Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-09-02
Medium Risk

net-snmp snmptrapd crash

Murray McAlliste...
Low Risk

Avira License Application Cross Site Request Forgery Vulnerability

Vulnerability La...
Medium Risk

WWW File Share Pro v7.0 Denial of Service Vulnerability

Vulnerability La...
Medium Risk

OpenVPN Private Tunnel Core Unquoted Service Path Elevation Of Privilege

(CVE)
Gjoko 'LiquidWor...
Medium Risk

Ubisoft Uplay 4.6 Insecure File Permissions Local Privilege Escalation

(CVE)
Gjoko 'LiquidWor...
2014-09-01
High Risk

WordPress CuckooTap Theme & eShop Arbitrary File Download

CWE-200
2014-08-31
Medium Risk

MX-SmartTimer SQL Injection

Thomas Hibbert
High Risk

F5 Unauthenticated rsync access to Remote Root Code Execution

Thomas Hibbert
Medium Risk

rsync vulnerable to collisions

Michael
2014-08-30
Medium Risk

IrPopUP SQL Injection Vulnerability

ExirSec.Com
Low Risk

Sierra Library Services Platform 1.2_3 XSS / Enumeration

(CVE)
CAaNES
High Risk

Wing FTP Server Authenticated Command Execution

Nicholas Nam
High Risk

HTML Help Workshop 1.4 Buffer Overflow

Moroccan Kingdom
2014-08-29
Medium Risk

glibc Off-by-One NUL Byte gconv_translit_find Exploit

(CVE)
Tavis and Chris
High Risk

Internet Explorer MS14-029 Memory Corruption PoC

(CVE)
PhysicalDrive0
High Risk

iPhone Call From LockScreen ByPass By Siri On iOS 7.1.2 (0day) *youtube

Mohit Amn Securi...
Low Risk

ehsanweb CMS Cross-Site Scripting Vulnerability

IeDb
Low Risk

F5 BIG-IP 11.5.1 Cross Site Scripting

(CVE)
Stefan
High Risk

Aerohive Hive Manager / Hive OS Complete Fail Multiple Vulns

Multiple
High Risk

Plogger Authenticated Arbitrary File Upload

b0z
High Risk

NRPE 2.15 Remote Command Execution

(CVE)
Claudio Viviani
High Risk

ActualAnalyzer Remote Command Execution

Benjamin Harris
High Risk

PhpWiki Ploticus Command Injection

Benjamin Harris
High Risk

XRMS Blind SQL Injection / Command Execution

Benjamin Harris
Medium Risk

DomainTrader Domain Parking / Auction Script 2.5.3 CSRF / XSS

Haider Mahmood
Low Risk

Jappix Cross Site Scripting

Provensec
2014-08-28
Low Risk

Firefox WebIDL Privileged Javascript Injection

(CVE)
joev
Low Risk

ManageEngine DeviceExpert 5.9 Credential Disclosure

(CVE)
Pedro
Low Risk

ManageEngine EventLog Analyzer 7 Cross Site Scripting

(CVE)
Rodrigo Contarin...
Low Risk

Encore Discovery Solution 4.3 Open Redirect / Session Token In URL

(CVE)
CAaNES
Medium Risk

WordPress ShortCode 1.1 Local File Inclusion

(CVE)
Mehdi & Chris
Medium Risk

Furniture Site Manager SQL Injection

KnocKout
Low Risk

WooCommerce Store Exporter 1.7.5 Cross Site Scripting

Mike Manzotti Di...
2014-08-27
Medium Risk

Joomla Spider 2.8.3 SQL Injection

Claudio Viviani
Low Risk

vm-support 0.88 File Overwrite / Information Disclosure

(CVE)
dolevf
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-09-02
2014-09-02
 
CVE-2014-3861
( 4.3/10 )
 
  HL7 C-cda
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.
 
CVE-2014-3862
( 4.3/10 )
 
  HL7 C-cda
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure...
 
CVE-2014-5076
( 4.3/10 )
 
  Labanquepostale Labanquepostale
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated...
 
CVE-2014-5452
( 4.3/10 )
 
  HL7 C-cda
CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that is improperly handled during ...
 
CVE-2014-6041
( 5.8/10 )
 
  Google Android browser
The Android Browser application 4.2.1 on Android allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence.
2014-08-31
 
CVE-2013-2595
( 7.2/10 )
 
  Codeaurora Android-msm
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl c...
 
CVE-2013-2597
( 7.2/10 )
 
  Codeaurora Android-msm
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attacker...
 
CVE-2013-2598
( 6.6/10 )
 
  Codeaurora Android-msm
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image l...
 
CVE-2013-2599
( 5/10 )
 
  Codeaurora Android-msm
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows...
 
CVE-2013-6124
( 3.3/10 )
 
  Codeaurora Android-msm
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrat...
 
CVE-2014-3601
( 4.3/10 )
 
  Linux Linux kernel
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruptio...
 
CVE-2014-5471
( 4/10 )
 
  Linux Linux kernel
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted i...
 
CVE-2014-5472
( 4/10 )
 
  Linux Linux kernel
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
2014-08-30
 
CVE-2014-3352
( 4.3/10 )
 
  Cisco Cloud portal
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, rela...
 
CVE-2014-3908
( 5.8/10 )
 
  Amazon Kindle
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
2014-08-29
 
CVE-2013-5467
( 7.2/10 )
 
  IBM Monitoring agent for unix logs
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and...
 
CVE-2014-0600
( 7.8/10 )
 
  Novell Groupwise
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.
 
CVE-2014-0888
( 4.9/10 )
 
  IBM Mobile foundation
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.
 
CVE-2014-0897
( 3.5/10 )
 
  IBM Flex system manager
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authent...
 
CVE-2014-3024
( 6/10 )
 
  IBM Maximo asset management
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenti...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com