Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2006/12/01 12:0 a.m.205 views

@lex Guestbook 4.0.1 : Full Path Disclosure & XSS

@lex Guestbook 4.0.1 -------------------- Vendor site: http://www.alexphpteam.com/ Product: @lex Guestbook 4.0.1 Vulnerability: Full Path Disclosure & XSS Credits: MrKaLiMaN Reported to Vendor: 24.11.06 Public disclosure: 30.11.06 Description: ------------ Full Path Disclosure:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/01/24 12:0 a.m.205 views

[NEWS] Multiple Vulnerabilities in Netgear FVS318 Router

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.204 views

Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin

Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms Vendor: Waters Edge Web Design and...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2012/11/18 12:0 a.m.204 views

MPC (Media Player Classic) WebServer Multiple Vulnerabilities

========================================================================================== MPC Media Player Classic WebServer Multiple Vulnerabilities ==========================================================================================...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2008/01/21 12:0 a.m.204 views

MegaBBS ASP Forum Cross-Site Scripting

HSC MegaBBS ASP Forum Cross-Site Scripting MegaBBS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/04/25 12:0 a.m.204 views

VWar Path Disclosure

SUMMARY : VWar is is a clan management system. It stores all clan members details. Logs match results and keeps track of upcomming matches. Using the links under the Vwar menu, you can view all clan members, view upcomming matches, view previous results, view clan statistics and members can log...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2015/01/14 12:0 a.m.203 views

SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones

SEC Consult Vulnerability Lab Security Advisory 20150113-0 ======================================================================= title: Multiple critical vulnerabilities product: snom IP phones vulnerable version: all firmware versions 8.7.5.15, all firmware branches of all snom desktop IP phon...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.203 views

Total Shop UK eCommerce Generic Cross-Site Scripting

/------------------------------------------------------ | Total Shop UK eCommerce Generic Cross-Site Scripting | ------------------------------------------------------/ Summary ======= The open source version of Total Shop UK eCommerce based on CodeIgniter version 2.1.2 is subject to a cross-site...

4.3CVSS0.1AI score0.01633EPSS
Exploits2
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.203 views

SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom

SEC Consult Vulnerability Lab Security Advisory 20120315-0 ======================================================================= title: Multiple permanent cross-site scripting vulnerabilities product: EMC Documentum eRoom vulnerable version: 7.33.498.98 fixed version: 7.4.4 impact: high homepag...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2010/04/05 12:0 a.m.203 views

ZDI-10-053: Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability

ZDI-10-053: Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-053 April 5, 2010 -- CVE ID: CVE-2010-0844 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPointT...

7.5CVSS0.1AI score0.03788EPSS
Exploits0
securityvulns
securityvulns
added 2005/01/05 12:0 a.m.203 views

3Com 3CDaemon Multiple Vulnerabilities

3Com 3CDaemon Multiple Vulnerabilities By Sowhat 04.JAN.2005 http://secway.org/advisory/ad20041011.txt I.T.S Security Research Team Product Affected: 3Com 3CDaemon 2.0 revision 10 Vendor: www.3Com.com 1 BACKGROUD 3CDaemon is a free popular TFTP, FTP, and Syslog daemon for Microsoft Windows...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2002/03/09 12:0 a.m.203 views

Re: Edvice Security Services <[email protected], 000701c1c5fb$c168f970$5a01010a@mic2000

On 7 March, Edivice Security submitted the following: To: BugTraq Subject: Various Vulnerabilities in Norton Anti-Virus 2002 Date: Mar 7 2002 6:16PM Author: Edvice Security Services [email protected] Message-ID: 000701c1c5fb$c168f970$5a01010a@mic2000 Various Vulnerabilities in Norton...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.202 views

LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification

=== LSE Leading Security Experts GmbH - Security Advisory 2014-07-13 === Grand MA 300 Fingerprint Reader - Weak Pin Verification ------------------------------------------------------------------------ Affected Versions ================= Grand MA 300/ID with firmware 6.60 Issue Overview...

