Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-31
Low Risk

Confluence RefinedWiki Original Theme Cross Site Scripting

Manuel Hofer
High Risk

Vizensoft Admin Panel Bypass / Backdoor / Upload / XSS / SQL Injection

A. Antukh, A. Ba...
2014-10-30
High Risk

F5 Networks Big-IP XML External Entity Injection

(CVE)
Portcullis Advis...
High Risk

GNU Wget FTP Symlink Arbitrary Filesystem Access

(CVE)
HD Moore
Medium Risk

Maarch 1.4 SQL Injection

Adrien Thierry
High Risk

Maarch 1.4 Arbitrary file upload

Adrien Thierry
Medium Risk

IBM Tivoli Monitoring V6.2.2 kbbacf1 privilege escalation exploit

Robert Jaroszuk
High Risk

Konke Smart Plug K Authentication Bypass Vulnerability

(CVE)
gamehacker&z...
High Risk

EspoCRM 2.5.2 XSS / LFI / Access Control

(CVE)
High-Tech Bridge...
2014-10-29
High Risk

MacOS X 10.10 & FreeBSD10 ftp Remote Comand Execution

(CVE)
Jared Mcneill
Medium Risk

ASUS wireless router updates are vulnerable to a MITM attack

(CVE)
David
Medium Risk

Nova network DoS through API filtering

(CVE)
Tristan
Medium Risk

ESET 7.0 Kernel Memory Leak

(CVE)
Kyriakos Economo...
High Risk

CUPS Filter Bash Environment Variable Code Injection

(CVE)
Brendan Coles
Medium Risk

phpfusion (Search Page) Denial of Service Vulnerability

Amir
Medium Risk

ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation

(CVE)
Osanda Malith Ja...
High Risk

Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) Buffer Overflow

ZoRLu
High Risk

Tuleap 7.4.99.5 Remote Command Execution

(CVE)
Jerzy Kramarz
High Risk

Tuleap 7.2 XXE Injection

(CVE)
Jerzy Kramarz
Medium Risk

Tuleap 7.4.99.5 Blind SQL Injection

(CVE)
Jerzy Kramarz
2014-10-28
Medium Risk

vBulletin Verify Email Before Registration Plugin SQL Injection

Dave
High Risk

Pro Chat Rooms 8.2.0 XSS / Shell Upload / SQL Injection

(CVE)
Mike Manzotti @ ...
Medium Risk

Windows TrackPopupMenu Win32k NULL Pointer Dereference

(CVE)
Spencer McIntyre
Medium Risk

Apple iOS 8.0.2 Denial Of Service

Vulnerability La...
Medium Risk

Filemaker Login Bypass / Privilege Escalation

(CVE)
Giuseppe D'Amore...
Low Risk

Google Youtube Filter Bypass / Cross Site Scripting

Vulnerability La...
Low Risk

Folder Plus 2.5.1 Script Injection

Vulnerability La...
High Risk

WebDisk+ 2.1 Code Execution

Vulnerability La...
Medium Risk

iFileExplorer 6.51 File Inclusion

Vulnerability La...
Low Risk

Yourls 1.7 Cross Site Scripting

Alvaro Diaz
Medium Risk

vBulletin 4.x Tapatalk Blind SQL Injection

tintinweb
2014-10-27
High Risk

libbfd Vulnerabilities

Michal Zalewski
Medium Risk

CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities

Gjoko 'LiquidWor...
High Risk

WordPress Count-per-Day Plugin (notes.php) Remote Code Upload

Hugo Santiago do...
High Risk

WordPress Download Manager Plugin Arbitrary File Download

Hugo Santiago do...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-31
2014-10-30
 
CVE-2014-7877
( 4.9/10 )
 
  HP Hp-ux
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
2014-10-29
 
CVE-2014-3051
( 4.3/10 )
 
  IBM Tivoli composite application m...
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, w...
 
CVE-2014-3668
( 5/10 )
 
  PHP PHP
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (app...
 
CVE-2014-3669
( 7.5/10 )
 
  PHP PHP
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary...
 
CVE-2014-3670
( 6.8/10 )
 
  PHP PHP
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory ...
 
CVE-2014-3694
( 6.4/10 )
 
  Pidgin Pidgin
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows m...
 
CVE-2014-3695
( 5/10 )
 
  Pidgin Pidgin
markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.
 
CVE-2014-3696
( 5/10 )
 
  Pidgin Pidgin
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.
 
CVE-2014-3697
( 6.4/10 )
 
  Pidgin Pidgin
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
 
CVE-2014-3698
( 5/10 )
 
  Pidgin Pidgin
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
 
CVE-2014-4839
( 6/10 )
 
  IBM Tririga application platform
Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to hijack the aut...
 
CVE-2014-4877
( 9.3/10 )
 
  GNU WGET
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two...
 
CVE-2014-6149
( 5/10 )
 
  IBM Tivoli application dependency ...
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files v...
 
CVE-2014-8518
( 6.3/10 )
 
  Mcafee Endpoint encryption for files ...
The (1) Removable Media or (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x and Endpoint Encryption for Files and Folders (EEFF) 3....
 
CVE-2014-8519
( 2.1/10 )
 
  Mcafee Network data loss prevention
Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors.
 
CVE-2014-8520
( 5/10 )
 
  Mcafee Network data loss prevention
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports.
 
CVE-2014-8521
( 3.5/10 )
 
  Mcafee Network data loss prevention
Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-8522
( 7.5/10 )
 
  Mcafee Network data loss prevention
The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access.
 
CVE-2014-8523
( 6.8/10 )
 
  Mcafee Network data loss prevention
Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
 
CVE-2014-8524
( 5/10 )
 
  Mcafee Network data loss prevention
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com