Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-09-17
High Risk

Phpwiki Ploticus Remote Code Execution

(CVE)
us3r777
Low Risk

CM Browser SOP Bypass

Rafay Baloch
Medium Risk

OSSEC 2.8 umask Clear Text Passwords

aramosf
Medium Risk

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

Pietro Minniti
Low Risk

In-Portal CMS 5.2.0 Cross Site Scripting

MustLive
High Risk

Delphi And C++ Builder VCL Library Heap Buffer Overflow

(CVE)
Core
Medium Risk

Laravel 2.1 Hash::make() bcrypt Truncation

u0x
High Risk

USB & WiFi Flash Drive 1.3 Code Execution

Vulnerability La...
2014-09-16
High Risk

Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management

(CVE)
Federick Joe Faj...
Medium Risk

Open-Xchange 7.6.0 XSS / SSRF / Traversal

(CVE)
Martin Heiland
Low Risk

WordPress Wordfence 5.2.3 Cross Site Scripting / Bypass

Voxel
Low Risk

DVWA Cross Site Request Forgery

Paulos and Tabor
Low Risk

MyITCRM Cross Site Scripting

provensec
Medium Risk

SingleClick Connect CSRF / XSS / SQL Injection

Rob Fuller
Low Risk

Splendid CRM Cross Site Scripting

provensec
2014-09-15
High Risk

Linux Kernel udf infinite loop when processing indirect ICBs

(CVE)
Jan Kara
Medium Risk

Linux Kernel net guard tcp_set_keepalive against crash

(CVE)
Dave Jones
High Risk

OpenStack Neutron remote reset vulnerability

Elena Ezhova (Mi...
High Risk

Briefcase 4.0 iOS Code Execution & File Include Vulnerability

Vulnerability La...
High Risk

EGYWEB (Mantrac) <= Remote File Disclosure Exploit (.py)

KnocKout
2014-09-14
Medium Risk

MantisBT Null byte poisoning in LDAP authentication

(CVE)
Damien
2014-09-13
High Risk

Rooted SSH/SFTP Daemon Default Login Credentials

Larry W. Cashdol...
Medium Risk

Joomla Spider Form Maker 4.3 SQL Injection

Claudio Viviani
High Risk

HttpFileServer 2.3.x Remote Command Execution

(CVE)
Daniele Linguagl...
Low Risk

Food Order Portal 8.3 Cross Site Request Forgery

KnocKout
Low Risk

Travel Portal II 6.0 Cross Site Request Forgery

KnocKout
Low Risk

WordPress Photo Album Plus 5.4.4 Cross Site Scripting

Milhouse
2014-09-12
Low Risk

IBM WebSphere Application Server Cross Site Scripting

G. S. McNamara
Low Risk

Airties Air6372SO Modem Web Interface Cross Site Scripting

KnocKout
Low Risk

OroCRM Cross Site Scripting

Provensec Labs
Medium Risk

Photorange 1.0 Local File Inclusion

Vulnerability La...
High Risk

ManageEngine Eventlog Analyzer Arbitrary File Upload

(CVE)
Pedro
Low Risk

ChatSecure IM 2.2.4 iOS Persistent Web Vulnerability

Vulnerability La...
High Risk

SolarWinds Storage Manager Authentication Bypass

Juan vazquez
High Risk

Railo 4.2.1 Remote File Inclusion

(CVE)
Bryan Alexander
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-09-15
2014-09-15
 
CVE-2014-0993
( 6.8/10 )
 
  Embarcadero Embarcadero c++builder xe6
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP...
 
CVE-2014-2375
( 9/10 )
 
  Ecava Integraxor
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export ...
 
CVE-2014-2376
( 7.5/10 )
 
  Ecava Integraxor
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2014-2377
( 5/10 )
 
  Ecava Integraxor
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
 
CVE-2014-3077
( 2.1/10 )
 
  IBM Storwize v7000 unified softwar...
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.
 
CVE-2014-3617
( 4/10 )
 
  Moodle Moodle
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without th...
 
CVE-2014-3796
( 5/10 )
 
  Vmware NSX
VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.
 
CVE-2014-4763
( 3.5/10 )
 
  IBM Filenet content foundation
Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitr...
 
CVE-2014-5407
( 4.4/10 )
 
  Schneider-electric Vampset
Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.
 
CVE-2014-6392
( 4.3/10 )
 
  Facebook Facebook
Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniff...
2014-09-12
 
CVE-2012-1556
( 4.3/10 )
 
  Synology Diskstation manager
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
 
CVE-2014-2008
( 7.5/10 )
 
  Mpay24 project Mpay24
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
 
CVE-2014-2009
( 5/10 )
 
  Mpay24 project Mpay24
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
 
CVE-2014-4735
( 4.3/10 )
 
  Mywebsql Mywebsql
Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php.
 
CVE-2014-5259
( 4.3/10 )
 
  Blackcat-cms Blackcat cms
Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
 
CVE-2014-5440
( 7.5/10 )
 
  Mpexsolutions Mx-smartimer
SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter.
 
CVE-2014-5441
( 4.3/10 )
 
  Fatfreecrm Fat free crm
Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a)...
2014-09-11
 
CVE-2011-4887
( 4.3/10 )
 
  Imperva Securesphere web application f...
Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the usern...
 
CVE-2012-0984
( 4.3/10 )
 
  Xoops Xoops
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target par...
 
CVE-2012-4240
( 6.5/10 )
 
  Group-office Groupoffice
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com