7.8AI score0.07057EPSS
Exploits3
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.202 views

Struts2 Prefixed Parameters Open Redirect Vulnerability

CVE Number: CVE-2013-2248 Title: Struts2 Prefixed Parameters Open Redirect Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.15.1 was released which fixes this vulnerability Issue ID by Vender: S2-017...

5.8CVSS0.3AI score0.94654EPSS
Exploits4
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.202 views

Landshop v0.9.2 - Multiple Web Vulnerabilities

Title: ====== Landshop v0.9.2 - Multiple Web Vulnerabilities Date: ===== 2012-03-31 References: =========== http://vulnerability-lab.com/getcontent.php?id=485 VL-ID: ===== 485 Introduction: ============= The SAMEDIA LandShop® is an innovative tool for the marketing, sale or rent of any kind of re...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/01/11 12:0 a.m.202 views

Apache privilege escalation

Privilege escalation with SetEnvIf in conjunction with crafted HTTP headers...

4.4CVSS2.4AI score0.04716EPSS
Exploits4Affected Software1
securityvulns
securityvulns
added 2009/10/26 12:0 a.m.202 views

Jetty 6.x and 7.x Multiple Vulnerabilities

Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor http://www.mortbay.org/jetty/ Advisory...

5CVSS8.1AI score0.17413EPSS
Exploits8
securityvulns
securityvulns
added 2008/06/16 12:0 a.m.202 views

[ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability

ECHOADV97$2008 ----------------------------------------------------------------------------------------- ECHOADV97$2008 Pre News Manager = 1.0 index.php id Sql Injection Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/01/06 12:0 a.m.202 views

[Full-Disclosure] WinHKI BH File Incorrect Filename Handeling Leads to 100 CPU%

Application: WinHKI Vendors: http://www.webtoolmaster.com Versions: 1.4d Platforms: Windows Bug: BH File Incorrect Filename Handeling Leads to 100 CPU Exploitation: Local extract file Date: 24 Dec 2004 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Website:...

Exploits0
securityvulns
securityvulns
added 2004/12/28 12:0 a.m.202 views

Multiple WHM Autopilot Vulnerabilities

GulfTech Security Research December 28th, 2004 Vendor : Benchmark Designs, LLC URL : http://www.whmautopilot.com/ Version : WHM AutoPilot v2.4.6.5 && Others All Versions Risk : Multiple Vulnerabilities Description: Started by a webhost looking for more out of a simple managment script, Brandee...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2002/08/12 12:0 a.m.202 views

MidiCart Shopping Cart Software database vulnerability

Summary MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product name, surname, address,...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.201 views

Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability

a bug in Vbulletin blogpluginuseradmin v4.1.12 that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : Vbulletin blogpluginuseradmin v4.1.12 Sql Injection Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link :...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2011/08/27 12:0 a.m.201 views

[slackware-security] php (SSA:2011-237-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2011-237-01 New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...

7.5CVSS9AI score0.22724EPSS
Exploits15
securityvulns
securityvulns
added 2002/03/13 12:0 a.m.201 views

Marcus S. Xenakis "directory.php" allows arbitrary code execution

------------------------------------------------------------ itcp advisory 3 [email protected] http://www.it-checkpoint.net/advisory/3.html March 10th, 2002 ------------------------------------------------------------ Marcus S. Xenakis "directory.php" allows arbitrary code execution...

2AI score
Exploits0
securityvulns
securityvulns
added 2015/11/01 12:0 a.m.200 views

[USN-2783-1] NTP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2783-1 October 27, 2015 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.8CVSS1.3AI score0.81762EPSS
Exploits6
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.200 views

CVE-2013-0798 : World read and write access to app_tmp directory on Android

Fourteenforty Research Institute, Inc. Security Advisory World read and write access to apptmp directory on Firefox for Android 2013/04/02 === Summary === World read and write access to apptmp directory on Firefox for Android allows replacing Firefox add-ons. === Severity === Middle === Affected...

