Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2006/12/01 12:0 a.m.266 views

@lex Guestbook 4.0.1 : Full Path Disclosure & XSS

@lex Guestbook 4.0.1 -------------------- Vendor site: http://www.alexphpteam.com/ Product: @lex Guestbook 4.0.1 Vulnerability: Full Path Disclosure & XSS Credits: MrKaLiMaN Reported to Vendor: 24.11.06 Public disclosure: 30.11.06 Description: ------------ Full Path Disclosure:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/08/02 12:0 a.m.266 views

Microsoft ActiveSync clear text password

Microsoft ActiveSync clear text password Microsoft ActiveSync is widely used to synchronies Windows based PDAs and smartphones with desktop computer. PDA can connect to PC via COM/USB/IR or LAN. Before synchronization user on PC must setup "partnership" to allow synchronization. If PDA is protect...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2015/07/14 12:0 a.m.265 views

VMWare applications privilege escalation

Weak executable file DACL...

7.2CVSS3.5AI score0.00458EPSS
Exploits0References1Affected Software3
securityvulns
securityvulns
added 2006/11/07 12:0 a.m.265 views

MWChat pro V 7.0 <= (CONFIG[MWCHAT_Libs]) Remote File Include Vulnerability

MWChat pro V 7.0 Class = Remote File Inclusion URL : http://www.appindex.net/products/download/?product=mwchat&version=7.0 Found by = Mr.3FReeT .. code in :. about.php , buddy.php , chat.php , dialog.php , head.php , help.php , index.php , license.php ..... nearly all :D...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2006/09/15 12:0 a.m.265 views

PhotoPost =>4.6 (PP_PATH) Remote File Inclusion Exploit

==================================================================== PhotoPost =4.6 PPPATH Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz http://www.popphoto.com/...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/09/06 12:0 a.m.265 views

BinGo News <= v3.01 (bnrep) Remote File Inclusion Exploit

============================================================================================== BinGo News = v3.01 bnrep Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2004/10/13 12:0 a.m.265 views

Microsoft WebDAV XML DoS

Large number of attributes in requests causes resource exhaustion...

1.8AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2009/01/13 12:0 a.m.264 views

Microsoft Security Bulletin MS09-001 - Critical Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

Microsoft Security Bulletin MS09-001 - Critical Vulnerabilities in SMB Could Allow Remote Code Execution 958687 Published: January 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block...

10CVSS1AI score0.49275EPSS
Exploits5
securityvulns
securityvulns
added 2008/06/16 12:0 a.m.264 views

DUC NO-IP weak encryption

Password is stored in world-readable registry entry in reversable encryption form...

2.5AI score
Exploits0References1
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.263 views

[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite - Database user enumeration Advisory ID: ERPSCAN-15-025 Advisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/ Date published:20.10.2015 Vendors contacted: Oracle 2...

4.3CVSS6.6AI score0.02558EPSS
Exploits0
securityvulns
securityvulns
added 2006/08/02 12:0 a.m.263 views

Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities

---------------------------------------------------- Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities ---------------------------------------------------- Discovered By A-S-T TEAM WE ARE CrAsHoVeRrIdE & BLACK-CODE & MR-HCR ---------------------------------------------------- si...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.262 views

CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework

Severity: Important Vendor: Spring by Pivotal Versions Affected: - 3.0.0 to 3.2.3 Spring OXM & Spring MVC - 4.0.0.M1 Spring OXM - 4.0.0.M1-4.0.0.M2 Spring MVC - Earlier unsupported versions may also be affected Description: The Spring OXM wrapper did not expose any property for disabling entity...

6.8CVSS0.2AI score0.26467EPSS
Exploits1
securityvulns
securityvulns
added 2006/05/09 12:0 a.m.262 views

singapore v0.9.7 XSS Vulnerabilities

SOFTWARE: ========= singapore v0.9.7 DESCRIPTION: ============ The system is vulnerable to various XSS attacks google dork : "Powered by singapore v0.9.7" inurl:index.php?gallery 429 results : xss code example ================ www.site.com/images/index.php?gallery=gallery...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/05/02 12:0 a.m.261 views

[security bulletin] HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04264595 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04264595 Version: 1 HPSBST03004 rev....

