Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2003/05/09 12:0 a.m.213 views

Microsoft Windows Media Player directory traversal

Directory traversal during .wmz files download allows to uploading any file to any location...

3.8AI score
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2002/08/23 12:0 a.m.213 views

LG Electronics LG3100p router

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Issue: ----------------------------------------------------------------| LG Electronics LR3100p is a small WAN router, with two WAN interfaces and one Ethernet. It comes with no access lists defined, which enables administrator to connect to port 23/t...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2001/01/06 12:0 a.m.213 views

The Bat! version 1.49

We would like to inform you that version 1.49 is now released. It contains some important security fixes so we recommend you to download it as soon as you can if you use The Bat! as your primary e-mail client. What's new in The Bat! 1.49? Legend: since 1.48 + Added feature Improved/changed featur...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.212 views

Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne

English: Multiple vulnerabilities in Basware Banking/Maksuliikenne software that were reported already 08/2012 may still enable undetectable economic crimes against user organizations companies Finnish: Basware Banking/Maksuliikenne -ohjelmiston haavoittuvuudet, joista raportoitiin jo 08/2012,...

5.8CVSS0.9AI score0.00534EPSS
Exploits0
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.212 views

CVE-2012-6451 Authentication Bypass in LOREX IP Cameras

Product: Lorex LNC116 and LNC104 IP Cameras Vendor: LOREX Technology Inc. Vulnerability Type: Authentication Bypass Vulnerable Firmware Versions: 030312 and earlier Tested Firmware Version: 030312 Fixed Firmware Version: 030405 Solution Status: Fixed by Vendor Vendor Notification: December 22, 20...

1.1AI score0.02609EPSS
Exploits2
securityvulns
securityvulns
added 2012/05/24 12:0 a.m.212 views

PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version

?php www.bugreport.ir Title: PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version Vendor: http://www.php.net Vulnerable Version: PHP up to version 5.3.12 and 5.4.2 Exploitation: Remote Original Advisory: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ Original Exploit URL:...

7.5CVSS10AI score0.99998EPSS
Exploits42
securityvulns
securityvulns
added 2004/03/16 12:0 a.m.212 views

[waraxe-2004-SA#006 - Multiple vulnerabilities in 4nalbum module for PhpNuke]

================================================================================ waraxe-2004-SA006 ================================================================================ Multiple vulnerabilities in 4nalbum module for PhpNuke...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2015/06/01 12:0 a.m.211 views

iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability

Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2014/10/05 12:0 a.m.211 views

[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04467807 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04467807 Version: 1 HPSBGN03117 rev....

10CVSS0.9AI score0.99999EPSS
Exploits140
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.211 views

HP iLO DoS

Device crashes on request with Hearbleed exploitation demonstration...

7.8CVSS1.8AI score0.99999EPSS
Exploits87References1Affected Software1
securityvulns
securityvulns
added 2010/03/11 12:0 a.m.211 views

Croogo CMS 1.2 Cross Site Scripting Vulnerabilities

Croogo CMS 1.2 Cross Site Scripting Vulnerabilities ========================================== Vulnerable Software: 1.2 and prior Release Date: 2010-03-06 Last Update: 2010-02-01 Critical: Low Impact: Session hijack Denial of service Code execution Solution Status: Webvuln has informed and...

7AI score
Exploits0
securityvulns
securityvulns
added 2007/06/20 12:0 a.m.211 views

Comersus Shop Cart 7.07 SQL Injection & XSS

--- Comersus Shop Cart 7.07 SQL Injection & XSS Comersus is an active server pages asp software for running shopping stores, integrated with the rest of your web site. Comersus ASP Cart is free and IT CAN BE used for commercial purposes. An attacker may leverage this issue to have arbitrary scrip...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2005/09/27 12:0 a.m.211 views

[SA16949] SEO-Board admin.php SQL Injection Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/02/12 12:0 a.m.211 views

Barracuda Spam Firewall <= 3.1.10 acts as open relay for whitelisted senders.