4.3CVSS8.3AI score0.00994EPSS
Exploits0
securityvulns
securityvulns
added 2011/09/05 12:0 a.m.200 views

Olonet (prodotto.php?idproduct) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Olonet prodotto.php?idproduct AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.olonet.net/ Persian Gulf 4 Ever! Dork : "Powered & designed by Olonet.net" Exploite:...

3.8AI score
Exploits0
securityvulns
securityvulns
added 2011/08/27 12:0 a.m.200 views

Nafis Group (review.php?ID) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Nafis Group review.php?ID AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "Powered by : Nafis Group" Exploite: www.victim.com/review.php?ID=SQL SpeCial TanX To :...

4.6AI score
Exploits0
securityvulns
securityvulns
added 2007/04/05 12:0 a.m.200 views

RSPA Remote File Inclusion

RSPA Remote File Inclusion Really Simple PHP and Ajax RSPA RSPA is a component based event driven ajax enabled framework for PHP4 and PHP 5. It is a combination of plane PHP class and HTML/Javascript.RSPA allows calling server side PHP functions from client javascript events. Visit...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/04/02 12:0 a.m.200 views

codebb 1.1b3 (phpbb_root_path )Remote File Include Vulnerability

codebb 1.1b3 phpbbrootpath Remote File Include Vulnerability D.Script: http://rd.cycnus.de/download/codebb-1.1b3.tar.bz2 Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net V.Code includeonce$phpbbrootpath . 'includes/codebb/config.'.$phpEx; require$phpbbrootpath...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2004/06/30 12:0 a.m.200 views

rsbac 1.2.3 jail security problems

Amon Ott has released a security bugfix for RSBAC 1.2.3. The problem was discovered regarding to the RSBAC JAIL implementation. Please read the attached original release note if interested. The bugfix is available for download at http://www.rsbac.org/download/bugfixes/ For beginners, RSBAC is:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2002/04/11 12:0 a.m.200 views

Multiple Remote Vulnerabilities in Microsoft IIS

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to [email protected] Contact [email protected] for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Aler...

7.5CVSS0.4AI score0.77341EPSS
Exploits5
securityvulns
securityvulns
added 2001/03/11 12:0 a.m.200 views

Re: Passwords in Net.Commerce/WebSphere decryptable, any version

IBM Global Services Managed Security Services Outside Advisory Redistribution 8 MAR 2001 2:11 GMT MSS-OAR-E01-2001:087.1 =========================================================================== The MSS Outside Advisory Redistribution is designed to provide customers of IBM Managed Security...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.199 views

SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140710-0 ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed...

0.3AI score0.88829EPSS
Exploits16
securityvulns
securityvulns
added 2014/07/28 12:0 a.m.199 views

Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities

Document Title: =============== Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1065 Barracuda Networks Security ID BNSEC: BNSEC-2067...

8.4AI score
Exploits0
securityvulns
securityvulns
added 2011/09/13 12:0 a.m.199 views

Multiple XSS vulnerabilities in CMS Papoo Light Version

Advisory: Multiple XSS vulnerabilities in CMS Papoo Light Version Advisory ID: SSCHADV2011-014 Author: Stefan Schurtz Affected Software: v4.0 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description: ========================== The CMS...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2011/01/18 12:0 a.m.199 views

SECURITY ADVISORY IBM Cognos 8 Business Intelligence 8.4.1

Affected software IBM Cognos 8 Business Intelligence 8.4.1 Prior versions may also be affected. "IBM Cognos 8 Business Intelligence delivers the complete range of BI capabilities: Reporting, Analysis, Dashboarding and Scorecards on a single, service-oriented architecture SOA. Author, share and...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2008/07/15 12:0 a.m.199 views

