Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2008/05/20 12:0 a.m.237 views

Foxit Reader buffer overflow

util.printf JavaScript function buffer overflow...

9.3CVSS3AI score0.22693EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns
added 2007/02/03 12:0 a.m.237 views

EQdkp <= 1.3.1 Referer Spoof to access to SQL Database

Title: EQdkp = 1.3.1 Referer Spoof to access to SQL Database URL: http://www.eqdkp.com Hook: "Powered by EQdkp" Author: Eight10 Contact: [email protected] -------------------------------------------------------------------------------------------------------- Background: EQdkp is the largest DKP...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/09/18 12:0 a.m.237 views

SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion

Solpot Crew Community ReviewPost 2.5 RPPATH Remote File Inclusion Donwload File : http://3-bius.com/ReviewPost.zip Bug Found By :homeedition2001 a.k.a bius 15-09-2006 contact: [email protected] Website : http://www.nyubicrew.org/adv/homeedition2001-adv-01.txt Greetz:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2003/08/18 12:0 a.m.237 views

[UNIX] Dropbear SSH Server Format String Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2003/07/17 12:0 a.m.237 views

Microsoft Security Bulletin MS03-026: Buffer Overrun In RPC Interface Could Allow Code Execution(Q823980)

-----BEGIN PGP SIGNED MESSAGE----- - - --------------------------------------------------------------- Title: Buffer Overrun In RPC Interface Could Allow Code Execution 823980 Date: 16 July 2003 Software: Microsoftr Windows r NT 4.0 Microsoft Windows NT 4.0 Terminal Services Edition Microsoft...

Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.236 views

[SECURITY] [DSA 3265-1] zendframework security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3265-1 [email protected] http://www.debian.org/security/ David PrA©vot May 20, 2015 http://www.debian.org/security/faq -...

7.5CVSS1.4AI score0.02802EPSS
Exploits2
securityvulns
securityvulns
added 2010/01/12 12:0 a.m.236 views

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Systems Affected nginx 0.7.64 Varnish 2.0.6 Cherokee 0.99.30...

5CVSS8.2AI score0.27008EPSS
Exploits18
securityvulns
securityvulns
added 2009/12/17 12:0 a.m.235 views

Cisco ASA SSL VPN protection bypass

It's possible to bypass URL filtering feature...

2.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.235 views

KwsPHP (Upload) Remote Code Execution Exploit

?php / ---KwsPHP All Version / Remote Code Execution--- Faille Discovered By TsukasaGenesis && Ajax Sploit Coded By Ajax Site: http://www.r57shell.in / if$argc9 print "---KwsPHP All Version / Remote Code Execution---nn"; print "usage: kwsphpsploit.php -url url -login login -pass pass -email email...

Exploits0
securityvulns
securityvulns
added 2001/03/28 12:0 a.m.235 views

Дырка в compressed folders Windows 98/ME (recoverable passwords)

Пароли могут быть восстановлены...

2.8AI score
Exploits0References1
securityvulns
securityvulns
added 2001/02/20 12:0 a.m.235 views

CGI - mailnews.cgi vulnerability...

Hello BuGReaders... Script: mailnews.cgi Introduction: cat from source CGI-Script MAILNEWS 1.3 This script helps you to maintain a mailinglist. /cat Tested Version: 1.1, 1.3 Author dont parse some characters and he use very stupid "password protection". We can add or delete users from maillist...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2014/09/29 12:0 a.m.233 views

Glype proxy privacy settings can be disabled via CSRF

------------------------------------------------------------------------ Glype proxy privacy settings can be disabled via CSRF ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------...

3.4AI score
Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.235 views

multiple Vulnerability in "WahmShoppes eStore"

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : multiple Vulnerability in "WahmShoppes eStore" Author : alieye vendor : http://www.wahmshoppes.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl:WsError.asp inurl:store/ We apologize but your request...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.233 views

[security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04262472 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04262472 Version: 2 HPSBMU03020 rev....

5CVSS0.6AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2012/04/24 12:0 a.m.233 views

RuggedCom - Backdoor Accounts in my SCADA network? You don't say...

Title: Undocumented Backdoor Access to RuggedCom Devices Author: jc Organization: JC CREW Date: April 23, 2012 CVE: CVE-2012-1803 Background: RuggedCom is one of a handful of networking vendors who capitalize on the market for "Industrial Strength" and "Hardened" networking equipment. You'll find...

8.5CVSS0.9AI score0.49114EPSS
Exploits8
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.233 views

Dropbear SSH server use-after-free

No description provided...

