Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2015-03-02
Low Risk

PuTTY fails to clear private key information from memory

(CVE)
Patrick Coleman
High Risk

Seagate Business NAS pre-authentication remote code execution

OJ Reeves
Medium Risk

WordPress Survey And Poll 1.1.7 Blind SQL Injection

(CVE)
Securely
Medium Risk

Clipbucket 2.7 RC3 0.9 Blind SQL Injection

(CVE)
CWH Underground
2015-02-28
High Risk

Apache Standard Taglibs 1.2.1 XXE / Remote Command Execution

(CVE)
David Jorm of II...
Low Risk

Tcl 1.16 Cross Site Scripting

Ben Fuhrmannek
Medium Risk

Loxone Smart Home CSRF / XSS / DoS / Credential Leakage

Daniel Schwarz
High Risk

Jetty 9.2.8 Shared Buffer Leakage

(CVE)
Gotham Digital S...
High Risk

HelpDezk 1.0.1 Shell Upload / Code Execution / Disclosure

Dennis Veninga
Low Risk

WordPress Media Cleaner 2.2.6 Cross Site Scripting

smail SAYGILI
2015-02-27
Low Risk

Collabtive 2.0 Cross Site Scripting

Provensec
Low Risk

TangoBB 1.5.0-A3 Cross Site Scripting

Dennis Veninga
Low Risk

Enano CMS 1.1.8pl1 Cross Site Scripting

Dennis Veninga
Medium Risk

Data Source: Scopus CMS SQL Injection Web Vulnerability

Vulnerability La...
Medium Risk

DSS TFTP 1.0 Path Traversal

Vulnerability La...
Low Risk

Wireless File Transfer Pro Android - CSRF Vulnerabilities

Vulnerability La...
Low Risk

eFront Learning 3.6.11 Cross Site Scripting

Provensec
Low Risk

Akeneo PIM Cross Site Scripting

Provensec
Medium Risk

D-Link / TRENDnet ncc2 CSRF / Unauthenticated Access

Peter Adkins
2015-02-26
Medium Risk

Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities

Gjoko 'LiquidWor...
Low Risk

SAP Business Objects Unauthorized Audit Information Access

(CVE)
Onapsis
Medium Risk

SAP Business Objects Unauthorized Audit Information Delete

(CVE)
Onapsis
Medium Risk

SAP Business Objects Unauthorized File Repository Server Read

(CVE)
Onapsis
Medium Risk

SAP Business Objects Unauthorized File Repository Server Write

(CVE)
Onapsis
2015-02-25
Medium Risk

Alienware Command Center 2.8.8.0 Local Privilege Escalation

Humberto Cabrera
Medium Risk

Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation

Gjoko 'LiquidWor...
Low Risk

Cisco Ironport AsyncOS Cross Site Scripting

(CVE)
Glafkos Charalam...
Low Risk

Cisco Ironport AsyncOS HTTP Header Injection

(CVE)
Glafkos Charalam...
Low Risk

SAP HANA Web-based Development Workbench Cross Site Scripting

(CVE)
Will Vandevanter
Low Risk

SEO Toaster E-Commerce 2.2.0 Cross Site Scripting

Provensec
Low Risk

N.E.T. E-Commerce Group Cross Site Scripting Vulnerability

Iranian Exploit ...
High Risk

Wordpress force download Local File Download

Ashiyane Digital...
Medium Risk

eTouch Samepage 4.4.0.0.239 SQL Injection / File Read

(CVE)
Brandon Perry
Medium Risk

Magento Server MAGMI Plugin Local File Inclusion And Cross Site Scripting

(CVE)
SECUPENT
High Risk

Webgate Buffer Overflow

Praveen Darshana...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2015-03-02
2015-02-27
 
CVE-2015-1414
( 7.8/10 )
 
  Freebsd Freebsd
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of...
 
CVE-2015-2072
( 4.3/10 )
 
  SAP HANA
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/edi...
 
CVE-2015-2075
( 5/10 )
 
  SAP Businessobjects edge
SAP BussinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
 
CVE-2015-2076
( 5/10 )
 
  SAP Businessobjects edge
The Auditing service in SAP BussinessObjects Edge 4.0 allows remote attackers to obtains sensitive information by reading an audit event, aka SAP Note 2011395.
 
CVE-2015-2101
( 4.3/10 )
 
  Impliedbydesign Navigate
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2015-2102
( 7.5/10 )
 
  Clip-bucket Clipbucket
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
 
CVE-2015-2103
( 4.3/10 )
 
  Cosmoshop Cosmoshop
Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter).
 
CVE-2014-9676
( 6.8/10 )
 
  Ffmpeg Ffmpeg
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code vi...
 
CVE-2014-9682
( 10/10 )
 
  Dns-sync project Dns-sync
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
 
CVE-2015-0655
( 4.3/10 )
 
  Cisco Unified web and e-mail interac...
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus7418...
 
CVE-2015-0884
( 6.9/10 )
 
  Toshiba Bluetooth stack
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of...
 
CVE-2015-0885
( 5/10 )
 
  Checkpw project Checkpw
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.
 
CVE-2015-0886
( 5/10 )
 
  Mindrot Jbcrypt
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maxi...
 
CVE-2015-0888
( 6.4/10 )
 
  Kent-web Clip board
KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors.
 
CVE-2015-0889
( 7.5/10 )
 
  Kent-web Joyful note
KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article.
2015-02-26
 
CVE-2015-2086
( 3.5/10 )
 
  Panopoly magic project Panopoly magic
Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.
 
CVE-2015-2087
( 6.5/10 )
 
  Avatar uploader project Avatar uploader
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.
 
CVE-2015-2088
( 4.3/10 )
 
  Term queue project Term queue
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
 
CVE-2015-2089
( 6.8/10 )
 
  Crossslide jquery project Crossslide jquery
Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change...
 
CVE-2015-2090
( 7.5/10 )
 
  Sympies Wordpress survey and poll
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-a...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2015, cxsecurity.com