Simple DNS Plus 5.0/4.1 < remote Denial of Service exploit

A vulnerability was found which may allow a remote attacker to cause a denial of service to Simple DNS Plus Sending multiple DNS respond packets to the source port of the server This vulnerability is fixed in the new version of Simple DNS Plus 5.1.101. usage: sdns-dos.pl dns server dns source...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.199 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.73005EPSS
Exploits26References24Affected Software36
securityvulns
securityvulns
added 2004/03/28 12:0 a.m.199 views

Выполнение произвольного кода в Achims Guestbook

Выполнение произвольного кода в Achims Guestbook Программа: Achims Guestbook версий 2.xx, возможно, также более ранних. Опасность: Наличие эксплоита: Да Описание: В гостевых книгах Achims Guestbook есть возможность выполнения удалённым пользователем произвольного кода на стороне сервера. Проблема...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2002/06/07 12:0 a.m.199 views

Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 + Title: Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability + Date: 7 June 2002 + Author: Eiji James Yoshida [email protected] + Risk: Medium + Vulnerable: Windows2000 SP2 IE5.5SP1 Windows2000 SP2 IE5.5SP2...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2001/08/12 12:0 a.m.199 views

NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability

NSFOCUS Security AdvisorySA2001-05 Topic: Solaris Xlock Heap Overflow Vulnerability Release DateЈє 2001-08-10 CVE CAN ID : CAN-2001-0652 BUGTRAQ ID : 3160 Affected system: ================ Sun Solaris 2.6 SPARC/x86 Sun Solaris 7 SPARC/x86 Sun Solaris 8 SPARC/x86 Impact: ========= NSFOCUS Security...

7.2CVSS7.3AI score0.00917EPSS
Exploits0
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.198 views

CollabNet Subversion Edge Hook Script Privilege Escalation

Vuln Title: The CollabNet Subversion Edge Management Frontend SVN hook scripts privilege escalation Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Privilege escalation design flaw CVE :...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.198 views

[security bulletin] HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04244787 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04244787 Version: 1 HPSBHF03006 rev....

7.8CVSS0.2AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.198 views

[security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03897409 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03897409 Version: 2 HPSBPV02918 rev....

10CVSS9.9AI score0.79003EPSS
Exploits21
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.198 views

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow EDB-ID: 18007 CVE: N/A OSVDB-ID: N/A Author: rgod Published: 2011-10-20 Verified: Exploit Code: Vulnerable App: N/A Rating Overall: 0.0 Oracle DataDirect Multiple Native Wire Protocol ODBC...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2010/09/29 12:0 a.m.198 views

Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453

Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Web commands injection through FTP Login in Synology Disk Station CVE-2010-2453 INTRODUCTION Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network...

4.3CVSS0.4AI score0.00856EPSS
Exploits1
securityvulns
securityvulns
added 2008/10/09 12:0 a.m.198 views

News Manager Remote SQL Injection Vulnerability

News Manager Remote SQL Injection Vulnerability © Ghost Hacker , Real Hack Back : Author : Ghost Hacker Home page : www.Real-h.com Real Hack Back Contact Me : [email protected] Bug : SQL Injection From : Kingdom Saudi Arabia Name Script : News Manager Download :...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2007/07/12 12:0 a.m.198 views

iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability

SquirrelMail G/PGP Plugin gpgrecvkey Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital signature...

9.3CVSS0.7AI score0.10263EPSS
Exploits1
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.198 views

MOPB-32-2007:PHP 4.4.5/4.4.6 session_decode() Double Free Vulnerability

Summary When security fixes for MOPB-31-2007 were developed we demonstrated to the PHP developers that their first two attempts were not a fix for the vulnerability and only killed our described exploit path, while other exploit paths were still useable. During the search for the correct fix a...

0.3AI score
Exploits0
Total number of security vulnerabilities5000