Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-08-01
Medium Risk

Linux Kernel 3.15.7 sctp_assoc_update NULL pointer dereference and OOPS

(CVE)
Jason
Medium Risk

C++11 <regex> insecure by default

Maksymilian Arci...
High Risk

HP Release Control XXE Injection

MustLive
2014-07-31
High Risk

TOR 0.2.5.5 connecting a Tor client to a Tor hidden server

(CVE)
Sambuddho
Medium Risk

dhcpcd DoS attack

Roy
Low Risk

D-Link DWR-113 Cross Site Request Forgery

(CVE)
Blessen Thomas
High Risk

D-Link AP 3200 Missing Authentication / Cleartext Secret Storage

pws
Low Risk

SkaDate Lite 2.0 CSRF / Cross Site Scripting

Gjoko 'LiquidWor...
High Risk

SkaDate Lite 2.0 Remote Code Execution

Gjoko 'LiquidWor...
High Risk

Elastic Search 1.1.1 Arbitrary File Read

(CVE)
Bouke van der Bi...
Low Risk

Joomla Kunena Forum 3.0.5 Cross Site Scripting

Raymond Rizk
Medium Risk

Joomla Kunena Forum 3.0.5 SQL Injection

Raymond Rizk
Low Risk

Facebook For Android Information Disclosure / Open Proxy

Dr. Manuel Sados...
2014-07-30
Medium Risk

SVN local privilege escalation

(CVE)
Daniel
Low Risk

Lyris ListManagerWeb 8.95a Cross Site Scripting

1N3
Medium Risk

J&W Communications SQL Injection

Hekt0r
High Risk

micro_httpd by ACME Buffer Overflow

(CVE)
Yuval tisf Nativ
Low Risk

ZeroCMS Persistent Cross-Site Scripting Vulnerability

(CVE)
Mayuresh Dani
Medium Risk

DirPHP - version 1.0 Local File Inclusion

(CVE)
Chosen
Medium Risk

Wireshark Read Access Violation NULL Pointer Deref

(CVE)
Osanda Malith Ja...
High Risk

WiFi HD 7.3.0 LFI / Traversal / Command Injection / CSRF

Vulnerability La...
Low Risk

Barracuda WAF 6.1.5 / LoadBalancer 4.2.2 Filter Bypass / XSS

Vulnerability La...
Medium Risk

WordPress WhyDoWork AdSense 1.2 XSS / CSRF

Dylan Irzi
High Risk

SAP Netweaver Business Warehouse Missing Authorization

Onapsis
Low Risk

SAP HANA XS Administration Tool Cross Site Scripting

Onapsis
Medium Risk

SAP HANA XS Missing Encryption

Onapsis
Low Risk

SAP FI Manager Self-Service Hardcoded Username

Onapsis
Medium Risk

SAP_JTECHS HTTP Verb Tampering

Onapsis
High Risk

SAP HANA IU5 SDK Authentication Bypass

Onapsis
2014-07-29
Medium Risk

Parallels Tools 9.0 Privilege Escalation

Anastasios
High Risk

CMSimple 4.4.4 RFI / Code Execution / Default Password

Indian Haxors Te...
High Risk

Web Encryption Extension Authentication Bypass

Senderek
Low Risk

Barracuda Networks Spam / Virus Firewall 5.1.3 XSS

Vulnerability La...
Low Risk

MasterCard Open Redirect

Anastasios
High Risk

WordPress Slider Revolution Responsive 4.1.4 File Download

Claudio Viviani
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-08-01
2014-08-01
 
CVE-2014-2627
( 5.2/10 )
 
  HP Nonstop netbatch
Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.
 
CVE-2014-3009
( 3.5/10 )
 
  IBM Infosphere master data managem...
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it e...
 
CVE-2014-3302
( 5.8/10 )
 
  Cisco Webex meetings server
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.
 
CVE-2014-0972
( 7.2/10 )
 
  Codeaurora Android-msm
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to s...
 
CVE-2014-3534
( 7.2/10 )
 
  Linux Linux kernel
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory lo...
 
CVE-2014-5045
( 6.2/10 )
 
  Linux Linux kernel
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial ...
 
CVE-2014-5077
( 5.4/10 )
 
  Linux Linux kernel
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an assoc...
 
CVE-2014-5161
( 5/10 )
 
  Wireshark Wireshark
The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash...
2014-07-31
 
CVE-2012-6651
( 5/10 )
 
  Vitamin plugin project Vitamin
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.
 
CVE-2014-3488
( 5/10 )
 
  Netty project Netty
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
 
CVE-2014-3554
( 6.8/10 )
 
  Libndp Libndp
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.
 
CVE-2014-5171
( 2.9/10 )
 
  SAP Hana extend application servic...
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.
 
CVE-2014-5172
( 4.3/10 )
 
  SAP HANA
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-5173
( 5/10 )
 
  SAP Hana extend application servic...
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.
 
CVE-2014-5174
( 3.5/10 )
 
  SAP Netweaver business warehouse
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
 
CVE-2014-5175
( 7.5/10 )
 
  SAP Solution manager
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.
 
CVE-2014-5176
( 6/10 )
 
  SAP Fi manager self-service
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.
2014-07-30
 
CVE-2014-0914
( 3.5/10 )
 
  IBM Maximo asset management
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management ...
 
CVE-2014-0915
( 3.5/10 )
 
  IBM Maximo asset management
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control D...
 
CVE-2014-0947
( 6.5/10 )
 
  IBM Rational software architect de...
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com