Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-12-18
Medium Risk

vBulletin Moderator Control Panel 4.2.2 CSRF

Tomescu Daniel
Low Risk

Jease CMS 2.11 Script Insertion

Manideep K
Medium Risk

WordPress Bird Feeder 1.2.3 CSRF / XSS

(CVE)
Vulnerability La...
Medium Risk

Revive Adserver 3.0.5 Cross Site Scripting / Denial Of Service

(CVE)
Matteo Beccati
Low Risk

Revive Adserver 3.0.5 Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

W3 Total Cache 0.9.4 Cross Site Scripting

(CVE)
Tobias Glemser
High Risk

Morfy CMS 1.05 Remote Command Execution

(CVE)
Vulnerability La...
High Risk

E-Journal 1.0 Shell Upload / SQL Injection

X-Cisadane
Medium Risk

Jaangle 0.98i.977 Denial Of Service

hadji samir
2014-12-17
High Risk

Linux Kernel 'Grinch' polkit/wheel group issue

Joab Jackson
High Risk

Ettercap 8.0 / 8.1 Code Execution / Denial Of Service

(CVE)
Nick Sampanis
Low Risk

Arris Touchstone TG862G/CT Cross Site Scripting

(CVE)
Seth Art
Low Risk

Arris Touchstone TG862G/CT Cross Site Request Forgery

(CVE)
Seth Art
High Risk

CIK Telecom SVG6000RW Default Account / Command Execution

Chako
Medium Risk

iWifi For Chat 1.1 Denial Of Service

Vulnerability La...
High Risk

iUSB 1.2 Arbitrary Code Execution

Vulnerability La...
Low Risk

D-Link DCS-2103 Brute Force / Cross Site Scripting

MustLive
Low Risk

Elefant CMS 1.3.9 Cross Site Scripting

Vulnerability La...
High Risk

RStickets! 1.0.0 Remote Shell Upload

Ibrahim Raafat
High Risk

RSform!Pro 1.3.0 Remote Shell Upload

Ibrahim Raafat
Low Risk

Konakart 7.3.0.1 Cross Site Scripting

Vulnerability La...
High Risk

WordPress A.F.D. Theme Echelon Arbitrary File Download

Cleiton Pinheiro
Low Risk

Fuzzylime 3.03b Cross Site Scripting

Vulnerability La...
Low Risk

RelateIQ Mail Encoding Script Code Injection

Vulnerability La...
2014-12-16
High Risk

Linux Kernel 3.2 multiple x86_64 vulnerabilities

(CVE)
Andy Lutomirski
High Risk

Intrexx Professional 6.0 / 5.2 Remote Code Execution

(CVE)
Christian Schnei...
Low Risk

Intrexx Professional 6.0 / 5.2 Cross Site Scripting

(CVE)
Christian Schnei...
High Risk

ActualAnalyzer ant Cookie Command Execution

Brendan Coles
Medium Risk

CA LISA Multiple Vulns

(CVE)
Ken Williams
Medium Risk

WordPress O2Tweet 0.0.4 CSRF / XSS

(CVE)
Manideep K
2014-12-15
Medium Risk

glibc 2.21 DNS endless loop in getaddr_r

Yash
Low Risk

phpMyAdmin 4.0.x, 4.1.x, 4.2.x Denial of Service

Javier Nieto
Medium Risk

CodeMeter 4.50.906.503 Service Trusted Path Privilege Escalation

Hadji Samir
Medium Risk

HTCSyncManager 3.1.33.0 Service Trusted Path Privilege Escalation

Hadji Samir
High Risk

Wordpress Wp Symposium 14.11 Unauthenticated Shell Upload Exploit

Claudio Viviani
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-12-18
2014-12-17
 
CVE-2014-8133
( 2.1/10 )
 
  Linux Linux kernel
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mec...
 
CVE-2014-9322
( 7.2/10 )
 
  Linux Linux kernel
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access t...
2014-12-16
 
CVE-2013-6435
( 7.5/10 )
 
  RPM RPM
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the...
 
CVE-2014-4936
( 9.3/10 )
 
  Malwarebytes Malwarebytes anti-exploit
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and up...
 
CVE-2014-5359
( 7.8/10 )
 
  Safenet-inc Safenet authentication service...
Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa.
 
CVE-2014-5466
( 4.3/10 )
 
  Splunk Splunk
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-8118
( 10/10 )
 
  RPM RPM
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
 
CVE-2014-8340
( 7.5/10 )
 
  Zoneo-soft Phptraffica
SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header.
 
CVE-2014-8583
( 6.9/10 )
 
  Modwsgi Mod wsgi
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.
 
CVE-2014-8751
( 4.3/10 )
 
  Goywp Webpress
Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) name, (3) address, or (4) comment parameter to forms....
 
CVE-2014-8964
( 5/10 )
 
  PCRE Perl-compatible regular expres...
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
 
CVE-2014-9057
( 7.5/10 )
 
  Sixapart Movabletype
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2014-9323
( 5/10 )
 
  Firebirdsql Firebird
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
 
CVE-2014-9357
( 10/10 )
 
  Docker Docker
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
 
CVE-2014-9358
( 6.4/10 )
 
  Docker Docker
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
 
CVE-2014-9371
( 10/10 )
 
  Manageengine Desktop central
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.
 
CVE-2014-9372
( 6.4/10 )
 
  Manageengine Password manager pro
Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename.
 
CVE-2014-9373
( 10/10 )
 
  Manageengine Netflow analyzer
Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.
 
CVE-2014-4844
( 4/10 )
 
  IBM Business process manager
The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) proces...
 
CVE-2014-5353
( 3.5/10 )
 
  MIT Kerberos
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com