ISC BIND DoS Vulnerability (CVE-2023-3341) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

Grafana Privilege Escalation Vulnerability (GHSA-rhxj-gh46-jvw8)

Grafana is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities

Exploit Title: Shoretel Connect Multiple Vulnerability Google Dork: inurl:/signin.php?ret= Date: 14/06/2017 Author: Ramikan Vendor Homepage: https://www.shoretel.com/ Software Link: https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview Version: Tested on 18.62.2000.0,...

KLA11297 Multiple vulnerabilities in Apache Tomcat

Multiple serious vulnerabilities have been found in Apache Tomcat. Malicious users can exploit these vulnerabilities to obtain sensitive information and bypass security restrictions. Below is a complete list of vulnerabilities: 1. A missing host name verification vulnerability can be exploited...

Vehicle Sales Management System - Multiple Vulnerabilities

Vehicle Sales Management System - Multiple Vulnerabilities Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link:...

KLA11126 Multiple vulnerabilities in Apple Safari

Multiple serious vulnerabilities have been found in Apple Safari. Malicious users can exploit these vulnerabilities to cause denial of service, perform cross-site scripting, bypass security restrictions, obtain sensitive information oe execute arbitrary code. Below is complete list of...

KLA11116 Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, perform cross-site scripting and execute arbitrary code. Below is a complete list of vulnerabilities: 1. A...

Lotus Notes Diagnostic Tool 8.5 / 9.0 Privilege Escalation

Exploit Title: Lotus Notes Diagnostic Tool nsd.exe Privelege Escalation Date: 02-09-2017 Exploit Author: ParagonSec Website: https://github.com/paragonsec Version: 8.5 & 9.0 Tested on: Windows 7 Enterprise CVE: CVE-2015-0179 Vendor CVE URL: http://www-01.ibm.com/support/docview.wss?uid=swg2170002...

Disk Pulse Enterprise Server Buffer Overflow Vulnerability (Aug 2017)

Disk Pulse Enterprise Server is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Missing Access Check in extension "Frontend User Registration" (sf_register)

It has been discovered that the extension "Frontend User Registration" sfregister lacks a proper access check. Release Date: May 24, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.2.7 and below Vulnerability...

Authentication Bypass in TYPO3 CMS

It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass. Component Type: TYPO3 CMS Release Date: April 12, 2016 Vulnerable subcomponent: Authentication Vulnerability Type: Authentication Bypass Affected Versions: Versions 6.2.0 to 6.2.19, 7.6.0 to 7.6.4 and 8.0.0 Severity:...

Posnic Stock Management System 1.02 - Multiple Vulnerabilities

Exploit Title: Posnic Stock Management System 1.02 Multiple Vulnerabilities Date: 26 Sep 2013 Vendor Homepage: http://www.posnic.com Software Link: http://sourceforge.net/projects/stockmanagement/?source=directory Version: 1.02 Tested on: Win 7/Backtrack CVE : Exploit Author: Sarahma Security...

Cross-Site Scripting vulnerability in extension Basic SEO Features (seo_basics)

It has been discovered that the extension "Basic SEO Features" seobasics is vulnerable to Cross-Site Scripting Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 0.8.1 and below Vulnerability Type: Cross-Site Scripting...

Mandriva Update for squirrelmail MDVSA-2011:123 (squirrelmail)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Gentoo Security Advisory GLSA 200412-04 (perl)

The remote host is missing updates announced in advisory GLSA 200412-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation

Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix function siteaction nact= "/hosting/addreseller.asp?htype=3" window.document.all.frm1.action = window.document.all.siteact.value +...

[Full-disclosure] Secunia Research: Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities

====================================================================== Secunia Research 31/05/2006 - Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities - ====================================================================== Table of Contents Affected...

KLA10415 ACE vulnerability in multiple software

A buffer overflow was found in the DynaZip library, which is used in several pieces of software. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed ZIP file Original advisories - Related products DynaZ...

KLA10264 LPE vulnerability in PsTools

An improper disconnection was found in PsTools. By exploiting this vulnerability malicious users can gain privileged access to shares. This vulnerability can be exploited locally. Original advisories - Related products Microsoft-PsSuspend Microsoft-PsExec Microsoft-PsInfo Microsoft-PsGetSid...

Solaris 7 (x86) : 107404-03

SunOS 5.7x86: rlmod & telmod patch. Date this patch was last updated by Sun : Apr/15/03 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...