Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2015/05/18 12:0 a.m.285 views

phpMyAdmin 4.4.6 Man-In-the-Middle API Github

phpMyAdmin 4.4.6 Man-In-the-Middle to API Github CVE-2015-3903 Author: Maksymilian Arciemowicz from https://cxsecurity.com Issue type: CWE-295 Source URL: http://cxsecurity.com/issue/WLB-2015050095 --- Description --- As we can read CURLOPTSSLVERIFYPEER option...

4.3CVSS0.1AI score0.01597EPSS
Exploits1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.285 views

TEMENOS T24 R07.03 Authentication Bypass

TEMENOS T24 R07.03 authentication bypass Class: Access Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to an authentication bypass vulnerability as it fails to properly enfor...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/26 12:0 a.m.285 views

Linux kernel multiple security vulnerabilities

DoS, information leakage, privilege escalation...

10CVSS2.5AI score0.03431EPSS
Exploits10References2Affected Software1
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.285 views

ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability

ZDI-11-242: Apple Safari Rendering Object Body Detachment Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-242 July 27, 2011 -- CVE ID: CVE-2011-0255 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Safari --...

9.3CVSS0.4AI score0.03923EPSS
Exploits2
securityvulns
securityvulns
added 2002/03/14 12:0 a.m.285 views

Foundry Networks ServerIron don't decode URIs

Date : 13/03/2002 . By : Frank DENIS [email protected] Vendor : Foundry Networks http://www.foundrynet.com . Product: ServerIron web switches. Summary: Vulnerability in URI parsing code allows to bypass rules. ------------------- DESCRIPTION ------------------- Foundry Networks' ServerIron Family...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2000/05/17 12:0 a.m.284 views

Banner Rotation 01

-- Banner rotating 01 -- -- Description: "Banner rotating 01" is a cgi script distributed for free on several site builder sites, including Hot Area. The script is available on http://www.hotarea.net/web/scripts/banner01/ The cgi script offers numerous functions for those wishing to manage rotati...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.283 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Protection bypass, memory corruptions, ceritficate spoofing, privilege escalation, crossite scripting...

10CVSS2.6AI score0.07543EPSS
Exploits10Affected Software4
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.283 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.6AI score0.99998EPSS
Exploits78References59Affected Software38
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.283 views

VMSA-20120005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0005 Synopsis: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security...

7.5CVSS7.4AI score0.15226EPSS
Exploits4
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.282 views

[security bulletin] HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04262670 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04262670 Version: 1 HPSBHF03021 rev....

5CVSS0.3AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2007/05/07 12:0 a.m.282 views

Remote File Include In Script impex

By Hasadya Raed Contact : [email protected] Israel -------------------------- Script : impex Dork : "ipmex" -------------------------- B.Files : ImpExData.php impexdisplay.php -------------------------- Exploits : http://www.Victim.com/impex/ImpExData.php?systempath=Shell-Attack...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/07/13 12:0 a.m.282 views

SQuery <= 4.5(libpath) Remote File Inclusion Exploit

================================================================= =SQuery = 4.5libpath Remote File Inclusion Exploit | | | ================================================================= =Worked On : ALL VERSIONS | | =Critical Level : Dangerous | | =Gug Found In : gore.php |...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2004/09/30 12:0 a.m.282 views

directory traversal in ParaChat Server 5.5

Donato Ferrante Application: ParaChat Server http://www.parachat.com/ Version: 5.5 Bug: directory traversal Date: 28-Sep-2004 Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description...

7AI score
Exploits0
securityvulns
securityvulns
added 2014/09/02 12:0 a.m.281 views

Mathematica symbolic links vulnerability

Symbolic links vulnerability on temporary files creation...

1.7AI score
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2011/08/30 12:0 a.m.281 views

Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Datriks Solutions prodotto.php?id dettagliosocio.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.datriks.net/ Persian Gulf 4 Ever! Dork : "Powered by Datriks...