5CVSS0.7AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2008/11/24 12:0 a.m.261 views

[Full-disclosure] [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis)

General Information ffdshow is a DirectShow filter and VFW codec for many audio and video formats, such as DivX, Xvid and H.264. It is the most popular audio and video decoder on Windows. Besides a stand-alone setup package, ffdshow is often included in almost all codec pack software such as...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/09/13 12:0 a.m.261 views

RE: ScanAlert Security Advisory

HackerSafe Labs - Security Advisory http://www.hackersafelabs.com SWsoft Plesk for Windows - SQL Injection Vulnerability Date: 9-11-07 Vendor: www.swsoft.com Package: Plesk for Windows Versions: v7.6.1, v8.1.0, v8.1.1, v8.2.0 Vendor Demo: https://plesk8.1win.demo.swsoft.com:8443/login.php3 Credit...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.261 views

Ako Comments (mod) Remote File Inclusion

Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: Ako Comments mod Attack method: Remote File Inclusion Source: Description: This module shows users' comments from component AkoComments. File Version: 1.1 for Mambo 4...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2014/10/05 12:0 a.m.260 views

[security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04468293 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04468293 Version: 2 HPSBHF03119 rev....

10CVSS0.3AI score0.99999EPSS
Exploits140
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.260 views

NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability

NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 111 111001 111111111 0 10 1111 0 11 11 111111111 1 1101 10...

6.8CVSS6.7AI score0.02937EPSS
Exploits3
securityvulns
securityvulns
added 2002/09/30 12:0 a.m.260 views

Microsoft Security Bulletin MS02-053: Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096)

---------------------------------------------------------------------- Title: Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution Q324096 Released: 25 September 2002 Software: FrontPage Server Extensions 2000 and 2002 Impact: Denial of service or privilege elevation Max Risk:...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2000/07/21 12:0 a.m.260 views

Winamp M3U playlist parser buffer overflow security vulnerability

LEGAL NOTICE: By reading this you do agree that life does not make sense and it doesn't need to. You also agree to wear a condom. You do agree to think about nature. .. umm you also agree to GPL all software you've ever written. Click here if you're under 18 There is a buffer overflow security...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.259 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

8.5CVSS1.6AI score0.91354EPSS
Exploits145References51Affected Software36
securityvulns
securityvulns
added 2014/05/02 12:0 a.m.259 views

[security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Software running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04272594 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04272594 Version: 1 HPSBMU03032 rev....

5CVSS0.4AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2014/04/20 12:0 a.m.259 views

RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RUCKUS ADVISORY ID 041414 Customer release date: April 14, 2014 Public release date: April 14, 2014 TITLE OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160 SUMMARY OpenSSL library is used in Ruckus products to implement various...

5CVSS8.1AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2010/09/20 12:0 a.m.259 views

n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.002 20-September-2010 Vendor: Alcatel Affected Products: OmniVista 4760 server: all versions prior to release R5.1.06.03.cPatch3. Vulnerability: arbitrary code execution Risk: High CVE-Number: CVE-2010-3281 Vendor communication:...

5.4CVSS1.2AI score0.01872EPSS
Exploits0
securityvulns
securityvulns
added 2009/11/11 12:0 a.m.259 views

Microsoft Security Bulletin MS09-063 - Critical Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)

Microsoft Security Bulletin MS09-063 - Critical Vulnerability in Web Services on Devices API Could Allow Remote Code Execution 973565 Published: November 10, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in the Web Service...

