Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-07-28
Low Risk

MyBB 1.6.14 search.php Full Path Disclosure

DemoLisH
High Risk

Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload

(CVE)
Christian Mehlma...
High Risk

Oxwall 1.7.0 Remote Code Execution Exploit

Gjoko 'LiquidWor...
Medium Risk

Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities

Gjoko 'LiquidWor...
Medium Risk

Linux Kernel sctp inherit auth_capable on INIT collisions

Jason
Low Risk

rsync vulnerable to collisions

Michael
Medium Risk

CMS Studyo10 Blind Sql Injection

Felipe Andrian P...
Medium Risk

DirPHP - version 1.0 Local File Inclusion

Chosen
Medium Risk

Sagem F@st 3304-V1 denial of service Vulnerability

Z3ro0ne
Medium Risk

Omeka 2.2 Cross Site Request Forgery / Cross Site Scripting

(CVE)
Gjoko 'LiquidWor...
Medium Risk

Bugzilla 3.x / 4.x Cross Site Request Forgery

(CVE)
Mario Gomes, Byr...
2014-07-27
High Risk

Netgear DGN2200 Password Disclosure

Dolev Farhi
High Risk

Ubiquiti UbiFi Controller 2.4.5 Password Hash Disclosure

(CVE)
Seth Art
Low Risk

Zenoss Monitoring System 4.2.5-2108 Cross Site Scripting

(CVE)
Dolev
Low Risk

Easy File Sharing Persistent Cross Site Scripting

Joseph Giron
2014-07-25
High Risk

Windows Mail Rogue Program.exe Execution

Stefan Kanthak
High Risk

Make 3.81 Heap Overflow

HyP
High Risk

Plesk Sitebuilder XSS / Bypass / Shell Upload / File Download

alieye
High Risk

Pligg <= 2.0.1 SQL Injection / PWD disclosure / RCE

BlackHawk
Medium Risk

MQAC.sys Arbitrary Write Privilege Escalation

(CVE)
Spencer
Low Risk

Ubiquiti AirVision Controller 2.1.3 Weak Settings

(CVE)
Seth
High Risk

BulletProof FTP Client 2010 Buffer Overflow

(CVE)
Gabor Seljan
Low Risk

UniFi / mFi / AirVision Cross Site Request Forgery

(CVE)
sethsec
Medium Risk

WordPress Video Gallery 2.5 Cross Site Scripting / SQL Injection

Claudio Viviani
High Risk

Lian Li NAS Hardcoded Cookie / Bypass / Privilege Escalation

pws
2014-07-24
High Risk

Omeka 2.2.1 Remote Code Execution Exploit

Gjoko 'LiquidWor...
High Risk

TimThumb 2.8.13 Remote Code Execution

(CVE)
u0x
High Risk

LPAR2RRD 3.5 / 4.53 Command Injection

(CVE)
Bilberger
Medium Risk

E2 2844 SQL Injection

(CVE)
Ilya Birman
Medium Risk

CMS VIA-X SQL Injection

Felipe Andrian P...
High Risk

Ukora CMS Shell Upload

Jagriti Sahu AKA...
2014-07-23
Medium Risk

Apache 2.4.x mod_proxy Denial Of Service

Marek Kroemeke
Medium Risk

Linux Kernel ptrace/sysret Local Privilege Escalation

(CVE)
Vitaly Nikolenko
High Risk

Ansible 1.6.6 Arbitrary Code Execution

(CVE)
Brian Harring
Low Risk

EventLog Analyzer 9.0 Build #9000 Cross Site Scripting

A2SECURE
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-07-28
2014-07-25
 
CVE-2014-2227
( 6/10 )
 
  UBNT Unifi video
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin P...
 
CVE-2014-5027
( 4.3/10 )
 
  Reviewboard Review board
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.
 
CVE-2014-5100
( 6.8/10 )
 
  Omeka Omeka
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cro...
2014-07-24
 
CVE-2014-0607
( 10/10 )
 
  Attachmate Verastream process designer
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.
 
CVE-2014-1419
( 6.9/10 )
 
  Canonical Acpi-support
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.
 
CVE-2014-2360
( 7.5/10 )
 
  Oleumtech Sensor wireless i/o module
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.
 
CVE-2014-2361
( 7.2/10 )
 
  Oleumtech Sensor wireless i/o module
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after us...
 
CVE-2014-2362
( 7.8/10 )
 
  Oleumtech Sensor wireless i/o module
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of proj...
 
CVE-2014-2369
( 6/10 )
 
  Omron Ns10 hmi terminal
Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors...
 
CVE-2014-2370
( 3.5/10 )
 
  Omron Ns10 hmi terminal
Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.
 
CVE-2014-2717
( 7.6/10 )
 
  Honeywell Falcon xlweb linux controller
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page...
 
CVE-2014-2968
( 4.3/10 )
 
  Huawei E355 web ui
Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message.
 
CVE-2014-2971
( 3.5/10 )
 
  Micropact Icomplaints
Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter.
 
CVE-2014-3110
( 4.3/10 )
 
  Honeywell Falcon xlweb linux controller
Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML ...
 
CVE-2014-3322
( 6.1/10 )
 
  Cisco Asr 9000 rsp440 router
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSC...
 
CVE-2014-4682
( 5/10 )
 
  Siemens Simatic pcs7
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.
 
CVE-2014-4683
( 4.9/10 )
 
  Siemens Simatic pcs7
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.
 
CVE-2014-4684
( 6/10 )
 
  Siemens Simatic pcs7
The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.
 
CVE-2014-4685
( 4.6/10 )
 
  Siemens Simatic pcs7
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.
 
CVE-2014-4686
( 6.8/10 )
 
  Siemens Simatic pcs7
The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product ...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com