Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2015-01-29
Medium Risk

Mantis BugTracker 1.2.19 Open Redirect

(CVE)
Alejo Popovici
2015-01-28
Medium Risk

glibc 2.20 getaddrinfo() writes DNS queries to random file descriptors (PoC)

(CVE)
arnaud
Low Risk

FancyFon FAMOC 3.16.5 Cross Site Scripting

Matthias Deeg
Medium Risk

FancyFon FAMOC 3.16.5 SQL Injection

Matthias Deeg
Low Risk

FancyFon FAMOC 3.16.5 Missing Salt

Matthias Deeg
Medium Risk

FancyFon FAMOC 3.16.5 Session Fixation

Matthias Deeg
Low Risk

NASA.gov Cross Site Scripting

Yann CAM
High Risk

FreeBSD Kernel Crash / Code Execution / Disclosure

(CVE)
CoreLabs
High Risk

Restaurantbiller SQL Injection / Shell Upload

R3vanBastard
Medium Risk

New CMS 2.1 Local File Inclusion

R3vanBastard
2015-01-27
High Risk

glibc gethostbyname buffer overflow (aka GHOST)

(CVE)
Qualys
Low Risk

Android WiFi-Direct Denial of Service

(CVE)
CORE
Medium Risk

D-Link DSL-2740R Unauthenticated Remote DNS Change Exploit

Todor Donev
High Risk

OpenSchool Community Edition 2.2 XSS / Access Bypass

(CVE)
Mahendra
Medium Risk

WordPress Revolution Slider Local File Disclosure

JOK3R
2015-01-26
High Risk

Privoxy 3.0.22 Multiple Vulns

Fabian
High Risk

Wordpress RedSteel Theme Arbitrary File Download Vulnerability

Ashiyane Digital...
2015-01-25
Low Risk

SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability

Vulnerability La...
2015-01-24
High Risk

Cisco Ironport Appliances Privilege Escalation Vulnerability

Glafkos Charalam...
High Risk

Cisco Ironport Appliances Privilege Escalation Vulnerability Exploit

Glafkos Charalam...
Low Risk

SmartCMS 2 Cross Site Scripting

(CVE)
Wang Jing
Medium Risk

SmartCMS 2 SQL Injection

(CVE)
Wang Jing
Medium Risk

ferretCMS 1.0.4-alpha Cross Site Scripting / SQL Injection

Steffen R
2015-01-23
High Risk

libpng 1.6.15 Heap Overflow

(CVE)
Alex Eubanks
Medium Risk

USAA Mobile App Information Disclosure

David Longenecke...
High Risk

Program-O 2.4.6 XSS / LFI / HTTP Response Splitting

Vulnerability La...
Medium Risk

ecommerceMajor SQL Injection

Manish Kishan Ta...
Medium Risk

Alibaba Cross Site Scripting / Open Redirect

Wang Jing
2015-01-22
Low Risk

Jenkins Tomcat Secure and HttpOnly flags are not set for cookies

(CVE)
Yann Rouillard
Medium Risk

OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference

Google Security ...
High Risk

Exif Pilot 4.7.2 Buffer Overflow

Osanda M. Jayath...
Medium Risk

Mangallam SQL Injection

Ashiyane Digital...
High Risk

articleFR CMS 3.0.5 Arbitrary File Upload

Tran Dinh Tien
Medium Risk

RedaxScript 2.1.0 Privilege Escalation

shyamkumar soman...
Medium Risk

Google Drive Information Leak

kevin mcsheehan
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2015-01-29
2015-01-28
 
CVE-2015-1375
( 7.5/10 )
 
  Pixabay images project Pixabay images
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
 
CVE-2015-1376
( 4/10 )
 
  Pixabay images project Pixabay images
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
 
CVE-2015-1419
( 5/10 )
 
  Beasts Vsftpd
Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
 
CVE-2014-8917
( 4.3/10 )
 
  IBM Social media analytics
Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in t...
 
CVE-2015-0235
( 10/10 )
 
  GNU Glibc
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu...
 
CVE-2015-0581
( 7.5/10 )
 
  Cisco Prime service catalog
The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, ...
 
CVE-2014-8893
( 3.5/10 )
 
  IBM Tririga application platform
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web s...
 
CVE-2014-8894
( 4.9/10 )
 
  IBM Tririga application platform
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.
 
CVE-2014-8895
( 4.3/10 )
 
  IBM Tririga application platform
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.
2015-01-27
 
CVE-2014-5211
( 6.8/10 )
 
  Attachmate Reflection ftp client
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.
 
CVE-2014-8154
( 7.5/10 )
 
  Gnome VALA
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecifie...
 
CVE-2014-9197
( 7.8/10 )
 
  Schneider-electric Tsxetg3000
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a dir...
 
CVE-2014-9198
( 10/10 )
 
  Schneider-electric Tsxetg3000
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.
 
CVE-2014-9646
( 4.6/10 )
 
  Google Chrome
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to ...
 
CVE-2014-9647
( 6.8/10 )
 
  Google Chrome
Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and f...
 
CVE-2014-9648
( 4.3/10 )
 
  Google Chrome
components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote att...
 
CVE-2014-9649
( 4.3/10 )
 
  Pivotal software Rabbitmq
Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message...
 
CVE-2014-9650
( 5/10 )
 
  Pivotal software Rabbitmq
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
 
CVE-2015-0231
( 7.5/10 )
 
  PHP PHP
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call th...
 
CVE-2015-0232
( 6.8/10 )
 
  PHP PHP
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) v...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2015, cxsecurity.com