Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-09-18
Low Risk

Nokia Asha Lock Code Bypass

Muhammad Shahmee...
Medium Risk

webEdition 6.3.8.0 Path Traversal

(CVE)
High-Tech Bridge...
Medium Risk

seafile-server 3.1.5 Denial Of Service

retset
Low Risk

MODX Revolution 2.3.1-pl Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

Livefyre LiveComments 3.0 Cross Site Scripting

Brij Kishore Mis...
Low Risk

OsClass 3.4.1 Cross Site Scripting

(CVE)
Omar Kurt
Medium Risk

OsClass 3.4.1 Local File Inclusion

(CVE)
Omar Kurt
Low Risk

WordPress WP-Ban 1.62 Bypass

(CVE)
Tom Adams
Medium Risk

ClassApps SelectSurvey.net 4.124.004 SQL Injection

(CVE)
Anonymous
Medium Risk

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS

Tom Adams
Low Risk

MIUI Wifi Connection Message Wireless Enable

nipc
Low Risk

MIUI Torch Enable

nipc
Low Risk

Android Bluetooth Enable

nipc
2014-09-17
High Risk

Phpwiki Ploticus Remote Code Execution

(CVE)
us3r777
Low Risk

CM Browser SOP Bypass

Rafay Baloch
Medium Risk

OSSEC 2.8 umask Clear Text Passwords

aramosf
Medium Risk

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

Pietro Minniti
Low Risk

In-Portal CMS 5.2.0 Cross Site Scripting

MustLive
High Risk

Delphi And C++ Builder VCL Library Heap Buffer Overflow

(CVE)
Core
Medium Risk

Laravel 2.1 Hash::make() bcrypt Truncation

u0x
High Risk

USB & WiFi Flash Drive 1.3 Code Execution

Vulnerability La...
2014-09-16
High Risk

Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management

(CVE)
Federick Joe Faj...
Medium Risk

Open-Xchange 7.6.0 XSS / SSRF / Traversal

(CVE)
Martin Heiland
Low Risk

WordPress Wordfence 5.2.3 Cross Site Scripting / Bypass

Voxel
Low Risk

DVWA Cross Site Request Forgery

Paulos and Tabor
Low Risk

MyITCRM Cross Site Scripting

provensec
Medium Risk

SingleClick Connect CSRF / XSS / SQL Injection

Rob Fuller
Low Risk

Splendid CRM Cross Site Scripting

provensec
2014-09-15
High Risk

Linux Kernel udf infinite loop when processing indirect ICBs

(CVE)
Jan Kara
Medium Risk

Linux Kernel net guard tcp_set_keepalive against crash

(CVE)
Dave Jones
High Risk

OpenStack Neutron remote reset vulnerability

Elena Ezhova (Mi...
High Risk

Briefcase 4.0 iOS Code Execution & File Include Vulnerability

Vulnerability La...
High Risk

EGYWEB (Mantrac) <= Remote File Disclosure Exploit (.py)

KnocKout
2014-09-14
Medium Risk

MantisBT Null byte poisoning in LDAP authentication

(CVE)
Damien
2014-09-13
High Risk

Rooted SSH/SFTP Daemon Default Login Credentials

Larry W. Cashdol...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-09-18
2014-09-18
 
CVE-2014-2886
( 6.8/10 )
 
  Nongnu GKSU
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrat...
 
CVE-2014-4352
( 2.1/10 )
 
  Apple Iphone os
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.
 
CVE-2014-4353
( 4.3/10 )
 
  Apple Iphone os
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.
 
CVE-2014-4354
( 5.8/10 )
 
  Apple Iphone os
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.
 
CVE-2014-4356
( 2.1/10 )
 
  Apple Iphone os
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.
 
CVE-2014-4357
( 2.1/10 )
 
  Apple Apple tv
Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.
 
CVE-2014-4361
( 1.9/10 )
 
  Apple Iphone os
The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
 
CVE-2014-4362
( 2.1/10 )
 
  Apple Iphone os
The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
 
CVE-2014-4363
( 5/10 )
 
  Apple Safari
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3...
 
CVE-2014-4364
( 6.8/10 )
 
  Apple Apple tv
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryp...
 
CVE-2014-4366
( 5/10 )
 
  Apple Iphone os
Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
 
CVE-2014-4367
( 2.1/10 )
 
  Apple Iphone os
Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number.
 
CVE-2014-4368
( 6.9/10 )
 
  Apple Iphone os
The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events.
 
CVE-2014-4369
( 7.8/10 )
 
  Apple Apple tv
The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.
 
CVE-2014-4371
( 1.9/10 )
 
  Apple Apple tv
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a diffe...
 
CVE-2014-4372
( 3.6/10 )
 
  Apple Apple tv
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
 
CVE-2014-4373
( 7.8/10 )
 
  Apple Apple tv
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
 
CVE-2014-4374
( 5/10 )
 
  Apple Iphone os
NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
 
CVE-2014-4375
( 7.2/10 )
 
  Apple Apple tv
Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
 
CVE-2014-4377
( 6.8/10 )
 
  Apple Apple tv
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com