Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2006/11/03 12:0 a.m.252 views

MODx CMS 0.9.2.1 (base_path) Remote File Include Vulnerability

+------------------------------------------------------------------------------------------- + MODx CMS 0.9.2.1 basepath Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: MODx CMS 0.9.2.1 + Vendor...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2005/05/06 12:0 a.m.252 views

[Full-disclosure] [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow

SEC-1 LTD. www.sec-1.com Security Advisory Advisory Name: RSA SecurID Web Agent Heap Overflow Release Date: 06-05-2005 Application: RSA SecurID Web Agent 5 RSA SecurID Web Agent 5.2 RSA SecurID web Agent 5.3 Platform: Windows 2000 / IIS Severity: Remote Code Execution Author: Gary O'leary-Steele...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2001/07/28 12:0 a.m.252 views

Another bug in phpNuke

Yes, i have found some bugs also... You can execute artibility mysql statments in many of its different scripts... reviews.php for example.. The parmenter with the id reviews.php?id=blah think doesn't check... so you can simply do reviews.php?id=12345 or ........ blah blah blah I don't think its...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2011/11/06 12:0 a.m.251 views

IBSng all version Cross-Site Scripting Vulnerability

================= APA-IUTcert ================= Title: IBSng all version Cross-Site Scripting Vulnerability Vendor: www.parspooyesh.com Type: Cross-Site Scripting Vulnerability Fix: N/A ================== nsec.ir ================= Description: Input passed via the "str" parameter to...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/11/26 12:0 a.m.251 views

WordPress XSS vulnerability in RSS Feed Generator

===== noXSS.org Security Advisory ====== Advisory: WordPress XSS vulnerability in RSS Feed Generator Author: Jeremias Reith [email protected] Published: 2008/11/25 Affected: WordPress 2.6.5 Summary ======= WordPress prior to v2.6.3 fails to sanitize the Host header variable correctly when generating R...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2000/08/12 12:0 a.m.251 views

Security Bulletin (MS00-057)

Microsoft Security Bulletin MS00-057 - -------------------------------------- Patch Available for "File Permission Canonicalization" Vulnerability Originally posted: August 10, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet...

7AI score
Exploits0
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.250 views

[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability

ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-030 Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...

6.8CVSS6.8AI score0.03088EPSS
Exploits0
securityvulns
securityvulns
added 2012/11/18 12:0 a.m.250 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.09088EPSS
Exploits29References10Affected Software9
securityvulns
securityvulns
added 2007/07/28 12:0 a.m.250 views

[email protected]

PHPBlogger is a simple tool to help the creation of web blogs... Encrypted admin password and other preferences are stored on /data/pref.db You can find lots of them exposed with google search: pref password= filetype:db = -------------------------------------------- The admin panel is acessible...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/02/16 12:0 a.m.250 views

Turuncu Portal v1.0 == SQL Injection Vulnerability

Turuncu Portal v1.0 == SQL Injection Vulnerability Author : chernobiLe Site : www.cyber-sabotage.org, www.chernobiLe.nethttp://www.chernobile.net/ Contact: [email protected] Not; Bana Trk Scriptinde Ak Buluyorsun diyen eleman; akll ol sen bana Trk scriptidir yapma dedin eywallah dedim...

8.5AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.249 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9CVSS1.6AI score0.59312EPSS
Exploits84References50Affected Software34
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.249 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.09775EPSS
Exploits18References9Affected Software9
securityvulns
securityvulns
added 2008/06/10 12:0 a.m.249 views

Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities Document ID: 107408 Advisory ID: cisco-sa-20080610-snmpv3 http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml Revision 1.0 For Public Release 2008 June 10 1600 UTC...

