Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2010/09/16 12:0 a.m.240 views

Microsoft Security Bulletin MS10-065 - Important Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)

Microsoft Security Bulletin MS10-065 - Important Vulnerabilities in Microsoft Internet Information Services IIS Could Allow Remote Code Execution 2267960 Published: September 14, 2010 Version: 1.0 General Information Executive Summary This security update resolves two privately reported...

9.3CVSS0.5AI score0.57231EPSS
Exploits7
securityvulns
securityvulns
added 2007/06/15 12:0 a.m.240 views

ByPass In PortalApp

Found By: Hasadya Raed Contact : [email protected] Greetz : Guardian Information Systems ----------------------- Script :PortalApp ==bypass Download :www.portalapp.net Dork:"Copyright @2007 Iatek LLC" or "powered by PortalApp" or"Copyright @2007 Iatek LLC powered by PortalApp"...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2015/03/23 12:0 a.m.239 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.75029EPSS
Exploits17References29Affected Software24
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.239 views

[MajorSecurity-SA-2013-014] Sony Playstation Vita Browser - firmware 2.05 - Adressbar spoofing

MajorSecurity-SA-2013-014Sony Playstation Vita Browser - firmware 2.05 - Adressbar spoofing Details ============= Product: Sony Playstation Vita Browser - firmware 2.05 CVE-ID: CVE-2013-XXXX Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://de.playstation.com/psvita/ Advisory-Status...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2011/09/05 12:0 a.m.239 views

Pc Web Agency (prodotto.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Pc Web Agency prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.pcwebagency.it/ Persian Gulf 4 Ever! Dork : "Powered by Pc Web Agency"...

2.9AI score
Exploits0
securityvulns
securityvulns
added 2010/10/19 12:0 a.m.239 views

Microsft COFEE v1.1.2 DLL Hijacking Exploit

=========================================== Microsft COFEE v1.1.2 DLL Hijacking Exploit =========================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// //...

Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.238 views

[SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-028 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Cross-Site Scripting...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2010/10/28 12:0 a.m.238 views

WinMerge Insecure Library Loading Vulnerability

A vulnerability has been discovered in WinMerge,which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Libraries list called is as follows: • mfc71enu.dll • mfc71loc.dll This can be...

2.1AI score
Exploits0
securityvulns
securityvulns
added 2010/01/12 12:0 a.m.238 views

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Systems Affected nginx 0.7.64 Varnish 2.0.6 Cherokee 0.99.30...

5CVSS8.2AI score0.27008EPSS
Exploits18
securityvulns
securityvulns
added 2008/05/20 12:0 a.m.238 views

Foxit Reader buffer overflow

util.printf JavaScript function buffer overflow...

9.3CVSS3AI score0.22693EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns
added 2007/02/15 12:0 a.m.238 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.10143EPSS
Exploits9References7Affected Software13
securityvulns
securityvulns
added 2006/09/18 12:0 a.m.238 views

SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion

Solpot Crew Community ReviewPost 2.5 RPPATH Remote File Inclusion Donwload File : http://3-bius.com/ReviewPost.zip Bug Found By :homeedition2001 a.k.a bius 15-09-2006 contact: [email protected] Website : http://www.nyubicrew.org/adv/homeedition2001-adv-01.txt Greetz:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/02/03 12:0 a.m.237 views

EQdkp <= 1.3.1 Referer Spoof to access to SQL Database

Title: EQdkp = 1.3.1 Referer Spoof to access to SQL Database URL: http://www.eqdkp.com Hook: "Powered by EQdkp" Author: Eight10 Contact: [email protected] -------------------------------------------------------------------------------------------------------- Background: EQdkp is the largest DKP...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2003/08/18 12:0 a.m.237 views

[UNIX] Dropbear SSH Server Format String Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2003/07/17 12:0 a.m.237 views

Microsoft Security Bulletin MS03-026: Buffer Overrun In RPC Interface Could Allow Code Execution(Q823980)

-----BEGIN PGP SIGNED MESSAGE----- - - --------------------------------------------------------------- Title: Buffer Overrun In RPC Interface Could Allow Code Execution 823980 Date: 16 July 2003 Software: Microsoftr Windows r NT 4.0 Microsoft Windows NT 4.0 Terminal Services Edition Microsoft...

Exploits0
securityvulns
securityvulns
added 2001/03/28 12:0 a.m.237 views

Дырка в compressed folders Windows 98/ME (recoverable passwords)

Пароли могут быть восстановлены...

2.8AI score
Exploits0References1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.236 views

[SECURITY] [DSA 3265-1] zendframework security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3265-1 [email protected] http://www.debian.org/security/ David PrA©vot May 20, 2015 http://www.debian.org/security/faq -...

7.5CVSS1.4AI score0.02802EPSS
Exploits2
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.236 views

Dropbear SSH server use-after-free

No description provided...

7.1CVSS1.1AI score0.06489EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2009/12/17 12:0 a.m.236 views

Cisco ASA SSL VPN protection bypass

It's possible to bypass URL filtering feature...

