Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2007/07/12 12:0 a.m.198 views

iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability

SquirrelMail G/PGP Plugin gpgrecvkey Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital signature...

9.3CVSS0.7AI score0.10263EPSS
Exploits1
securityvulns
securityvulns
added 2005/02/08 12:0 a.m.198 views

Microsoft Security Bulletin MS05-009 Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)

Microsoft Security Bulletin MS05-009 Vulnerability in PNG Processing Could Allow Remote Code Execution 890261 Issued: February 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Media Player, Windows Messenger and MSN Messenger Impact of Vulnerability:...

10CVSS7AI score0.82537EPSS
Exploits3
securityvulns
securityvulns
added 2014/05/10 12:0 a.m.197 views

[oss-security] Unsafe Query Risk in Active Record

This advisory concerns a security risk in all supported versions of Active Record. There is no patch to apply for this issue. Due to the query API that Active Record supports, there is a risk of unsafe query generation in two scenarios. Databases with a table that contains a column with the same...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.197 views

Coherendz (products.php?cat_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Coherendz products.php?catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.coherendz.com/ Persian Gulf 4 Ever! Exploite: www.victim.com/products.php?catid=SQL SpeCial...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2009/11/09 12:0 a.m.197 views

Vulnerabilities in Pigalle

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in Pigalle. These are Information Leakage, Full path disclosure and Cross-Site Scripting vulnerabilities. Information Leakage: http://site/index.php Versions of PHP, MySQL and web server are shown in meta-tags in source of a...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.197 views

[MajorSecurity Advisory #57]PHP <=5.3 - preg_match() full path disclosure

MajorSecurity Advisory 57PHP =5.3 - pregmatch full path disclosure Details ======= Product: PHP =5.3 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.php.net/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.197 views

ttCMS <= v4 (ez_sql.php lib_path) Remote File Inclusion Vulnerability

DEVIL TEAM - HACKING POLISH TEAM Author: Kacper a.k.a Rahim Contact: [email protected] Homepage: http://www.rahim.webd.pl/ Irc: irc.milw0rm.com:6667 devilteam -------------------------------------------- Pozdro dla wszystkich z kanalu IRC oraz forum DEVIL TEAM. ttCMS = v4 ezsql.php libpath RFI...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2005/04/30 12:0 a.m.197 views

Multiples Full Path Disclosure in php-nuke 7.6 (and below)

Multiples Full Path Disclosure in php-nuke 7.6 and below --------------------------------------------------------------------------- Author: project-restart Date: 27. April 2005 Location: Brazil Web: http://www.project-restart.org/ Target: PHP-nuke 7.6 and below...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/12 12:0 a.m.196 views

Vulnerabilities in D-Link DAP 1150

Hello 3APA3A! I want to warn you about security vulnerabilities in D-Link DAP 1150 WiFi Access Point and Router. These are Predictable Resource Location, Brute Force and Cross-Site Request Forgery vulnerabilities. This is my second advisory from series of advisories about vulnerabilities in D-Lin...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2010/07/19 12:0 a.m.196 views

Microsoft ClickOnce MITM Vulnerabilities

============================================================================== ======|ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ|====== ======| ClickOnce Man-In-The-Middle [email protected] |====== ======||======...

2.6CVSS5.9AI score0.0179EPSS
Exploits1
securityvulns
securityvulns
added 2007/04/16 12:0 a.m.196 views

Pixaria Gallery 1.0 (class.Smarty.php) Remote File Include Vulnerability

Pixaria Gallery 1.0 class.Smarty.php Remote File Include Vulnerability ----------------------------------------------------------------------------------------- scripts : Pixaria Gallery 1.0 Discovered By : irvian scripts site : http://pixaria.com/ Thanks To : hitamputih nyubicrew patihack specia...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.195 views

Interspire Shopping Cart v6 - Multiple Web Vulnerabilities

Title: ====== Interspire Shopping Cart v6 - Multiple Web Vulnerabilities Date: ===== 2012-06-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=593 VL-ID: ===== 593 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2011/03/03 12:0 a.m.195 views

About the security content of iTunes 10.2

About the security content of iTunes 10.2 Last Modified: March 02, 2011 Article: HT4554 Email this article Print this page Summary This document describes the security content of iTunes 10.2. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a...

10CVSS0.2AI score0.43382EPSS
Exploits11
securityvulns
securityvulns
added 2011/01/20 12:0 a.m.195 views

DotNetNuke Remote Code Execution vulnerability

======================================= Vulnerability discovered: November 23, 2010 Discovered by: Danil Niggebrugge, Fox-IT BV https://www.fox-it.com/ Reported to vendor: November 30, 2010 Fix available: Yes ======================================= PRODUCT ------------- DotNetNuke is an open sour...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2003/02/11 12:0 a.m.195 views

Cedric Email Reader (PHP)

Version : 0.2;0.3;0.4 Website : http://www.isoca.com/ Problems :Include file local, remote Version: 0.2;0.3 File: --------------------------------- email.php3 version 0.2 ; email.php version 0.3 --------------------------------- PHP Code: ---------------------------------...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2015/09/14 12:0 a.m.194 views

[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04774019 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04774019 Version: 1 HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple...