10CVSS0.7AI score0.6879EPSS
Exploits7
securityvulns
securityvulns
added 2002/04/17 12:0 a.m.249 views

FileSeek cgi script advisory

Best to read is the online version: http://www.dsinet.org/textfiles/advisories/FileSeek-advisory.txt ------------------------------ FileSeek cgi script Advisory ------------------------------ FileSeek.cgi / FileSeek2.cgi 16/04/2002 - by Thijs Bosschert [email protected]...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/09/18 12:0 a.m.249 views

[NEWS] Vulnerability in CamShot server (Authorization)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com Vulnerability in CamShot server Authorization ---------------------------------------------------------------------------- SUMMARY CamShot is a web server...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2000/07/15 12:0 a.m.249 views

Security Bulletin (MS00-044)

Microsoft Security Bulletin MS00-044 - -------------------------------------- Patch Available for "Absent Directory Browser Argument" Vulnerability Originally Posted: July 14, 2000 Summary ======= Microsoft has released a patch that eliminates two security vulnerabilities in Microsoftr Internet...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/09/15 12:0 a.m.247 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruptions, local files access...

10CVSS2AI score0.05811EPSS
Exploits1References1Affected Software2
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.247 views

[security bulletin] HPSBPI03031 rev.1 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04272043 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04272043 Version: 1 HPSBPI03031 rev....

5CVSS0.4AI score0.99999EPSS
Exploits88
securityvulns
securityvulns
added 2011/07/06 12:0 a.m.249 views

Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2010/08/19 12:0 a.m.247 views

[ MDVSA-2010:153 ] apache

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:153 http://www.mandriva.com/security/ Package : apache Date : August 16, 2010 Affected: 2009.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in apache: The...

5CVSS6.3AI score0.2187EPSS
Exploits4
securityvulns
securityvulns
added 2009/04/12 12:0 a.m.247 views

VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0006 Synopsis: VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability Issue date:...

6.8CVSS6.8AI score0.01998EPSS
Exploits3
securityvulns
securityvulns
added 2007/04/25 12:0 a.m.247 views

Progress Webspeed exploit for all releases

Because of a flaw in cpyfile.p which is a default installed file it is possible to gain full control of a machine running Progress Webspeed Messenger. You can access, change and edit allmost any file on the server running the Webspeed Messenger even when the workshop is disabled. First you have t...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2006/09/25 12:0 a.m.247 views

iyzi Forum s1 b2 (tr) SQL Injection Vulnerability

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + iyzi Forum s1 b2 tr SQL Injection Vulnerability + + Author : Fix TR + + Site : www.hack.gen.tr + + Contact : fixtratbsdmail.com + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Download & Info:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/06/02 12:0 a.m.247 views

Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities

Joomla/Mambo CMS Component SimpleBoard 1.1.0 Stable XSS-Vulnerabilities ======================================================================= Release Date ------------ June 01, 2006 Vendor ------- Two Shoes Mambo Factory http://www.tsmf.net/ Version ------- SimpleBoard 1.1.0 Stable comsimpleboa...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2005/09/07 12:0 a.m.247 views

phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting

phpCommunityCalendar 4.0.3 possibly prior versions sql injection / login bypass / cross site scripting software: site: http://open.appideas.com download: http://open.appideas.com/Calendar/ 1 sql injection / login bypass: "admin" directory contains tools for the site administrator. "webadmin"...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.246 views

NeoBill CMS v0.8 Alpha - Multiple Web Vulnerabilities

Title: ====== NeoBill CMS v0.8 Alpha - Multiple Web Vulnerabilities Date: ===== 2012-08-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=685 VL-ID: ===== 685 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2011/05/02 12:0 a.m.246 views

CVE-2010-0216 MediaCast Password Dump Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Packetninjas L.L.C www.packetninjas.net -= Security Advisory =- Advisory: MediaCast Password Dump Vulnerability Release Date: 04/25/2011 Author: Daniel Clemens daniel.clemensatpacketninjas.net Application: MediaCast = 8 By Inventive, Inc -...

