Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2015-02-27
Low Risk

Collabtive 2.0 Cross Site Scripting

Provensec
Low Risk

TangoBB 1.5.0-A3 Cross Site Scripting

Dennis Veninga
Low Risk

Enano CMS 1.1.8pl1 Cross Site Scripting

Dennis Veninga
Medium Risk

Data Source: Scopus CMS SQL Injection Web Vulnerability

Vulnerability La...
Medium Risk

DSS TFTP 1.0 Path Traversal

Vulnerability La...
Low Risk

Wireless File Transfer Pro Android - CSRF Vulnerabilities

Vulnerability La...
Low Risk

eFront Learning 3.6.11 Cross Site Scripting

Provensec
Low Risk

Akeneo PIM Cross Site Scripting

Provensec
Medium Risk

D-Link / TRENDnet ncc2 CSRF / Unauthenticated Access

Peter Adkins
2015-02-26
Medium Risk

Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities

Gjoko 'LiquidWor...
Low Risk

SAP Business Objects Unauthorized Audit Information Access

(CVE)
Onapsis
Medium Risk

SAP Business Objects Unauthorized Audit Information Delete

(CVE)
Onapsis
Medium Risk

SAP Business Objects Unauthorized File Repository Server Read

(CVE)
Onapsis
Medium Risk

SAP Business Objects Unauthorized File Repository Server Write

(CVE)
Onapsis
2015-02-25
Medium Risk

Alienware Command Center 2.8.8.0 Local Privilege Escalation

Humberto Cabrera
Medium Risk

Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation

Gjoko 'LiquidWor...
Low Risk

Cisco Ironport AsyncOS Cross Site Scripting

(CVE)
Glafkos Charalam...
Low Risk

Cisco Ironport AsyncOS HTTP Header Injection

(CVE)
Glafkos Charalam...
Low Risk

SAP HANA Web-based Development Workbench Cross Site Scripting

(CVE)
Will Vandevanter
Low Risk

SEO Toaster E-Commerce 2.2.0 Cross Site Scripting

Provensec
Low Risk

N.E.T. E-Commerce Group Cross Site Scripting Vulnerability

Iranian Exploit ...
High Risk

Wordpress force download Local File Download

Ashiyane Digital...
Medium Risk

eTouch Samepage 4.4.0.0.239 SQL Injection / File Read

(CVE)
Brandon Perry
Medium Risk

Magento Server MAGMI Plugin Local File Inclusion And Cross Site Scripting

(CVE)
SECUPENT
High Risk

Webgate Buffer Overflow

Praveen Darshana...
Low Risk

EVO-CMS 2.1.0 Cross Site Request Forgery

Provensec
2015-02-24
High Risk

WESP SDK multiple Remote Code Execution Vulnerabilities

Praveen Darshana...
High Risk

Zabbix 2.0.5 Cleartext ldap_bind_password Password Disclosure (MSF)

(CVE)
Pablo G
Medium Risk

PHP 5.6.5 DateTime Use-After-Free

(CVE)
Taoguang Chen
Medium Risk

PHP 5.6.5 DateTimeZone Type Confusion Infoleak

Taoguang Chen
Low Risk

MyConnection Server 8.2b Cross Site Scripting

(CVE)
Kenneth F. Belva
High Risk

HP Client Automation Command Injection

(CVE)
Juan vazquez
High Risk

WordPress Holding Pattern Theme Arbitrary File Upload

Rob Carr
Medium Risk

phpBugTracker 1.6.0 CSRF / XSS / SQL Injection

(CVE)
Steffen R
Medium Risk

WordPress Easy Social Icons 1.2.2 CSRF / XSS

Eric Flokstra
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2015-02-27
2015-02-26
 
CVE-2015-2086
( 3.5/10 )
 
  Panopoly magic project Panopoly magic
Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.
 
CVE-2015-2087
( 6.5/10 )
 
  Avatar uploader project Avatar uploader
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.
 
CVE-2015-2088
( 4.3/10 )
 
  Term queue project Term queue
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
 
CVE-2015-2089
( 6.8/10 )
 
  Crossslide jquery project Crossslide jquery
Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change...
 
CVE-2015-2090
( 7.5/10 )
 
  Sympies Wordpress survey and poll
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-a...
 
CVE-2014-2188
( 5.8/10 )
 
  Cisco IOS
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that trigg...
 
CVE-2015-0594
( 4.3/10 )
 
  Cisco Prime lan management solution
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspeci...
 
CVE-2015-0632
( 5.7/10 )
 
  Cisco IOS
Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.
 
CVE-2015-0651
( 6.8/10 )
 
  Cisco Application networking manager
Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of a...
 
CVE-2015-0882
( 4.3/10 )
 
  Zen-cart.jp Zen cart
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to...
 
CVE-2015-0883
( 6.8/10 )
 
  Synck graphica Mailform pro cgi
SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5, when the mailauth module is enabled, does not properly send e-mail messages, which allows remote attackers to execute arbitrary code via unspecified vectors.
 
CVE-2015-0977
( 10/10 )
 
  Network vision Intravue
Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.
2015-02-25
 
CVE-2015-0819
( 4.3/10 )
 
  Mozilla Firefox
The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site.
 
CVE-2015-0820
( 2.6/10 )
 
  Mozilla Firefox
Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript s...
 
CVE-2015-0821
( 6.8/10 )
 
  Mozilla Firefox
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.
 
CVE-2015-0822
( 4.3/10 )
 
  Mozilla Firefox
The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.
 
CVE-2015-0823
( 7.5/10 )
 
  Mozilla Firefox
Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect...
 
CVE-2015-0824
( 5/10 )
 
  Mozilla Firefox
The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of Draw...
 
CVE-2015-0825
( 4.3/10 )
 
  Mozilla Firefox
Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memor...
 
CVE-2015-0826
( 6.8/10 )
 
  Mozilla Firefox
The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token se...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2015, cxsecurity.com