Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-21
Medium Risk

AutoWeb v3.0 CMS SQL Injection

Hugo Santiago do...
High Risk

Files Document & PDF 2.0.2 iOS Multiple Vulnerabilities

Vulnerability La...
Medium Risk

FileBug v1.5.1 iOS Path Traversal Web Vulnerability

Vulnerability La...
High Risk

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

(CVE)
Pedro
Low Risk

LiteCart 1.1.2.1 Cross Site Scripting

(CVE)
Onur Yilmaz
Medium Risk

Huawei Mobile Partner DLL Hijacking

Osanda Malith Ja...
Low Risk

Newtelligence dasBlog 2.3 Open Redirect

(CVE)
Wang Jing
Medium Risk

OpenMRS 2.1 Access Bypass / XSS / CSRF

(CVE)
Mahendra
2014-10-20
Medium Risk

Newtelligence dasBlog Open Redirect Vulnerability

(CVE)
Wang Jing
2014-10-19
High Risk

MacOS X 10.9 Hard Link Memory Corruption PoC

(CVE)
CXSECURITY
Medium Risk

Linux PolicyKit Race Condition Privilege Escalation

(CVE)
xi4oyu
Medium Risk

Centreon SQL Injection / Command Injection

(CVE)
MaZ
2014-10-18
High Risk

MacOSX 10.9/XNU HFS Kernel Multiple Vulnerabilities

(CVE)
CXSECURITY
High Risk

MS14-060 Microsoft Windows OLE Package Manager Code Execution

(CVE)
Juan vazquez
High Risk

Fonality Trixbox CE 2.8.0.4 Command Execution

Simo Ben youssef
High Risk

Elastix 2.4.0 Stable XSS / CSRF / Command Execution

Simo Ben youssef
High Risk

Drupal HTTP Parameter Key/Value SQL Injection

(CVE)
Brandon
2014-10-17
Medium Risk

Bypassing HTTP Strict Transport Security

Jose Selvi
Low Risk

Abusing TZ for fun (and little profit)

Jakub Wilk
High Risk

SAP BusinessObjects Explorer 14.0.5 XXE Injection

(CVE)
Stefan Horlacher
Medium Risk

IPy Blacklist Bypass

Nicolas
Medium Risk

NETIS DL4322D XSS / CSRF / DoS

AkaStep
Low Risk

New York Times Cross Site Scripting

Wang Jing
Low Risk

OpenX 2.8.10 Open Redirect

(CVE)
Wang Jing
Medium Risk

SAP Netweaver Enqueue Server Trace Pattern Denial Of Service

(CVE)
CORE
2014-10-16
High Risk

Drupal 7.x SQL Injection Exploit

fyukyuk
High Risk

Drupal 7.31 CORE pre Auth SQL Injection Vulnerability *youtube

Stefan Horst
Medium Risk

Microsoft Bluetooth Personal Area Networking Privilege Escalation

(CVE)
Jay Smith
Medium Risk

SEO Control Panel 3.6.0 SQL Injection

Tiago Carvalho
Low Risk

Tenda A32 Cross Site Request Forgery

(CVE)
zixian
Low Risk

WordPress WP Google Maps 6.0.26 Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

WordPress MaxButtons 1.26.0 Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

ADF Faces 12.1.2.0 Cross Site Scripting

W. Ettlinger
Medium Risk

PayPal Inc Shipping Cross Site Scripting

Vulnerability La...
Low Risk

PayPal Inc MultiOrderShipping API Filter Bypass / Persistent XML

Vulnerability La...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-21
2014-10-17
 
CVE-2013-7330
( 4/10 )
 
  Cloudbees Jenkins
CloudBees Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions.
 
CVE-2014-8317
( 3.5/10 )
 
  Drupal Webform validation module
Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component n...
 
CVE-2014-8318
( 3.5/10 )
 
  Drupal Webform module
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or ...
 
CVE-2014-8319
( 3.5/10 )
 
  Drupal Easy social module
Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a bl...
 
CVE-2014-8320
( 3.5/10 )
 
  Drupal Custom search module
Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the "Label text"...
 
CVE-2014-4351
( 6.8/10 )
 
  Apple Mac os x
Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.
 
CVE-2014-4391
( 6.8/10 )
 
  Apple Mac os x
The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource.
 
CVE-2014-4417
( 5.4/10 )
 
  Apple Mac os x
Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification.
 
CVE-2014-4425
( 4.6/10 )
 
  Apple Mac os x
CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation.
 
CVE-2014-4426
( 4.3/10 )
 
  Apple Mac os x
AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface.
 
CVE-2014-4427
( 5/10 )
 
  Apple Mac os x
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API.
 
CVE-2014-4428
( 5.4/10 )
 
  Apple Mac os x
Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.
 
CVE-2014-4430
( 4/10 )
 
  Apple Mac os x
CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount.
 
CVE-2014-4431
( 4.6/10 )
 
  Apple Mac os x
Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.
 
CVE-2014-4432
( 4/10 )
 
  Apple Mac os x
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance...
 
CVE-2014-4433
( 4.4/10 )
 
  Apple Mac os x
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.
 
CVE-2014-4434
( 4.9/10 )
 
  Apple Mac os x
The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted filename on an HFS filesystem.
 
CVE-2014-4435
( 4.4/10 )
 
  Apple Mac os x
The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboo...
 
CVE-2014-4436
( 5.4/10 )
 
  Apple Mac os x
IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.
 
CVE-2014-4437
( 4.3/10 )
 
  Apple Mac os x
LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com