Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-07-29
Medium Risk

Parallels Tools 9.0 Privilege Escalation

Anastasios
High Risk

CMSimple 4.4.4 RFI / Code Execution / Default Password

Indian Haxors Te...
High Risk

Web Encryption Extension Authentication Bypass

Senderek
Low Risk

Barracuda Networks Spam / Virus Firewall 5.1.3 XSS

Vulnerability La...
Low Risk

MasterCard Open Redirect

Anastasios
High Risk

WordPress Slider Revolution Responsive 4.1.4 File Download

Claudio Viviani
Medium Risk

WordPress Lead Octopus Power SQL Injection

Ashiyane Digital...
Medium Risk

WordPress FBGorilla SQL Injection

Ashiyane Digital...
2014-07-28
Low Risk

MyBB 1.6.14 search.php Full Path Disclosure

DemoLisH
High Risk

Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload

(CVE)
Christian Mehlma...
High Risk

Oxwall 1.7.0 Remote Code Execution Exploit

Gjoko 'LiquidWor...
Medium Risk

Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities

Gjoko 'LiquidWor...
Medium Risk

Linux Kernel sctp inherit auth_capable on INIT collisions

Jason
Low Risk

rsync vulnerable to collisions

Michael
Medium Risk

CMS Studyo10 Blind Sql Injection

Felipe Andrian P...
Medium Risk

DirPHP - version 1.0 Local File Inclusion

Chosen
Medium Risk

Sagem F@st 3304-V1 denial of service Vulnerability

Z3ro0ne
Medium Risk

Omeka 2.2 Cross Site Request Forgery / Cross Site Scripting

(CVE)
Gjoko 'LiquidWor...
Medium Risk

Bugzilla 3.x / 4.x Cross Site Request Forgery

(CVE)
Mario Gomes, Byr...
2014-07-27
High Risk

Netgear DGN2200 Password Disclosure

Dolev Farhi
High Risk

Ubiquiti UbiFi Controller 2.4.5 Password Hash Disclosure

(CVE)
Seth Art
Low Risk

Zenoss Monitoring System 4.2.5-2108 Cross Site Scripting

(CVE)
Dolev
Low Risk

Easy File Sharing Persistent Cross Site Scripting

Joseph Giron
2014-07-25
High Risk

Windows Mail Rogue Program.exe Execution

Stefan Kanthak
High Risk

Make 3.81 Heap Overflow

HyP
High Risk

Plesk Sitebuilder XSS / Bypass / Shell Upload / File Download

alieye
High Risk

Pligg <= 2.0.1 SQL Injection / PWD disclosure / RCE

BlackHawk
Medium Risk

MQAC.sys Arbitrary Write Privilege Escalation

(CVE)
Spencer
Low Risk

Ubiquiti AirVision Controller 2.1.3 Weak Settings

(CVE)
Seth
High Risk

BulletProof FTP Client 2010 Buffer Overflow

(CVE)
Gabor Seljan
Low Risk

UniFi / mFi / AirVision Cross Site Request Forgery

(CVE)
sethsec
Medium Risk

WordPress Video Gallery 2.5 Cross Site Scripting / SQL Injection

Claudio Viviani
High Risk

Lian Li NAS Hardcoded Cookie / Bypass / Privilege Escalation

pws
2014-07-24
High Risk

Omeka 2.2.1 Remote Code Execution Exploit

Gjoko 'LiquidWor...
High Risk

TimThumb 2.8.13 Remote Code Execution

(CVE)
u0x
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-07-29
2014-07-28
 
CVE-2014-5104
( 7.5/10 )
 
  Ol-commerce project Ol-commerce
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_bann...
 
CVE-2014-5105
( 4.3/10 )
 
  Ol-commerce project Ol-commerce
Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an...
 
CVE-2014-5106
( 4.3/10 )
 
  Invisionpower Invision power board
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.
 
CVE-2014-5107
( 5/10 )
 
  Concrete5 Concrete5
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mai...
 
CVE-2014-5108
( 4.3/10 )
 
  Concrete5 Concrete5
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.
 
CVE-2014-5109
( 7.5/10 )
 
  Fonality Trixbox
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
 
CVE-2014-5110
( 4.3/10 )
 
  Fonality Trixbox
Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter.
 
CVE-2014-5111
( 5/10 )
 
  Fonality Trixbox
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg...
 
CVE-2014-5112
( 7.5/10 )
 
  Fonality Trixbox
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.
 
CVE-2014-5113
( 4.3/10 )
 
  Visualware Myconnection server
Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) code...
 
CVE-2013-4840
( 7.8/10 )
 
  H3C Secbladefw
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.
 
CVE-2014-2974
( 6.8/10 )
 
  Silver-peak VX
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
 
CVE-2014-2975
( 4.3/10 )
 
  Silver-peak VX
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.
 
CVE-2014-3303
( 4/10 )
 
  Cisco Webex meetings server
The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the bro...
 
CVE-2014-3304
( 5/10 )
 
  Cisco Webex meetings server
The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722.
 
CVE-2013-4262
( 2.4/10 )
 
  Apache Subversion
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (...
 
CVE-2013-7393
( 2.4/10 )
 
  Apache Subversion
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from ...
2014-07-27
 
CVE-2014-4725
( 7.5/10 )
 
  Mailpoet Mailpoet newsletters
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-c...
 
CVE-2014-4726
( 7.5/10 )
 
  Mailpoet Mailpoet newsletters
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.
2014-07-26
 
CVE-2014-2363
( 10/10 )
 
  Morpho Itemiser 3
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com