Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-09-23
Low Risk

TomatoCart 1.1.8.6.1 Cross Site Scripting

Kenneth F. Belva
Low Risk

Exponent CMS 2.3.0 Cross Site Scripting

Kenneth F. Belva
Low Risk

Glype Proxy 1.4.9 Filter Bypass

Securify B.V.
Medium Risk

LittleSite Local File Inclusion Vulnerability

(CVE)
Eolas_Gadai
Low Risk

OKCupid Server Error Page XSS

(CVE)
Kenneth F. Belva
Low Risk

Pizza Inn Registration Stored XSS

(CVE)
Kenneth F. Belva
Medium Risk

TP-LINK WDR4300 XSS / Denial Of Service

(CVE)
Oz Elisyan
Low Risk

NetBill Enterprise Cookie Manipulation Vulnerability

Ali Pandidan
Medium Risk

Glype proxy privacy settings can be disabled via CSRF

Securify B.V.
Low Risk

KonaKart Storefront Application Cross Site Request Forgery

(CVE)
Christian Schnei...
High Risk

Joomla Mac Gallery <= 1.5 Arbitrary File Download

Claudio Viviani
2014-09-20
Medium Risk

ArticleFR 11.06.2014 (data.php) - Privilege Escalation

(CVE)
High-Tech Bridge...
Low Risk

Feng Office Cross Site Scripting

(CVE)
Provensec
Low Risk

Ganeti Insecure Archive Permission

(CVE)
Helga Velroyen
Low Risk

ntopng 1.2.0 Cross Site Scripting

(CVE)
Steffen Bauch
High Risk

PhpWiki Ploticus Command Injection

(CVE)
Benjamin Harris
Medium Risk

ace /tmp file vulnerability

(CVE)
Helmut
High Risk

Plogger Authenticated Arbitrary File Upload

(CVE)
b0z
Low Risk

MailEnable Enterprise 6.5 XSS

(CVE)
loneferret
High Risk

GetSimpleCMS PHP File Upload

Ahmed
Low Risk

Nokia Asha 501 Lock Bypass

Hammad Shamsi
Low Risk

M/Monit 3.2.2 Cross Site Request Forgery

(CVE)
Dolev Farhi
2014-09-19
Low Risk

Netgear Download Center Cross Site Scripting / Open Redirect

Claudio Viviani
High Risk

Apple Foundation NSXMLParser XML eXternal Entity (XXE)

(CVE)
George D. Gal
Low Risk

WatchGuard XTM 11.8.3 Cross Site Scripting

William
Low Risk

Oracle MyOracle Filter Bypass

Vulnerability La...
2014-09-18
Low Risk

Nokia Asha Lock Code Bypass

Muhammad Shahmee...
Medium Risk

webEdition 6.3.8.0 Path Traversal

(CVE)
High-Tech Bridge...
Medium Risk

seafile-server 3.1.5 Denial Of Service

retset
Low Risk

MODX Revolution 2.3.1-pl Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

Livefyre LiveComments 3.0 Cross Site Scripting

Brij Kishore Mis...
Low Risk

OsClass 3.4.1 Cross Site Scripting

(CVE)
Omar Kurt
Medium Risk

OsClass 3.4.1 Local File Inclusion

(CVE)
Omar Kurt
Low Risk

WordPress WP-Ban 1.62 Bypass

(CVE)
Tom Adams
Medium Risk

ClassApps SelectSurvey.net 4.124.004 SQL Injection

(CVE)
Anonymous
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-09-24
2014-09-22
 
CVE-2014-2942
( 7.2/10 )
 
  Cobham Aviator 700d
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal a...
 
CVE-2014-5971
( 5.4/10 )
 
  Fiksu Fiksu library
The Fiksu library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-5982
( 5.4/10 )
 
  Runkeeper Runkeeper - gps track run walk
The RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pro) application 4.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a...
 
CVE-2014-5983
( 5.4/10 )
 
  Threadflip Threadflip
The Threadflip : Buy, Sell Fashion (aka com.threadflip.android) application 1.1.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a craft...
 
CVE-2014-5984
( 5.4/10 )
 
  Playcomo Little dragons
The Little Dragons (aka com.playcomo.dragongame) application 1.0.256 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
 
CVE-2014-5991
( 5.4/10 )
 
  Skin conditions and diseases project Skin conditions and diseases
The Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cr...
 
CVE-2014-5992
( 5.4/10 )
 
  Successsecrets Successsecrets project
The successsecrets (aka com.alek.successsecrets) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-5993
( 5.4/10 )
 
  Preplaysports Mlb preplay
The MLB Preplay (aka com.preplay.android.mlb) application 5.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-5994
( 5.4/10 )
 
  DING Ding ezetop. top-up any phone
The ding* ezetop. Top-up Any Phone (aka com.ezetop.world) application 1.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cert...
 
CVE-2014-5995
( 5.4/10 )
 
  Ericpol Ewus mobile
The eWUS mobile (aka pl.dreryk.ewustest) application 1.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-5996
( 5.4/10 )
 
  Gebrauchtwagenreport Dekra used car report
The DEKRA Used Car Report (aka com.dekra.maengelreport) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certif...
 
CVE-2014-5997
( 5.4/10 )
 
  Autotrader.co.za Auto trader
The Auto Trader (aka za.co.autotrader.android.app) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-5998
( 5.4/10 )
 
  Skydrive assistant project Skydrive assistant
The SkyDrive Assistant (aka com.dhh.sky) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-5999
( 5.4/10 )
 
  Telenavsoftware Autonavi
The autonavi (aka com.telenav.doudouyou.android.autonavi) application 4.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cert...
 
CVE-2014-6000
( 5.4/10 )
 
  Freshdirect Freshdirect
The FreshDirect (aka com.freshdirect.android) application 2.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-6001
( 5.4/10 )
 
  Gewara Gewara
The gewara (aka com.gewara) application 5.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-6002
( 5.4/10 )
 
  Dteenergy Dte energy
The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-6003
( 5.4/10 )
 
  Belasfrasesdeamor Belas frases de amor
The Belas Frases de Amor (aka com.goodbarber.frasesdeamor) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifi...
 
CVE-2014-6004
( 5.4/10 )
 
  Pocket cam photo editor project Pocket cam photo editor
The Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificat...
 
CVE-2014-6005
( 5.4/10 )
 
  Survey.com Survey.com mobile
The Survey.com Mobile (aka com.survey.android) application 3.2.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com