Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-04-18
High Risk

Nagios Remote Plugin Executor 2.15 Remote Command Execution

Dawid Golunski
High Risk

ASUS RT Password Disclosure

(CVE)
David Longenecke...
Low Risk

McAfee Security Scanner Plus Rogue Binary Execution

Stefan Kanthak
Medium Risk

D-Link DAP-1320 Directory Traversal / Cross Site Scripting

K Lovett
High Risk

CMSimple 4.4.2 Remote File Inclusion

NoGe
Low Risk

F-Secure Messaging Security Gateway 7.5.0.892 Cross Site Scripting

William Costa
2014-04-17
High Risk

TrueCrypt Multiple Vulnerabilities

(CVE)
iSEC
High Risk

Ruby OpenSSL private key spoofing

(CVE)
Gregory Disney
Low Risk

Jzip SEH unicode buffer overflow (DOS)

motaz reda
High Risk

OpenSSL 1.0.1 Missing critical flag for extended key usage

Stephan Muehlstr...
High Risk

SAP Router Password Timing Attack

(CVE)
CORE
Medium Risk

PCNetSoftware RAC Server 4.0.4 / 4.0.5 Denial Of Service

(CVE)
Kyriakos Economo...
Low Risk

Ektron CMS 8.7 Cross Site Scripting

(CVE)
Joseph Zeng Xian...
Medium Risk

WinSCP 5.5.2.4130 Missing X.509 Validation

(CVE)
Micha Borrmann
Medium Risk

MobFox mAdserver 2.0 SQL Injection

(CVE)
High-Tech Bridge...
High Risk

EMC Cloud Tiering Appliance XXE / Information Disclosure

(CVE)
EMC
Low Risk

CMS Studio Cross Site Scripting

Renzi
2014-04-16
High Risk

libmms heap-based buffer overflow

Alex Chapman
Medium Risk

clang-3.5 scan-build insecure use of /tmp

Jakub Wilk
High Risk

Microsoft Internet Explorer CMarkup Use-After-Free Metasploit

(CVE)
Juan vazquez
Medium Risk

MyBB Advanced Forum Signatures 2.0.4 SQL Injection

(CVE)
Mario_Vs
Medium Risk

OpenSSL use-after-free race condition read buffer

(CVE)
Pawel Kolodziej
Medium Risk

Apache HTTPD 2.2.22/ModSecurity 2.7.5 bypass RequestHeader unset

(CVE)
Martin
High Risk

Apache Syncope 1.0.8 / 1.1.6 Code Execution

(CVE)
Draperi
High Risk

Ruckus OpenSSL 1.0.1 Heartbleed Issue

(CVE)
Ruckus Wireless
Medium Risk

Xerox DocuShare SQL Injection

Brandon Perry
High Risk

Unitrends Unauthenticated Root Command Execution

Brandon Perry
High Risk

Adobe Flash ExternalInterface Use-After-Free

(CVE)
VUPEN
High Risk

Netgear N600 Password Disclosure / Account Reset

Santhosh Kumar
High Risk

WebTitan 4.01 Command Execution / Directory Traversal

Brandon Perry
Low Risk

Joomla SMF Cross Site Scripting

Renzi
Low Risk

CMS iCAT Cross Site Scripting

Renzi
2014-04-15
Medium Risk

Adobe Reader For Android Javascript Insecure

Yorick Koster
Medium Risk

PDF Album 1.7 Local File Inclusion

Vulnerability La...
Low Risk

HP Insecure RPATH Use

(CVE)
Tim Brown
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-04-18
2014-04-17
 
CVE-2011-3154
( 1.9/10 )
 
  Canonical Update-manager
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allo...
 
CVE-2013-2143
( 6.5/10 )
 
  Katello Katello
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
 
CVE-2014-0036
( 6.8/10 )
 
  Amos benari Rbovirt
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
 
CVE-2014-0054
( 6.8/10 )
 
  Springsource Spring framework
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct ...
 
CVE-2014-0071
( 6.4/10 )
 
  Redhat Openstack
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.
 
CVE-2014-0085
( 2.1/10 )
 
  Apache Zookeeper
Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
2014-04-16
 
CVE-2011-0460
( 6.3/10 )
 
  Kbd-project KBD
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.
 
CVE-2011-0993
( 2.1/10 )
 
  Novell Suse lifecycle management serv...
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.
 
CVE-2011-3180
( 7.5/10 )
 
  SUSE KIWI
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.
 
CVE-2011-4089
( 4.6/10 )
 
  BZIP Bzip2
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
 
CVE-2011-4192
( 7.5/10 )
 
  SUSE KIWI
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."
 
CVE-2011-4193
( 4.3/10 )
 
  SUSE Studio extension for system z
Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application,...
 
CVE-2011-4195
( 7.5/10 )
 
  SUSE KIWI
kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name.
 
CVE-2011-4406
( 3.6/10 )
 
  Canonical Accountsservice
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.
 
CVE-2013-1764
( 2.1/10 )
 
  Packagekit project Packagekit
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.
 
CVE-2014-1453
( 4/10 )
 
  Freebsd Freebsd
The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involvin...
 
CVE-2014-2338
( 6.4/10 )
 
  Strongswan Strongswan
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.
 
CVE-2013-4694
( 7.5/10 )
 
  Nullsoft Winamp
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer over...
 
CVE-2014-0644
( 7.8/10 )
 
  EMC Cloud tiering appliance softwa...
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) i...
 
CVE-2014-0645
( 4.7/10 )
 
  EMC Cloud tiering appliance softwa...
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via ...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com