Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-04-19
Medium Risk

clang-3.5 scan-build insecure use of /tmp

(CVE)
Jakub Wilk
High Risk

Adobe Flash Player Regular Expression Heap Overflow

(CVE)
Juan vazquez
Low Risk

CU3ER 1.24 Cross Site Scripting / Content Spoofing

MustLive
High Risk

Sercomm TCP/32674 Backdoor Reactivation

Eloi Vanderbeken
Medium Risk

Linux group_info Denial Of Service

(CVE)
Thomas Pollet
Low Risk

vBulletin 5.1 Cross Site Scripting

Romanian Securit...
High Risk

Ruby Gem sfpagent 0.4.14 Command Injection

Larry W. Cashdol...
2014-04-18
Low Risk

bzip2 1.0.5 local users execute arbitrary code

(CVE)
Tavis Ormandy
Low Risk

Oracle Identity Manager Unvalidated Redirects

(CVE)
Giuseppe D'Amore...
High Risk

Nagios Remote Plugin Executor 2.15 Remote Command Execution

Dawid Golunski
High Risk

ASUS RT Password Disclosure

(CVE)
David Longenecke...
Low Risk

McAfee Security Scanner Plus Rogue Binary Execution

Stefan Kanthak
Medium Risk

D-Link DAP-1320 Directory Traversal / Cross Site Scripting

K Lovett
High Risk

CMSimple 4.4.2 Remote File Inclusion

NoGe
Low Risk

F-Secure Messaging Security Gateway 7.5.0.892 Cross Site Scripting

William Costa
2014-04-17
High Risk

TrueCrypt Multiple Vulnerabilities

(CVE)
iSEC
High Risk

Ruby OpenSSL private key spoofing

(CVE)
Gregory Disney
Low Risk

Jzip SEH unicode buffer overflow (DOS)

motaz reda
High Risk

OpenSSL 1.0.1 Missing critical flag for extended key usage

Stephan Muehlstr...
High Risk

SAP Router Password Timing Attack

(CVE)
CORE
Medium Risk

PCNetSoftware RAC Server 4.0.4 / 4.0.5 Denial Of Service

(CVE)
Kyriakos Economo...
Low Risk

Ektron CMS 8.7 Cross Site Scripting

(CVE)
Joseph Zeng Xian...
Medium Risk

WinSCP 5.5.2.4130 Missing X.509 Validation

(CVE)
Micha Borrmann
Medium Risk

MobFox mAdserver 2.0 SQL Injection

(CVE)
High-Tech Bridge...
High Risk

EMC Cloud Tiering Appliance XXE / Information Disclosure

(CVE)
EMC
Low Risk

CMS Studio Cross Site Scripting

Renzi
2014-04-16
High Risk

libmms heap-based buffer overflow

Alex Chapman
High Risk

Microsoft Internet Explorer CMarkup Use-After-Free Metasploit

(CVE)
Juan vazquez
Medium Risk

MyBB Advanced Forum Signatures 2.0.4 SQL Injection

(CVE)
Mario_Vs
Medium Risk

OpenSSL use-after-free race condition read buffer

(CVE)
Pawel Kolodziej
Medium Risk

Apache HTTPD 2.2.22/ModSecurity 2.7.5 bypass RequestHeader unset

(CVE)
Martin
High Risk

Apache Syncope 1.0.8 / 1.1.6 Code Execution

(CVE)
Draperi
High Risk

Ruckus OpenSSL 1.0.1 Heartbleed Issue

(CVE)
Ruckus Wireless
Medium Risk

Xerox DocuShare SQL Injection

Brandon Perry
High Risk

Unitrends Unauthenticated Root Command Execution

Brandon Perry
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-04-19
2014-04-17
 
CVE-2011-3154
( 1.9/10 )
 
  Canonical Update-manager
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allo...
 
CVE-2013-2143
( 6.5/10 )
 
  Katello Katello
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
 
CVE-2014-0036
( 6.8/10 )
 
  Amos benari Rbovirt
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
 
CVE-2014-0054
( 6.8/10 )
 
  Springsource Spring framework
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct ...
 
CVE-2014-0071
( 6.4/10 )
 
  Redhat Openstack
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.
 
CVE-2014-0085
( 2.1/10 )
 
  Apache Zookeeper
Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
 
CVE-2014-0111
( 6.5/10 )
 
  Apache Syncope
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of r...
 
CVE-2014-0984
( 4.3/10 )
 
  SAP Router
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtra...
 
CVE-2014-1932
( 4.4/10 )
 
  Python Pillow
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do n...
 
CVE-2014-1933
( 2.1/10 )
 
  Python Pillow
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attac...
 
CVE-2014-2310
( 5/10 )
 
  Net-snmp Net-snmp
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-...
 
CVE-2014-2469
( 5/10 )
 
  Oracle Sunos
Unspecified vulnerability in Lighthttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors.
 
CVE-2014-2707
( 5.8/10 )
 
  Linuxfoundation Cups-filters
cups-browsed in cups-filters 1.0.41 before 1.0.51 in allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
 
CVE-2014-2879
( 4.3/10 )
 
  DELL Sonicwall email security
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (set...
 
CVE-2014-2880
( 5.8/10 )
 
  Oracle Identity manager
Open redirect vulnerability in Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/fi...
2014-04-16
 
CVE-2011-0460
( 6.3/10 )
 
  Kbd-project KBD
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.
 
CVE-2011-0993
( 2.1/10 )
 
  Novell Suse lifecycle management serv...
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.
 
CVE-2011-3180
( 7.5/10 )
 
  SUSE KIWI
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.
 
CVE-2011-4089
( 4.6/10 )
 
  BZIP Bzip2
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
 
CVE-2011-4192
( 7.5/10 )
 
  SUSE KIWI
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com