3.8AI score
Exploits0
securityvulns
securityvulns
added 2004/07/23 12:0 a.m.281 views

Bug@FlashFTPd

Application: Flash FTP Server Vendors: http://www.net2soft.com/downloads/flashftpserver.exe Version: 1.02.1? Platforms: Windows Bug: Directory Traversal Date: 2004-06-9 Author: CoolICE e-mail: CoolICEChina.com ================ TestCode: C:ftp localhost Connected to server. 220 Flash FTP Server v2...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2003/10/08 12:0 a.m.281 views

Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability

Title: Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability http://www.geocities.co.jp/SiliconValley/1667/advisory08e.html Date: 8 October 2003 Author: Eiji James Yoshida [email protected] Vulnerable: Windows Server 2003 Internet Explorer 6.0 Overview: Windows...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.280 views

Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429

Information -------------------- Advisory by Netsparker. Name: DOM XSS Vulnerability in Twenty Fifteen WordPress Theme Affected Software : WordPress Affected Versions: 4.2.1 and probably below Vendor Homepage : https://wordpress.org/ and https://wordpress.org/themes/twentyfifteen/ Vulnerability...

4.3CVSS6.7AI score0.03803EPSS
Exploits3
securityvulns
securityvulns
added 2004/12/08 12:0 a.m.280 views

Broadcast client crash in Battlefield 1942 1.6.19 and Vietnam 1.2

Luigi Auriemma Application: Battlefield 1942 and Vietnam http://www.battlefield1942.com Versions: Battlefield 1942 = 1.6.19 Battlefield Vietnam = 1.2 Platforms: Windows and Mac Bug: client crash Exploitation: remote, versus clients broadcast Date: 07 December 2004 Author: Luigi Auriemma e-mail:...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2004/04/30 12:0 a.m.280 views

[Full-Disclosure] [RHSA-2004:182-01] Updated httpd packages fix mod_ssl security issue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated httpd packages fix modssl security issue Advisory ID: RHSA-2004:182-01 Issue date: 2004-04-30 Updated on: 2004-04-30 Product: Red Hat...

5CVSS7.5AI score0.09898EPSS
Exploits0
securityvulns
securityvulns
added 2006/02/21 12:0 a.m.279 views

[Full-disclosure] PHPMyChat Authentication Bypass

PHPMyChat Authentication Bypass ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I won't have bothered to post this silly flaw but after seeing the google search result for inurl:phpMyChat.php3 , I thought it would be good idea to keep people informed. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2011/08/30 12:0 a.m.278 views

JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: JCE Joomla Extension =2.0.10 Multiple Vulnerabilities Vendor: www.joomlacontenteditor.net Exploit: Available Vulnerable Version: 2.0.10 Image Manager 1.5.7.13, Media Manager 1.5.6.3, Template Manager 1.5.5, File Manager 1.5.4.1 & prior...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/03/03 12:0 a.m.278 views

PhotoPost PHP 4.8c (showgallery.php) Cross Site Scripting

Exploit Title: PhotoPost PHP 4.8c showgallery.php Cross Site Scripting home : http://www.D99Y.com Author: NassRawI Date: 2/3/2011 Google Dork: "Powered by: PhotoPost PHP 4.8c" Software Link: http://www.photopost.com/ file : showgallery.php exploit : http://localhost/showgallery.php?si=" XSS "...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/09/03 12:0 a.m.277 views

Lua buffer overflow

Buffer overflow on function call with large number of arguments...

5CVSS3.6AI score0.11572EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.276 views

Citrix Receiver, XenDesktop "Pass-the-hash" Attack

Tested against: Citrix XenDesktop, XenServer, Receiver 5.6 SP2 possibly other versions as well By default, the authentication between the Citrix Receiver client to the Web interface is not configured to use SSL. If a company elects not to use SSL for this, the XML transaction between the receiver...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2011/06/11 12:0 a.m.276 views

Multiple vulnerabilities in several IP camera products

Multiple vulnerabilities in several IP camera products ====================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities in several IP camera products Release date: 08/06/2011 Last update: 08/06/2011 Credits: Roberto Paleari, Emaze Networks S.p.A...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/11/11 12:0 a.m.276 views

Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability Advisory ID: cisco-sa-20091109-tls http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml Revision 1.0 For Public Release 2009 November 9 1600 UTC GMT Summary...

