Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-09-18
Low Risk

Nokia Asha Lock Code Bypass

Muhammad Shahmee...
Medium Risk

webEdition 6.3.8.0 Path Traversal

(CVE)
High-Tech Bridge...
Medium Risk

seafile-server 3.1.5 Denial Of Service

retset
Low Risk

MODX Revolution 2.3.1-pl Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

Livefyre LiveComments 3.0 Cross Site Scripting

Brij Kishore Mis...
Low Risk

OsClass 3.4.1 Cross Site Scripting

(CVE)
Omar Kurt
Medium Risk

OsClass 3.4.1 Local File Inclusion

(CVE)
Omar Kurt
Low Risk

WordPress WP-Ban 1.62 Bypass

(CVE)
Tom Adams
Medium Risk

ClassApps SelectSurvey.net 4.124.004 SQL Injection

(CVE)
Anonymous
Medium Risk

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS

Tom Adams
Low Risk

MIUI Wifi Connection Message Wireless Enable

nipc
Low Risk

MIUI Torch Enable

nipc
Low Risk

Android Bluetooth Enable

nipc
2014-09-17
High Risk

Phpwiki Ploticus Remote Code Execution

(CVE)
us3r777
Low Risk

CM Browser SOP Bypass

Rafay Baloch
Medium Risk

OSSEC 2.8 umask Clear Text Passwords

aramosf
Medium Risk

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

Pietro Minniti
Low Risk

In-Portal CMS 5.2.0 Cross Site Scripting

MustLive
High Risk

Delphi And C++ Builder VCL Library Heap Buffer Overflow

(CVE)
Core
Medium Risk

Laravel 2.1 Hash::make() bcrypt Truncation

u0x
High Risk

USB & WiFi Flash Drive 1.3 Code Execution

Vulnerability La...
2014-09-16
High Risk

Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management

(CVE)
Federick Joe Faj...
Medium Risk

Open-Xchange 7.6.0 XSS / SSRF / Traversal

(CVE)
Martin Heiland
Low Risk

WordPress Wordfence 5.2.3 Cross Site Scripting / Bypass

Voxel
Low Risk

DVWA Cross Site Request Forgery

Paulos and Tabor
Low Risk

MyITCRM Cross Site Scripting

provensec
Medium Risk

SingleClick Connect CSRF / XSS / SQL Injection

Rob Fuller
Low Risk

Splendid CRM Cross Site Scripting

provensec
2014-09-15
High Risk

Linux Kernel udf infinite loop when processing indirect ICBs

(CVE)
Jan Kara
Medium Risk

Linux Kernel net guard tcp_set_keepalive against crash

(CVE)
Dave Jones
High Risk

OpenStack Neutron remote reset vulnerability

Elena Ezhova (Mi...
High Risk

Briefcase 4.0 iOS Code Execution & File Include Vulnerability

Vulnerability La...
High Risk

EGYWEB (Mantrac) <= Remote File Disclosure Exploit (.py)

KnocKout
2014-09-14
Medium Risk

MantisBT Null byte poisoning in LDAP authentication

(CVE)
Damien
2014-09-13
High Risk

Rooted SSH/SFTP Daemon Default Login Credentials

Larry W. Cashdol...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-09-18
2014-09-18
 
CVE-2014-2886
( 6.8/10 )
 
  Nongnu GKSU
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrat...
 
CVE-2014-4352
( 2.1/10 )
 
  Apple Iphone os
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.
 
CVE-2014-4353
( 4.3/10 )
 
  Apple Iphone os
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.
 
CVE-2014-4354
( 5.8/10 )
 
  Apple Iphone os
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.
 
CVE-2014-4356
( 2.1/10 )
 
  Apple Iphone os
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.
 
CVE-2014-4357
( 2.1/10 )
 
  Apple Apple tv
Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.
 
CVE-2014-4361
( 1.9/10 )
 
  Apple Iphone os
The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.
 
CVE-2014-4362
( 2.1/10 )
 
  Apple Iphone os
The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
 
CVE-2014-4363
( 5/10 )
 
  Apple Safari
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3...
 
CVE-2014-4378
( 5.8/10 )
 
  Apple Apple tv
CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.
 
CVE-2014-4819
( 4/10 )
 
  IBM Integration bus
The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page.
 
CVE-2014-4820
( 4.3/10 )
 
  IBM Integration bus manufacturing ...
Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-4824
( 6.5/10 )
 
  IBM Qradar security information an...
SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2014-4826
( 4.3/10 )
 
  IBM Qradar security information an...
IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly handle SSH connections, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
 
CVE-2014-5317
( 4.3/10 )
 
  Php365 365 links
Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 and earlier, 365 Links2 3.11 and earlier, 365 Links+ 2.10 and earlier, and 365 Links2+ 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecifi...
 
CVE-2014-5411
( 3.5/10 )
 
  Schneider-electric Clearscada
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2014-5412
( 5/10 )
 
  Schneider-electric Clearscada
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
 
CVE-2014-5413
( 5/10 )
 
  Schneider-electric Clearscada
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.
2014-09-17
 
CVE-2014-0560
( 10/10 )
 
  Adobe Acrobat
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
 
CVE-2014-0561
( 10/10 )
 
  Adobe Acrobat
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0567.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com