7.1CVSS1.1AI score0.06489EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/02/08 12:0 a.m.233 views

HTB22814: XSS vulnerability in ViArt Shop

Vulnerability ID: HTB22814 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinviartshop.html Product: ViArt Shop Vendor: Viart Software http://www.viart.com/ Vulnerable Version: Enterprise v.4.0.5 Vendor Notification: 25 January 2011 Vulnerability Type: XSS Cross Site Scripting Status:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/04/24 12:0 a.m.233 views

acvsws_php5_v1.0 <= Multiple Remote File Include Vulnerablitiy

acvswsphp5v1.0 = Multiple Remote File Include Vulnerablitiy D.Script: http://www.acvsnet.net/DNN ACVS/Portals/0/Commun/WebServices/acvswsphp5v1.0release.zip/ Discovered by: MoHaNdKo-=-=- [email protected] Homepage: http://www.MoHaNdKo.cOm Exploit:Path/incACVS/SOAP/Transport.php?CheminInclude=She...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2001/05/04 12:0 a.m.233 views

Vulnerabilities in CrushFTP Server

----- Begin Hush Signed Message from [email protected] ----- Vulnerabilities in CrushFTP Server Overview CrushFTP Server 2.1.4 is a java ftp server available from http://www.crushftp.com. Multiple vulnerabilities exist which allow users to change directories outside of the ftp root and downlo...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/08/18 12:0 a.m.232 views

Vbulletin Plugin ChatBox Xss Vulnerability

Vbulletin Plugin ChatBox Xss Vulnerability Discovered By AleminKrali [email protected] www.al3m.blogspot.com Greetz : BeyazKurt,Kerem125,Cr@zyKing,Ercu145,Abo Mohammed Net Devil High Risk Vulnerability! Xss Working!note:You login site and xss try. Ex: http://www.localhost/misc.php?do=ccarc&cbt=xss...

Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.231 views

[SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-001 Product: Kaspersky Endpoint Security for Windows KES Manufacturer: Kaspersky Lab ZAO Affected Versions: 8.1.0.1042, 10.2.1.23 Tested Versions: 8.1.0.1042, 10.2.1.23 Vulnerability Type: Authentication Bypass Using an...

Exploits0
securityvulns
securityvulns
added 2013/09/11 12:0 a.m.231 views

[security bulletin] HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03897409 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03897409 Version: 1 HPSBPV02918 rev....

10CVSS0.2AI score0.79003EPSS
Exploits21
securityvulns
securityvulns
added 2012/08/27 12:0 a.m.231 views

ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-165 : 0Day HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-165 August 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/08/20 12:0 a.m.230 views

Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access

----------------------------------------------------------------------------- Vulnerabilities: An unspecified bug can cause an unsafe/undocumented TCP port to open allowing for: - Unauthenticated remote access to all pages of the router administration GUI, bypassing any credential prompts under...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2011/03/21 12:0 a.m.230 views

libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)

libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.: 18.03.2011 CVE: CVE-2011-0421 CERT: VU325039 Affected Software: - libzip 0.9.3 - PHP 5.3.5 fixed 5.3.6 Original URL:...

4.3CVSS0.4AI score0.13514EPSS
Exploits7
securityvulns
securityvulns
added 2011/01/24 12:0 a.m.230 views

NSOADV-2010-010: DATEV Multiple Applications DLL Hijacking Vulnerability

-------------------------- NSOADV-2010-010 --------------------------- DATEV Multiple Applications DLL Hijacking Vulnerability 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1 11...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/11/09 12:0 a.m.230 views

some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability)

This reminded me of a bunch of problems I spotted in Juniper SSL VPN a while ago; they are apparently fixed, but I don't recall seeing any public vendor advisory / credit for reporting them - so here you go, even if just for the record... These were fixed by Juniper in IVE 6.3R1, 6.2R3, 6.1R5,...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.230 views

XSS phpBB 2.0.21 in administration

phpBB 2.0.21 XSS in administration //-- By Blwood [email protected] //-- http://www.blwood.net //-- Style Admin ----------- Management & Create a theme Lots of input are not properly "filtrate" like stylename, headstylesheet, bodybackground, trcolor1name all the input in simple name... We cand...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/10/13 12:0 a.m.230 views

Yapig: XSS / Code Injection Vulnerability

=========================================================== Yapig: XSS / Code Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0510-001, October 13, 2005...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2003/08/14 12:0 a.m.230 views

Virginity Security Advisory 2003-001 : Hola CMS - Admin Password Disclosure by Include vulnerability

-------------------------------------------------------------------- Virginity Security Advisory 2003-001 - - - -------------------------------------------------------------------- DATE : 2003-08-13 03:11 GMT TYPE : remote VERSIONS AFFECTED : == hola-cms-1.2.9-10...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2001/03/11 12:0 a.m.230 views

Revival of the SUQ.DIQ homepage

Lots of people have requested the SUQ.DIQ package since the closing of the SUQ.DIQ website. Did you all notice how IBMs stocks dropped after the release of this "exploit" and the rather aggresive advisory released by IBM seemed only to make it worse? I can imagine it's a bit of a set back for IBM...

1AI score
Exploits0
securityvulns
securityvulns
added 2000/12/20 12:0 a.m.229 views

Catman file clobbering vulnerability Solaris 2.x

Solaris 2.7/2.8 catman temp file vulnerability. Larry W. Cashdollar Vapid Labs Date Published: 12/18/2000 Advisory ID: 11242000-02 Risk: Low Title: catman temp file vulnerability. Class: insecure temp file handling. Remotely Exploitable: no Locally Exploitable: Yes Vulnerability Description:...

