Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-07-23
Medium Risk

Apache 2.4.x mod_proxy Denial Of Service

Marek Kroemeke
Medium Risk

Linux Kernel ptrace/sysret Local Privilege Escalation

(CVE)
Vitaly Nikolenko
High Risk

Ansible 1.6.6 Arbitrary Code Execution

(CVE)
Brian Harring
Low Risk

EventLog Analyzer 9.0 Build #9000 Cross Site Scripting

A2SECURE
Low Risk

Symantec Endpoint Protection Manager 12.1.4023.4080 Login Bruteforce

Tsvetkov
High Risk

DjVuLibre 3.5.25.3 Out Of Bounds Access Violation

drone
Low Risk

SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting

William Costa
Medium Risk

SGMiner / CGMiner Denial Of Service

(CVE)
Mick Ayzenberg
Medium Risk

Sum Technologies SQL Injection

Th3 R0cksT3r
Low Risk

Barracuda Networks Spam And Virus Firewall 6.0.2 XSS

Vulnerability La...
High Risk

SGMiner / CGMiner / BFGMiner Heap Overflow

(CVE)
Mick Ayzenberg
Medium Risk

SGMiner / CGMiner / BFGMiner Stack Overflow

(CVE)
Mick Ayzenberg
2014-07-22
Medium Risk

vBulletin 5.1.2 SQL Injection Exploit

Nytro
Medium Risk

Apache Scoreboard / Status Race Condition

Marek Kroemeke
Medium Risk

Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation

(CVE)
Matt Bergin of K...
Medium Risk

Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation

(CVE)
Matt Bergin of K...
High Risk

IBM 1754 GCM KVM Code Execution / File Read / XSS

(CVE)
Alejandro Alvare...
Low Risk

MyConnection Server (MCS) 9.7i Cross Site Scripting

1N3
High Risk

Elasticsearch Logstash 1.4.1 Command Execution

(CVE)
Jordan Sissel
High Risk

Tenable Nessus 5.2.7 Parameter Tampering / Authentication Bypass

(CVE)
Robert Gilbert
Low Risk

MTS MBlaze 3G Wi-Fi Modem Data Theft / Modification

Ajin Abraham
Medium Risk

WordPress Gallery Objects 0.4 SQL Injection

Claudio Viviani
Medium Risk

World Of Warcraft 3.3.5a Stack Overflow

Alireza Chegini
Medium Risk

Design Foundry Cross Site Scripting / SQL Injection

Hekt0r
2014-07-19
High Risk

Apache httpd mod_status Heap Buffer Overflow Remote Code Execution

(CVE)
ZDI
Medium Risk

vBulletin 5.1.2 SQL Injection *youtube

RST
High Risk

micro_httpd by ACME Buffer Overflow

Yuval tisf Nativ
High Risk

Dahua DVR Authentication Bypass

(CVE)
Zhejiang
2014-07-18
Low Risk

Aruba Networks ClearPass Policy Manager SQL Injection and Credential Disclosure

(CVE)
Nate Roberts fro...
High Risk

Yealink VoIP Phone SIP-T38G Default Credentials

(CVE)
RingZer0 Team
Medium Risk

Omeka 2.2 Cross Site Request Forgery / Cross Site Scripting

Gjoko 'LiquidWor...
Medium Risk

OL-Commerce 2.1.1 Cross Site Scripting / SQL Injection

AtT4CKxT3rR0r1ST
High Risk

Trixbox XSS / LFI / SQL Injection / Code Execution

AtT4CKxT3rR0r1ST
2014-07-17
High Risk

Bitdefender GravityZone File Disclosure / Missing Authentication

Stefan
High Risk

Microsoft Internet Explorer CSS import Memory Corruption

(CVE)
VUPEN
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-07-23
2014-07-22
 
CVE-2013-7392
( 7.5/10 )
 
  Gitlist Gitlist
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.
 
CVE-2014-2385
( 4.3/10 )
 
  Sophos Anti-virus
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems...
 
CVE-2014-4326
( 7.5/10 )
 
  Elasticsearch Logstash
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
 
CVE-2014-4511
( 7.5/10 )
 
  Gitlist Gitlist
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stat...
 
CVE-2014-4911
( 5/10 )
 
  Polarssl Polarssl
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensi...
 
CVE-2014-5019
( 5/10 )
 
  Drupal Drupal
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.
 
CVE-2014-5020
( 4.9/10 )
 
  Drupal Drupal
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file ...
 
CVE-2014-5021
( 2.1/10 )
 
  Drupal Drupal
Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group lab...
 
CVE-2014-5022
( 4.3/10 )
 
  Drupal Drupal
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
 
CVE-2014-5023
( 6.8/10 )
 
  Gitlist Gitlist
Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.
2014-07-21
 
CVE-2014-4734
( 4.3/10 )
 
  E107 E107
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.
 
CVE-2014-4960
( 7.5/10 )
 
  Joomlaboat Com youtubegallery
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid...
 
CVE-2014-5016
( 4.3/10 )
 
  Limesurvey Limesurvey
Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participan...
 
CVE-2014-5017
( 7.5/10 )
 
  Limesurvey Limesurvey
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/g...
 
CVE-2014-5018
( 4.3/10 )
 
  Limesurvey Limesurvey
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, rela...
2014-07-20
 
CVE-2013-4352
( 4.3/10 )
 
  Apache Http server
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and dae...
 
CVE-2014-0117
( 4.3/10 )
 
  Apache Http server
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
 
CVE-2014-0118
( 4.3/10 )
 
  Apache Http server
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted req...
 
CVE-2014-0226
( 6.8/10 )
 
  Apache Http server
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr...
 
CVE-2014-0231
( 5/10 )
 
  Apache Http server
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com