Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-12-20
Medium Risk

NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure

(CVE)
W. Ettlinger
Low Risk

Varnish Cache CLI Interface Remote Code Execution

Patrick Webster
High Risk

Cacti Superlinks 1.4-2 Code Execution / LFI / SQL Injection

(CVE)
Wireghoul
Low Risk

JCE-Tech 4.0 Cross Site Scripting

(CVE)
Wang Jing
Medium Risk

iBackup 10.0.0.45 Privilege Escalation

Vulnerability La...
High Risk

JasPer 1.900.1 Double-Free / Heap Overflow

(CVE)
Google Security ...
Low Risk

TennisConnect 9.927 Cross Site Scripting

(CVE)
Wang Jing
Medium Risk

Codiad 2.4.3 Cross Site Scripting / Local File Inclusion

(CVE)
TaurusOmar
Medium Risk

miniBB 3.1 Blind SQL Injection

(CVE)
Kacper Szurek
Medium Risk

Mobilis MobiConnect 3G ZDServer 1.0.1.2 Privilege Escalation

Vulnerability La...
Medium Risk

Piwigo 2.7.2 Cross Site Scripting / SQL Injection

(CVE)
TaurusOmar
Low Risk

ProjectSend r561 Ultimate Cross Site Scripting / Path Disclosure

(CVE)
TaurusOmar
Medium Risk

GQ File Manager 0.2.5 Cross Site Scripting / SQL Injection

(CVE)
TaurusOmar
Medium Risk

Ettercap 0.8.0 / 0.8.1 Denial Of Service

(CVE)
Nick Sampanis
2014-12-19
High Risk

Git 2.2.0 clients Critical Vulnerability

vmg
High Risk

G-Parted 0.14.1 Command Execution

(CVE)
W. Ettlinger
High Risk

NetIQ Access Manager 4.0 SP1 XSS / CSRF / XXE Injection / Disclosure

(CVE)
W. Ettlinger
High Risk

VDG Security SENSE 2.3.13 File Disclosure / Bypass / Buffer Overflow

Stefan
Medium Risk

WordPress iTwitter 0.04 Cross Site Request Forgery / Cross Site Scripting

(CVE)
Vulnerability La...
Medium Risk

WordPress PWG Random 1.11 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress TweetScribe 1.1 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress PictoBrowser 0.3.1 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress gSlideShow 0.1 CSRF / XSS

Manideep K
Medium Risk

WordPress Twitter 0.7 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress WP Limit Posts Automatically 0.7 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress Twitter LiveBlog 1.1.2 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress twimp-wp Cross Site Request Forgery / Cross Site Scripting

(CVE)
Manideep K
Medium Risk

WordPress SimpleFlickr 3.0.3 CSRF / XSS

(CVE)
Manideep K
Medium Risk

WordPress Simplelife 1.2 CSRF / XSS

(CVE)
Manideep K
Low Risk

TWiki 6.0.1 QUERYSTRING / QUERYPARAMSTRING XSS

(CVE)
Peter09
Low Risk

TWiki 6.0.0 / 6.0.1 WebSearch Cross Site Scripting

(CVE)
Peter09
Low Risk

Facebook Studio Cross Site Scripting

Vulnerability La...
Medium Risk

E-Journal CMS SQL Injection / Privilege Escalation

Vulnerability La...
2014-12-18
Medium Risk

vBulletin Moderator Control Panel 4.2.2 CSRF

Tomescu Daniel
Low Risk

Jease CMS 2.11 Script Insertion

Manideep K
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-12-20
2014-12-19
 
CVE-2014-7241
( 6.8/10 )
 
  Tsutaya Tsutaya
The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.
 
CVE-2014-7249
( 10/10 )
 
  Alliedtelesis Ar440s
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S,...
 
CVE-2014-7267
( 3.5/10 )
 
  Ricksoft Wbs gantt-chart
Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vuln...
 
CVE-2014-7268
( 4.3/10 )
 
  Ricksoft Wbs gantt-chart
Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability th...
 
CVE-2014-8272
( 5/10 )
 
  DELL Idrac6 modular
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-f...
 
CVE-2013-4440
( 5/10 )
 
  Pwgen project Pwgen
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.
 
CVE-2013-4442
( 5/10 )
 
  Pwgen project Pwgen
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.
 
CVE-2014-2026
( 4.3/10 )
 
  Unitedplanet Intrexx professional
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the reques...
 
CVE-2014-2716
( 4.3/10 )
 
  Ekahau Activator
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on...
 
CVE-2014-6395
( 7.5/10 )
 
  Ettercap project Ettercap
Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is i...
 
CVE-2014-6396
( 7.5/10 )
 
  Ettercap project Ettercap
The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written ...
 
CVE-2014-7208
( 7.2/10 )
 
  Gparted Gparted
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
 
CVE-2014-8724
( 4.3/10 )
 
  W3edge Total cache
Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated b...
 
CVE-2014-8793
( 4.3/10 )
 
  Revive-adserver Revive adserver
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
 
CVE-2014-8875
( 5/10 )
 
  Revive-adserver Revive adserver
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
 
CVE-2014-9258
( 6.5/10 )
 
  Glpi-project GLPI
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
 
CVE-2014-9376
( 7.5/10 )
 
  Ettercap project Ettercap
Integer underflow in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length va...
 
CVE-2014-9377
( 7.5/10 )
 
  Ettercap project Ettercap
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.
 
CVE-2014-9378
( 7.5/10 )
 
  Ettercap project Ettercap
Ettercap 8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 enc...
 
CVE-2014-9379
( 7.5/10 )
 
  Ettercap project Ettercap
The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a st...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com