Description www.barracudanetworks.com: The Barracuda Spam Firewall is an integrated hardware and software solution for complete protection of your e-mail server. It provides a powerful, easy to use, and affordable solution to eliminate spam and viruses from your organization. Synopsis: Under norm...

Exploits0
securityvulns
securityvulns
added 2001/10/16 12:0 a.m.211 views

[SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition) Configuration File Disclosure Vulnerability

---------------------------------------------------------------------- SNS Advisory No.44 Trend Micro OfficeScan Corporate EditionVirus Buster Corporate Edition Configuration File Disclosure Vulnerability Problem first discovered: Wed, 29 Aug 2001 Published: Tue, 16 Oct 2001...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/06/08 12:0 a.m.211 views

ecurity Advisory: FreeBSD-SA-00:21.ssh [REVISED]

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:21 Security Advisory FreeBSD, Inc. Topic: ssh port listens on extra network port REVISED Category: ports Module: ssh Announced: 2000-06-07 Credits: Jan Koum [email protected]...

7AI score
Exploits0
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.210 views

Elasticsearch vulnerability CVE-2015-1427

Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. We have been assigne...

7.5CVSS1.6AI score0.99906EPSS
Exploits19
securityvulns
securityvulns
added 2013/12/30 12:0 a.m.210 views

Microsoft Windows multiple security vulnerabilities

Memory corruption in graphics library, signature check bypass, use-after-free in scripting, multiple privilege escalations...

9.3CVSS3.2AI score0.84971EPSS
Exploits14References1Affected Software1
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.210 views

Multiple vulnerabilities in PHPShop CMS Free

Vulnerability ID: HTB23058 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinphpshopcmsfree.html Product: PHPShop CMS Free Vendor: PHPShop Software http://www.phpshopcms.ru/ Vulnerable Version: 3.4 and probably prior Tested Version: 3.4 Vendor Notification: 23 November 2011...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2010/07/07 12:0 a.m.210 views

NTSOFT BBS E-Market Professional = XSS / Remote Execution Code

+================================================================================================+ + NTSOFT BBS E-Market Professional & XSS and Remote Execution Evil code + +================================================================================================+ Authors: Ivan Sanchez...

4.3CVSS0.7AI score0.01484EPSS
Exploits2
securityvulns
securityvulns
added 2008/12/19 12:0 a.m.210 views

[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Update 2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-2938: Apache Tomcat information disclosure vulnerability - Update 2 Severity: Important Vendor: Multiple was The Apache Software Foundation Versions Affected: Various Description new information: This vulnerability was originally reported to...

4.3CVSS7.2AI score0.99708EPSS
Exploits22
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.210 views

Fantastic Guestbook v2.0.1 Advisory

.:. Fantastic Guestbook v2.0.1 Advisory .:. Date of written Advisory: ------------------------- July, 11 2006 Product: -------- Fantastic Guestbook v2.0.1 Vendor: ------- http://fscripts.com/ Description: ------------ Fantastic GuestBook version 2.0.1 is simple GuestBook; where remote user withou...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2002/07/01 12:0 a.m.210 views

SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)

DownBload Security Research Lab Advisory ------------------------------------------------------------------------- Advisory name: SSI & CSS execution in E-Guest 1.1 & ZAP Book v1.0.3 Advisory number: 6 Application: E-Guest 1.1 & ZAP Book v1.0.3 CGI scripts --- E-Guest Author: Leung Eric E-mail:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/01/29 12:0 a.m.209 views

[ MDVSA-2014:014 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:014 http://www.mandriva.com/en/support/security/ Package : php Date : January 21, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php: Th...

7.5CVSS7.3AI score0.35635EPSS
Exploits12
securityvulns
securityvulns
added 2011/12/05 12:0 a.m.209 views

[security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03102449 Version: 1 HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default NOTICE: The information in this Security Bulletin should b...

