Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-11-27
Low Risk

gassarit CMS Cross-Site Scripting Vulnerability

IeDb
Medium Risk

Undertow (on Windows) Information disclosure via directory traversal

(CVE)
Arun Babu Neelic...
Medium Risk

Pandora FMS SQLi Remote Code Execution

Jason Kratzer
Low Risk

Joomla Kunena Forum 3.0.5 Cross Site Scripting

(CVE)
Raymond Rizk
2014-11-26
High Risk

PHP 5.x / Bash Shellshock Proof Of Concept

(CVE)
ssbostan
Low Risk

PHP 5.6.1 open_basedir exist file check bypass

zuzzz
High Risk

Wordpress db-backup plugin File Download Vulnerability

Ashiyane Digital...
Low Risk

phpBB 3.1.1 deregister_globals() Bypass

Taoguang Chen
Medium Risk

Android Settings Pendingintent Leak

(CVE)
Baidu X-Team
Low Risk

Android SMS Resend

(CVE)
Baidu X-Team
Medium Risk

Android WAPPushManager SQL Injection

(CVE)
Baidu X-Team
Low Risk

xEpan 1.0.1 Cross Site Request Forgery

(CVE)
High-Tech Bridge...
Medium Risk

Device42 Embedded Credentials

Brandon Perry
High Risk

Device42 Ping Command Injection

Brendan Coles
High Risk

Device42 Traceroute Command Injection

Brendan Coles
High Risk

Slider Revolution/Showbiz Pro Shell Upload

Simo Ben youssef
Low Risk

WordPress Sexy Squeeze Pages Cross Site Scripting

KnocKout
Low Risk

WordPress Html5 Mp3 Player Full Path Disclosure

KnocKout
Medium Risk

Apadana CMS SQL Injection

SeRaVo.BlackHat
Medium Risk

KMPlayer 3.9.1.130 Denial Of Service

Ajin Abraham
High Risk

Mozilla Firefox 3.6 mChannel Use-After-Free

Juan Sacco
High Risk

libFLAC 1.3.0 Stack Overflow / Heap Overflow / Code Execution

(CVE)
Michele Spagnuol...
High Risk

Docker Privilege Escalation

(CVE)
Florian Weimer
2014-11-25
Medium Risk

Invision Power Board <= 3.4.7 password change

Dmitry Hitry
High Risk

iBanking botnet Shell Upload Vulnerability

Xylitol
High Risk

Atrax Botnet Shell Upload Vulnerability

Xylitol
Medium Risk

phpMyRecipes 1.2.2 (dosearch.php, words_exact param) SQL Injection

bard
High Risk

TRENDnet SecurView Wireless Network Camera TV-IP422WN Stack BoF

Gjoko 'LiquidWor...
Medium Risk

PHP 5.5.12 Locale::parseLocale Memory Corruption

John Leitch
Medium Risk

CodeMeter Weak Service Permissions

(CVE)
Andrew Smith and...
High Risk

WordPress WP-DB-Backup 2.2.4 Backup Theft

Larry W. Cashdol...
Medium Risk

RobotStats 1.0 SQL Injection

ZoRLu
Low Risk

RobotStats 1.0 Cross Site Scripting

ZoRLu
Medium Risk

WordPress wpDataTables 1.5.3 SQL Injection

Claudio Viviani
High Risk

WordPress wpDataTables 1.5.3 Shell Upload

Claudio Viviani
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-11-28
2014-11-26
 
CVE-2014-8551
( 10/10 )
 
  Siemens Simatic pcs7
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via ...
 
CVE-2014-8552
( 5/10 )
 
  Siemens Simatic pcs7
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via cr...
 
CVE-2014-2037
( 5/10 )
 
  Openswan Openswan
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.
 
CVE-2014-6609
( 4/10 )
 
  Digium Asterisk
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.
 
CVE-2014-6610
( 4/10 )
 
  Digium Asterisk
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, w...
 
CVE-2014-7141
( 6.4/10 )
 
  Squid-cache Squid
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
 
CVE-2014-7142
( 6.4/10 )
 
  Squid-cache Squid
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
 
CVE-2014-8962
( 7.5/10 )
 
  FLAC Libflac
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
 
CVE-2014-9028
( 7.5/10 )
 
  FLAC Libflac
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
 
CVE-2014-9099
( 6.8/10 )
 
  Whydowork adsense project Whydowork adsense
Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the whydowork_adsense ...
 
CVE-2014-9100
( 4.3/10 )
 
  Whydowork adsense project Whydowork adsense
Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the idcode parameter in the whydowork_adsense page to wp-admin/options-general.php.
 
CVE-2014-9102
( 6.5/10 )
 
  Kunena Kunena
Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfa...
 
CVE-2014-9103
( 4.3/10 )
 
  Kunena Kunena
Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) index value of an array parameter or the filename parameter in the Content-...
2014-11-25
 
CVE-2014-1421
( 7.2/10 )
 
  Cononical Ubuntu
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.
 
CVE-2014-7839
( 6.4/10 )
 
  Redhat Resteasy
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.
 
CVE-2014-8367
( 7.5/10 )
 
  Arubanetworks Clearpass policy manager
SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2014-8368
( 9/10 )
 
  Arubanetworks Airwave
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.
 
CVE-2014-8420
( 9/10 )
 
  DELL Sonicwall analyzer
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
 
CVE-2014-8558
( 6.5/10 )
 
  Jexperts Channel platform
JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters.
 
CVE-2014-8678
( 7.8/10 )
 
  Manageengine Oputils
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com