Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-09-18
Low Risk

Nokia Asha Lock Code Bypass

Muhammad Shahmee...
Medium Risk

webEdition 6.3.8.0 Path Traversal

(CVE)
High-Tech Bridge...
Medium Risk

seafile-server 3.1.5 Denial Of Service

retset
Low Risk

MODX Revolution 2.3.1-pl Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

Livefyre LiveComments 3.0 Cross Site Scripting

Brij Kishore Mis...
Low Risk

OsClass 3.4.1 Cross Site Scripting

(CVE)
Omar Kurt
Medium Risk

OsClass 3.4.1 Local File Inclusion

(CVE)
Omar Kurt
Low Risk

WordPress WP-Ban 1.62 Bypass

(CVE)
Tom Adams
Medium Risk

ClassApps SelectSurvey.net 4.124.004 SQL Injection

(CVE)
Anonymous
Medium Risk

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS

Tom Adams
Low Risk

MIUI Wifi Connection Message Wireless Enable

nipc
Low Risk

MIUI Torch Enable

nipc
Low Risk

Android Bluetooth Enable

nipc
2014-09-17
High Risk

Phpwiki Ploticus Remote Code Execution

(CVE)
us3r777
Low Risk

CM Browser SOP Bypass

Rafay Baloch
Medium Risk

OSSEC 2.8 umask Clear Text Passwords

aramosf
Medium Risk

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

Pietro Minniti
Low Risk

In-Portal CMS 5.2.0 Cross Site Scripting

MustLive
High Risk

Delphi And C++ Builder VCL Library Heap Buffer Overflow

(CVE)
Core
Medium Risk

Laravel 2.1 Hash::make() bcrypt Truncation

u0x
High Risk

USB & WiFi Flash Drive 1.3 Code Execution

Vulnerability La...
2014-09-16
High Risk

Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management

(CVE)
Federick Joe Faj...
Medium Risk

Open-Xchange 7.6.0 XSS / SSRF / Traversal

(CVE)
Martin Heiland
Low Risk

WordPress Wordfence 5.2.3 Cross Site Scripting / Bypass

Voxel
Low Risk

DVWA Cross Site Request Forgery

Paulos and Tabor
Low Risk

MyITCRM Cross Site Scripting

provensec
Medium Risk

SingleClick Connect CSRF / XSS / SQL Injection

Rob Fuller
Low Risk

Splendid CRM Cross Site Scripting

provensec
2014-09-15
High Risk

Linux Kernel udf infinite loop when processing indirect ICBs

(CVE)
Jan Kara
Medium Risk

Linux Kernel net guard tcp_set_keepalive against crash

(CVE)
Dave Jones
High Risk

OpenStack Neutron remote reset vulnerability

Elena Ezhova (Mi...
High Risk

Briefcase 4.0 iOS Code Execution & File Include Vulnerability

Vulnerability La...
High Risk

EGYWEB (Mantrac) <= Remote File Disclosure Exploit (.py)

KnocKout
2014-09-14
Medium Risk

MantisBT Null byte poisoning in LDAP authentication

(CVE)
Damien
2014-09-13
High Risk

Rooted SSH/SFTP Daemon Default Login Credentials

Larry W. Cashdol...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-09-17
2014-09-17
 
CVE-2014-0560
( 10/10 )
 
  Adobe Acrobat
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
 
CVE-2014-0561
( 10/10 )
 
  Adobe Acrobat
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0567.
 
CVE-2014-0562
( 4.3/10 )
 
  Adobe Acrobat
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
 
CVE-2014-0563
( 7.8/10 )
 
  Adobe Acrobat
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.
 
CVE-2014-0565
( 10/10 )
 
  Adobe Acrobat
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566.
 
CVE-2014-0566
( 10/10 )
 
  Adobe Acrobat
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0565.
 
CVE-2014-0567
( 10/10 )
 
  Adobe Acrobat
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0561.
 
CVE-2014-0568
( 10/10 )
 
  Adobe Acrobat
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.
 
CVE-2014-4621
( 8.5/10 )
 
  EMC Documentum content server
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-obj...
 
CVE-2014-4622
( 7.1/10 )
 
  EMC Documentum content server
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass inte...
 
CVE-2012-1032
( 4.3/10 )
 
  Episerver Episerver
Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; th...
 
CVE-2012-1417
( 3.5/10 )
 
  Yealink Gigabit color ip phone sip-t32...
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
2014-09-15
 
CVE-2014-0993
( 6.8/10 )
 
  Embarcadero Embarcadero c++builder xe6
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP...
 
CVE-2014-2375
( 9/10 )
 
  Ecava Integraxor
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export ...
 
CVE-2014-2376
( 7.5/10 )
 
  Ecava Integraxor
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2014-2377
( 5/10 )
 
  Ecava Integraxor
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
 
CVE-2014-3077
( 2.1/10 )
 
  IBM Storwize v7000 unified softwar...
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.
 
CVE-2014-3617
( 4/10 )
 
  Moodle Moodle
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without th...
 
CVE-2014-3796
( 5/10 )
 
  Vmware NSX
VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.
 
CVE-2014-4763
( 3.5/10 )
 
  IBM Filenet content foundation
Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitr...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com