5.8CVSS0.9AI score0.87264EPSS
Exploits14
securityvulns
securityvulns
added 2003/02/22 12:0 a.m.276 views

Myguestbook (PHP)

Informations : °°°°°°°°°°°°°° Version : 3.0 Website : http://www.tefonline.net/ Problems : - XSS - admin infos recovery - Access to admin pages PHP Code/Location : °°°°°°°°°°°°°°°°°°° If pseudo = SCRIPT, e-mail = SCRIPT or message = /textareaSCRIPT SCRIPT will be executed on index.php,...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2000/08/26 12:0 a.m.276 views

Security Bulletin (MS00-061)

Microsoft Security Bulletin MS00-061 - -------------------------------------- Patch Available for "Money Password" Vulnerability Originally posted: August 25, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Money. The vulnerability could...

7AI score
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.275 views

Critical security flaws in Nagios NRPE client/server crypto

in CC to: grok full disclosure, bugtraq TL;DR - DO NOT USE NRPE'S SSL IMPLEMENTATION! -- Dear Nagios developers, It's been a couple of years since I've had a look at NRPE, the remote monitoring agent distributed with Nagios. Back then we've exclusively used NRPE on unrouted dedicated monitoring...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2014/05/02 12:0 a.m.275 views

[ANN][SECURITY] ClassLoader manipulation issue confirmed for Struts 1 - CVE-2014-0114

The Apache Struts project team confirms that Struts 1 in all versions is affected by a ClassLoader manipulation vulnerability similar to a recently fixed vulnerability in Struts 2 CVE-2014-0112, CVE-2014-0094 1. This is a different underlying flaw. For future reference, please use CVE-2014-0114 i...

7.5CVSS0.99614EPSS
Exploits8
securityvulns
securityvulns
added 2008/05/14 12:0 a.m.275 views

Adobe Distiller buffer overflow

Buffer overflow on .joboptions file parsing...

4.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/11/03 12:0 a.m.275 views

[security bulletin] HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00786522 Version: 1 HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage SMH, Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service DoS NOTICE: The informatio...

7.5CVSS0.3AI score0.65512EPSS
Exploits1
securityvulns
securityvulns
added 2006/09/27 12:0 a.m.274 views

SolpotCrew Advisory #13 - phpMyChat 0.1 (ChatPath) Remote File Inclusion

SolpotCrew Community phpMyChat 0.1 ChatPath Remote File Inclusion vendor : http://www.phpheaven.net/phpmychat:home Bug Found By :Solpot a.k.a k. Hasibuan 26-09-2006 contact: [email protected] Website : http://www.nyubicrew.org/adv/solpot-adv-09.txt Greetz: choi , h4ntu , Ibnusina , r4dja ,...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2014/10/13 12:0 a.m.273 views

[security bulletin] HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04471532 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04471532 Version: 1 HPSBST03122 rev....

10CVSS0.7AI score0.99999EPSS
Exploits140
securityvulns
securityvulns
added 2000/08/22 12:0 a.m.273 views

Security update for Gnome-Lokkit

A bug has been found in the Gnome lokkit firewall package that could leave a few ports exposed when the user answered no to making any services visible to the outside world. Gnome-Lokkit 0.41 fixes this problem. Users should upgrade and regenerate their firewall rules...

2.4AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.272 views

[CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability

Exploit Title: Wing FTP Server Remote Code Execution vulnerability Product: Wing FTP Server Vulnerable Versions: 4.4.6 and all previous versions Tested Version: 4.4.6 Advisory Publication: 05/06/2015 Latest Update: 05/06/2015 Vulnerability Type: Improper Control of Generation of Code CWE-94 CVE...

7.3AI score
Exploits1
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.272 views

[SYSS-2014-007] FrontRange DSM - Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-007 Product: FrontRange DSM Vendor: FrontRange Solutions USA Inc. and/or its affiliates Affected Versions: v7.2.1.2020, v7.2.2.2331 Tested Versions: v7.2.1.2020, v7.2.2.2331 Vulnerability Type: Use of Hard-coded Cryptographic...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.272 views

CS and XSS vulnerabilities in SWFUpload

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in SWFUpload. This is very popular flash-file, which is used at tens millions of web sites and in hundreds of web applications such as WordPress, only this web application is used at more then 62 millions of web sit...

