Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-10-01
Medium Risk

TP-Link "2-series" switches, all TP-Link VxWorks-based product Multiple vulnerabilities

kvnjs
High Risk

ManageEngine OpManager / Social IT Arbitrary File Upload

(CVE)
Pedro Ribeiro
Low Risk

WordPress All In One Security And Firewall 3.8.3 XSS

Vulnerability La...
2014-09-30
High Risk

GNU Bash 4.3 Command Injection

JSacco
Medium Risk

AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling

indoushka
Low Risk

Internet Explorer 8 Fixed Col Span ID Full ASLR, DEP, And EMET 5.0 Bypass

(CVE)
sickness
Low Risk

Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure

Nate Power
Medium Risk

Bacula-web 5.2.10 SQL Injection

wishnusakti
Low Risk

PayPal Service Manager Script Insertion

Vulnerability La...
Low Risk

PayPal Bill Later Mail Encoding Cross Site Scripting

Vulnerability
2014-09-29
High Risk

DHCP Client Bash Environment Variable Code Injection

(CVE)
Ramon
Medium Risk

Typo3 JobControl 2.14.0 Cross Site Scripting / SQL Injection

Mogwai
Medium Risk

Exinda WAN Optimization Suite 7.0.0 CSRF / XSS

William Costa
Medium Risk

Comersus Sophisticated Cart Database Disclosure

indoushka
2014-09-28
Medium Risk

Oscommerce 2.3.4 XSS / HPP / File Inclusion

indoushka
Medium Risk

Openfiler 2.99.1 Denial Of Service

(CVE)
dolevff
High Risk

Apache mod_cgi Bash Environment Variable Code Injection

(CVE)
Juan vazquez
Low Risk

Get Simple CMS 3.3.3 Information Disclosure / XSS

indoushka
Medium Risk

NDBLOG 0.1 Cross Site Scripting / SQL Injection

indoushka
Low Risk

SmarterTools Smarter Track 6-10 Information Disclosure

Vulnerability La...
Medium Risk

GS Foto Uebertraeger 3.0 iOS File Include Vulnerability

Vulnerability La...
High Risk

Gnu Bash 4.3 CGI Scan Remote Command Injection

(CVE)
Stephane Chazela...
Medium Risk

Nucom ADSL ADSLR5000UN ISP Credential Disclosure

Sebasti&#161...
High Risk

Dhclient Bash Environment Variable Injection

(CVE)
egypt
High Risk

POSNIC 1.02 Directory Listing / File Upload

indoushka
Low Risk

PayPal Mail Encoding Script Insertion

Vulnerability La...
Low Risk

PayPal Community Web Portal Cross Site Scripting

Vulnerability La...
2014-09-26
Medium Risk

Perl 5.20.1 Deep Recursion Stack Overflow

(CVE)
LSE
Low Risk

Telerik ASP.NET AJAX RadEditor Control 2014.1.403.35 XSS

(CVE)
Tyler Hoyle
High Risk

Mac OS X VMWare Fusion Root Privilege Escalation

(CVE)
joev
Medium Risk

LibVNCServer 0.9.9 Remote Code Execution / Denial Of Service

(CVE)
Nicolas Ruff
High Risk

bashedCgi Remote Command Execution

(CVE)
Shaun Colley
Medium Risk

All In One WP Security 3.8.2 SQL Injection

(CVE)
High-Tech Bridge...
2014-09-25
High Risk

CGI Remote Code Injection by Bash Proof Of Concept

(CVE)
Prakhar Prasad &...
High Risk

ZyXEL Prestig P-660HNU-T1v2 Credential Disclosure

Sebastia&#16...
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-10-01
2014-09-30
 
CVE-2014-6278
( 10/10 )
 
  GNU BASH
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the Force...
 
CVE-2012-5485
( 6.8/10 )
 
  Plone Plone
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.
 
CVE-2012-5487
( 8.5/10 )
 
  Plone Plone
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to...
 
CVE-2012-5488
( 5/10 )
 
  Plone Plone
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
 
CVE-2012-5490
( 4.3/10 )
 
  Plone Plone
Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2012-5491
( 4.3/10 )
 
  Plone Plone
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
 
CVE-2012-5492
( 5/10 )
 
  Plone Plone
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
 
CVE-2012-5493
( 8.5/10 )
 
  Plone Plone
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
 
CVE-2012-5494
( 4.3/10 )
 
  Plone Plone
Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."
 
CVE-2012-5495
( 5/10 )
 
  Plone Plone
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."
 
CVE-2012-5497
( 5/10 )
 
  Plone Plone
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
 
CVE-2012-5498
( 5/10 )
 
  Plone Plone
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
 
CVE-2012-5499
( 5/10 )
 
  Plone Plone
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
 
CVE-2012-5501
( 5/10 )
 
  Plone Plone
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
 
CVE-2012-5502
( 3.5/10 )
 
  Plone Plone
Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2012-5503
( 5/10 )
 
  Plone Plone
ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors.
 
CVE-2012-5504
( 4.3/10 )
 
  Plone Plone
Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
 
CVE-2012-6316
( 4.3/10 )
 
  Tp-link Tl-wr841n
Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter ...
 
CVE-2014-0170
( 4.3/10 )
 
  Jboss Red hat jboss data virtualizat...
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.
 
CVE-2014-3558
( 5/10 )
 
  Hibernate Hibernate validator
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com