Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2015-01-31
Medium Risk

McAfee Data Loss Prevention Endpoint Privilege Escalation

(CVE)
Parvez Anwar
Low Risk

Asus RT-N10 Plus Cross Site Scripting

Kaustubh G. Padw...
High Risk

Symantec Encryption Management Server Remote Command Injection

Paul Craig
Medium Risk

NPDS CMS Revolution-13 SQL Injection

(CVE)
Narendra Bhati
2015-01-30
Medium Risk

Exim ESMTP GHOST Denial Of Service

(CVE)
1N3
High Risk

ClearSCADA Remote Authentication Bypass

Jeremy Brown
Low Risk

Pexip Infinity Non-Unique SSH Host Keys

(CVE)
giles
Medium Risk

MantisBT 1.2.17 XSS / Improper Access Control / SQL Injection

(CVE)
High-Tech Bridge...
Low Risk

Kaseya Browser 7.0 Android Path Traversal

security-assessm...
Medium Risk

ManageEngine File Download / Content Disclosure / SQL Injection

(CVE)
Pedro
High Risk

UniPDF 1.1 Buffer Overflow / Denial Of Service

bonze
Medium Risk

Kaseya BYOD Gateway 7.0.2 SSL Certificate Validation / Redirection

security-assessm...
Medium Risk

ManageEngine Firewall Analyzer 8.0 Directory Traversal / XSS

AmirHadi Yazdani...
Medium Risk

Fortinet FortiOS Denial Of Service / Man-In-The-Middle

Denis Andzakovic
Medium Risk

Fortinet FortiClient Hardcoded Encryption Keys / Broken SSL Validation

security-assessm...
2015-01-29
Medium Risk

Mantis BugTracker 1.2.19 Open Redirect

(CVE)
Alejo Popovici
2015-01-28
Medium Risk

glibc 2.20 getaddrinfo() writes DNS queries to random file descriptors (PoC)

(CVE)
arnaud
Low Risk

FancyFon FAMOC 3.16.5 Cross Site Scripting

Matthias Deeg
Medium Risk

FancyFon FAMOC 3.16.5 SQL Injection

Matthias Deeg
Low Risk

FancyFon FAMOC 3.16.5 Missing Salt

Matthias Deeg
Medium Risk

FancyFon FAMOC 3.16.5 Session Fixation

Matthias Deeg
Low Risk

NASA.gov Cross Site Scripting

Yann CAM
High Risk

FreeBSD Kernel Crash / Code Execution / Disclosure

(CVE)
CoreLabs
High Risk

Restaurantbiller SQL Injection / Shell Upload

R3vanBastard
Medium Risk

New CMS 2.1 Local File Inclusion

R3vanBastard
2015-01-27
High Risk

glibc gethostbyname buffer overflow (aka GHOST)

(CVE)
Qualys
Low Risk

Android WiFi-Direct Denial of Service

(CVE)
CORE
Medium Risk

D-Link DSL-2740R Unauthenticated Remote DNS Change Exploit

Todor Donev
High Risk

OpenSchool Community Edition 2.2 XSS / Access Bypass

(CVE)
Mahendra
Medium Risk

WordPress Revolution Slider Local File Disclosure

JOK3R
2015-01-26
High Risk

Privoxy 3.0.22 Multiple Vulns

Fabian
High Risk

Wordpress RedSteel Theme Arbitrary File Download Vulnerability

Ashiyane Digital...
2015-01-25
Low Risk

SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability

Vulnerability La...
2015-01-24
High Risk

Cisco Ironport Appliances Privilege Escalation Vulnerability

Glafkos Charalam...
High Risk

Cisco Ironport Appliances Privilege Escalation Vulnerability Exploit

Glafkos Charalam...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2015-02-01
2015-01-30
 
CVE-2014-4496
( 5/10 )
 
  Apple Apple tv
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism ...
 
CVE-2014-8838
( 4.3/10 )
 
  Apple Mac os x
The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate f...
 
CVE-2014-8839
( 5/10 )
 
  Apple Mac os x
Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load remote content in messages" configuration, which allows remote attackers to discover recipient IP addresses by including an inline image in an HTML e-mail message and logging HTTP...
 
CVE-2014-8840
( 6.8/10 )
 
  Apple Iphone os
The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.
2015-01-29
 
CVE-2015-1423
( 6.5/10 )
 
  Jakweb Gecko cms
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
 
CVE-2015-1424
( 6.8/10 )
 
  Jakweb Gecko cms
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.
2015-01-28
 
CVE-2015-1375
( 7.5/10 )
 
  Pixabay images project Pixabay images
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
 
CVE-2015-1376
( 4/10 )
 
  Pixabay images project Pixabay images
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
 
CVE-2015-1419
( 5/10 )
 
  Beasts Vsftpd
Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
 
CVE-2014-8917
( 4.3/10 )
 
  IBM Social media analytics
Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in t...
 
CVE-2014-8920
( 7.2/10 )
 
  IBM I access
Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.
 
CVE-2015-0235
( 10/10 )
 
  GNU Glibc
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu...
 
CVE-2015-0312
( 10/10 )
 
  Adobe Flash player
Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.
 
CVE-2015-0581
( 7.5/10 )
 
  Cisco Prime service catalog
The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, ...
 
CVE-2015-0586
( 7.8/10 )
 
  Cisco IOS
The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote attackers to cause a denial of service (NBAR proce...
 
CVE-2014-8893
( 3.5/10 )
 
  IBM Tririga application platform
Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web s...
 
CVE-2014-8894
( 4.9/10 )
 
  IBM Tririga application platform
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.
 
CVE-2014-8895
( 4.3/10 )
 
  IBM Tririga application platform
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.
2015-01-27
 
CVE-2014-5211
( 6.8/10 )
 
  Attachmate Reflection ftp client
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.
 
CVE-2014-8154
( 7.5/10 )
 
  Gnome VALA
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecifie...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2015, cxsecurity.com