Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-11-22
Medium Risk

TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service

Gjoko 'LiquidWor...
High Risk

glibc command execution in wordexp() with WRDE_NOCMD specified

Francisco
Medium Risk

TIBCO Managed File Transfer vulnerabilities

(CVE)
TIBCO
Low Risk

TIBCO Spotfire Web Player vulnerabilities

(CVE)
TIBCO
Low Risk

Booking.com Open Redirect

Sergio Giucastro
2014-11-21
High Risk

Netgear Wireless Router WNR500 Traversal Arbitrary File Access Exploit

Gjoko 'LiquidWor...
Medium Risk

Privacyware Privatefirewall 7.0 Unquoted Service Path Privilege Escalation

Gjoko 'LiquidWor...
Medium Risk

Supr Shopsystem v5.1.0 - Persistent UI Vulnerability

Vulnerability La...
High Risk

Microsoft Internet Explorer OLE Pre-IE11 Code Execution

(CVE)
GradiusX
Low Risk

PHPFox XSS AdminCP

(CVE)
Wesley Henrique ...
High Risk

Paid Memberships Pro 1.7.14.2 Path Traversal

(CVE)
Kacper Szurek
High Risk

Advantech EKI-6340 2.05 Command Injection

(CVE)
CORE
High Risk

Advantech AdamView 4.3 Buffer Overflow

(CVE)
CORE
High Risk

WordPress CM Download Manager 2.0.0 Code Injection

(CVE)
Phi Le Ngoc
High Risk

Hikvision DVR RTSP Request Remote Code Execution

Mark Schloesser
Low Risk

WordPress 3.9.2 Cross Site Scripting

Jouko Pynnonen
Medium Risk

Zenario CMS 7.0.2d Cross Site Scripting / Open Redirect

Gjoko 'LiquidWor...
2014-11-20
Medium Risk

Android <5.0 java.io.ObjectInputStream Privilege Escalation

Jann Horn
Low Risk

Joomla Simple Email Form 1.8.5 Cross Site Scripting

(CVE)
High-Tech Bridge...
High Risk

Faronics Deep Freeze Arbitrary Code Execution

(CVE)
Kyriakos Economo...
Medium Risk

Compaq/Hewlett Packard Glance 11.00 Privilege Escalation

(CVE)
Tim Brown
Medium Risk

IO Slaves KDE Insufficient Input Validation

(CVE)
T. Brown and D. ...
Medium Risk

Dolibarr ERP And CRM 3.5.3 SQL Injection

(CVE)
Jerzy Kramarz
2014-11-19
Low Risk

tcpdump 4.6.2 AOVD Unreliable Output

(CVE)
Steffen Bauch
Medium Risk

tcpdump 4.6.2 Geonet Denial Of Service

(CVE)
Steffen Bauch
Medium Risk

tcpdump 4.6.2 OSLR Denial Of Service

(CVE)
Steffen Bauch
Low Risk

phpSound Music Sharing Platform 1.0.5 Cross Site Scripting

(CVE)
Halil Dalabasmaz
Low Risk

Who's Who Script Cross Site Request Forgery

(CVE)
ZoRLu
Medium Risk

Snowfox CMS 1.0 Open Redirect

Gjoko 'LiquidWor...
Low Risk

Snowfox CMS 1.0 Cross Site Request Forgery

Gjoko 'LiquidWor...
2014-11-18
High Risk

Internet Explorer 8 Fixed Col Span ID full ASLR, DEP and EMET 5.1 bypass

(CVE)
ryujin & sic...
High Risk

Samsung Galaxy KNOX Android Browser Remote Code Execution

joev
High Risk

ZTE ZXHN H108L Access Bypass

projectzero
Low Risk

Maarch LetterBox 2.8 Insecure Cookie Handling

ZoRLu
Medium Risk

D-Link DCS-2103 Directory Traversal

MustLive
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-11-21
2014-11-21
 
CVE-2014-7137
( 6.5/10 )
 
  Dolibarr Dolibarr erp/crm
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) pro...
 
CVE-2014-8539
( 4.3/10 )
 
  Simple email form project Simple email form
Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php.
2014-11-20
 
CVE-2014-2382
( 7.2/10 )
 
  Faronics Deep freeze
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations...
 
CVE-2014-8387
( 9/10 )
 
  Advantech Eki-6340
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.
 
CVE-2014-8995
( 5/10 )
 
  Maarch Letterbox
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
 
CVE-2014-8996
( 4.3/10 )
 
  Nibbleblog Nibbleblog
Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php.
 
CVE-2014-8997
( 7.5/10 )
 
  Digitalvidhya Digi online examination system
Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct r...
 
CVE-2014-8998
( 6.5/10 )
 
  X7chat X7 chat
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
 
CVE-2014-8999
( 6.5/10 )
 
  Xoops Xoops
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
 
CVE-2014-9000
( 6.5/10 )
 
  Mulesoft Mule enterprise management con...
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user....
 
CVE-2014-9001
( 6.5/10 )
 
  Incrediblepbx Incredible pbx 11
reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.
 
CVE-2014-9002
( 10/10 )
 
  Lantronix Xprintserver
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
 
CVE-2014-9003
( 6.8/10 )
 
  Lantronix Xprintserver
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c param...
 
CVE-2014-9004
( 4.3/10 )
 
  Vld interactive Vldpersonals
Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.
 
CVE-2014-9005
( 7.5/10 )
 
  Vld interactive Vldpersonals
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
 
CVE-2014-9006
( 5/10 )
 
  Monstra Monstra
Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values.
 
CVE-2014-3625
( 5/10 )
 
  Pivotal Spring framework
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
 
CVE-2014-8493
( 5/10 )
 
  Zteusa Zxhn h108l firmware
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
 
CVE-2014-8767
( 5/10 )
 
  Redhat Tcpdump
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.
 
CVE-2014-8768
( 5/10 )
 
  Redhat Tcpdump
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com