Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-04-16
Medium Risk

Apache HTTPD 2.2.22/ModSecurity 2.7.5 bypass RequestHeader unset

(CVE)
Martin
High Risk

OpenSSL use-after-free race condition read buffer

(CVE)
Pawel Kolodziej
High Risk

Apache Syncope 1.0.8 / 1.1.6 Code Execution

(CVE)
Draperi
High Risk

Ruckus OpenSSL 1.0.1 Heartbleed Issue

(CVE)
Ruckus Wireless
Medium Risk

Xerox DocuShare SQL Injection

Brandon Perry
High Risk

Unitrends Unauthenticated Root Command Execution

Brandon Perry
High Risk

Adobe Flash ExternalInterface Use-After-Free

(CVE)
VUPEN
High Risk

Netgear N600 Password Disclosure / Account Reset

Santhosh Kumar
High Risk

WebTitan 4.01 Command Execution / Directory Traversal

Brandon Perry
Low Risk

Joomla SMF Cross Site Scripting

Renzi
Low Risk

CMS iCAT Cross Site Scripting

Renzi
2014-04-15
High Risk

TrueCrypt Multiple Vulnerabilities

iSEC
Medium Risk

Adobe Reader For Android Javascript Insecure

Yorick Koster
Medium Risk

PDF Album 1.7 Local File Inclusion

Vulnerability La...
Low Risk

HP Insecure RPATH Use

(CVE)
Tim Brown
High Risk

BMC Patrol For AIX Insecure RPATH Use

(CVE)
Tim Brown
Medium Risk

WordPress LineNity Local File Inclusion

Felipe Andrian P...
Medium Risk

Madss Software Solution SQL Injection

Ashiyane Digital...
Low Risk

PrestaShop 1.5.6.2 Cross Site Scripting

Renzi
Medium Risk

CMS Int24 SQL Injection

Renzi
Low Risk

Joomla BeaconDecode Cross Site Scripting

Renzi
Low Risk

Joomla EWriting Cross Site Scripting

Renzi
2014-04-14
High Risk

Internet Explorer 10 CMarkup Use-After-Free Exploit

(CVE)
Jean-Jamil Khali...
Low Risk

JoomShopping Multiple XSS & FPD

Smash_
High Risk

Sagem F@st 3304-V2 Authentification Bypass *youtube

Yassine Aboukir
High Risk

WordPress Theme LineNity LFI

Andrian Peixoto
Low Risk

CUPS 1.6.4 web interface XSS

Alex
Low Risk

Microweber CMS v0.93 CSRF Vulnerability

sajith
Medium Risk

CubeCart 5.2.8 Session Fixation

(CVE)
James Sibley
2014-04-13
Low Risk

VMware Workstation / Player Invalid Pointer Dereference

(CVE)
Kyriakos Economo...
Medium Risk

Twitget 3.3.1 Cross Site Request Forgery / Cross Site Scripting

(CVE)
Tom Adams
High Risk

Comtrend CT 5361T Password Disclosure

TUNISIAN CYBER
2014-04-12
Low Risk

Plex Media Server 0.9.9.10 CSRF / Disclosure

Stefan Viehbock
Medium Risk

netlinks php cms SQL Injection Vulnerability

H-SK33PY
Medium Risk

D-Link DAP 1150 Cross Site Request Forgery / Cross Site Scripting

MustLive
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-04-16
2014-04-15
 
CVE-2013-5704
( 5/10 )
 
  Apache Http server
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a s...
 
CVE-2013-5705
( 5/10 )
 
  Modsecurity Modsecurity
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
 
CVE-2014-0341
( 3.5/10 )
 
  Pivotx Pivotx
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templa...
 
CVE-2014-0342
( 7.5/10 )
 
  Pivotx Pivotx
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecifie...
 
CVE-2014-0348
( 3.5/10 )
 
  Ontariosystems Artiva architect
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to ar...
 
CVE-2014-0353
( 6.1/10 )
 
  Zyxel N300 netusb nbg-419n
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters.
 
CVE-2014-0354
( 7.8/10 )
 
  Zyxel N300 netusb nbg-419n
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request.
 
CVE-2014-0355
( 7.9/10 )
 
  Zyxel N300 netusb nbg-419n
Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp attribute in a yweather:condition element in a forecas...
 
CVE-2014-0356
( 7.9/10 )
 
  Zyxel N300 netusb nbg-419n
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost funct...
 
CVE-2014-0357
( 5/10 )
 
  Amtelco Misecuremessages
Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.
 
CVE-2014-0358
( 7.8/10 )
 
  Xangati Xangati software release
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download ...
 
CVE-2014-0359
( 9/10 )
 
  Xangati Xangati software release
Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.
2014-04-14
 
CVE-2010-5298
( 4/10 )
 
  Openssl Openssl
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via...
 
CVE-2014-0077
( 5.5/10 )
 
  Linux Linux kernel
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain pr...
 
CVE-2014-0128
( 5/10 )
 
  Squid-cache Squid
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
 
CVE-2014-0155
( 5.5/10 )
 
  Linux Linux kernel
The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in ...
 
CVE-2014-0159
( 5/10 )
 
  Openafs Openafs
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
 
CVE-2014-0612
( 5/10 )
 
  Juniper Srx100
Unspecified vulnerability in Juniper Jonos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote atta...
 
CVE-2014-0614
( 7.1/10 )
 
  Juniper Junos
Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets.
 
CVE-2014-2706
( 7.1/10 )
 
  Linux Linux kernel
Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com