Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-31
Low Risk

Confluence RefinedWiki Original Theme Cross Site Scripting

Manuel Hofer
High Risk

Vizensoft Admin Panel Bypass / Backdoor / Upload / XSS / SQL Injection

A. Antukh, A. Ba...
2014-10-30
High Risk

F5 Networks Big-IP XML External Entity Injection

(CVE)
Portcullis Advis...
High Risk

GNU Wget FTP Symlink Arbitrary Filesystem Access

(CVE)
HD Moore
Medium Risk

Maarch 1.4 SQL Injection

Adrien Thierry
High Risk

Maarch 1.4 Arbitrary file upload

Adrien Thierry
Medium Risk

IBM Tivoli Monitoring V6.2.2 kbbacf1 privilege escalation exploit

Robert Jaroszuk
High Risk

Konke Smart Plug K Authentication Bypass Vulnerability

(CVE)
gamehacker&z...
High Risk

EspoCRM 2.5.2 XSS / LFI / Access Control

(CVE)
High-Tech Bridge...
2014-10-29
High Risk

MacOS X 10.10 & FreeBSD10 ftp Remote Comand Execution

(CVE)
Jared Mcneill
Medium Risk

ASUS wireless router updates are vulnerable to a MITM attack

(CVE)
David
Medium Risk

Nova network DoS through API filtering

(CVE)
Tristan
Medium Risk

ESET 7.0 Kernel Memory Leak

(CVE)
Kyriakos Economo...
High Risk

CUPS Filter Bash Environment Variable Code Injection

(CVE)
Brendan Coles
Medium Risk

phpfusion (Search Page) Denial of Service Vulnerability

Amir
Medium Risk

ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation

(CVE)
Osanda Malith Ja...
High Risk

Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) Buffer Overflow

ZoRLu
High Risk

Tuleap 7.4.99.5 Remote Command Execution

(CVE)
Jerzy Kramarz
High Risk

Tuleap 7.2 XXE Injection

(CVE)
Jerzy Kramarz
Medium Risk

Tuleap 7.4.99.5 Blind SQL Injection

(CVE)
Jerzy Kramarz
2014-10-28
Medium Risk

vBulletin Verify Email Before Registration Plugin SQL Injection

Dave
High Risk

Pro Chat Rooms 8.2.0 XSS / Shell Upload / SQL Injection

(CVE)
Mike Manzotti @ ...
Medium Risk

Windows TrackPopupMenu Win32k NULL Pointer Dereference

(CVE)
Spencer McIntyre
Medium Risk

Apple iOS 8.0.2 Denial Of Service

Vulnerability La...
Medium Risk

Filemaker Login Bypass / Privilege Escalation

(CVE)
Giuseppe D'Amore...
Low Risk

Google Youtube Filter Bypass / Cross Site Scripting

Vulnerability La...
Low Risk

Folder Plus 2.5.1 Script Injection

Vulnerability La...
High Risk

WebDisk+ 2.1 Code Execution

Vulnerability La...
Medium Risk

iFileExplorer 6.51 File Inclusion

Vulnerability La...
Low Risk

Yourls 1.7 Cross Site Scripting

Alvaro Diaz
Medium Risk

vBulletin 4.x Tapatalk Blind SQL Injection

tintinweb
2014-10-27
High Risk

libbfd Vulnerabilities

Michal Zalewski
Medium Risk

CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities

Gjoko 'LiquidWor...
High Risk

WordPress Count-per-Day Plugin (notes.php) Remote Code Upload

Hugo Santiago do...
High Risk

WordPress Download Manager Plugin Arbitrary File Download

Hugo Santiago do...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-11-01
2014-10-31
 
CVE-2014-3366
( 6.5/10 )
 
  Cisco Unified communications manager
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
 
CVE-2014-3372
( 4.3/10 )
 
  Cisco Unified communications manager
Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.
 
CVE-2014-3373
( 4.3/10 )
 
  Cisco Unified communications manager
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID...
 
CVE-2014-3374
( 4.3/10 )
 
  Cisco Unified communications manager
Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.
 
CVE-2014-3375
( 4.3/10 )
 
  Cisco Unified communications manager
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.
 
CVE-2014-6101
( 4.3/10 )
 
  IBM Business process manager
Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
 
CVE-2014-6148
( 3.5/10 )
 
  IBM Tivoli application dependency ...
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtai...
 
CVE-2014-6150
( 3.5/10 )
 
  IBM Tivoli application dependency ...
Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
2014-10-30
 
CVE-2014-7877
( 4.9/10 )
 
  HP Hp-ux
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
 
CVE-2013-3304
( 5/10 )
 
  DELL Equallogic ps4000 firmware
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
 
CVE-2013-7409
( 7.5/10 )
 
  Allplayer Allplayer
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
 
CVE-2014-3446
( 7.5/10 )
 
  BSS Continuity cms
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.
 
CVE-2014-3584
( 5/10 )
 
  Apache CXF
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service...
 
CVE-2014-3623
( 5/10 )
 
  Apache CXF
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attacker...
 
CVE-2014-3684
( 6.8/10 )
 
  Adaptivecomputing Torque resource manager
The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows...
2014-10-29
 
CVE-2014-3051
( 4.3/10 )
 
  IBM Tivoli composite application m...
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, w...
 
CVE-2014-3668
( 5/10 )
 
  PHP PHP
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (app...
 
CVE-2014-3669
( 7.5/10 )
 
  PHP PHP
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary...
 
CVE-2014-3670
( 6.8/10 )
 
  PHP PHP
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory ...
 
CVE-2014-3694
( 6.4/10 )
 
  Pidgin Pidgin
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows m...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com