7AI score
Exploits0
securityvulns
securityvulns
added 2003/05/29 12:0 a.m.228 views

ICQLite executable trojaning

bugtraq@, Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Vendor URL: http://www.icq.com Risk: Average Exploitable: Yes Remote: No Date: May, 29 2003 Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp I. Intro: ICQ Lite is popular internet messenger...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.227 views

DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® EasyDnnGallery Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.easydnnsolutions.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.227 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.99998EPSS
Exploits93References37Affected Software24
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.227 views

[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue

MajorSecurity Advisory 33ShopSystems - SQL Injection Issue Details ======= Product: ShopSystems Affected Version: = 4.0 Immune Version: none Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.shopsystems.biz Vendor-Status: informed Advisory-Status: published Credits ============...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/11/03 12:0 a.m.227 views

The Holy Grail: Cisco IOS shellcode And Exploitation Techniques

Michaels Lynn's presentation on Cisco routers malicious code execution possibility...

3.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/08/12 12:0 a.m.227 views

Insecure directory permissions of default installation of Kaspersky Anti-Virus for Unix/Linux File Servers will lead to local root exploit

FYI, a new version is already available and a proposed workaround is described at the end of the advisory. Peter URLs for this document: ftp://ftp.aerasec.de/pub/advisories/kav4unix/kav4unix-local-root-exploit.txt TXT P & C 2005 AERAsec Network Services and Security GmbH The information in this...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/04/20 12:0 a.m.226 views

[security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04239374 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04239374 Version: 1 HPSBMU02999 rev....

5CVSS0.4AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2012/10/28 12:0 a.m.225 views

[security bulletin] HPSBHF02819 SSRT100920 rev.2 - HP, 3COM, and H3C Routers & Switches, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03515685 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03515685 Version: 2 HPSBHF02819...

8.5CVSS6.3AI score0.02263EPSS
Exploits0
securityvulns
securityvulns
added 2011/08/19 12:0 a.m.225 views

Elgg 1.7.10 <= | Multiple Vulnerabilities

OVERVIEW The Elgg 1.7.10 and lower versions are vulnerable to Cross Site Scripting and SQL Injection. 2. BACKGROUND Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2007/07/03 12:0 a.m.225 views

AV Arcade 2.1b (COOKIE[ava_userid]) Get Admin Rights

AV Arcade 2.1b COOKIEavauserid Get Admin Rights Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking - hTTp://RSTZONE.nET Vurnerable code: admin/index.php: $sql = mysqlquery"SELECT FROM avausers...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2014/09/25 12:0 a.m.224 views

[USN-2362-1] Bash vulnerability

========================================================================== Ubuntu Security Notice USN-2362-1 September 24, 2014 bash vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

10CVSS10AI score0.99999EPSS
Exploits131
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.224 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.09795EPSS
Exploits28References45Affected Software32
securityvulns
securityvulns
added 2009/10/14 12:0 a.m.224 views

Microsoft Security Bulletin MS09-062 - Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

Microsoft Security Bulletin MS09-062 - Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution 957488 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These...

9.3CVSS1.6AI score0.26824EPSS
Exploits6
securityvulns
securityvulns
added 2005/10/10 12:0 a.m.224 views

security advisory - OpenVMPS

security advisory - OpenVMPS What is it? ----------- OpenVMPS is a substitute implementation of Cisco Virtual Membership Policy Server on Catalyst 65500 family of switches. It is used on Cisco LAN switces to dynamically assign ports to VLANs according to Ethernet Address. Because it was developed...

Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.223 views

CVE-2013-2504 : Matrix42 Service Desk XSS

43zsec SECURITY ADVISORY CVE ID : CVE-2013-2504 Product: Service Store 5.3 SP3 5.33.946.0 Vendor: matrix42 - member of asseco group Subject: Cross-site Scripting - XSS Classification: PCI 2.0: 6.5.7 PCI 1.2: 6.5.1 OWASP: A2 CWE: 79 CAPEC: 19 WASC: 08 Risk: High Effect: Remotely exploitable Author...

4.3CVSS5.8AI score0.03039EPSS
Exploits2
securityvulns
securityvulns
added 2010/02/10 12:0 a.m.223 views

Microsoft Security Bulletin MS10-012 - Important Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)

Microsoft Security Bulletin MS10-012 - Important Vulnerabilities in SMB Server Could Allow Remote Code Execution 971468 Published: February 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Windows. Th...

10CVSS2.1AI score0.79499EPSS
Exploits7
securityvulns
securityvulns
added 2009/07/16 12:0 a.m.223 views

Oracle Critical Patch Update Advisory - July 2009

Oracle Critical Patch Update Advisory - July 2009 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...

10CVSS0.9AI score0.72638EPSS
Exploits18
securityvulns
securityvulns
added 2001/03/05 12:0 a.m.223 views

Faststream FTP++ Client 2 Beta 11 (build in server) Vulnerability

Faststram FTP built in server responds with the real path of directory instead of a virtual one.It is possible to get files outside of root.dir. e:crap was used as root directory 1. directory path 230 User anonymous logged in. ftp pwd 257 "/E:/crap/" is current directory. 2. getting files from...

0.3AI score
Exploits0
Total number of security vulnerabilities5000