10CVSS0.3AI score0.13953EPSS
Exploits0
securityvulns
securityvulns
added 2008/11/20 12:0 a.m.209 views

Microsoft VISTA TCP/IP stack buffer overflow

phion Security Advisory 21/10/2008 Microsoft VISTA TCP/IP stack buffer overflow Summary ----------------------------- Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2006/04/20 12:0 a.m.209 views

Shbablek Mail Vulnerablitiy - Cross-Site Scripting

Shbablek Mail Vulnerablitiy - Cross-Site Scripting by n0m3rcy Copyright c 2006 n0m3rcy [email protected] Exploit: i in the Already have an account? ia Account name: scriptalert1/script ib Password: scriptalert1/script Shoutz: cijfer , dag , devil-00 , q-ex and all my friends have phun!...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2004/10/07 12:0 a.m.209 views

Full path disclosure and sql injection on CubeCart 2.0.1

-------------------------------------------------------- Full path disclosure and sql injection on CubeCart 2.0.1 -------------------------------------------------------- 1Introduction 2The Problem 3The Solution 4Timeline 5Feddback 1Introduction "CubeCart is an eCommerce script written with PHP &...

Exploits0
securityvulns
securityvulns
added 2010/07/14 12:0 a.m.208 views

Microsoft Security Bulletin MS10-042 - Critical Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)

Microsoft Security Bulletin MS10-042 - Critical Vulnerability in Help and Support Center Could Allow Remote Code Execution 2229593 Published: July 13, 2010 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in the Windows Help and...

9.3CVSS0.9AI score0.75458EPSS
Exploits11
securityvulns
securityvulns
added 2008/06/26 12:0 a.m.208 views

[ECHO_ADV_99$2008] Relative Real Estate Systems <= 3.0 (listing_id) Sql Injection Vulnerability

ECHOADV99$2008 ----------------------------------------------------------------------------------------- ECHOADV99$2008 Relative Real Estate Systems = 3.0 listingid Sql Injection Vulnerability ----------------------------------------------------------------------------------------- Author :...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2008/01/25 12:0 a.m.208 views

iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability

iDefense Security Advisory 01.22.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 22, 2008 I. BACKGROUND IBM Corp.'s Tivoli Provisioning Manager for OS Deployment is a network boot server that facilitates central management of networked workstations. It implements Preboot Execution...

10CVSS0.7AI score0.08377EPSS
Exploits5
securityvulns
securityvulns
added 2007/04/13 12:0 a.m.208 views

Steganos Encrypted Safe NOT so safe

Sometimes greed can be the downfall of the greatest people and nations but in this case it's software. Steganos Encrypted File safe for Windows is one of the most commonly used file security systems in the world. They boast how excellent their encryption and how uncrackable they are. This is...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/02/28 12:0 a.m.208 views

Xbox 360 Hypervisor Privilege Escalation Vulnerability

Security Advisory Xbox 360 Hypervisor Privilege Escalation Vulnerability Release Date: February 28, 2007 Author: Anonymous Hacker [email protected] Timeline: Oct 31, 2006 - release of 4532 kernel, which is the first version containing the bug Nov 16, 2006 - proof of concept completed; unsigned...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.207 views

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 OS X El Capitan 10.11 is now available and addresses the following: Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issu...

10CVSS0.2AI score0.94859EPSS
Exploits103
securityvulns
securityvulns
added 2014/10/17 12:0 a.m.207 views

Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Drupal - pre-auth SQL Injection Vulnerability Release Date: 2014/10/15 Last Modified: 2014/10/15 Author: Stefan Horst stefan.horstatsektioneins.de Application: Drupal = 7.0 = 7.31 Severity: Full SQL injection, which results in...

7.5CVSS0.3AI score0.99974EPSS
Exploits20
securityvulns
securityvulns
added 2013/08/28 12:0 a.m.207 views

[ MDVSA-2013:221 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:221 http://www.mandriva.com/en/support/security/ Package : php Date : August 27, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and correct...

