Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2015-03-04
Medium Risk

SSL/TLS Vulnerability Explained

(CVE)
digitalmunition
Low Risk

PostgreSQL password hashing

Michael
Medium Risk

Tor Browser 4.0.3 with websockets enabled by default

Pablo
Medium Risk

WordPress Webdorado Spider Event Calendar <= 1.4.9 SQL Injection

(CVE)
Mateusz Lach
Low Risk

BEdita CMS 3.5.1 Cross Site Scripting

Provensec
Medium Risk

Solarwinds Orion Service SQL Injection

(CVE)
volatile-minds
High Risk

PHPMoAdmin Remote Code Execution

@u0x
2015-03-03
Low Risk

GPON Zhone R4.0.2.566b D.O.S.

(CVE)
Kaczinski lramir...
High Risk

Symantec Web Gateway 5 restore.php Command Injection

(CVE)
sinn3r
Low Risk

Piwik Signature Validation

Taylor
Medium Risk

Ubuntu Vivid Upstart Privilege Escalation

halfdog
Low Risk

Slim PHP Framework 2.5.0 Weak Cryptography

Scott Arciszewsk...
Low Risk

ATutor LCMS 2.2 Cross Site Request Forgery

(CVE)
Edric Teo
Medium Risk

ECCMS 1.0 Cross Site Scripting / SQL Injection

R3VANBASTARD
Medium Risk

BEdita CMS 3.5.0 Cross Site Request Forgery / Cross Site Scripting

Edric Teo
High Risk

Swiss File Knife 1.7.4 Buffer Overflow

Vulnerability La...
High Risk

NetCat CMS 3.12 Remote File Inclusion

Wang Jing
Low Risk

Fortimail 5.2.1 Cross Site Scripting

William Costa
Medium Risk

WordPress Calculated Fields Form 1.0.10 SQL Injection

Ibrahim Raafat
Medium Risk

WordPress Photocrati Theme 4.x.x SQL Injection

[ ayastar ]
High Risk

WordPress WP All 3.2.3 Shell Upload

James Golovich
2015-03-02
Low Risk

PuTTY fails to clear private key information from memory

(CVE)
Patrick Coleman
High Risk

Seagate Business NAS pre-authentication remote code execution

OJ Reeves
Medium Risk

WordPress Survey And Poll 1.1.7 Blind SQL Injection

(CVE)
Securely
Medium Risk

Clipbucket 2.7 RC3 0.9 Blind SQL Injection

(CVE)
CWH Underground
2015-02-28
High Risk

Apache Standard Taglibs 1.2.1 XXE / Remote Command Execution

(CVE)
David Jorm of II...
Low Risk

Tcl 1.16 Cross Site Scripting

Ben Fuhrmannek
Medium Risk

Loxone Smart Home CSRF / XSS / DoS / Credential Leakage

Daniel Schwarz
High Risk

Jetty 9.2.8 Shared Buffer Leakage

(CVE)
Gotham Digital S...
High Risk

HelpDezk 1.0.1 Shell Upload / Code Execution / Disclosure

Dennis Veninga
Low Risk

WordPress Media Cleaner 2.2.6 Cross Site Scripting

smail SAYGILI
2015-02-27
Low Risk

Collabtive 2.0 Cross Site Scripting

Provensec
Low Risk

TangoBB 1.5.0-A3 Cross Site Scripting

Dennis Veninga
Low Risk

Enano CMS 1.1.8pl1 Cross Site Scripting

Dennis Veninga
Medium Risk

Data Source: Scopus CMS SQL Injection Web Vulnerability

Vulnerability La...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2015-03-04
2015-03-03
 
CVE-2014-9283
( 5/10 )
 
  Bestwebsoft Captcha
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.
 
CVE-2014-9683
( 3.6/10 )
 
  Linux Linux kernel
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain pri...
 
CVE-2015-0890
( 5/10 )
 
  Bestwebsoft Google captcha
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.
2015-03-02
 
CVE-2013-7421
( 2.1/10 )
 
  Linux Linux kernel
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.
 
CVE-2014-8160
( 5/10 )
 
  Linux Linux kernel
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass in...
 
CVE-2014-9644
( 2.1/10 )
 
  Linux Linux kernel
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) ...
 
CVE-2015-0239
( 4.7/10 )
 
  Linux Linux kernel
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering u...
2015-03-01
 
CVE-2014-8921
( 4.3/10 )
 
  IBM Notes traveler companion
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easie...
2015-02-27
 
CVE-2015-1414
( 7.8/10 )
 
  Freebsd Freebsd
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of...
 
CVE-2015-2072
( 4.3/10 )
 
  SAP HANA
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/edi...
 
CVE-2015-2075
( 5/10 )
 
  SAP Businessobjects edge
SAP BussinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
 
CVE-2015-2076
( 5/10 )
 
  SAP Businessobjects edge
The Auditing service in SAP BussinessObjects Edge 4.0 allows remote attackers to obtains sensitive information by reading an audit event, aka SAP Note 2011395.
 
CVE-2015-2101
( 4.3/10 )
 
  Impliedbydesign Navigate
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2015-2102
( 7.5/10 )
 
  Clip-bucket Clipbucket
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
 
CVE-2015-2103
( 4.3/10 )
 
  Cosmoshop Cosmoshop
Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter).
 
CVE-2014-9676
( 6.8/10 )
 
  Ffmpeg Ffmpeg
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code vi...
 
CVE-2014-9682
( 10/10 )
 
  Dns-sync project Dns-sync
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
 
CVE-2015-0655
( 4.3/10 )
 
  Cisco Unified web and e-mail interac...
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus7418...
 
CVE-2015-0884
( 6.9/10 )
 
  Toshiba Bluetooth stack
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of...
 
CVE-2015-0885
( 5/10 )
 
  Checkpw project Checkpw
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2015, cxsecurity.com