CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

9454 matches found

Packet Storm•added 2015/11/16 12:0 a.m.•23 views

Thelia 2.2.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Thelia 2.2.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 11/13/2015 Release mode: Full...

exploitpack•added 2015/11/16 12:0 a.m.•9 views

Kaspersky AntiVirus - .ZIP File Format Use-After-Free

Kaspersky AntiVirus - .ZIP File Format Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=521 Fuzzing the ZIP file format found multiple memory corruption issues, some of which are obviously exploitable for remote code execution as NT AUTHORITY\SYSTEM on an...

Packet Storm•added 2015/11/16 12:0 a.m.•31 views

ClipperCMS 1.3.0 Path Traversal

Security Advisory - Curesec Research Team 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.clippercms.com/ Vulnerability Type: Path Traversal Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public:...

exploitpack•added 2015/11/16 12:0 a.m.•23 views

ClipperCMS 1.3.0 - Multiple SQL Injections

ClipperCMS 1.3.0 - Multiple SQL Injections Security Advisory - Curesec Research Team 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.clippercms.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to...

Packet Storm•added 2015/11/16 12:0 a.m.•26 views

AlegroCart 1.2.8 SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported ...

Packet Storm•added 2015/11/16 12:0 a.m.•27 views

TomatoCart 1.1.8.6.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: TomatoCart v1.1.8.6.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/29/2015 Disclosed to public: 11/13/2015 Relea...

Packet Storm•added 2015/11/16 12:0 a.m.•21 views

XCart 5.2.6 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: XCart 5.2.6 Fixed in: 5.2.7 Fixed Version Link: https://www.x-cart.com/xc5kit Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 11/04/20...

Packet Storm•added 2015/11/16 12:0 a.m.•41 views

Open Source Social Network 3.5 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Open Source Social Network 3.5 Product: Fixed in: 3.6 Fixed Version https://www.opensource-socialnetwork.org/downloads/ Link: ossn-v3.6-1443545762.zip Vendor Contact: https://www.opensource-socialnetwork.org/contact Vulnerability...

0day.today•added 2015/11/07 12:0 a.m.•38 views

MiniBB 3.1.1 Cross Site Scripting Vulnerability

MiniBB version 3.1.1 suffers from a cross site scripting vulnerability. 1. Introduction Affected Product: MiniBB 3.1.1 Fixed in: 3.2 Fixed Version Link: http://www.minibb.com/download.php?file=minibb Vendor Contact: email protected Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendo...

Packet Storm•added 2015/11/07 12:0 a.m.•21 views

Supercali Event Calendar 1.0.8 Cross Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Supercali Event Calendar 1.0.8 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://supercali.inforest.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public...

Packet Storm•added 2015/11/07 12:0 a.m.•36 views

Supercali Event Calendar 1.0.8 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Supercali Event Calendar 1.0.8 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://supercali.inforest.com/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public:...

Packet Storm•added 2015/11/07 12:0 a.m.•22 views

CubeCart 6.0.7 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: CubeCart 6.0.7 Fixed in: 6.0.8 Fixed Version Link: https://www.cubecart.com/thank-you/CubeCart-6.0.8.zip Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/07/2015...

Packet Storm•added 2015/11/06 12:0 a.m.•27 views

MyWebSQL 3.6 Cross Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MyWebSQL 3.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://mywebsql.net/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/2015 Release mode:...

Packet Storm•added 2015/11/06 12:0 a.m.•18 views

MiniBB 3.1.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MiniBB 3.1.1 Fixed in: 3.2 Fixed Version Link: http://www.minibb.com/download.php?file=minibb Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to...

Mozilla•added 2015/11/03 12:0 a.m.•38 views

Buffer overflow during image interactions in canvas — Mozilla

Security researcher Looben Yang reported a buffer overflow in the JPEGEncoder function during script interactions with a canvas element. This is caused by a race condition and incorrectly matched sizes following image interactions. This leads to a potentially exploitable crash...

6.8CVSS9.4AI score0.03549EPSS

Exploits0References2Affected Software3

Mozilla•added 2015/11/03 12:0 a.m.•35 views

Memory corruption in libjar through zip files — Mozilla

Security researcher Gustavo Grieco reported a buffer underflow in libjar triggered through a maliciously crafted ZIP format file. This results in a potentially exploitable crash...

7.5CVSS9AI score0.02607EPSS

Exploits0References2Affected Software3

Packet Storm•added 2015/11/03 12:0 a.m.•21 views

SQL Buddy 1.3.3 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: SQL Buddy 1.3.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 08/18/2015 Disclosed to public: 10/07/2015 Release...

Packet Storm•added 2015/11/03 12:0 a.m.•30 views

Chyrp CMS 2.5.2 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Chyrp CMS 2.5.2 Fixed in: not fixed Fixed Version Link: n/a Vendor Github: https://github.com/chyrp/chyrp Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public: 10/07/2015...

Packet Storm•added 2015/11/03 12:0 a.m.•21 views

SQL Buddy 1.3.3 Cross Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: SQL Buddy 1.3.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 08/18/2015 Disclosed to public: 10/07/2015 Release...

0day.today•added 2015/11/02 12:0 a.m.•24 views

PHP yaml_parse_url Double Free Vulnerability

The yaml parsing functions suffers from an exploitable double free caused by the error path for the phpvarunserialize call on line 797 of pecl/fileformats/yaml.git/parse.c. Title: PHP yamlparseurl Double Free Credit: John Leitch email protected Url1:...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by