Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-11-24
High Risk

Linux 'less' can probably get you owned

Michal Zalewski
Medium Risk

Firefox 31 Integer Overflow

Stakenvicius
High Risk

Linux kernel LDT handling bugs

Andy
2014-11-23
Medium Risk

lesspipe cpio bug to back up the argument

Michal Zalewski
High Risk

MyBB <= 1.8.2 unset_globals() Function Bypass and Remote

Taoguang Chen
Medium Risk

WordPress SP Client Document Manager 2.4.1 SQL Injection

ITAS Team
2014-11-22
High Risk

ClamAV heap buffer overflow scanning a specially crafted file

(CVE)
Damien
Medium Risk

TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service

Gjoko 'LiquidWor...
High Risk

glibc command execution in wordexp() with WRDE_NOCMD specified

Francisco
Medium Risk

TIBCO Managed File Transfer vulnerabilities

(CVE)
TIBCO
Low Risk

TIBCO Spotfire Web Player vulnerabilities

(CVE)
TIBCO
Low Risk

Booking.com Open Redirect

Sergio Giucastro
2014-11-21
High Risk

Netgear Wireless Router WNR500 Traversal Arbitrary File Access Exploit

Gjoko 'LiquidWor...
Medium Risk

Privacyware Privatefirewall 7.0 Unquoted Service Path Privilege Escalation

Gjoko 'LiquidWor...
Medium Risk

Supr Shopsystem v5.1.0 - Persistent UI Vulnerability

Vulnerability La...
High Risk

Microsoft Internet Explorer OLE Pre-IE11 Code Execution

(CVE)
GradiusX
Low Risk

PHPFox XSS AdminCP

(CVE)
Wesley Henrique ...
High Risk

Paid Memberships Pro 1.7.14.2 Path Traversal

(CVE)
Kacper Szurek
High Risk

Advantech EKI-6340 2.05 Command Injection

(CVE)
CORE
High Risk

Advantech AdamView 4.3 Buffer Overflow

(CVE)
CORE
High Risk

WordPress CM Download Manager 2.0.0 Code Injection

(CVE)
Phi Le Ngoc
High Risk

Hikvision DVR RTSP Request Remote Code Execution

Mark Schloesser
Low Risk

WordPress 3.9.2 Cross Site Scripting

Jouko Pynnonen
Medium Risk

Zenario CMS 7.0.2d Cross Site Scripting / Open Redirect

Gjoko 'LiquidWor...
2014-11-20
Medium Risk

Android <5.0 java.io.ObjectInputStream Privilege Escalation

Jann Horn
Low Risk

Joomla Simple Email Form 1.8.5 Cross Site Scripting

(CVE)
High-Tech Bridge...
High Risk

Faronics Deep Freeze Arbitrary Code Execution

(CVE)
Kyriakos Economo...
Medium Risk

Compaq/Hewlett Packard Glance 11.00 Privilege Escalation

(CVE)
Tim Brown
Medium Risk

IO Slaves KDE Insufficient Input Validation

(CVE)
T. Brown and D. ...
Medium Risk

Dolibarr ERP And CRM 3.5.3 SQL Injection

(CVE)
Jerzy Kramarz
2014-11-19
Low Risk

tcpdump 4.6.2 AOVD Unreliable Output

(CVE)
Steffen Bauch
Medium Risk

tcpdump 4.6.2 Geonet Denial Of Service

(CVE)
Steffen Bauch
Medium Risk

tcpdump 4.6.2 OSLR Denial Of Service

(CVE)
Steffen Bauch
Low Risk

phpSound Music Sharing Platform 1.0.5 Cross Site Scripting

(CVE)
Halil Dalabasmaz
Low Risk

Who's Who Script Cross Site Request Forgery

(CVE)
ZoRLu
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-11-24
2014-11-24
 
CVE-2014-7830
( 3.5/10 )
 
  Moodle Moodle
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or...
 
CVE-2014-7831
( 4/10 )
 
  Moodle Moodle
lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student r...
 
CVE-2014-7832
( 4/10 )
 
  Moodle Moodle
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to by...
 
CVE-2014-7833
( 4/10 )
 
  Moodle Moodle
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by access...
 
CVE-2014-7834
( 4/10 )
 
  Moodle Moodle
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.
 
CVE-2014-7835
( 2.1/10 )
 
  Moodle Moodle
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross...
 
CVE-2014-7836
( 6.8/10 )
 
  Moodle Moodle
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod...
 
CVE-2014-7837
( 5.5/10 )
 
  Moodle Moodle
mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.
 
CVE-2014-7838
( 6.8/10 )
 
  Moodle Moodle
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for request...
 
CVE-2014-7845
( 7.5/10 )
 
  Moodle Moodle
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-f...
 
CVE-2014-7846
( 4/10 )
 
  Moodle Moodle
tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access ...
 
CVE-2014-7847
( 5/10 )
 
  Moodle Moodle
iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitu...
 
CVE-2014-7848
( 5/10 )
 
  Moodle Moodle
lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
 
CVE-2014-9059
( 4.3/10 )
 
  Moodle Moodle
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 ch...
 
CVE-2014-9060
( 5/10 )
 
  Moodle Moodle
The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via ...
2014-11-23
 
CVE-2014-6477
( 6.8/10 )
 
  Oracle Database server
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2...
 
CVE-2014-5314
( 9/10 )
 
  Cybozu Dezie
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
 
CVE-2014-5325
( 5/10 )
 
  Directwebremoting Direct web remoting
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external ent...
 
CVE-2014-5326
( 4.3/10 )
 
  Directwebremoting Direct web remoting
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2014-11-22
 
CVE-2014-4807
( 4/10 )
 
  IBM Sterling selling and fulfillme...
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com