Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-11-27
Low Risk

gassarit CMS Cross-Site Scripting Vulnerability

IeDb
Medium Risk

Undertow (on Windows) Information disclosure via directory traversal

(CVE)
Arun Babu Neelic...
Medium Risk

Pandora FMS SQLi Remote Code Execution

Jason Kratzer
Low Risk

Joomla Kunena Forum 3.0.5 Cross Site Scripting

(CVE)
Raymond Rizk
2014-11-26
High Risk

PHP 5.x / Bash Shellshock Proof Of Concept

(CVE)
ssbostan
Low Risk

PHP 5.6.1 open_basedir exist file check bypass

zuzzz
High Risk

Wordpress db-backup plugin File Download Vulnerability

Ashiyane Digital...
Low Risk

phpBB 3.1.1 deregister_globals() Bypass

Taoguang Chen
Medium Risk

Android Settings Pendingintent Leak

(CVE)
Baidu X-Team
Low Risk

Android SMS Resend

(CVE)
Baidu X-Team
Medium Risk

Android WAPPushManager SQL Injection

(CVE)
Baidu X-Team
Low Risk

xEpan 1.0.1 Cross Site Request Forgery

(CVE)
High-Tech Bridge...
Medium Risk

Device42 Embedded Credentials

Brandon Perry
High Risk

Device42 Ping Command Injection

Brendan Coles
High Risk

Device42 Traceroute Command Injection

Brendan Coles
High Risk

Slider Revolution/Showbiz Pro Shell Upload

Simo Ben youssef
Low Risk

WordPress Sexy Squeeze Pages Cross Site Scripting

KnocKout
Low Risk

WordPress Html5 Mp3 Player Full Path Disclosure

KnocKout
Medium Risk

Apadana CMS SQL Injection

SeRaVo.BlackHat
Medium Risk

KMPlayer 3.9.1.130 Denial Of Service

Ajin Abraham
High Risk

Mozilla Firefox 3.6 mChannel Use-After-Free

Juan Sacco
High Risk

libFLAC 1.3.0 Stack Overflow / Heap Overflow / Code Execution

(CVE)
Michele Spagnuol...
High Risk

Docker Privilege Escalation

(CVE)
Florian Weimer
2014-11-25
Medium Risk

Invision Power Board <= 3.4.7 password change

Dmitry Hitry
High Risk

iBanking botnet Shell Upload Vulnerability

Xylitol
High Risk

Atrax Botnet Shell Upload Vulnerability

Xylitol
Medium Risk

phpMyRecipes 1.2.2 (dosearch.php, words_exact param) SQL Injection

bard
High Risk

TRENDnet SecurView Wireless Network Camera TV-IP422WN Stack BoF

Gjoko 'LiquidWor...
Medium Risk

PHP 5.5.12 Locale::parseLocale Memory Corruption

John Leitch
Medium Risk

CodeMeter Weak Service Permissions

(CVE)
Andrew Smith and...
High Risk

WordPress WP-DB-Backup 2.2.4 Backup Theft

Larry W. Cashdol...
Medium Risk

RobotStats 1.0 SQL Injection

ZoRLu
Low Risk

RobotStats 1.0 Cross Site Scripting

ZoRLu
Medium Risk

WordPress wpDataTables 1.5.3 SQL Injection

Claudio Viviani
High Risk

WordPress wpDataTables 1.5.3 Shell Upload

Claudio Viviani
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-11-28
2014-11-27
 
CVE-2014-5426
( 5/10 )
 
  Matrikonopc Dnp3 opc server
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message.
 
CVE-2014-3407
( 5/10 )
 
  Cisco Adaptive security appliance so...
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) v...
 
CVE-2014-4829
( 6.8/10 )
 
  IBM Qradar risk manager
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the ...
 
CVE-2014-4831
( 5.8/10 )
 
  IBM Qradar risk manager
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.
 
CVE-2014-4832
( 4.3/10 )
 
  IBM Qradar risk manager
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network dur...
 
CVE-2014-4883
( 5/10 )
 
  Iwip project IWIP
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poiso...
 
CVE-2014-6075
( 5/10 )
 
  IBM Qradar risk manager
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information ...
2014-11-26
 
CVE-2014-8551
( 10/10 )
 
  Siemens Simatic pcs7
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via ...
 
CVE-2014-8552
( 5/10 )
 
  Siemens Simatic pcs7
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via cr...
 
CVE-2014-2037
( 5/10 )
 
  Openswan Openswan
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.
 
CVE-2014-6609
( 4/10 )
 
  Digium Asterisk
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.
 
CVE-2014-6610
( 4/10 )
 
  Digium Asterisk
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, w...
 
CVE-2014-7141
( 6.4/10 )
 
  Squid-cache Squid
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
 
CVE-2014-7142
( 6.4/10 )
 
  Squid-cache Squid
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
 
CVE-2014-8419
( 7.2/10 )
 
  WIBU Codemeter runtime
Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.
 
CVE-2014-8962
( 7.5/10 )
 
  FLAC Libflac
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
 
CVE-2014-9028
( 7.5/10 )
 
  FLAC Libflac
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
 
CVE-2014-9093
( 7.5/10 )
 
  Documentfoundation Libreoffice
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
 
CVE-2014-9094
( 4.3/10 )
 
  Digitalzoomstudio Video gallery
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand ...
 
CVE-2014-9095
( 7.5/10 )
 
  Raritan Power iq
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com