6.8CVSS6.3AI score0.05741EPSS
Exploits4
securityvulns
securityvulns
added 2012/03/10 12:0 a.m.207 views

ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-032 February 22, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/02/22 12:0 a.m.207 views

OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities

OVERVIEW OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Oxwall is a free open source software package for building social networks, family sites and collaboration systems. It is a flexible community website engine developed with the aim to provide people...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/08/27 12:0 a.m.207 views

B-Keen communication (dettaglio_news.php&id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability B-Keen communication dettaglionews.php&id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.b-keen.it/ Persian Gulf 4 Ever! Dork : "Powered by B-Keen communication"...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2010/02/25 12:0 a.m.207 views

Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Multiple Adobe Products XML External Entity And XML Injection Vulnerabilities CVE: CVE-2009-3960 Adobe PSIRT: APSB10-05 -...

4.3CVSS7.4AI score0.90012EPSS
Exploits12
securityvulns
securityvulns
added 2007/03/29 12:0 a.m.207 views

readfile() Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4

SecurityRisk : DEN Remote Exploit : No Local Exploit : Yes Exploit Given : Yes Credit : The-WolF-kSA Date : 24.3.2007 Affected Software : PHP 5.2.1/ 5.1.6 / 4.4.4 readfile Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4 Author: ThE-WoLf-KsA Date: - -Written: 24.3.2007 - --- 0.Description --- - --- 1...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2004/11/11 12:0 a.m.207 views

RealVNC DoS

DoS on large number of established connections...

1.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2014/10/05 12:0 a.m.206 views

[security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04463322 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04463322 Version: 1 HPSBMU03112 rev....

7.5CVSS0.4AI score0.35635EPSS
Exploits8
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.206 views

Arte Dude (collections.php?id) (property.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Arte Dude collections.php?id property.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.artdudegraphics.com/ Persian Gulf 4 Ever! Dork : "inurl:property.php?id=" "an...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2011/05/03 12:0 a.m.206 views

HTB22962: Multiple XSS in YaPiG

Vulnerability ID: HTB22962 Reference: http://www.htbridge.ch/advisory/multiplexssinyapig.html Product: YaPiG Yet Another PHP Image Gallery Vendor: http://yapig.sourceforge.net/ http://yapig.sourceforge.net/ Vulnerable Version: 0.95 Vendor Notification: 19 April 2011 Vulnerability Type: XSS Cross...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/11/10 12:0 a.m.206 views

Arab Portal v2.1 Remote File Disclosure (Win32)

Arab Portal v2.1 Remote File Disclosure Win32 AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : www.arabportal.net DORK : Powered by: Arab Portal...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2005/06/30 12:0 a.m.206 views

[badroot security] Community link pro web editor: Remote command Execution

BADROOT SECURITY GROUP Security Advisory 2005-0x05 http://www.badroot.org irc.us.azzurra.org badroot - - - - - - - - - - - - - - - - - - - - - - - - - Authors ....... spher3 spher3 at fatalimpulse dot net mozako admin at fatalimpulse dot net Date...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.205 views

[security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02735910 Version: 1 HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service DoS NOTICE:...

10CVSS0.5AI score0.13333EPSS
Exploits10
securityvulns
securityvulns
added 2009/06/09 12:0 a.m.205 views

Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)

Microsoft Security Bulletin MS09-018 - Critical Vulnerabilities in Active Directory Could Allow Remote Code Execution 971055 Published: June 9, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in implementations of Active...

10CVSS1.2AI score0.39404EPSS
Exploits2
securityvulns
securityvulns
added 2008/01/21 12:0 a.m.205 views

MegaBBS ASP Forum Cross-Site Scripting

HSC MegaBBS ASP Forum Cross-Site Scripting MegaBBS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

0.8AI score
Exploits0
Total number of security vulnerabilities5000