Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-09-17
High Risk

Phpwiki Ploticus Remote Code Execution

(CVE)
us3r777
Low Risk

CM Browser SOP Bypass

Rafay Baloch
Medium Risk

OSSEC 2.8 umask Clear Text Passwords

aramosf
Medium Risk

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

Pietro Minniti
Low Risk

In-Portal CMS 5.2.0 Cross Site Scripting

MustLive
High Risk

Delphi And C++ Builder VCL Library Heap Buffer Overflow

(CVE)
Core
Medium Risk

Laravel 2.1 Hash::make() bcrypt Truncation

u0x
High Risk

USB & WiFi Flash Drive 1.3 Code Execution

Vulnerability La...
2014-09-16
High Risk

Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management

(CVE)
Federick Joe Faj...
Medium Risk

Open-Xchange 7.6.0 XSS / SSRF / Traversal

(CVE)
Martin Heiland
Low Risk

WordPress Wordfence 5.2.3 Cross Site Scripting / Bypass

Voxel
Low Risk

DVWA Cross Site Request Forgery

Paulos and Tabor
Low Risk

MyITCRM Cross Site Scripting

provensec
Medium Risk

SingleClick Connect CSRF / XSS / SQL Injection

Rob Fuller
Low Risk

Splendid CRM Cross Site Scripting

provensec
2014-09-15
High Risk

Linux Kernel udf infinite loop when processing indirect ICBs

(CVE)
Jan Kara
Medium Risk

Linux Kernel net guard tcp_set_keepalive against crash

(CVE)
Dave Jones
High Risk

OpenStack Neutron remote reset vulnerability

Elena Ezhova (Mi...
High Risk

Briefcase 4.0 iOS Code Execution & File Include Vulnerability

Vulnerability La...
High Risk

EGYWEB (Mantrac) <= Remote File Disclosure Exploit (.py)

KnocKout
2014-09-14
Medium Risk

MantisBT Null byte poisoning in LDAP authentication

(CVE)
Damien
2014-09-13
High Risk

Rooted SSH/SFTP Daemon Default Login Credentials

Larry W. Cashdol...
Medium Risk

Joomla Spider Form Maker 4.3 SQL Injection

Claudio Viviani
High Risk

HttpFileServer 2.3.x Remote Command Execution

(CVE)
Daniele Linguagl...
Low Risk

Food Order Portal 8.3 Cross Site Request Forgery

KnocKout
Low Risk

Travel Portal II 6.0 Cross Site Request Forgery

KnocKout
Low Risk

WordPress Photo Album Plus 5.4.4 Cross Site Scripting

Milhouse
2014-09-12
Low Risk

IBM WebSphere Application Server Cross Site Scripting

G. S. McNamara
Low Risk

Airties Air6372SO Modem Web Interface Cross Site Scripting

KnocKout
Low Risk

OroCRM Cross Site Scripting

Provensec Labs
Medium Risk

Photorange 1.0 Local File Inclusion

Vulnerability La...
High Risk

ManageEngine Eventlog Analyzer Arbitrary File Upload

(CVE)
Pedro
Low Risk

ChatSecure IM 2.2.4 iOS Persistent Web Vulnerability

Vulnerability La...
High Risk

SolarWinds Storage Manager Authentication Bypass

Juan vazquez
High Risk

Railo 4.2.1 Remote File Inclusion

(CVE)
Bryan Alexander
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-09-17
2014-09-17
 
CVE-2014-0560
( 10/10 )
 
  Adobe Acrobat
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
 
CVE-2014-0561
( 10/10 )
 
  Adobe Acrobat
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0567.
 
CVE-2014-0562
( 4.3/10 )
 
  Adobe Acrobat
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
 
CVE-2014-0563
( 7.8/10 )
 
  Adobe Acrobat
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.
 
CVE-2014-0565
( 10/10 )
 
  Adobe Acrobat
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566.
 
CVE-2014-0566
( 10/10 )
 
  Adobe Acrobat
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0565.
 
CVE-2014-0567
( 10/10 )
 
  Adobe Acrobat
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0561.
 
CVE-2014-0568
( 10/10 )
 
  Adobe Acrobat
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context, via unspecified vectors.
 
CVE-2014-4621
( 8.5/10 )
 
  EMC Documentum content server
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-obj...
 
CVE-2014-4622
( 7.1/10 )
 
  EMC Documentum content server
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass inte...
 
CVE-2012-1032
( 4.3/10 )
 
  Episerver Episerver
Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; th...
2014-09-15
 
CVE-2014-0993
( 6.8/10 )
 
  Embarcadero Embarcadero c++builder xe6
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP...
 
CVE-2014-2375
( 9/10 )
 
  Ecava Integraxor
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export ...
 
CVE-2014-2376
( 7.5/10 )
 
  Ecava Integraxor
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2014-2377
( 5/10 )
 
  Ecava Integraxor
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.
 
CVE-2014-3077
( 2.1/10 )
 
  IBM Storwize v7000 unified softwar...
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.
 
CVE-2014-3617
( 4/10 )
 
  Moodle Moodle
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without th...
 
CVE-2014-3796
( 5/10 )
 
  Vmware NSX
VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.
 
CVE-2014-4763
( 3.5/10 )
 
  IBM Filenet content foundation
Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitr...
 
CVE-2014-5407
( 4.4/10 )
 
  Schneider-electric Vampset
Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com