2.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.236 views

KwsPHP (Upload) Remote Code Execution Exploit

?php / ---KwsPHP All Version / Remote Code Execution--- Faille Discovered By TsukasaGenesis && Ajax Sploit Coded By Ajax Site: http://www.r57shell.in / if$argc9 print "---KwsPHP All Version / Remote Code Execution---nn"; print "usage: kwsphpsploit.php -url url -login login -pass pass -email email...

Exploits0
securityvulns
securityvulns
added 2001/02/20 12:0 a.m.236 views

CGI - mailnews.cgi vulnerability...

Hello BuGReaders... Script: mailnews.cgi Introduction: cat from source CGI-Script MAILNEWS 1.3 This script helps you to maintain a mailinglist. /cat Tested Version: 1.1, 1.3 Author dont parse some characters and he use very stupid "password protection". We can add or delete users from maillist...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2012/04/24 12:0 a.m.235 views

RuggedCom - Backdoor Accounts in my SCADA network? You don't say...

Title: Undocumented Backdoor Access to RuggedCom Devices Author: jc Organization: JC CREW Date: April 23, 2012 CVE: CVE-2012-1803 Background: RuggedCom is one of a handful of networking vendors who capitalize on the market for "Industrial Strength" and "Hardened" networking equipment. You'll find...

8.5CVSS0.9AI score0.49114EPSS
Exploits8
securityvulns
securityvulns
added 2014/09/29 12:0 a.m.234 views

Glype proxy privacy settings can be disabled via CSRF

------------------------------------------------------------------------ Glype proxy privacy settings can be disabled via CSRF ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------...

3.4AI score
Exploits0
securityvulns
securityvulns
added 2005/11/03 12:0 a.m.234 views

The Holy Grail: Cisco IOS shellcode And Exploitation Techniques

Michaels Lynn's presentation on Cisco routers malicious code execution possibility...

3.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/05/04 12:0 a.m.234 views

Vulnerabilities in CrushFTP Server

----- Begin Hush Signed Message from [email protected] ----- Vulnerabilities in CrushFTP Server Overview CrushFTP Server 2.1.4 is a java ftp server available from http://www.crushftp.com. Multiple vulnerabilities exist which allow users to change directories outside of the ftp root and downlo...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.233 views

[SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-001 Product: Kaspersky Endpoint Security for Windows KES Manufacturer: Kaspersky Lab ZAO Affected Versions: 8.1.0.1042, 10.2.1.23 Tested Versions: 8.1.0.1042, 10.2.1.23 Vulnerability Type: Authentication Bypass Using an...

Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.235 views

multiple Vulnerability in "WahmShoppes eStore"

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : multiple Vulnerability in "WahmShoppes eStore" Author : alieye vendor : http://www.wahmshoppes.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl:WsError.asp inurl:store/ We apologize but your request...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.233 views

[security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04262472 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04262472 Version: 2 HPSBMU03020 rev....

5CVSS0.6AI score0.99999EPSS
Exploits88
securityvulns
securityvulns
added 2011/02/08 12:0 a.m.233 views

HTB22814: XSS vulnerability in ViArt Shop

Vulnerability ID: HTB22814 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinviartshop.html Product: ViArt Shop Vendor: Viart Software http://www.viart.com/ Vulnerable Version: Enterprise v.4.0.5 Vendor Notification: 25 January 2011 Vulnerability Type: XSS Cross Site Scripting Status:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/08/18 12:0 a.m.233 views

Vbulletin Plugin ChatBox Xss Vulnerability

Vbulletin Plugin ChatBox Xss Vulnerability Discovered By AleminKrali [email protected] www.al3m.blogspot.com Greetz : BeyazKurt,Kerem125,Cr@zyKing,Ercu145,Abo Mohammed Net Devil High Risk Vulnerability! Xss Working!note:You login site and xss try. Ex: http://www.localhost/misc.php?do=ccarc&cbt=xss...

Exploits0
securityvulns
securityvulns
added 2007/04/24 12:0 a.m.233 views

acvsws_php5_v1.0 <= Multiple Remote File Include Vulnerablitiy

acvswsphp5v1.0 = Multiple Remote File Include Vulnerablitiy D.Script: http://www.acvsnet.net/DNN ACVS/Portals/0/Commun/WebServices/acvswsphp5v1.0release.zip/ Discovered by: MoHaNdKo-=-=- [email protected] Homepage: http://www.MoHaNdKo.cOm Exploit:Path/incACVS/SOAP/Transport.php?CheminInclude=She...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/09/11 12:0 a.m.232 views

[security bulletin] HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03897409 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03897409 Version: 1 HPSBPV02918 rev....