9.3CVSS1.8AI score0.31215EPSS
Exploits1
securityvulns
securityvulns
added 2007/11/30 12:0 a.m.258 views

AST-2007-026 - SQL Injection issue in cdr_pgsql

Asterisk Project Security Advisory - AST-2007-026 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in cdrpgsql |...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/03/10 12:0 a.m.258 views

PostGuestbook 0.6.1(tpl_pgb_moddir)Remote File Include Expliot

PostGuestbook 0.6.1tplpgbmoddirRemote File Include Expliot D.Script: http://sourceforge.net/projects/postguestbook/ Dork: "Powered by: PostGuestbook 0.6.1" Discovered by GloDM = Mahmoodali Homepage: http://www.Tryag.cc Greetz To Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group V.Code include...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2003/10/03 12:0 a.m.258 views

Multiple vulnerabilities in WinShadow

Multiple vulnerabilities in WinShadow ------------------------------------- Affected Systems: OmniCom WinShadow version: 2.0 and possibly earlier versions Vendor: OmniCom Technologies - http://www.omnicomtech.com Issue: 1. Buffer overflow in client handling hostnames in host files 2. DoS against...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2001/03/13 12:0 a.m.258 views

FreeBSD Ports Security Advisory FreeBSD-SA-01:27.cfengine

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:27 Security Advisory FreeBSD, Inc. Topic: cfengine port contains remote root vulnerability Category: ports Module: cfengine Announced: 2001-03-12 Credits: Pekka Savola...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2009/10/13 12:0 a.m.257 views

Microsoft Security Bulletin MS09-050 - Critical Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)

Microsoft Security Bulletin MS09-050 - Critical Vulnerabilities in SMBv2 Could Allow Remote Code Execution 975517 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed and two privately reported vulnerabilities in Serve...

10CVSS1.3AI score0.90121EPSS
Exploits22
securityvulns
securityvulns
added 2008/11/24 12:0 a.m.257 views

Code Execution via XSS in Internet Explorer

Hello 3APA3A! Recently I wrote about Code Execution via XSS attack http://websecurity.com.ua/2635/. In this article I told about Code Execution attack via Cross-Site Scripting vulnerability in Internet Explorer http://websecurity.com.ua/1241/, which I disclosed in August 2007. Last year and this...

2AI score
Exploits0
securityvulns
securityvulns
added 2002/02/27 12:0 a.m.257 views

SECURITY.NNOV: Special device access in The Bat!

Dear bugtraq, Topic: Special device access in The Bat! Author: 3APA3A [email protected] Date: February, 25 2002 Software: The Bat! 1.53d, 1.54beta Vendor: Ritlabs http://www.thebat.net Risk: Low to average Remote: Yes Exploitable: Yes Vendor Status: Notified, not verified Details: The Bat!...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/07/24 12:0 a.m.256 views

printenv.pl(all versions) cross site scripting Vulnerability

...:::::printenv.plall versions cross site scripting Vulnerability::::.... Virangar Security Team www.virangar.org -------- Discoverd By : hadihadi & black.shadowes special tnx to:MR.nosrati,MR.hesy,satan,IGI,zahra & all virangar members & all iranian hackerz greetz:to my best friend in the world...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/11/25 12:0 a.m.256 views

[Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection

Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory : http://www.aria-security.com/forum/showthread.php?t=42 ----------------------------------------------------------- Software: MidiCart ASP Shopping Cart Method: SQL Injection And Cro...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2006/07/25 12:0 a.m.256 views

[MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities

MajorSecurity 26 Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities ---------------------------------------------------------------------------------------- Software: Woltlab Burning board Impact: Cookie manipulation and Session Fixation Made public: July,...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.255 views

Joomla com_fireboard - SQL Injection Vulnerability

Title: ====== Joomla comfireboard - SQL Injection Vulnerability Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=655 VL-ID: ===== 655 Common Vulnerability Scoring System: ==================================== 7.3 Introduction: ============= Joomla i...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2009/04/18 12:0 a.m.255 views

