Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2015-01-27
High Risk

glibc gethostbyname buffer overflow (aka GHOST)

(CVE)
Qualys
Low Risk

Android WiFi-Direct Denial of Service

(CVE)
CORE
Medium Risk

D-Link DSL-2740R Unauthenticated Remote DNS Change Exploit

Todor Donev
High Risk

OpenSchool Community Edition 2.2 XSS / Access Bypass

(CVE)
Mahendra
Medium Risk

WordPress Revolution Slider Local File Disclosure

JOK3R
2015-01-26
High Risk

Privoxy 3.0.22 Multiple Vulns

Fabian
High Risk

Wordpress RedSteel Theme Arbitrary File Download Vulnerability

Ashiyane Digital...
2015-01-25
Low Risk

SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability

Vulnerability La...
2015-01-24
High Risk

Cisco Ironport Appliances Privilege Escalation Vulnerability

Glafkos Charalam...
High Risk

Cisco Ironport Appliances Privilege Escalation Vulnerability Exploit

Glafkos Charalam...
Low Risk

SmartCMS 2 Cross Site Scripting

(CVE)
Wang Jing
Medium Risk

SmartCMS 2 SQL Injection

(CVE)
Wang Jing
Medium Risk

ferretCMS 1.0.4-alpha Cross Site Scripting / SQL Injection

Steffen R
2015-01-23
High Risk

libpng 1.6.15 Heap Overflow

(CVE)
Alex Eubanks
Medium Risk

USAA Mobile App Information Disclosure

David Longenecke...
High Risk

Program-O 2.4.6 XSS / LFI / HTTP Response Splitting

Vulnerability La...
Medium Risk

ecommerceMajor SQL Injection

Manish Kishan Ta...
Medium Risk

Alibaba Cross Site Scripting / Open Redirect

Wang Jing
2015-01-22
Low Risk

Jenkins Tomcat Secure and HttpOnly flags are not set for cookies

(CVE)
Yann Rouillard
Medium Risk

OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference

Google Security ...
High Risk

Exif Pilot 4.7.2 Buffer Overflow

Osanda M. Jayath...
Medium Risk

Mangallam SQL Injection

Ashiyane Digital...
High Risk

articleFR CMS 3.0.5 Arbitrary File Upload

Tran Dinh Tien
Medium Risk

RedaxScript 2.1.0 Privilege Escalation

shyamkumar soman...
Medium Risk

Google Drive Information Leak

kevin mcsheehan
High Risk

CAS Server 3.5.2 LDAP Authentication Bypass

(CVE)
Jose Tozo
2015-01-21
High Risk

LizardSquad DDoS Stresser Multiple Vulnerabilities

Vulnerability La...
High Risk

iExplorer 3.6.3 DLL Hijacking Exploit itunesmobiledevice.dll

(CVE)
Vulnerability La...
High Risk

PhotoSync v1.1.3 Android - Command Inject Vulnerability

Vulnerability La...
High Risk

OS X networkd "effective_audit_token" XPC Type Confusion Sandbox Escape

Google Security ...
Medium Risk

OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference

Google Security ...
Medium Risk

YourMembers Blind SQL Injection

(CVE)
Tien Tran Dinh
Medium Risk

ManageEngine Support Center Plus 7916 Directory Traversal

(CVE)
xistence
2015-01-20
Medium Risk

WP eCommerce 3.9.1 plugin XSS & CSRF Web Vulnerability

Neo Hapsis aka 0...
Medium Risk

Invem CMS Admin Bypass Vulnerability

Ashiyane Digital...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2015-01-28
2015-01-27
 
CVE-2014-9646
( 4.6/10 )
 
  Google Chrome
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to ...
 
CVE-2014-9647
( 6.8/10 )
 
  Google Chrome
Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and f...
 
CVE-2014-9648
( 4.3/10 )
 
  Google Chrome
components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote att...
 
CVE-2014-9649
( 4.3/10 )
 
  Pivotal software Rabbitmq
Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message...
 
CVE-2014-9650
( 5/10 )
 
  Pivotal software Rabbitmq
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
 
CVE-2015-1359
( 6.8/10 )
 
  Google Chrome
Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF docu...
 
CVE-2015-1360
( 7.5/10 )
 
  Google Chrome
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBi...
 
CVE-2015-1361
( 6.8/10 )
 
  Google Chrome
platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of ser...
 
CVE-2015-1365
( 5/10 )
 
  Pixabay images project Pixabay images
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
 
CVE-2015-1366
( 4.3/10 )
 
  Pixabay images project Pixabay images
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.
 
CVE-2015-1367
( 7.5/10 )
 
  Catbot project Catbot
SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter.
 
CVE-2015-1371
( 7.5/10 )
 
  Ferretcms project Ferretcms
Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/.
 
CVE-2015-1372
( 7.5/10 )
 
  Ferretcms project Ferretcms
SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.
 
CVE-2015-1373
( 4.3/10 )
 
  Ferretcms project Ferretcms
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not pr...
 
CVE-2015-1374
( 6.8/10 )
 
  Ferretcms project Ferretcms
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3)...
2015-01-26
 
CVE-2014-8148
( 7.2/10 )
 
  Midgard-project Midguard2
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.
 
CVE-2014-8157
( 7.5/10 )
 
  Jasper project Jasper
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overf...
 
CVE-2014-8158
( 6.8/10 )
 
  Jasper project Jasper
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
 
CVE-2014-9571
( 4.3/10 )
 
  Mantisbt Mantisbt
Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.
 
CVE-2014-9572
( 7.5/10 )
 
  Mantisbt Mantisbt
MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2015, cxsecurity.com