CVEMAP.ORG (Common Vulnerabilities and Exposures Map)

Search:
WLB2


First page   01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29   Next
   
-=< CVEMAP.ORG (Common Vulnerabilities and Exposures Map) CXSEC.ORG >=-
2015-03-04
RSS for product
CVE-2014-8617

 

 
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol.

 
RSS for product
CVE-2015-2209

 

 
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.

 
2015-03-03
RSS for product
CVE-2014-7896

 

 
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
RSS for product
CVE-2014-9283
Bestwebsoft
Captcha
 

 
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

 
RSS for product
CVE-2014-9683
Linux
Linux kernel
 

 
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

 
RSS for product
CVE-2015-0890
Bestwebsoft
Google captcha
 

 
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

 
RSS for product
CVE-2015-2194
Fusion project
Fusion
 

 
Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors.

 
RSS for product
CVE-2015-2195
Wp media cleaner project
Wp media cleaner
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php.

 
RSS for product
CVE-2015-2196
Web-dorado
Spider calendar
 

 
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.

 
RSS for product
CVE-2015-2197
Entity api project
Entity api
 

 
Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.

 
RSS for product
CVE-2015-2198
Beehive forum
Beehive forum
 

 
Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message.

 
RSS for product
CVE-2015-2199
Wonderplugin
Audio player
 

 
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.

 
RSS for product
CVE-2015-0656
Cisco
Network analysis module firmware
 

 
Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269.

 
RSS for product
CVE-2015-0933
Sharelatex
Sharelatex
 

 
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.

 
RSS for product
CVE-2015-0934
Sharelatex
Sharelatex
 

 
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename.

 
2015-03-02
RSS for product
CVE-2013-7421
Linux
Linux kernel
 

 
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

 
RSS for product
CVE-2014-8160
Linux
Linux kernel
 

 
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

 
RSS for product
CVE-2014-9644
Linux
Linux kernel
 

 
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.

 
RSS for product
CVE-2015-0239
Linux
Linux kernel
 

 
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.

 
2015-03-01
RSS for product
CVE-2014-8921
IBM
Notes traveler companion
 

 
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message.

 
2015-02-27
RSS for product
CVE-2015-1414
Freebsd
Freebsd
 

 
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.

 
RSS for product
CVE-2015-2072
SAP
HANA
 

 
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676.

 
RSS for product
CVE-2015-2075
SAP
Businessobjects edge
 

 
SAP BussinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.

 
RSS for product
CVE-2015-2076
SAP
Businessobjects edge
 

 
The Auditing service in SAP BussinessObjects Edge 4.0 allows remote attackers to obtains sensitive information by reading an audit event, aka SAP Note 2011395.

 
RSS for product
CVE-2015-2101
Impliedbydesign
Navigate
 

 
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
RSS for product
CVE-2015-2102
Clip-bucket
Clipbucket
 

 
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.

 
RSS for product
CVE-2015-2103
Cosmoshop
Cosmoshop
 

 
Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter).

 
RSS for product
CVE-2014-9676
Ffmpeg
Ffmpeg
 

 
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

 
RSS for product
CVE-2014-9682
Dns-sync project
Dns-sync
 

 
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

 
RSS for product
CVE-2015-0655
Cisco
Unified web and e-mail inter...
 

 
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

 

First page   01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29   Next
   

 

Copyright 2015, cvemap.org