Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-07-22
Medium Risk

vBulletin 5.1.2 SQL Injection Exploit

Nytro
Medium Risk

Apache Scoreboard / Status Race Condition

Marek Kroemeke
Medium Risk

Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation

(CVE)
Matt Bergin of K...
Medium Risk

Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation

(CVE)
Matt Bergin of K...
High Risk

IBM 1754 GCM KVM Code Execution / File Read / XSS

(CVE)
Alejandro Alvare...
Low Risk

MyConnection Server (MCS) 9.7i Cross Site Scripting

1N3
High Risk

Elasticsearch Logstash 1.4.1 Command Execution

(CVE)
Jordan Sissel
High Risk

Tenable Nessus 5.2.7 Parameter Tampering / Authentication Bypass

(CVE)
Robert Gilbert
Low Risk

MTS MBlaze 3G Wi-Fi Modem Data Theft / Modification

Ajin Abraham
Medium Risk

WordPress Gallery Objects 0.4 SQL Injection

Claudio Viviani
Medium Risk

World Of Warcraft 3.3.5a Stack Overflow

Alireza Chegini
Medium Risk

Design Foundry Cross Site Scripting / SQL Injection

Hekt0r
2014-07-19
High Risk

Apache httpd mod_status Heap Buffer Overflow Remote Code Execution

(CVE)
ZDI
Medium Risk

vBulletin 5.1.2 SQL Injection *youtube

RST
High Risk

micro_httpd by ACME Buffer Overflow

Yuval tisf Nativ
High Risk

Dahua DVR Authentication Bypass

(CVE)
Zhejiang
2014-07-18
Low Risk

Aruba Networks ClearPass Policy Manager SQL Injection and Credential Disclosure

(CVE)
Nate Roberts fro...
High Risk

Yealink VoIP Phone SIP-T38G Default Credentials

(CVE)
RingZer0 Team
Medium Risk

Omeka 2.2 Cross Site Request Forgery / Cross Site Scripting

Gjoko 'LiquidWor...
Medium Risk

OL-Commerce 2.1.1 Cross Site Scripting / SQL Injection

AtT4CKxT3rR0r1ST
High Risk

Trixbox XSS / LFI / SQL Injection / Code Execution

AtT4CKxT3rR0r1ST
2014-07-17
High Risk

Bitdefender GravityZone File Disclosure / Missing Authentication

Stefan
High Risk

Microsoft Internet Explorer CSS import Memory Corruption

(CVE)
VUPEN
High Risk

Microsoft Internet Explorer Request Object Confusion Sandbox Bypass

(CVE)
VUPEN
Medium Risk

Microsoft Windows DirectShow Privilege Escalation

(CVE)
VUPEN
High Risk

Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass

(CVE)
VUPEN
Low Risk

Alfresco Community Edition 4.2.f Server Side Request Forgery

V. Paulikas
High Risk

OpenVPN Access Server Arbitrary Code Execution

Stefan
Low Risk

e107 2.0 alpha2 Cross Site Scripting

(CVE)
High-Tech Bridg...
Low Risk

Citrix Netscaler Disclosure / Cross Site Scripting

(CVE)
Stefan
Medium Risk

Joomla Youtube Gallery 4.1.7 SQL Injection

(CVE)
Pham Van Khanh
2014-07-16
Medium Risk

Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation

(CVE)
Matt Bergin of K...
Low Risk

Elipse E3 Scada PLC Denial Of Service

(CVE)
Mauro Risonho
High Risk

Wordpress WPTouch Authenticated File Upload

Christian
High Risk

Browserify 4.2.0 Remote Command Execution

Cal Leeming
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-07-21
2014-07-20
 
CVE-2013-4352
( 4.3/10 )
 
  Apache Http server
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and dae...
 
CVE-2014-0117
( 4.3/10 )
 
  Apache Http server
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
 
CVE-2014-0118
( 4.3/10 )
 
  Apache Http server
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted req...
 
CVE-2014-0226
( 6.8/10 )
 
  Apache Http server
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr...
 
CVE-2014-0231
( 5/10 )
 
  Apache Http server
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
 
CVE-2014-1973
( 5/10 )
 
  Nextapp File explorer
Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.
 
CVE-2014-1987
( 10/10 )
 
  Cybozu Garoon
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
 
CVE-2014-1992
( 3.5/10 )
 
  Cybozu Garoon
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-1993
( 4/10 )
 
  Cybozu Garoon
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
 
CVE-2014-1994
( 3.5/10 )
 
  Cybozu Garoon
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-1995
( 3.5/10 )
 
  Cybozu Garoon
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-1996
( 7.5/10 )
 
  Cybozu Garoon
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
 
CVE-2014-1999
( 7.5/10 )
 
  Fuelphp Fuelphp
The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.
 
CVE-2014-3159
( 6.4/10 )
 
  Google Chrome
The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attacker...
 
CVE-2014-3160
( 7.5/10 )
 
  Google Chrome
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the...
 
CVE-2014-3161
( 7.5/10 )
 
  Google Chrome
The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin P...
 
CVE-2014-3162
( 5/10 )
 
  Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
 
CVE-2014-3523
( 5/10 )
 
  Apache Http server
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory con...
 
CVE-2014-3884
( 4.3/10 )
 
  Webmin Usermin
Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
 
CVE-2014-3885
( 4.3/10 )
 
  Webmin Webmin
Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com