Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-08-22
Low Risk

ArcGIS For Server 10.1.1 XSS / Open Redirect

(CVE)
CAaNES
Medium Risk

MyBB 1.8 Beta 3 Cross Site Scripting / SQL Injection

DemoLisH
Medium Risk

Dashing Times SQL Injection

3spi0n
2014-08-21
Medium Risk

Apache HttpComponents client Hostname verification MITM attack

(CVE)
Dirk-Willem van ...
Medium Risk

Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting

(CVE)
Nik
Medium Risk

ArticleFR 3.0.4 SQL Injection

(CVE)
High-Tech Bridge...
Medium Risk

ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection

(CVE)
Pedro
Low Risk

WordPress All In One SEO Pack 2.2.2 Cross Site Scripting

1N3
Medium Risk

ESET Windows Products 7.0 Privilege Escalation

(CVE)
Kyriakos Economo...
Medium Risk

Panda Security 2014 Privilege Escalation

(CVE)
Kyriakos Economo...
High Risk

Delphi And C++ Builder VCL Library Buffer Overflow

(CVE)
CORE
Low Risk

WordPress Mobile Pack 2.0.1 Information Disclosure

Tom Adams
2014-08-20
Low Risk

Apache OFBiz 11.04.04 / 12.04.03 Cross Site Scripting

(CVE)
Gregory Draperi
Medium Risk

RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass

(CVE)
ESA
High Risk

HybridAuth install.php PHP Code Execution

Brendan Coles
High Risk

BlazeDVD Pro 7.0 Buffer Overflow

metacom
Medium Risk

EMC Documentum D2 Privilege Escalation

(CVE)
EMC
Low Risk

EMC Documentum Cross Site Scripting

(CVE)
EMC
High Risk

EMC Documentum Code Execution / DQL Injection

(CVE)
EMC
Low Risk

EMC Documentum Cross Site Request Forgery

(CVE)
EMC
2014-08-19
Medium Risk

Firefox toString console.time Privileged Javascript Injection

(CVE)
joev
High Risk

Gitlab-shell Code Execution

(CVE)
Brandon
High Risk

Senkas Kolibri WebServer 2.0 Buffer Overflow

(CVE)
tekwizz123
Medium Risk

Outlook.com For Android Failed Validation

(CVE)
Yorick Koster
Low Risk

WordPress Disqus 2.7.7 Cross Site Request Forgery

Voxel
2014-08-18
Low Risk

Wordpress 3.9.1 pluggable.php CSRF vulnerability

(CVE)
nacin
High Risk

Tenda A5s Router Authentication Bypass Vulnerability

(CVE)
zixian
2014-08-17
Low Risk

RiverBed Stingray Traffic Manager Virtual Appliance 9.6 XSS

William Costa
Medium Risk

Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs

Stefan Kanthak
2014-08-15
Low Risk

Optical Society of America's Prism Information Leak

Peter Wiedekind
Low Risk

MyConnection Server (MCS) 9.7i Cross Site Scripting

(CVE)
1N3
Low Risk

Lyris ListManagerWeb 8.95a Cross Site Scripting

(CVE)
1N3
Medium Risk

WordPress Gallery Objects 0.4 SQL Injection

(CVE)
Claudio Viviani
Medium Risk

vBulletin 5.1.2 SQL Injection Exploit

(CVE)
Nytro
High Risk

VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution

(CVE)
Emilio Pinna
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-08-22
2014-08-21
 
CVE-2014-3562
( 5/10 )
 
  Fedoraproject 389 directory server
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
 
CVE-2014-3577
( 5.8/10 )
 
  Apache Httpasyncclient
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName fi...
 
CVE-2014-5158
( 10/10 )
 
  Alienvault Open source security informati...
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.
 
CVE-2014-5159
( 7.5/10 )
 
  Alienvault Open source security informati...
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.
 
CVE-2014-5210
( 10/10 )
 
  Alienvault Open source security informati...
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
 
CVE-2014-5383
( 6.5/10 )
 
  Alienvault Open source security informati...
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2009-5142
( 4.3/10 )
 
  Binarymoon Timthumb
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.
 
CVE-2010-5302
( 4.3/10 )
 
  Binarymoon Timthumb
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.
 
CVE-2010-5303
( 4.3/10 )
 
  Binarymoon Timthumb
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $erro...
 
CVE-2014-3951
( 5/10 )
 
  Freebsd Freebsd
The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT p...
 
CVE-2014-5384
( 5/10 )
 
  Freebsd Freebsd
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to the iconv_open function. NOTE: this issue was SPL...
 
CVE-2014-5385
( 5/10 )
 
  Shopizer Shopizer
com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack.
 
CVE-2014-0965
( 4.3/10 )
 
  IBM Websphere application server
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.
 
CVE-2014-3022
( 4.3/10 )
 
  IBM Websphere application server
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.
 
CVE-2014-3070
( 5/10 )
 
  IBM Websphere application server
The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access...
 
CVE-2014-3083
( 5/10 )
 
  IBM Websphere application server
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors.
 
CVE-2014-3089
( 4.9/10 )
 
  IBM Rational directory administrat...
The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local ...
 
CVE-2014-3436
( 5/10 )
 
  Symantec Encryption desktop
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larg...
 
CVE-2014-4764
( 7.1/10 )
 
  IBM Websphere application server
IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3, when Load Balancer for IPv4 Dispatcher is enabled, allows remote attackers to cause a denial of service (Load Balancer crash) via unspecified vectors.
2014-08-20
 
CVE-2014-0640
( 4/10 )
 
  EMC Rsa archer egrc
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com