Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-22
Medium Risk

Nova VMware instance in resize state may leak

(CVE)
Tristan Cacquera...
Medium Risk

KVM DoS triggerable by malicious host userspace

(CVE)
Andy
Medium Risk

RESTAURANT SCRIPT SQL Injection Vulnerabilty

jsass
High Risk

Incredible PBX 11 2.0.6.5.0 Remote Command Execution

Simo Ben
High Risk

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

Larry W. Cashdol...
2014-10-21
Medium Risk

AutoWeb v3.0 CMS SQL Injection

Hugo Santiago do...
High Risk

Files Document & PDF 2.0.2 iOS Multiple Vulnerabilities

Vulnerability La...
Medium Risk

FileBug v1.5.1 iOS Path Traversal Web Vulnerability

Vulnerability La...
High Risk

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

(CVE)
Pedro
Low Risk

LiteCart 1.1.2.1 Cross Site Scripting

(CVE)
Onur Yilmaz
Medium Risk

Huawei Mobile Partner DLL Hijacking

Osanda Malith Ja...
Low Risk

Newtelligence dasBlog 2.3 Open Redirect

(CVE)
Wang Jing
Medium Risk

OpenMRS 2.1 Access Bypass / XSS / CSRF

(CVE)
Mahendra
2014-10-20
Medium Risk

Newtelligence dasBlog Open Redirect Vulnerability

(CVE)
Wang Jing
2014-10-19
High Risk

MacOS X 10.9 Hard Link Memory Corruption PoC

(CVE)
CXSECURITY
Medium Risk

Linux PolicyKit Race Condition Privilege Escalation

(CVE)
xi4oyu
Medium Risk

Centreon SQL Injection / Command Injection

(CVE)
MaZ
2014-10-18
High Risk

MacOSX 10.9/XNU HFS Kernel Multiple Vulnerabilities

(CVE)
CXSECURITY
High Risk

MS14-060 Microsoft Windows OLE Package Manager Code Execution

(CVE)
Juan vazquez
High Risk

Fonality Trixbox CE 2.8.0.4 Command Execution

Simo Ben youssef
High Risk

Elastix 2.4.0 Stable XSS / CSRF / Command Execution

Simo Ben youssef
High Risk

Drupal HTTP Parameter Key/Value SQL Injection

(CVE)
Brandon
2014-10-17
Medium Risk

Bypassing HTTP Strict Transport Security

Jose Selvi
Low Risk

Abusing TZ for fun (and little profit)

Jakub Wilk
High Risk

SAP BusinessObjects Explorer 14.0.5 XXE Injection

(CVE)
Stefan Horlacher
Medium Risk

IPy Blacklist Bypass

Nicolas
Medium Risk

NETIS DL4322D XSS / CSRF / DoS

AkaStep
Low Risk

New York Times Cross Site Scripting

Wang Jing
Low Risk

OpenX 2.8.10 Open Redirect

(CVE)
Wang Jing
Medium Risk

SAP Netweaver Enqueue Server Trace Pattern Denial Of Service

(CVE)
CORE
2014-10-16
High Risk

Drupal 7.x SQL Injection Exploit

fyukyuk
High Risk

Drupal 7.31 CORE pre Auth SQL Injection Vulnerability *youtube

Stefan Horst
Medium Risk

Microsoft Bluetooth Personal Area Networking Privilege Escalation

(CVE)
Jay Smith
Medium Risk

SEO Control Panel 3.6.0 SQL Injection

Tiago Carvalho
Low Risk

Tenda A32 Cross Site Request Forgery

(CVE)
zixian
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-22
2014-10-22
 
CVE-2014-4448
( 1.9/10 )
 
  Apple Iphone os
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
 
CVE-2014-4449
( 6.8/10 )
 
  Apple Iphone os
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-4450
( 1.9/10 )
 
  Apple Iphone os
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within u...
2014-10-21
 
CVE-2012-5242
( 6.8/10 )
 
  Bananadance Banana dance
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
 
CVE-2012-5243
( 5/10 )
 
  Bananadance Banana dance
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
 
CVE-2012-5702
( 4.3/10 )
 
  Dotproject Dotproject
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3...
 
CVE-2013-7406
( 7.5/10 )
 
  Drupal Mrbs module
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2014-4514
( 4.3/10 )
 
  Wordpress Alipay plugin
Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to the getDebugInfo function...
 
CVE-2014-4517
( 4.3/10 )
 
  Wordpress Cbi referral manager
Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the searchString parameter.
 
CVE-2014-4577
( 5/10 )
 
  Wordpress Amasin plugin
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.
 
CVE-2014-5005
( 7.5/10 )
 
  Zohocorp Manageengine desktop central
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
 
CVE-2014-5006
( 7.5/10 )
 
  Zohocorp Manageengine desktop central
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
 
CVE-2014-7140
( 7.5/10 )
 
  Citrix Netscaler application delivery...
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vec...
 
CVE-2014-7280
( 4.3/10 )
 
  Tenable Web ui
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.
 
CVE-2014-8375
( 4.6/10 )
 
  Wordpress Gb gallery slideshow plugin
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php...
 
CVE-2014-8376
( 3.5/10 )
 
  Drupal Site banner module
Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web...
 
CVE-2014-8377
( 4.3/10 )
 
  Webasyst Shop-script
Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/.
 
CVE-2014-8378
( 3.5/10 )
 
  Drupal Tablefield module
Cross-site scripting (XSS) vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors rela...
 
CVE-2014-8379
( 3.5/10 )
 
  Drupal Marketo ma module
Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Web...
 
CVE-2014-8380
( 4.3/10 )
 
  Splunk Splunk
Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regres...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com