10CVSS0.2AI score0.79003EPSS
Exploits21
securityvulns
securityvulns
added 2012/08/27 12:0 a.m.232 views

ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-165 : 0Day HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-165 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2010/11/09 12:0 a.m.232 views

some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability)

This reminded me of a bunch of problems I spotted in Juniper SSL VPN a while ago; they are apparently fixed, but I don't recall seeing any public vendor advisory / credit for reporting them - so here you go, even if just for the record... These were fixed by Juniper in IVE 6.3R1, 6.2R3, 6.1R5,...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2010/02/16 12:0 a.m.232 views

Oracle quarterly security update

Approximately 30 vulnerabilities in different applications are fixed...

10CVSS2.6AI score0.72638EPSS
Exploits18References13Affected Software8
securityvulns
securityvulns
added 2003/08/14 12:0 a.m.232 views

Virginity Security Advisory 2003-001 : Hola CMS - Admin Password Disclosure by Include vulnerability

-------------------------------------------------------------------- Virginity Security Advisory 2003-001 - - - -------------------------------------------------------------------- DATE : 2003-08-13 03:11 GMT TYPE : remote VERSIONS AFFECTED : == hola-cms-1.2.9-10...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2013/08/20 12:0 a.m.231 views

Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access

----------------------------------------------------------------------------- Vulnerabilities: An unspecified bug can cause an unsafe/undocumented TCP port to open allowing for: - Unauthenticated remote access to all pages of the router administration GUI, bypassing any credential prompts under...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2012/10/28 12:0 a.m.231 views

[security bulletin] HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03515685 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03515685 Version: 2 HPSBHF02819...

8.5CVSS6.3AI score0.02263EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/21 12:0 a.m.231 views

libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)

libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.: 18.03.2011 CVE: CVE-2011-0421 CERT: VU325039 Affected Software: - libzip 0.9.3 - PHP 5.3.5 fixed 5.3.6 Original URL:...

4.3CVSS0.4AI score0.13514EPSS
Exploits7
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.231 views

XSS phpBB 2.0.21 in administration

phpBB 2.0.21 XSS in administration //-- By Blwood [email protected] //-- http://www.blwood.net //-- Style Admin ----------- Management & Create a theme Lots of input are not properly "filtrate" like stylename, headstylesheet, bodybackground, trcolor1name all the input in simple name... We cand...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/10/13 12:0 a.m.231 views

Yapig: XSS / Code Injection Vulnerability

=========================================================== Yapig: XSS / Code Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0510-001, October 13, 2005...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2003/05/29 12:0 a.m.231 views

ICQLite executable trojaning

bugtraq@, Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Vendor URL: http://www.icq.com Risk: Average Exploitable: Yes Remote: No Date: May, 29 2003 Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp I. Intro: ICQ Lite is popular internet messenger...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2011/01/24 12:0 a.m.230 views

NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability

-------------------------- NSOADV-2010-010 --------------------------- DATEV Multiple Applications DLL Hijacking Vulnerability 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 11...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/01/24 12:0 a.m.230 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.07279EPSS
Exploits3References36Affected Software28
securityvulns
securityvulns
added 2001/03/11 12:0 a.m.230 views

Revival of the SUQ.DIQ homepage

Lots of people have requested the SUQ.DIQ package since the closing of the SUQ.DIQ website. Did you all notice how IBMs stocks dropped after the release of this "exploit" and the rather aggresive advisory released by IBM seemed only to make it worse? I can imagine it's a bit of a set back for IBM...

1AI score
Exploits0
securityvulns
securityvulns
added 2000/12/20 12:0 a.m.229 views

Catman file clobbering vulnerability Solaris 2.x

Solaris 2.7/2.8 catman temp file vulnerability. Larry W. Cashdollar Vapid Labs Date Published: 12/18/2000 Advisory ID: 11242000-02 Risk: Low Title: catman temp file vulnerability. Class: insecure temp file handling. Remotely Exploitable: no Locally Exploitable: Yes Vulnerability Description:...

7AI score
Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.228 views

DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® EasyDnnGallery Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.easydnnsolutions.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2013/12/30 12:0 a.m.228 views

Microsoft Windows multiple security vulnerabilities

Memory corruption in graphics library, signature check bypass, use-after-free in scripting, multiple privilege escalations...

9.3CVSS3.2AI score0.84971EPSS
Exploits14References1Affected Software1
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.228 views

[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue

MajorSecurity Advisory 33ShopSystems - SQL Injection Issue Details ======= Product: ShopSystems Affected Version: = 4.0 Immune Version: none Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.shopsystems.biz Vendor-Status: informed Advisory-Status: published Credits ============...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/08/12 12:0 a.m.228 views

Insecure directory permissions of default installation of Kaspersky Anti-Virus for Unix/Linux File Servers will lead to local root exploit

FYI, a new version is already available and a proposed workaround is described at the end of the advisory. Peter URLs for this document: ftp://ftp.aerasec.de/pub/advisories/kav4unix/kav4unix-local-root-exploit.txt TXT P & C 2005 AERAsec Network Services and Security GmbH The information in this...

0.2AI score
Exploits0
Total number of security vulnerabilities5000