Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-07-30
Medium Risk

SVN local privilege escalation

(CVE)
Daniel
Low Risk

Lyris ListManagerWeb 8.95a Cross Site Scripting

1N3
Medium Risk

J&W Communications SQL Injection

Hekt0r
High Risk

micro_httpd by ACME Buffer Overflow

(CVE)
Yuval tisf Nativ
Low Risk

ZeroCMS Persistent Cross-Site Scripting Vulnerability

(CVE)
Mayuresh Dani
Medium Risk

DirPHP - version 1.0 Local File Inclusion

(CVE)
Chosen
Medium Risk

Wireshark Read Access Violation NULL Pointer Deref

(CVE)
Osanda Malith Ja...
High Risk

WiFi HD 7.3.0 LFI / Traversal / Command Injection / CSRF

Vulnerability La...
Low Risk

Barracuda WAF 6.1.5 / LoadBalancer 4.2.2 Filter Bypass / XSS

Vulnerability La...
Medium Risk

WordPress WhyDoWork AdSense 1.2 XSS / CSRF

Dylan Irzi
High Risk

SAP Netweaver Business Warehouse Missing Authorization

Onapsis
Low Risk

SAP HANA XS Administration Tool Cross Site Scripting

Onapsis
Medium Risk

SAP HANA XS Missing Encryption

Onapsis
Low Risk

SAP FI Manager Self-Service Hardcoded Username

Onapsis
Medium Risk

SAP_JTECHS HTTP Verb Tampering

Onapsis
High Risk

SAP HANA IU5 SDK Authentication Bypass

Onapsis
2014-07-29
Medium Risk

Parallels Tools 9.0 Privilege Escalation

Anastasios
High Risk

CMSimple 4.4.4 RFI / Code Execution / Default Password

Indian Haxors Te...
High Risk

Web Encryption Extension Authentication Bypass

Senderek
Low Risk

Barracuda Networks Spam / Virus Firewall 5.1.3 XSS

Vulnerability La...
Low Risk

MasterCard Open Redirect

Anastasios
High Risk

WordPress Slider Revolution Responsive 4.1.4 File Download

Claudio Viviani
Medium Risk

WordPress Lead Octopus Power SQL Injection

Ashiyane Digital...
Medium Risk

WordPress FBGorilla SQL Injection

Ashiyane Digital...
2014-07-28
Low Risk

MyBB 1.6.14 search.php Full Path Disclosure

DemoLisH
High Risk

Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload

(CVE)
Christian Mehlma...
High Risk

Oxwall 1.7.0 Remote Code Execution Exploit

Gjoko 'LiquidWor...
Medium Risk

Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities

Gjoko 'LiquidWor...
Medium Risk

Linux Kernel sctp inherit auth_capable on INIT collisions

Jason
Low Risk

rsync vulnerable to collisions

Michael
Medium Risk

CMS Studyo10 Blind Sql Injection

Felipe Andrian P...
Medium Risk

Sagem F@st 3304-V1 denial of service Vulnerability

Z3ro0ne
Medium Risk

Omeka 2.2 Cross Site Request Forgery / Cross Site Scripting

(CVE)
Gjoko 'LiquidWor...
Medium Risk

Bugzilla 3.x / 4.x Cross Site Request Forgery

(CVE)
Mario Gomes, Byr...
2014-07-27
High Risk

Netgear DGN2200 Password Disclosure

Dolev Farhi
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-07-30
2014-07-29
 
CVE-2014-3541
( 7.5/10 )
 
  Moodle Moodle
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data as...
 
CVE-2014-3542
( 4.3/10 )
 
  Moodle Moodle
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity ref...
 
CVE-2014-3543
( 4.3/10 )
 
  Moodle Moodle
mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity ...
 
CVE-2014-3544
( 3.5/10 )
 
  Moodle Moodle
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via th...
 
CVE-2014-3545
( 6/10 )
 
  Moodle Moodle
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
 
CVE-2014-3546
( 5/10 )
 
  Moodle Moodle
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentia...
 
CVE-2014-3547
( 4.3/10 )
 
  Moodle Moodle
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.
 
CVE-2014-3548
( 4.3/10 )
 
  Moodle Moodle
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a...
 
CVE-2014-3549
( 4.3/10 )
 
  Moodle Moodle
Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly ...
 
CVE-2014-3550
( 4.3/10 )
 
  Moodle Moodle
Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message f...
 
CVE-2014-3551
( 3.5/10 )
 
  Moodle Moodle
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitr...
 
CVE-2014-3552
( 6/10 )
 
  Moodle Moodle
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via craft...
 
CVE-2014-3553
( 4.9/10 )
 
  Moodle Moodle
mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all...
 
CVE-2014-0103
( 2.1/10 )
 
  Zarafa Webapp
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
 
CVE-2014-0475
( 6.8/10 )
 
  GNU Glibc
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG...
 
CVE-2014-2226
( 2.6/10 )
 
  UBNT Unifi controller
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.
 
CVE-2014-4710
( 4.3/10 )
 
  AAS9 Zerocms
Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field.
 
CVE-2014-4909
( 6.8/10 )
 
  Transmissionbt Transmission
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bo...
 
CVE-2014-5029
( 1.5/10 )
 
  Apple CUPS
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-...
 
CVE-2014-5030
( 1.9/10 )
 
  Apple CUPS
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com