Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-01
Medium Risk

TP-Link "2-series" switches, all TP-Link VxWorks-based product Multiple vulnerabilities

kvnjs
High Risk

ManageEngine OpManager / Social IT Arbitrary File Upload

(CVE)
Pedro Ribeiro
Low Risk

WordPress All In One Security And Firewall 3.8.3 XSS

Vulnerability La...
2014-09-30
High Risk

GNU Bash 4.3 Command Injection

JSacco
Medium Risk

AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling

indoushka
Low Risk

Internet Explorer 8 Fixed Col Span ID Full ASLR, DEP, And EMET 5.0 Bypass

(CVE)
sickness
Low Risk

Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure

Nate Power
Medium Risk

Bacula-web 5.2.10 SQL Injection

wishnusakti
Low Risk

PayPal Service Manager Script Insertion

Vulnerability La...
Low Risk

PayPal Bill Later Mail Encoding Cross Site Scripting

Vulnerability
2014-09-29
High Risk

DHCP Client Bash Environment Variable Code Injection

(CVE)
Ramon
Medium Risk

Typo3 JobControl 2.14.0 Cross Site Scripting / SQL Injection

Mogwai
Medium Risk

Exinda WAN Optimization Suite 7.0.0 CSRF / XSS

William Costa
Medium Risk

Comersus Sophisticated Cart Database Disclosure

indoushka
2014-09-28
Medium Risk

Oscommerce 2.3.4 XSS / HPP / File Inclusion

indoushka
Medium Risk

Openfiler 2.99.1 Denial Of Service

(CVE)
dolevff
High Risk

Apache mod_cgi Bash Environment Variable Code Injection

(CVE)
Juan vazquez
Low Risk

Get Simple CMS 3.3.3 Information Disclosure / XSS

indoushka
Medium Risk

NDBLOG 0.1 Cross Site Scripting / SQL Injection

indoushka
Low Risk

SmarterTools Smarter Track 6-10 Information Disclosure

Vulnerability La...
Medium Risk

GS Foto Uebertraeger 3.0 iOS File Include Vulnerability

Vulnerability La...
High Risk

Gnu Bash 4.3 CGI Scan Remote Command Injection

(CVE)
Stephane Chazela...
Medium Risk

Nucom ADSL ADSLR5000UN ISP Credential Disclosure

Sebasti&#161...
High Risk

Dhclient Bash Environment Variable Injection

(CVE)
egypt
High Risk

POSNIC 1.02 Directory Listing / File Upload

indoushka
Low Risk

PayPal Mail Encoding Script Insertion

Vulnerability La...
Low Risk

PayPal Community Web Portal Cross Site Scripting

Vulnerability La...
2014-09-26
Medium Risk

Perl 5.20.1 Deep Recursion Stack Overflow

(CVE)
LSE
Low Risk

Telerik ASP.NET AJAX RadEditor Control 2014.1.403.35 XSS

(CVE)
Tyler Hoyle
High Risk

Mac OS X VMWare Fusion Root Privilege Escalation

(CVE)
joev
Medium Risk

LibVNCServer 0.9.9 Remote Code Execution / Denial Of Service

(CVE)
Nicolas Ruff
High Risk

bashedCgi Remote Command Execution

(CVE)
Shaun Colley
Medium Risk

All In One WP Security 3.8.2 SQL Injection

(CVE)
High-Tech Bridge...
2014-09-25
High Risk

CGI Remote Code Injection by Bash Proof Of Concept

(CVE)
Prakhar Prasad &...
High Risk

ZyXEL Prestig P-660HNU-T1v2 Credential Disclosure

Sebastia&#16...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-01
2014-09-30
 
CVE-2014-6278
( 10/10 )
 
  GNU BASH
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the Force...
2014-09-29
 
CVE-2014-3811
( 7.2/10 )
 
  Juniper Juniper installer service clie...
Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors.
 
CVE-2014-3820
( 4.3/10 )
 
  Juniper Junos pulse access control ser...
Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control...
 
CVE-2014-3823
( 4.3/10 )
 
  Juniper Junos pulse secure access serv...
The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
 
CVE-2014-3824
( 4.3/10 )
 
  Juniper Junos pulse secure access serv...
Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web scrip...
 
CVE-2012-5619
( 2.1/10 )
 
  Sleuthkit The sleuth kit
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics ac...
 
CVE-2012-5621
( 5/10 )
 
  Ekiga Ekiga
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.
 
CVE-2012-6107
( 4.3/10 )
 
  Apache Apache axis2/c
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid cer...
 
CVE-2012-6110
( 2.1/10 )
 
  Bcron project Bcron exec
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.
 
CVE-2013-1874
( 4.4/10 )
 
  Call-cc Chicken
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.
 
CVE-2013-2100
( 9.3/10 )
 
  Gentoo Portage
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a craf...
 
CVE-2013-2586
( 4.3/10 )
 
  Apachefriends Xampp
XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.
 
CVE-2013-3064
( 6.8/10 )
 
  Linksys Ea6500
Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter.
 
CVE-2013-3065
( 3.5/10 )
 
  Linksys Ea6500
Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section...
 
CVE-2013-3066
( 7.1/10 )
 
  Linksys Ea6500
Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/.
 
CVE-2013-3068
( 6.8/10 )
 
  Cisco Linksys wrt310n router firmwar...
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports.
 
CVE-2013-3083
( 6.8/10 )
 
  Belkin F5d8236-4 v2
Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via ...
 
CVE-2013-3086
( 6.8/10 )
 
  Belkin N900
Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management...
 
CVE-2013-3089
( 6.8/10 )
 
  Belkin N300
Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration.
 
CVE-2013-3092
( 8.3/10 )
 
  Belkin N300
The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com