5CVSS0.01568EPSS
Exploits2
securityvulns
securityvulns
added 2006/07/25 12:0 a.m.246 views

SQL-Injection in Shop-Script PRO & Shop-Script Premium all version

Advisory: SQL-Injection in Shop-Script PRO & Shop-Script Premium all version. Home Page: http://shop-script.ru Уязвимость/Vulnerability: SQL-injection в зоне администрирования. Уязвимый скрипт/Vulnerable script: admin.php...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2001/05/03 12:0 a.m.245 views

Security Bulletin MS01-023

---------------------------------------------------------------------- Title: Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server Date: 01 May 2001 Software: Windows 2000 Server Windows 2000 Advanced Server Windows 2000 Datacenter Server Impact: Run code of attacker's...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2014/09/25 12:0 a.m.244 views

[oss-security] Re: CVE-2014-6271: remote code execution through bash

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITRE is currently using CVE-2014-7169 to track the report of the incomplete patch, i.e., incorrect function parsing that's present in builds that are up-to-date with the http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025 changes. We realize that...

10CVSS0.99999EPSS
Exploits140
securityvulns
securityvulns
added 2003/06/23 12:0 a.m.244 views

Compaq Web Based Managment multiple bugs

Access to critical files, crossite scripting, etc...

1.4AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2007/11/07 12:0 a.m.243 views

[Full-disclosure] SF-Shoutbox 1.2.1 <= 1.4 HTML/JS Injection Vulnerability

----------------------------- || WWW.SMASH-THE-STACK.NET || ----------------------------- || ADVISORY: SF-Shoutbox 1.2.1 = 1.4 HTML/JS Injection Vulnerability || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: GOOGLE DORK || 0x05: RISK LEVEL || 0x00: ABOUT ME...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2006/09/14 12:0 a.m.243 views

# ForumJBC v4 < = Cross-Site Scripting - XSS Exploit ;

ForumJBC v4 = Cross-Site Scripting - XSS Exploit ; Discovred By : ThELeO ; Software : ForumJBC v4 ; Site Of SoftWare : http://jbc.unlimited.free.fr Version : 4 ; Exploit : http://Www.Victime.Com/Script/haut.php?nbconnecte=scriptalert'hacking20xss' /script ; Greetz : M.I.D.TDrackanZ, Mr.IlysS,...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/02/13 12:0 a.m.243 views

[Full-disclosure] Privilege Scalation for Windows Networks using weak Service restrictions v2.0 exploit

Proof of concept of Sudhakar Govindavajhala and Andrew Appel paper http://www.cs.princeton.edu/sudhakar/papers/winval.pdf Running as an unprivileged user you can test if your services are vulnerable and can be used to install a backdoor. Both source code and binary included Microsoft advisory:...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2011/08/17 12:0 a.m.242 views

DoodleIT (gallery.php?id) (about.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability DoodleIT gallery.php?id about.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.doodleit.co.uk/ Persian Gulf 4 Ever! Dork : "Design by DoodleIT"...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2010/01/19 12:0 a.m.242 views

ezContents CMS Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: ezContents CMS Multiple Vulnerabilities Vendor: http://ezcontents.org/ Vulnerable Version: 2.0.3 and prior versions Exploitation: Remote with browser Fix: N/A - Description: ezContents is a nice PHP CMS which allow management of dynamic...

8.9AI score
Exploits0
securityvulns
securityvulns
added 2006/06/17 12:0 a.m.242 views

Cline Communications Sql injection

Cline Communications Sql injection ------------------------------------- Site:http://www.celerondude.com/ Demo:http://www.liveelite.com/ --------------------------------- Sql injection 1,photoenlarged.php file PhotoID parameter 2,newsdetail.php file NID parameter 3,staffphotoenlarged.php file...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2002/01/14 12:0 a.m.242 views

Novell Netware Login "bypass" to execute programs

Not sure if this is known or not but I did not find anything about it on novell.com, securityfocus.com and after doing a websearch on google with some keywords about it. I don't have the resources to test this "bug" on other versions. And im not even sure if this classifies as bug but it could gi...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.241 views

[ MDVSA-2014:252 ] nss

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:252 http://www.mandriva.com/en/support/security/ Package : nss Date : December 15, 2014 Affected: Business Server 1.0 Problem Description: Updated nss packages fix security vulnerabilities: In the QuickDER...

