Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-24
High Risk

strings / libbfd (Chromium 37.0.2062.120) out of bounds read

Michal Zalewski
Medium Risk

Linux 3.17 guest-triggerable KVM OOPS PoC

(CVE)
Andy Lutomirski
Medium Risk

Linux 3.17 guest-triggerable KVM OOPS

(CVE)
Andy Lutomirski
High Risk

Feng Office 1.7.4 Arbitrary File Upload

AutoSec Tools
Low Risk

Feng Office 1.7.4 Cross Site Scripting Vulnerabilities

AutoSec Tools
Low Risk

TestLink 1.9.12 Path Disclosure

(CVE)
Egidio Romano
High Risk

TestLink 1.9.12 PHP Object Injection

(CVE)
Egidio Romano
Medium Risk

WordPress CP Multi View Event Calendar 1.01 SQL Injection

Claudio Viviani
High Risk

WordPress / Joomla Creative Contact Form 0.9.7 Shell Upload

Gianni Angelozzi
Medium Risk

ElectricCommander 4.2.4.71224 Privilege Escalation

(CVE)
Sean Wright
Medium Risk

Centreon SQL / Command Injection

(CVE)
Juan vazquez
Medium Risk

Wonderful World-Wide CMS SQL Injection / Default Credentials

eX-Sh1Ne
High Risk

Free WMA MP3 Converter 1.8 Buffer Overflow

metacom
2014-10-23
Low Risk

SAP BusinessObjects Explorer 14.0.5 Cross Site Flashing

(CVE)
Stefan Horlacher
Low Risk

SAP BusinessObjects Explorer 14.0.5 Information Disclosure

(CVE)
Stefan Horlacher
Low Risk

Dell SonicWall GMS v7.2.x Persistent Web Vulnerability

Vulnerability La...
High Risk

Cisco Ironport WSA telnetd Remote Code Execution

(CVE)
Glafkos Charalam...
Medium Risk

iFunBox Free 1.1 Local File Inclusion

Vulnerability La...
Medium Risk

iBackup 10.0.0.32 Local Privilege Escalation

(CVE)
Glafkos Charalam...
High Risk

DotNetNuke DNNspot Store (UploadifyHandler.ashx) 3.0.0 File Upload

Glafkos Charalam...
High Risk

File Manager 4.2.10 Code Execution

Vulnerability La...
Medium Risk

Mulesoft ESB Runtime 3.5.1 Privilege Escalation / Code Execution

Brandon Perry
2014-10-22
Medium Risk

Nova VMware instance in resize state may leak

(CVE)
Tristan Cacquera...
Medium Risk

KVM DoS triggerable by malicious host userspace

(CVE)
Andy
Medium Risk

RESTAURANT SCRIPT SQL Injection Vulnerabilty

jsass
High Risk

Incredible PBX 11 2.0.6.5.0 Remote Command Execution

Simo Ben
High Risk

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

Larry W. Cashdol...
2014-10-21
Medium Risk

AutoWeb v3.0 CMS SQL Injection

Hugo Santiago do...
High Risk

Files Document & PDF 2.0.2 iOS Multiple Vulnerabilities

Vulnerability La...
Medium Risk

FileBug v1.5.1 iOS Path Traversal Web Vulnerability

Vulnerability La...
High Risk

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

(CVE)
Pedro
Low Risk

LiteCart 1.1.2.1 Cross Site Scripting

(CVE)
Onur Yilmaz
Medium Risk

Huawei Mobile Partner DLL Hijacking

Osanda Malith Ja...
Low Risk

Newtelligence dasBlog 2.3 Open Redirect

(CVE)
Wang Jing
Medium Risk

OpenMRS 2.1 Access Bypass / XSS / CSRF

(CVE)
Mahendra
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-23
2014-10-23
 
CVE-2014-0619
( 6.9/10 )
 
  Hamstersoft Hamster free zip archiver
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.
2014-10-22
 
CVE-2014-4448
( 1.9/10 )
 
  Apple Iphone os
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
 
CVE-2014-4449
( 6.8/10 )
 
  Apple Iphone os
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
 
CVE-2014-4450
( 1.9/10 )
 
  Apple Iphone os
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within u...
 
CVE-2013-7407
( 6.8/10 )
 
  Drupal Mrbs module
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
 
CVE-2014-3675
( 5/10 )
 
  SHIM SHIM
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
 
CVE-2014-3676
( 7.5/10 )
 
  SHIM SHIM
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."
 
CVE-2014-3677
( 7.5/10 )
 
  SHIM SHIM
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
 
CVE-2014-6352
( 9.3/10 )
 
  Microsoft Windows 7
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploit...
 
CVE-2014-6387
( 5/10 )
 
  Mantisbt Mantisbt
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
 
CVE-2014-7182
( 4.3/10 )
 
  Wpgmaps Wordpress google maps plugin
Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_m...
 
CVE-2014-7183
( 4.3/10 )
 
  Litecart Litecart
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
 
CVE-2014-7968
( 5/10 )
 
  Redhat Virtual desktop service manage...
VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.
 
CVE-2014-8088
( 5/10 )
 
  ZEND Zend framework
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bin...
 
CVE-2014-8325
( 7.8/10 )
 
  Calender base project Calender base
The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consumption) via vectors related to the PHP PCRE library.
 
CVE-2014-8381
( 4.3/10 )
 
  Megapolis Megapolis.portal manager
Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter.
 
CVE-2014-8761
( 5/10 )
 
  Dokuwiki Dokuwiki
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.
 
CVE-2014-8762
( 5/10 )
 
  Dokuwiki Dokuwiki
The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.
 
CVE-2014-8763
( 5/10 )
 
  Dokuwiki Dokuwiki
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
 
CVE-2014-8764
( 5/10 )
 
  Dokuwiki Dokuwiki
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com