Search:
WLB2

[ Bugs ]   [ Exploits ]
WLB2RSS Bugtraq WLB2RSS
[ Bogus ]   [ Tricks ]
2014-08-21
Medium Risk

Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting

(CVE)
Nik
Medium Risk

ArticleFR 3.0.4 SQL Injection

(CVE)
High-Tech Bridge...
Medium Risk

ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection

(CVE)
Pedro
Low Risk

WordPress All In One SEO Pack 2.2.2 Cross Site Scripting

1N3
Medium Risk

ESET Windows Products 7.0 Privilege Escalation

(CVE)
Kyriakos Economo...
Medium Risk

Panda Security 2014 Privilege Escalation

(CVE)
Kyriakos Economo...
High Risk

Delphi And C++ Builder VCL Library Buffer Overflow

(CVE)
CORE
Low Risk

WordPress Mobile Pack 2.0.1 Information Disclosure

Tom Adams
2014-08-20
Low Risk

Apache OFBiz 11.04.04 / 12.04.03 Cross Site Scripting

(CVE)
Gregory Draperi
Medium Risk

RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass

(CVE)
ESA
High Risk

HybridAuth install.php PHP Code Execution

Brendan Coles
High Risk

BlazeDVD Pro 7.0 Buffer Overflow

metacom
Medium Risk

EMC Documentum D2 Privilege Escalation

(CVE)
EMC
Low Risk

EMC Documentum Cross Site Scripting

(CVE)
EMC
High Risk

EMC Documentum Code Execution / DQL Injection

(CVE)
EMC
Low Risk

EMC Documentum Cross Site Request Forgery

(CVE)
EMC
2014-08-19
Medium Risk

Firefox toString console.time Privileged Javascript Injection

(CVE)
joev
High Risk

Gitlab-shell Code Execution

(CVE)
Brandon
High Risk

Senkas Kolibri WebServer 2.0 Buffer Overflow

(CVE)
tekwizz123
Medium Risk

Outlook.com For Android Failed Validation

(CVE)
Yorick Koster
Low Risk

WordPress Disqus 2.7.7 Cross Site Request Forgery

Voxel
2014-08-18
Medium Risk

Apache HttpComponents client Hostname verification MITM attack

(CVE)
Dirk-Willem van ...
Low Risk

Wordpress 3.9.1 pluggable.php CSRF vulnerability

(CVE)
nacin
High Risk

Tenda A5s Router Authentication Bypass Vulnerability

(CVE)
zixian
2014-08-17
Low Risk

RiverBed Stingray Traffic Manager Virtual Appliance 9.6 XSS

William Costa
Medium Risk

Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs

Stefan Kanthak
2014-08-15
Low Risk

Optical Society of America's Prism Information Leak

Peter Wiedekind
Low Risk

MyConnection Server (MCS) 9.7i Cross Site Scripting

(CVE)
1N3
Low Risk

Lyris ListManagerWeb 8.95a Cross Site Scripting

(CVE)
1N3
Medium Risk

WordPress Gallery Objects 0.4 SQL Injection

(CVE)
Claudio Viviani
Medium Risk

vBulletin 5.1.2 SQL Injection Exploit

(CVE)
Nytro
High Risk

VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution

(CVE)
Emilio Pinna
2014-08-14
Low Risk

Jamroom 5.2.6 Cross Site Scripting

(CVE)
High-Tech Bridge...
Low Risk

Ganeti Insecure Archive Permission

Helga Velroyen
Low Risk

Ribose Cross Site Request Forgery

JoeV
[ Read More ]

  Top CWE:   CWE-89 (SQL Injection)   CWE-79 (XSS)   CWE-119 (Buffer Overflow)   CWE-22 (Path Traversal)  

[ CVE Related ]   [ CWE Related ]   [ Dorks ]  

[ CVE Products ] [ CVE Vendors ]
WLB2RSS CVE CVEMAP.ORG WLB2RSS CVE
Last Update: 2014-08-20
2014-08-20
 
CVE-2014-0640
( 4/10 )
 
  EMC Rsa archer egrc
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.
 
CVE-2014-0641
( 6.8/10 )
 
  EMC Rsa archer egrc
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
 
CVE-2014-2505
( 5.4/10 )
 
  EMC Rsa archer egrc
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.
 
CVE-2014-2511
( 4.3/10 )
 
  EMC Digital assets manager
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.
 
CVE-2014-2515
( 8.5/10 )
 
  EMC Documentum d2
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain pr...
 
CVE-2014-2517
( 6.5/10 )
 
  EMC Rsa archer egrc
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors.
 
CVE-2014-2518
( 6.8/10 )
 
  EMC Digital assets manager
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.
 
CVE-2014-2520
( 6.3/10 )
 
  EMC Documentum content server
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content ...
 
CVE-2014-2521
( 6.3/10 )
 
  EMC Documentum content server
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.
 
CVE-2014-3331
( 4.3/10 )
 
  Cisco Asr 5000 series software
The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a craf...
 
CVE-2014-3340
( 4/10 )
 
  Cisco Webex meetmenow
Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166.
 
CVE-2014-3514
( 7.5/10 )
 
  Rubyonrails Ruby on rails
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that...
 
CVE-2014-4618
( 8.5/10 )
 
  EMC Documentum content server
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object.
 
CVE-2014-4749
( 4.3/10 )
 
  IBM Powervc
IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key.
 
CVE-2014-4750
( 2.9/10 )
 
  IBM Powervc
IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network.
2014-08-19
 
CVE-2014-3341
( 5/10 )
 
  Cisco Nexus 5000
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of req...
 
CVE-2014-3903
( 3.5/10 )
 
  JAYJ Cakifo
Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data.
 
CVE-2014-3906
( 7.5/10 )
 
  Kk-osk Advance-flow
SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
 
CVE-2014-5333
( 6.8/10 )
 
  Adobe Adobe air
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK...
 
CVE-2014-3464
( 5.5/10 )
 
  Redhat Jboss enterprise application p...
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated use...
[ Read More ]

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  

[ Full List of Vendors ]  

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  

[ Full List of Products ]  



 
Copyright 2014, cxsecurity.com