7.5CVSS4.7AI score0.99999EPSS
Exploits11
securityvulns
securityvulns
added 2014/01/14 12:0 a.m.241 views

NETGEAR WNR1000v3 Password Recovery Vulnerability

Description: Newer firmware versions of the NETGEAR N150 WNR1000v3 wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability allows an attacker to recover the router's plaintext Administrator credentials and subsequently gain full access to the device. This...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/08/24 12:0 a.m.241 views

Уязвимости в FLV Player

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Content Spoofing и Cross-Site Scripting уязвимостях в флеш видео плеере FLV Player. Content Spoofing WASC-12: Флешки плеера FLV Player принимают произвольные адреса в параметре configxml, что позволяет подделать содержимое флешки - например, указа...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2010/11/30 12:0 a.m.241 views

SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X

-----------Summary----------- eVuln ID: 200 Software: "Powered by 4images" Vendor: PHP Web Scripts Version: 4images 1.7.X dork: "Powered by 4images" Critical Level: medium Type: SQL injection and Path Disclosure Status: Unpatched. No reply from developers PoC: Available Solution: Not available...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2003/07/17 12:0 a.m.241 views

Microsoft Security Bulletin MS03-028: Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack (Q816456)

-----BEGIN PGP SIGNED MESSAGE----- - - --------------------------------------------------------------- Title: Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack 816456 Date: 16 July 2003 Software: Microsoftr ISA Server Max Risk: Important Bulletin: MS03-028 Microsoft encourage...

Exploits0
securityvulns
securityvulns
added 2015/01/25 12:0 a.m.240 views

CVE-2015-1178-xss-x-cart-ecommerce

CVE-2015-1178-xss-x-cart-ecommerce Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in X-CART e-Commerce software Affected Software : X-Cart Affected Versions: 5.1.8 and possibly below Vendor Homepage : https://www.x-cart.com Vulnerability Type : Cross-site...

4.3CVSS0.5AI score0.01892EPSS
Exploits2
securityvulns
securityvulns
added 2010/09/16 12:0 a.m.240 views

Microsoft Security Bulletin MS10-065 - Important Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)

Microsoft Security Bulletin MS10-065 - Important Vulnerabilities in Microsoft Internet Information Services IIS Could Allow Remote Code Execution 2267960 Published: September 14, 2010 Version: 1.0 General Information Executive Summary This security update resolves two privately reported...

9.3CVSS0.5AI score0.57231EPSS
Exploits7
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.239 views

[MajorSecurity-SA-2013-014] Sony Playstation Vita Browser - firmware 2.05 - Adressbar spoofing

MajorSecurity-SA-2013-014Sony Playstation Vita Browser - firmware 2.05 - Adressbar spoofing Details ============= Product: Sony Playstation Vita Browser - firmware 2.05 CVE-ID: CVE-2013-XXXX Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://de.playstation.com/psvita/ Advisory-Status...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2010/10/19 12:0 a.m.239 views

Microsft COFEE v1.1.2 DLL Hijacking Exploit

=========================================== Microsft COFEE v1.1.2 DLL Hijacking Exploit =========================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// //...

Exploits0
securityvulns
securityvulns
added 2007/06/15 12:0 a.m.239 views

ByPass In PortalApp

Found By: Hasadya Raed Contact : [email protected] Greetz : Guardian Information Systems ----------------------- Script :PortalApp ==bypass Download :www.portalapp.net Dork:"Copyright @2007 Iatek LLC" or "powered by PortalApp" or"Copyright @2007 Iatek LLC powered by PortalApp"...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.238 views

[SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-028 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Cross-Site Scripting...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2011/09/05 12:0 a.m.238 views

Pc Web Agency (prodotto.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Pc Web Agency prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.pcwebagency.it/ Persian Gulf 4 Ever! Dork : "Powered by Pc Web Agency"...

2.9AI score
Exploits0
Total number of security vulnerabilities5000