerabilities

(CVE)
TIBCO
Low Risk

TIBCO Spotfire Web Player vulnerabilities

(CVE)
TIBCO
Low Risk

Booking.com Open Redirect

Sergio Giucastro
2014-11-21
High Risk

Netgear Wireless Router WNR500 Traversal Arbitrary File Access Exploit

Gjoko 'LiquidWor...
Medium Risk

Privacyware Privatefirewall 7.0 Unquoted Service Path Privilege Escalation

Gjoko 'LiquidWor...
Medium Risk

Supr Shopsystem v5.1.0 - Persistent UI Vulnerability

Vulnerability La...
High Risk

Microsoft Internet Explorer OLE Pre-IE11 Code Execution

(CVE)
GradiusX
Low Risk

PHPFox XSS AdminCP

(CVE)
Wesley Henrique ...
High Risk

Paid Memberships Pro 1.7.14.2 Path Traversal

(CVE)
Kacper Szurek
High Risk

Advantech EKI-6340 2.05 Command Injection

(CVE)
CORE
High Risk

Advantech AdamView 4.3 Buffer Overflow

(CVE)
CORE
High Risk

WordPress CM Download Manager 2.0.0 Code Injection

(CVE)
Phi Le Ngoc
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-11-26
2014-11-24
 
CVE-2014-7830
( 3.5/10 )
 
  Moodle Moodle
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or...
 
CVE-2014-7831
( 4/10 )
 
  Moodle Moodle
lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student r...
 
CVE-2014-7832
( 4/10 )
 
  Moodle Moodle
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to by...
 
CVE-2014-7833
( 4/10 )
 
  Moodle Moodle
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by access...
 
CVE-2014-7834
( 4/10 )
 
  Moodle Moodle
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.
 
CVE-2014-7835
( 2.1/10 )
 
  Moodle Moodle
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross...
 
CVE-2014-7836
( 6.8/10 )
 
  Moodle Moodle
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod...
 
CVE-2014-7837
( 5.5/10 )
 
  Moodle Moodle
mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.
 
CVE-2014-7838
( 6.8/10 )
 
  Moodle Moodle
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for request...
 
CVE-2014-7845
( 7.5/10 )
 
  Moodle Moodle
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-f...
 
CVE-2014-7846
( 4/10 )
 
  Moodle Moodle
tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access ...
 
CVE-2014-7847
( 5/10 )
 
  Moodle Moodle
iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitu...
 
CVE-2014-7848
( 5/10 )
 
  Moodle Moodle
lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
 
CVE-2014-9059
( 4.3/10 )
 
  Moodle Moodle
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 ch...
 
CVE-2014-9060
( 5/10 )
 
  Moodle Moodle
The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via ...
 
CVE-2010-5312
( 4.3/10 )
 
  Jqueryui Jquery ui
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
 
CVE-2012-6662
( 4.3/10 )
 
  Jqueryui Jquery ui
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not prope...
 
CVE-2014-1424
( 6.4/10 )
 
  Ubuntu Apparmor
apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."
 
CVE-2014-7817
( 4.3/10 )
 
  GNU Glibc
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
 
CVE-2014-7821
( 4/10 )
 
  Openstack Neutron
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com