4.3CVSS0.09088EPSS
Exploits10
securityvulns
securityvulns
added 2007/09/19 12:0 a.m.273 views

Alcatel-Lucent OmniPCX Remote Command Execution

Advisory: Alcatel-Lucent OmniPCX Remote Command Execution RedTeam Pentesting discovered a remote command execution in the Alcatel-Lucent OmniPCX during a penetration test. The masterCGI script of the OmniPXC integrated communication solution web interface is vulnerable to a remote command...

10CVSS9.8AI score0.97759EPSS
Exploits8
securityvulns
securityvulns
added 2015/02/23 12:0 a.m.271 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.59254EPSS
Exploits47References23Affected Software19
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.270 views

Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow

Qualys Security Advisory CVE-2015-0235 GHOST: glibc gethostbyname buffer overflow -- Contents ---------------------------------------------------------------- 1 - Summary 2 - Analysis 3 - Mitigating factors 4 - Case studies 5 - Exploitation 6 - Acknowledgments -- 1 - Summary...

10CVSS1AI score0.94859EPSS
Exploits29
securityvulns
securityvulns
added 2007/12/26 12:0 a.m.269 views

Multiple vulnerabilities in RUNCMS 1.6 by DSecRG

Digital Security Research Group Advisory Application: RunCMS Versions Affected: RunCMS 1.6 Vendor URL: http://www.runcms.org Bugs: SQL Injections, XSS, PHP Include, Predictable session id, etc. Exploits: Aviable Reported: 14.12.2007 Vendor response: 15.12.2007 Date of Public Advisory: 25.12.2007...

Exploits0
securityvulns
securityvulns
added 2014/09/25 12:0 a.m.268 views

Re: [oss-security] CVE-2014-6271: remote code execution through bash

Florian Weimer: Chet Ramey, the GNU bash upstream maintainer, will soon release official upstream patches. http://ftp.gnu.org/pub/gnu/bash/bash-3.0-patches/bash30-017 http://ftp.gnu.org/pub/gnu/bash/bash-3.1-patches/bash31-018 http://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052...

10CVSS0.3AI score0.99999EPSS
Exploits131
securityvulns
securityvulns
added 2006/10/23 12:0 a.m.268 views

Power Phlogger 2.0.9 Remote|Local File Include Vulnerability

Power Phlogger 2.0.9 - Class: Remote|Local File Include Vulnerability Remote: Yes Local: No Type: High Site: http://www.comscripts.com/scripts/php.power-phlogger.211.html Author: xw0x Contact: [email protected] Vuln Code config.inc.php3: ?php include $relpath."functions.php3";//nothing here ?...

1AI score
Exploits0
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.267 views

[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-028 Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...

6.4CVSS6.7AI score0.03119EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.267 views

The BodgeIt Store - another vulnerable web app

Hi folks, I've recently open sourced a vulnerable web app, called The BodgeIt Store: http://code.google.com/p/bodgeit/ Why? Well, you can never have too many vulnerable apps to test against, but also because I've found that many of the existing apps are non trivial to install - they either have a...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/06/11 12:0 a.m.267 views

Linux kernel multiple security vulnerabilities

Kernel memory content leak in cpuset and setsockopt. Weak PRNG generator. GEODE-AES weak encryption key generation...

5CVSS2AI score0.02098EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2010/07/08 12:0 a.m.266 views

ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities

ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities Name ArtForms Vendor http://joomlacode.org/gf/project/jartforms/ Versions Affected 2.1b7.2 RC2 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2007/03/09 12:0 a.m.266 views

Remote File Include In Script copyright (c) James Coyle; JCcorp

By Hasadya Raed Contact : [email protected] ------------------------------------ Script : copyright c James Coyle; JCcorp Expl : Remote Include File Dork : "copyright © James Coyle; JCcorp" ------------------------------------ B.File : createurl.php ------------------------------------ Exploit :...

0.1AI score
Exploits0
Total number of security vulnerabilities5000