Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-11-26
High Risk

PHP 5.x / Bash Shellshock Proof Of Concept

(CVE)
ssbostan
Low Risk

PHP 5.6.1 open_basedir exist file check bypass

zuzzz
High Risk

Wordpress db-backup plugin File Download Vulnerability

Ashiyane Digital...
Low Risk

phpBB 3.1.1 deregister_globals() Bypass

Taoguang Chen
Medium Risk

Android Settings Pendingintent Leak

(CVE)
Baidu X-Team
Low Risk

Android SMS Resend

(CVE)
Baidu X-Team
Medium Risk

Android WAPPushManager SQL Injection

(CVE)
Baidu X-Team
Low Risk

xEpan 1.0.1 Cross Site Request Forgery

(CVE)
High-Tech Bridge...
Medium Risk

Device42 Embedded Credentials

Brandon Perry
High Risk

Device42 Ping Command Injection

Brendan Coles
High Risk

Device42 Traceroute Command Injection

Brendan Coles
High Risk

Slider Revolution/Showbiz Pro Shell Upload

Simo Ben youssef
Low Risk

WordPress Sexy Squeeze Pages Cross Site Scripting

KnocKout
Low Risk

WordPress Html5 Mp3 Player Full Path Disclosure

KnocKout
Medium Risk

Apadana CMS SQL Injection

SeRaVo.BlackHat
Medium Risk

KMPlayer 3.9.1.130 Denial Of Service

Ajin Abraham
High Risk

Mozilla Firefox 3.6 mChannel Use-After-Free

Juan Sacco
High Risk

libFLAC 1.3.0 Stack Overflow / Heap Overflow / Code Execution

(CVE)
Michele Spagnuol...
High Risk

Docker Privilege Escalation

(CVE)
Florian Weimer
2014-11-25
Medium Risk

Invision Power Board <= 3.4.7 password change

Dmitry Hitry
High Risk

iBanking botnet Shell Upload Vulnerability

Xylitol
High Risk

Atrax Botnet Shell Upload Vulnerability

Xylitol
Medium Risk

phpMyRecipes 1.2.2 (dosearch.php, words_exact param) SQL Injection

bard
High Risk

TRENDnet SecurView Wireless Network Camera TV-IP422WN Stack BoF

Gjoko 'LiquidWor...
Medium Risk

PHP 5.5.12 Locale::parseLocale Memory Corruption

John Leitch
Medium Risk

CodeMeter Weak Service Permissions

(CVE)
Andrew Smith and...
High Risk

WordPress WP-DB-Backup 2.2.4 Backup Theft

Larry W. Cashdol...
Medium Risk

RobotStats 1.0 SQL Injection

ZoRLu
Low Risk

RobotStats 1.0 Cross Site Scripting

ZoRLu
Medium Risk

WordPress wpDataTables 1.5.3 SQL Injection

Claudio Viviani
High Risk

WordPress wpDataTables 1.5.3 Shell Upload

Claudio Viviani
Medium Risk

FluxBB 1.5.6 SQL Injection

secthrowaway
2014-11-24
High Risk

Linux 'less' can probably get you owned

Michal Zalewski
High Risk

Hikvision DVR RTSP Request Remote Code Execution

(CVE)
Mark Schloesser
Medium Risk

Firefox 31 Integer Overflow

Stakenvicius
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-11-26
2014-11-26
 
CVE-2014-8551
( 10/10 )
 
  Siemens Simatic pcs7
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via ...
 
CVE-2014-8552
( 5/10 )
 
  Siemens Simatic pcs7
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via cr...
2014-11-25
 
CVE-2014-1421
( 7.2/10 )
 
  Cononical Ubuntu
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.
 
CVE-2014-7839
( 6.4/10 )
 
  Redhat Resteasy
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.
 
CVE-2014-8368
( 9/10 )
 
  Arubanetworks Airwave
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.
 
CVE-2014-8420
( 9/10 )
 
  DELL Sonicwall analyzer
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
 
CVE-2014-8558
( 6.5/10 )
 
  Jexperts Channel platform
JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters.
 
CVE-2014-8005
( 5/10 )
 
  Cisco Ios xr
Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.
2014-11-24
 
CVE-2014-7830
( 3.5/10 )
 
  Moodle Moodle
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or...
 
CVE-2014-7831
( 4/10 )
 
  Moodle Moodle
lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student r...
 
CVE-2014-7832
( 4/10 )
 
  Moodle Moodle
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to by...
 
CVE-2014-7833
( 4/10 )
 
  Moodle Moodle
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by access...
 
CVE-2014-7834
( 4/10 )
 
  Moodle Moodle
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.
 
CVE-2014-7835
( 2.1/10 )
 
  Moodle Moodle
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross...
 
CVE-2014-7836
( 6.8/10 )
 
  Moodle Moodle
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod...
 
CVE-2014-7837
( 5.5/10 )
 
  Moodle Moodle
mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.
 
CVE-2014-7838
( 6.8/10 )
 
  Moodle Moodle
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for request...
 
CVE-2014-7845
( 7.5/10 )
 
  Moodle Moodle
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-f...
 
CVE-2014-7846
( 4/10 )
 
  Moodle Moodle
tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access ...
 
CVE-2014-7847
( 5/10 )
 
  Moodle Moodle
iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitu...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com