Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-12-17
High Risk

Linux Kernel 'Grinch' polkit/wheel group issue

Joab Jackson
High Risk

Ettercap 8.0 / 8.1 Code Execution / Denial Of Service

(CVE)
Nick Sampanis
Low Risk

Arris Touchstone TG862G/CT Cross Site Scripting

(CVE)
Seth Art
Low Risk

Arris Touchstone TG862G/CT Cross Site Request Forgery

(CVE)
Seth Art
High Risk

CIK Telecom SVG6000RW Default Account / Command Execution

Chako
Medium Risk

iWifi For Chat 1.1 Denial Of Service

Vulnerability La...
High Risk

iUSB 1.2 Arbitrary Code Execution

Vulnerability La...
Low Risk

D-Link DCS-2103 Brute Force / Cross Site Scripting

MustLive
Low Risk

Elefant CMS 1.3.9 Cross Site Scripting

Vulnerability La...
High Risk

RStickets! 1.0.0 Remote Shell Upload

Ibrahim Raafat
High Risk

RSform!Pro 1.3.0 Remote Shell Upload

Ibrahim Raafat
Low Risk

Konakart 7.3.0.1 Cross Site Scripting

Vulnerability La...
High Risk

WordPress A.F.D. Theme Echelon Arbitrary File Download

Cleiton Pinheiro
Low Risk

Fuzzylime 3.03b Cross Site Scripting

Vulnerability La...
Low Risk

RelateIQ Mail Encoding Script Code Injection

Vulnerability La...
2014-12-16
High Risk

Linux Kernel 3.2 multiple x86_64 vulnerabilities

(CVE)
Andy Lutomirski
High Risk

Intrexx Professional 6.0 / 5.2 Remote Code Execution

(CVE)
Christian Schnei...
Low Risk

Intrexx Professional 6.0 / 5.2 Cross Site Scripting

(CVE)
Christian Schnei...
High Risk

ActualAnalyzer ant Cookie Command Execution

Brendan Coles
Medium Risk

CA LISA Multiple Vulns

(CVE)
Ken Williams
Medium Risk

WordPress O2Tweet 0.0.4 CSRF / XSS

(CVE)
Manideep K
2014-12-15
Medium Risk

glibc 2.21 DNS endless loop in getaddr_r

Yash
Low Risk

phpMyAdmin 4.0.x, 4.1.x, 4.2.x Denial of Service

Javier Nieto
Medium Risk

CodeMeter 4.50.906.503 Service Trusted Path Privilege Escalation

Hadji Samir
Medium Risk

HTCSyncManager 3.1.33.0 Service Trusted Path Privilege Escalation

Hadji Samir
High Risk

Wordpress Wp Symposium 14.11 Unauthenticated Shell Upload Exploit

Claudio Viviani
Medium Risk

GLPI 0.85 Blind SQL Injection

(CVE)
Kacper Szurek
Low Risk

Mediacoder 0.8.33 build 5680 SEH Buffer Overflow Exploit Dos (.lst)

Hadji Samir
Low Risk

Mediacoder 0.8.33 build 5680 SEH Buffer Overflow Exploit Dos (.m3u)

Hadji Samir
2014-12-14
Medium Risk

Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass

Gjoko 'LiquidWor...
Medium Risk

MantisBT 1.2.17 URL redirection issue

(CVE)
P Richards
High Risk

Linux Kernel Qualcomm Innovation Center (QuIC) Android gain privileges

(CVE)
quicinc
Medium Risk

ZNC NULL Pointer Dereference

Sean
Medium Risk

NLnet Labs Unbound cause a denial of service

(CVE)
Florian Maury (...
2014-12-13
High Risk

Tuleap PHP Unserialize Code Execution

(CVE)
EgiX
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-12-17
2014-12-17
 
CVE-2014-8133
( 2.1/10 )
 
  Linux Linux kernel
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mec...
2014-12-16
 
CVE-2013-6435
( 7.5/10 )
 
  RPM RPM
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the...
 
CVE-2014-8118
( 10/10 )
 
  RPM RPM
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
 
CVE-2014-8583
( 6.9/10 )
 
  Modwsgi Mod wsgi
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.
2014-12-15
 
CVE-2014-1569
( 7.5/10 )
 
  Mozilla Network security services
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers...
 
CVE-2014-3583
( 5/10 )
 
  Apache Http server
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
 
CVE-2014-6052
( 7.5/10 )
 
  Libvncserver Libvncserver
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitra...
 
CVE-2014-6053
( 5/10 )
 
  Libvncserver Libvncserver
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memor...
 
CVE-2014-6253
( 6.8/10 )
 
  Zenoss Zenoss core
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653.
 
CVE-2014-6254
( 4.3/10 )
 
  Zenoss Zenoss core
Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) por...
 
CVE-2014-6255
( 6.4/10 )
 
  Zenoss Zenoss core
Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998.
 
CVE-2014-6256
( 7.5/10 )
 
  Zenoss Zenoss core
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386.
 
CVE-2014-6257
( 5/10 )
 
  Zenoss Zenoss core
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407.
 
CVE-2014-6258
( 5/10 )
 
  Zenoss Zenoss core
An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411.
 
CVE-2014-6259
( 5/10 )
 
  Zenoss Zenoss core
Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity ref...
 
CVE-2014-6260
( 6.8/10 )
 
  Zenoss Zenoss core
Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN...
 
CVE-2014-6261
( 9.3/10 )
 
  Zenoss Zenoss core
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login ses...
 
CVE-2014-7911
( 7.2/10 )
 
  Google Android
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attacker...
 
CVE-2014-8507
( 7.5/10 )
 
  Google Android
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, an...
 
CVE-2014-8609
( 7.2/10 )
 
  Google Android
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent w...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com