Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-09-30
High Risk

GNU Bash 4.3 Command Injection

JSacco
Medium Risk

AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling

indoushka
Low Risk

Internet Explorer 8 Fixed Col Span ID Full ASLR, DEP, And EMET 5.0 Bypass

(CVE)
sickness
Low Risk

Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure

Nate Power
Medium Risk

Bacula-web 5.2.10 SQL Injection

wishnusakti
Low Risk

PayPal Service Manager Script Insertion

Vulnerability La...
Low Risk

PayPal Bill Later Mail Encoding Cross Site Scripting

Vulnerability
2014-09-29
High Risk

DHCP Client Bash Environment Variable Code Injection

(CVE)
Ramon
Medium Risk

Typo3 JobControl 2.14.0 Cross Site Scripting / SQL Injection

Mogwai
Medium Risk

Exinda WAN Optimization Suite 7.0.0 CSRF / XSS

William Costa
Medium Risk

Comersus Sophisticated Cart Database Disclosure

indoushka
2014-09-28
Medium Risk

Oscommerce 2.3.4 XSS / HPP / File Inclusion

indoushka
Medium Risk

Openfiler 2.99.1 Denial Of Service

(CVE)
dolevff
High Risk

Apache mod_cgi Bash Environment Variable Code Injection

(CVE)
Juan vazquez
Low Risk

Get Simple CMS 3.3.3 Information Disclosure / XSS

indoushka
Medium Risk

NDBLOG 0.1 Cross Site Scripting / SQL Injection

indoushka
Low Risk

SmarterTools Smarter Track 6-10 Information Disclosure

Vulnerability La...
Medium Risk

GS Foto Uebertraeger 3.0 iOS File Include Vulnerability

Vulnerability La...
High Risk

Gnu Bash 4.3 CGI Scan Remote Command Injection

(CVE)
Stephane Chazela...
Medium Risk

Nucom ADSL ADSLR5000UN ISP Credential Disclosure

Sebasti&#161...
High Risk

Dhclient Bash Environment Variable Injection

(CVE)
egypt
High Risk

POSNIC 1.02 Directory Listing / File Upload

indoushka
Low Risk

PayPal Mail Encoding Script Insertion

Vulnerability La...
Low Risk

PayPal Community Web Portal Cross Site Scripting

Vulnerability La...
2014-09-26
Medium Risk

Perl 5.20.1 Deep Recursion Stack Overflow

(CVE)
LSE
Low Risk

Telerik ASP.NET AJAX RadEditor Control 2014.1.403.35 XSS

(CVE)
Tyler Hoyle
High Risk

Mac OS X VMWare Fusion Root Privilege Escalation

(CVE)
joev
Medium Risk

LibVNCServer 0.9.9 Remote Code Execution / Denial Of Service

(CVE)
Nicolas Ruff
High Risk

bashedCgi Remote Command Execution

(CVE)
Shaun Colley
Medium Risk

All In One WP Security 3.8.2 SQL Injection

(CVE)
High-Tech Bridge...
2014-09-25
High Risk

CGI Remote Code Injection by Bash Proof Of Concept

(CVE)
Prakhar Prasad &...
High Risk

ZyXEL Prestig P-660HNU-T1v2 Credential Disclosure

Sebastia&#16...
Medium Risk

WS10 Data Server SCADA Exploit Overflow PoC

Pedro S
High Risk

Advantech WebAccess dvs.ocx GetColor Buffer Overflow

(CVE)
Juan vazquez
High Risk

EMC AlphaStor Device Manager Opcode 0x75 Command Injection

(CVE)
Anyway
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-01
2014-09-30
 
CVE-2014-6278
( 10/10 )
 
  GNU BASH
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the Force...
2014-09-29
 
CVE-2014-3811
( 7.2/10 )
 
  Juniper Juniper installer service clie...
Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors.
 
CVE-2012-5619
( 2.1/10 )
 
  Sleuthkit The sleuth kit
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics ac...
 
CVE-2012-5621
( 5/10 )
 
  Ekiga Ekiga
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.
 
CVE-2013-1874
( 4.4/10 )
 
  Call-cc Chicken
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.
 
CVE-2013-2100
( 9.3/10 )
 
  Gentoo Portage
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a craf...
 
CVE-2013-2586
( 4.3/10 )
 
  Apachefriends Xampp
XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.
 
CVE-2013-3064
( 6.8/10 )
 
  Linksys Ea6500
Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter.
 
CVE-2013-3065
( 3.5/10 )
 
  Linksys Ea6500
Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section...
 
CVE-2013-3066
( 7.1/10 )
 
  Linksys Ea6500
Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/.
 
CVE-2013-3632
( 9/10 )
 
  Openmediavault Openmediavault
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
2014-09-28
 
CVE-2012-6657
( 4.9/10 )
 
  Linux Linux kernel
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the abilit...
 
CVE-2014-3181
( 6.9/10 )
 
  Linux Linux kernel
Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system cras...
 
CVE-2014-3182
( 6.9/10 )
 
  Linux Linux kernel
Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device t...
 
CVE-2014-3183
( 6.9/10 )
 
  Linux Linux kernel
Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code ...
 
CVE-2014-3184
( 4.7/10 )
 
  Linux Linux kernel
The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (...
 
CVE-2014-3185
( 6.9/10 )
 
  Linux Linux kernel
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a deni...
 
CVE-2014-3186
( 6.9/10 )
 
  Google Nexus 7
Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of...
 
CVE-2014-3631
( 7.2/10 )
 
  Linux Linux kernel
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference...
 
CVE-2014-6410
( 4.7/10 )
 
  Linux Linux kernel
The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UD...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com