Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2015-04-01
High Risk

Adobe Flash Player ByteArray With Workers Use After Free

(CVE)
Juan vazquez
Medium Risk

WordPress Business Intelligence Lite 1.6.1 SQL Injection

Jagriti Sahu AKA...
Medium Risk

Ericsson Drutt MSDP (Instance Monitor) Directory Traversal / File Access

(CVE)
Anastasios Monac...
Low Risk

Ericsson Drutt MSDP (Report Viewer) Cross Site Scripting

(CVE)
Anastasios Monac...
Medium Risk

Ericsson Drutt MSDP (3PI Manager) Open Redirect

(CVE)
Anastasios Monac...
Low Risk

Java.com Cross Site Scripting

Yann CAM @ Synet...
2015-03-31
High Risk

JBoss JMXInvokerServlet Remote Command Execution

_ikki
Medium Risk

FiyoCMS 2.0.1.8 XSS / SQL Injection / URL Bypass

(CVE)
Mahendra
Medium Risk

libtasn1 Stack Write Overflow

Hanno B
Medium Risk

Fedora 12 setroubleshootd Local Root Proof Of Concept

Sebastian Krahme...
Medium Risk

Windows Run Command As User

Ben Campbell, Kx...
Low Risk

Palo Alto Traps Server 3.1.2.1546 Cross Site Scripting

(CVE)
Michael Hendrick...
High Risk

VAMPSET 2.2.145 Stack / Heap Buffer Overflow

(CVE)
CORE
2015-03-30
High Risk

Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability

Ashiyane Digital...
Medium Risk

Joomla Gallery WD SQL Injection

Rafael Souza
2015-03-29
Medium Risk

WebGate WinRDS 2.0.8 StopSiteAllChannel Stack Overflow

(CVE)
Praveen Darshana...
2015-03-28
Medium Risk

Appweb Web Server 4.6.6, 5.2.1 remote DoS

(CVE)
Matthew Daley
High Risk

Acunetix OLE Automation Array Remote Code Execution

Naser Farhadi
High Risk

Internet Download Manager 6.20 Local Buffer Overflow

TUNISIAN CYBER
High Risk

AfterLogic WebMail Lite Authentication Bypass

Paulos Yibelo
High Risk

Manage Engine Desktop Central 9 Unauthorized Administrative Password Reset

Anonymous
Medium Risk

WebGate Control Center 4.8.7 GetThumbnail Stack Overflow

(CVE)
Praveen Darshana...
Medium Risk

CMS Builder 2.07 SQL Injection

Provensec
Medium Risk

WebGate eDVR Manager 2.6.4 SiteName Stack Overflow

Praveen Darshana...
2015-03-27
Medium Risk

AMD Bulldozer Linux ASLR weakness Reducing entropy by 87.5%

Hector Marco
High Risk

Wordpress Aspose-Cloud-eBook-Generator Plugin Arbitrary File Download

Ashiyane Digital...
High Risk

QNAP Web server remote code execution via Bash Environment Variable Code Injection

(CVE)
Patrick Pellegri...
High Risk

QNAP admin shell via Bash Environment Variable Code Injection

(CVE)
Patrick Pellegri...
High Risk

WordPress Aspose Cloud eBook Generator File Download

Ashiyane Digital...
2015-03-26
Medium Risk

Apache Xerces-C XML Parser Crashes on Malformed Input

(CVE)
Anton Rager and ...
High Risk

Aruba Remote Access Point (RAP) Command Injection

(CVE)
Aruba
Low Risk

CS-Cart 4.2.4 CSRF

(CVE)
Luis Santana
Medium Risk

pfSense 2.2 Cross Site Request Forgery / Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

Realms Wiki Insecure Transport

Javantea
Low Risk

WordPress Marketplace 2.4.0 Add Administrator

Claudio Viviani
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2015-04-01
2015-03-31
 
CVE-2014-7876
( 10/10 )
 
  HP Integrated lights-out 2 firmwa...
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service...
 
CVE-2015-0900
( 4.3/10 )
 
  Nishishi Fumy teachers schedule board
Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
 
CVE-2015-0901
( 4.3/10 )
 
  Flashy project Flashy
Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2015-2106
( 6.4/10 )
 
  HP Integrated lights-out 2 firmwa...
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.
 
CVE-2015-2108
( 3.5/10 )
 
  HP Operations orchestration
Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.
 
CVE-2015-2109
( 7.5/10 )
 
  HP Operations orchestration
Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors.
 
CVE-2014-9706
( 7.5/10 )
 
  Dulwich project Dulwich
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.
 
CVE-2014-9707
( 7.5/10 )
 
  Embedthis Goahead
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly ...
 
CVE-2014-9708
( 5/10 )
 
  Embedthis Appweb
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".
 
CVE-2015-0838
( 7.5/10 )
 
  Dulwich project Dulwich
Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.
2015-03-30
 
CVE-2013-6501
( 4.6/10 )
 
  PHP PHP
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp wit...
 
CVE-2014-9652
( 5/10 )
 
  File project FILE
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version...
 
CVE-2014-9653
( 7.5/10 )
 
  File project FILE
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers t...
 
CVE-2014-9705
( 7.5/10 )
 
  PHP PHP
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of m...
 
CVE-2014-9709
( 5/10 )
 
  Libgd Libgd
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperl...
 
CVE-2015-0273
( 7.5/10 )
 
  PHP PHP
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier ...
 
CVE-2015-1351
( 7.5/10 )
 
  PHP PHP
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
 
CVE-2015-1352
( 5/10 )
 
  PHP PHP
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and applicat...
 
CVE-2015-1353
( 7.5/10 )
 
  PHP PHP
Multiple integer overflows in the calendar extension in PHP through 5.6.7 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted year value to (1) the GregorianToSdn function in gregor.c or (2) the...
 
CVE-2015-2301
( 7.5/10 )
 
  PHP PHP
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an a...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2015, cxsecurity.com