Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-07-12
High Risk

D-Link DSP-W215/DIR-505 and others HNAP Request Remote Buffer Overflow

(CVE)
Michael Messner
High Risk

D-Link Unauthenticated UPnP M-SEARCH Multicast Command Injection

Michael Messner
High Risk

D-Link DSP-W215 - v1.02 info.cgi POST Request Buffer Overflow

Michael Messner
High Risk

Schrack MICROCONTROL XSS / Disclosure / Weak Default Password

C. Kudera
Medium Risk

Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation

Johannes Dahse, ...
Medium Risk

Dell Sonicwall Scrutinizer 11.01 Code Execution / SQL Injection

Brandon Perry
Medium Risk

WeBid 1.1.1 Cross Site Scripting / LDAP Injection

Govind Singh aka...
Medium Risk

InvGate Service Desk 4.2.36 SQL Injection

Brandon Perry
High Risk

WordPress Download Manager 2.6.8 Shell Upload

Claudio Viviani
2014-07-11
High Risk

glibc Directory traversal in locale environment handling

(CVE)
Stephane Chazela...
Medium Risk

Zen Cart 1.5.3 - CSRF & Admin Panel XSS

Smash_
Medium Risk

osCommerce 2.3.4 - Multiple vulnerabilities

Smash_
Medium Risk

OpenVPN Private Tunnel Core Unquoted Service Path Elevation Of Privilege

Gjoko 'LiquidWor...
Medium Risk

C99 Shell Authentication Bypass via Backdoor

mandatory
2014-07-10
High Risk

Infoblox 6.8.4.x Weak MySQL Password

(CVE)
Nate Kettlewell
Medium Risk

Android NFC Denial Of Service

nipc.org.cn
High Risk

Infoblox 6.8.4.x OS Command Injection

(CVE)
Nate Kettlewell
Low Risk

OctavoCMS Cross Site Scripting

Andrew Antonio
Medium Risk

WordPress BSK PDF Manager 1.3.2 SQL Injection

Claudio Viviani
2014-07-09
Medium Risk

IBM AIX Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes

(CVE)
Tim Brown
High Risk

iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries

(CVE)
Stefan Kanthak
Low Risk

Linux Kernel 3.15.1 ft1000 Null Pointer Dereference

Maksymilian Arci...
Low Risk

Quick.Cart 6.4 & Quick.Cms 5.4 Cross Site Scripting

smash
Medium Risk

xClassified 1.2 Bypass / Cross Site Scripting / SQL Injection

Hadi Arjmand
Low Risk

PerfectView CRM Cross Site Scripting

Provensec
High Risk

Virtualbox GKSu root command injection in ext-pack

Brandon
High Risk

D-Link DIR-645 Buffer Overflow & Site Scripting

(CVE)
Roberto Paleari
High Risk

Netgear WNR1000v3 Credential Disclosure

c1ph04
2014-07-08
High Risk

Apple iTunes 11.2.2 Insecure Libraries

(CVE)
Stefan Kanthak
High Risk

Android OS Authorization Missing

(CVE)
Roberto Palear
Medium Risk

Apache Syncope Insecure Password Generation

(CVE)
Apache
Low Risk

Feed2JS File Disclosure

(CVE)
Monte Ohrt &...
Low Risk

Joomla JChatSocial 2.2 Cross Site Scripting

(CVE)
Teodor Lupan
Low Risk

Cetil Cross Site Scripting

Felipe Andrian P...
High Risk

jQuery PHP Arbitrary Upload

Felipe Andrian P...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-07-12
2014-07-11
 
CVE-2014-4907
( 4.3/10 )
 
  OP5 Monitor
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.
 
CVE-2014-4908
( 4.3/10 )
 
  Pnp4nagios Pnp4nagios
Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/applic...
 
CVE-2014-0174
( 4.3/10 )
 
  Redhat Enterprise mrg
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via sc...
 
CVE-2014-3485
( 4/10 )
 
  Redhat Enterprise virtualization
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (X...
 
CVE-2014-3499
( 7.2/10 )
 
  Docker Docker
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.
 
CVE-2014-3503
( 5/10 )
 
  Apache Syncope
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
 
CVE-2014-3991
( 4.3/10 )
 
  Dolibarr Dolibarr
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) d...
 
CVE-2014-3992
( 6.5/10 )
 
  Dolibarr Dolibarr
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php.
 
CVE-2014-4167
( 3.5/10 )
 
  Openstack Neutron
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
 
CVE-2014-4700
( 4.9/10 )
 
  Citrix Xendesktop
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.
2014-07-10
 
CVE-2014-2963
( 4.3/10 )
 
  Liferay Liferay portal
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _...
 
CVE-2014-3310
( 4.3/10 )
 
  Cisco Webex meeting center
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bu...
 
CVE-2014-3311
( 5.1/10 )
 
  Cisco Webex meeting center
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.
 
CVE-2014-3315
( 4.3/10 )
 
  Cisco Unified communications manager
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug...
 
CVE-2014-3316
( 4/10 )
 
  Cisco Unified communications manager
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
 
CVE-2014-3318
( 4/10 )
 
  Cisco Unified communications manager
Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.
 
CVE-2014-3888
( 8.3/10 )
 
  Yokogawa B/m9000 vp software
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS...
 
CVE-2014-4670
( 4.6/10 )
 
  PHP PHP
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications i...
 
CVE-2014-4698
( 4.6/10 )
 
  PHP PHP
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applicatio...
 
CVE-2014-4845
( 4.3/10 )
 
  Stillbreathing Bannerman
Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bannerman_background parameter to wp-admin/options-general.php.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com