Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2015-03-05
High Risk

Linux Kernel IRET Instruction #SS Fault Handling Crash PoC

(CVE)
Emeric Nasi
Medium Risk

Linux Kernel PPP-over-L2TP Socket Level Handling Crash PoC

(CVE)
Emeric Nasi
Medium Risk

Linux Kernel Associative Array Garbage Collection Crash PoC

(CVE)
Emeric Nasi
High Risk

HP Data Protector 8.10 Remote Command Execution

(CVE)
Matthew Hall
Low Risk

Netcat CMS 5.5 Cross Site Scripting

Provensec
Low Risk

WordPress Max Banner Ads 1.9 Cross Site Scripting

Wang Jing
Low Risk

WordPress Newsletter 2.6.x / 2.5.x Open Redirect

Wang Jing
Medium Risk

Webshop Hun 1.062S Directory Traversal

Wang Jing
Low Risk

Webshop Hun 1.062S Cross Site Scripting

Wang Jing
Medium Risk

Webshop hun v1.062S /index.php Multiple Parameters SQL

Wang Jing
2015-03-04
Medium Risk

SSL/TLS Vulnerability Explained

(CVE)
digitalmunition
Low Risk

PostgreSQL password hashing

Michael
Medium Risk

Tor Browser 4.0.3 with websockets enabled by default

Pablo
Medium Risk

WordPress Webdorado Spider Event Calendar <= 1.4.9 SQL Injection

(CVE)
Mateusz Lach
Low Risk

BEdita CMS 3.5.1 Cross Site Scripting

Provensec
Medium Risk

Solarwinds Orion Service SQL Injection

(CVE)
volatile-minds
High Risk

PHPMoAdmin Remote Code Execution

@u0x
2015-03-03
Low Risk

GPON Zhone R4.0.2.566b D.O.S.

(CVE)
Kaczinski lramir...
High Risk

Symantec Web Gateway 5 restore.php Command Injection

(CVE)
sinn3r
Low Risk

Piwik Signature Validation

Taylor
Medium Risk

Ubuntu Vivid Upstart Privilege Escalation

halfdog
Low Risk

Slim PHP Framework 2.5.0 Weak Cryptography

Scott Arciszewsk...
Low Risk

ATutor LCMS 2.2 Cross Site Request Forgery

(CVE)
Edric Teo
Medium Risk

ECCMS 1.0 Cross Site Scripting / SQL Injection

R3VANBASTARD
Medium Risk

BEdita CMS 3.5.0 Cross Site Request Forgery / Cross Site Scripting

Edric Teo
High Risk

Swiss File Knife 1.7.4 Buffer Overflow

Vulnerability La...
High Risk

NetCat CMS 3.12 Remote File Inclusion

Wang Jing
Low Risk

Fortimail 5.2.1 Cross Site Scripting

William Costa
Medium Risk

WordPress Calculated Fields Form 1.0.10 SQL Injection

Ibrahim Raafat
Medium Risk

WordPress Photocrati Theme 4.x.x SQL Injection

[ ayastar ]
High Risk

WordPress WP All 3.2.3 Shell Upload

James Golovich
2015-03-02
Low Risk

PuTTY fails to clear private key information from memory

(CVE)
Patrick Coleman
High Risk

Seagate Business NAS pre-authentication remote code execution

OJ Reeves
Medium Risk

WordPress Survey And Poll 1.1.7 Blind SQL Injection

(CVE)
Securely
Medium Risk

Clipbucket 2.7 RC3 0.9 Blind SQL Injection

(CVE)
CWH Underground
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2015-03-05
2015-03-04
 
CVE-2014-8617
( 4.3/10 )
 
  Fortinet Fortimail
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web scr...
 
CVE-2015-2209
( 5/10 )
 
  Dlguard Dlguard
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.
 
CVE-2015-0891
( 4.3/10 )
 
  TISA Maroyaka simple board
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2015-0892
( 4.3/10 )
 
  TISA Maroyaka image album
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2015-0893
( 4.3/10 )
 
  TISA Maroyaka relay novel
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2015-03-03
 
CVE-2014-7896
( 4.3/10 )
 
  HP Xp7 global link manager softwa...
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, H...
 
CVE-2014-9283
( 5/10 )
 
  Bestwebsoft Captcha
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.
 
CVE-2014-9683
( 3.6/10 )
 
  Linux Linux kernel
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain pri...
 
CVE-2015-0890
( 5/10 )
 
  Bestwebsoft Google captcha
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.
 
CVE-2015-2194
( 6.5/10 )
 
  Fusion project Fusion
Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save...
 
CVE-2015-2195
( 4.3/10 )
 
  Wp media cleaner project Wp media cleaner
Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-ad...
 
CVE-2015-2196
( 7.5/10 )
 
  Web-dorado Spider calendar
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.
 
CVE-2015-2197
( 3.5/10 )
 
  Entity api project Entity api
Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
 
CVE-2015-2198
( 4.3/10 )
 
  Beehive forum Beehive forum
Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly hand...
 
CVE-2015-2199
( 6.5/10 )
 
  Wonderplugin Audio player
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-a...
 
CVE-2015-0656
( 4.3/10 )
 
  Cisco Network analysis module firmwa...
Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269.
 
CVE-2015-0933
( 3.5/10 )
 
  Sharelatex Sharelatex
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.
 
CVE-2015-0934
( 6.5/10 )
 
  Sharelatex Sharelatex
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename.
2015-03-02
 
CVE-2013-7421
( 2.1/10 )
 
  Linux Linux kernel
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.
 
CVE-2014-8160
( 5/10 )
 
  Linux Linux kernel
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass in...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2015, cxsecurity.com