CLAN TIGER CMS--AUTH BYPASS LOGIN FORM (SQL INJECTION)-->

----------------------------------------------------------- CLAN TIGER CMS AUTH BYPASS LOGIN FORM SQL INJECTION ----------------------------------------------------------- CMS INFORMATION: --WEB: http://www.clantiger.com --DOWNLOAD: http://www.clantiger.com/download-clan-cms --DEMO:...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2001/01/16 12:0 a.m.253 views

Stack Overflow in MSHTML.DLL

Stack Overflow in MSHTML.DLL Systems affected: Any program using MSHTML.DLL for HTML parsing Internet Explorer, Outlook/Outlook Express and other HTML-enabled emailreaders. Reliably tested on IE4.0 and higher on any Windows system, with any servicepacks and patches. Older versions of MSHTML.DLL m...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.252 views

[KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability

------------------------------------------------------------------- Concrete5 = 5.7.3.1 sendmail Remote Code Execution Vulnerability ------------------------------------------------------------------- - Software Link: https://www.concrete5.org/ - Affected Versions: Version 5.7.3.1 and probably...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.252 views

[security bulletin] HPSBMU03061 rev.1 - HP Release Control, Disclosure of Privileged Information and Elevation of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04352674 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04352674 Version: 1 HPSBMU03061 rev....

9CVSS1.3AI score0.06839EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.252 views

[security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04260505 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04260505 Version: 1 HPSBMU03018 rev....

5CVSS0.5AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2009/09/21 12:0 a.m.252 views

rubrique 'rubrique.php' SQL Injection Vulnerability

================================================= Discovered By: CrAzY CrAcKeR Email: CrAzYCrAcKeRathotmaildotcom ================================================ example:- http://www.example.info/rubrique.php?id=-1+union+select+1,2,uslogin,uspassword,5,6,7,8,9,10,11,12,13,14+from+ausersf...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.252 views

phpHoo3 (admin.php) Remote Login Bypass SQL Injection Vulnerability

phpHoo3 Login SQL injection // AYYILDIZ.ORG Gururla Sunar... download:http://cable-modems.org/phpHoo/files/phphoo3.zip author : iLker Kandemir ilkerkandemir at mynet.com Risk : High Class : Remote Vuln. Script : phpHoo3 tnx : h0tturk,ekin0x,Gencnesil,Gencturk,koray,Ajann .. Vulnerable; ///admin.p...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2007/03/10 12:0 a.m.252 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.1134EPSS
Exploits9References12Affected Software15
securityvulns
securityvulns
added 2006/11/03 12:0 a.m.252 views

MODx CMS 0.9.2.1 (base_path) Remote File Include Vulnerability

+------------------------------------------------------------------------------------------- + MODx CMS 0.9.2.1 basepath Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: MODx CMS 0.9.2.1 + Vendor...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2001/07/28 12:0 a.m.252 views

Another bug in phpNuke

Yes, i have found some bugs also... You can execute artibility mysql statments in many of its different scripts... reviews.php for example.. The parmenter with the id reviews.php?id=blah think doesn't check... so you can simply do reviews.php?id=12345 or ........ blah blah blah I don't think its...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2014/07/28 12:0 a.m.251 views

Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398

Document Title: =============== Barracuda Networks Firewall 6.1.2 36 - Filter Bypass & Exception Handling Vulnerability + PoC Video References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1102 Barracuda Networks Security ID BNSEC: BNSEC-2398...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/05/24 12:0 a.m.251 views

PHP multiple security vulnerabilities

DoS conditions, code execution, SQL injections...

7.5CVSS2.3AI score0.99998EPSS
Exploits48References3Affected Software1
securityvulns
securityvulns
added 2011/11/06 12:0 a.m.251 views

IBSng all version Cross-Site Scripting Vulnerability

================= APA-IUTcert ================= Title: IBSng all version Cross-Site Scripting Vulnerability Vendor: www.parspooyesh.com Type: Cross-Site Scripting Vulnerability Fix: N/A ================== nsec.ir ================= Description: Input passed via the "str" parameter to...

0.3AI score
Exploits0
Total number of security vulnerabilities5000