10CVSS0.2AI score0.9994EPSS
Exploits45
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.194 views

[security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04260385 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04260385 Version: 1 HPSBMU03013 rev....

5CVSS0.2AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2010/12/29 12:0 a.m.194 views

HotWeb Rentals "PageId" SQL Injection Vulnerability

HotWeb Rentals "PageId" SQL Injection Vulnerability PRODUCT http://www.hotwebscripts.co.uk/ Input passed to the "PageId" parameter in default.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. POC...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2009/04/03 12:0 a.m.194 views

[SECURITY] [DSA 1761-1] New moodle packages fix file disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1761-1 [email protected] http://www.debian.org/security/ Nico Golde April 3rd, 2009 http://www.debian.org/security/faq -...

4.3CVSS1.3AI score0.06237EPSS
Exploits1
securityvulns
securityvulns
added 2007/12/16 12:0 a.m.194 views

MS Office 2007: Target of Hyperlinks not covered by Digital Signatures

Affects: Microsoft Office 2007 12.0.6015.5000 MSO 12.0.6017.5000 possibly older versions I. Background Microsoft Office is a suite containing several programs to handle Office documents like text documents or spreadsheets. The latest version uses an XML based document format. Microsoft Office...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2007/07/22 12:0 a.m.194 views

JBlog 1.0 Creat Admin exploit, xss, Cookie Manipulation

!-- Script...............: JBlog version: 1.0 Script Site..........: http://www.jmuller.net/jblog Vulnerability........: Creat Admin exploit, xss, Cookie Manipulation Access...............: Remote level................: Dangerous Author...............: S4mi Contact..............:...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2007/06/12 12:0 a.m.194 views

PHP parse_str() arbitrary variable overwrite

Title: PHP parsestr arbitrary variable overwrite Vendor: http://www.php.net/ Advisory: http://www.acid-root.new.fr/advisories/14070612.txt Author: DarkFig gmdarkfig at gmail dot com Written on: 2007/06/12 Released on: 2007/06/12 Risk level: Medium / High I.BACKGROUND Quote from php.net PHP is a...

Exploits0
securityvulns
securityvulns
added 2005/03/14 12:0 a.m.194 views

[SA14564] MySQL MS-DOS Device Names Denial of Service Vulnerability

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2001/03/26 12:0 a.m.194 views

another format string bug

There is a format string bug in 'pwc' ftp://ftp.media-com.com.pl/pub/other/pwc.tar.gz. This CGI script is used to change users password via www blah!. writelog call syslog function, which 'eats' ; characters and log it to system logs. But you can paste shellcode into buffers512 and syslog will ru...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2014/07/28 12:0 a.m.193 views

Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability

Document Title: =============== Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1118 Barracuda Networks Security ID BNSEC: BNSEC-1052...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.193 views

[security bulletin] HPSBGN02929 rev.1 - HP Intelligent Management Center (iMC), HP IMC Branch Intelligent Management System Software Module (BIMS), and Comware Based Switches and Routers, Remote Code Execution, Disclosure of Informati

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03943425 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03943425 Version: 1 HPSBGN02929 rev....

10CVSS0.62617EPSS
Exploits7
securityvulns
securityvulns
added 2011/03/11 12:0 a.m.193 views

TP-LINK TL-WR740N wireless router vulnerabilities

Crossite scripting, DoS...

1.7AI score
Exploits0References1
securityvulns
securityvulns
added 2007/07/10 12:0 a.m.193 views

Firefox wyciwyg:// cache zone bypass

There is an interesting vulnerability in how Mozilla Firefox handles internal wyciwyg:// pseudo-URIs. These cache-related resource identifiers are meant to be inaccessible by the user - but there are at least three routes to bypass these restrictionss, one of which - HTTP 302 redirect - also...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.193 views

LMS <= 1.8.9 Vala Remote File Inclusion Vulnerabilities

DEVIL TEAM - HACKING POLISH TEAM Author: Kacper Contact: [email protected] Homepage: http://www.rahim.webd.pl/ Irc: irc.milw0rm.com:6667 devilteam -------------------------------------------- Pozdro dla wszystkich z kanalu IRC oraz forum DEVIL TEAM. LMS = 1.8.9 Vala Remote File Inclusion...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.193 views

OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS

vendor: http://www.oneorzero.com/ vuln : http://host/supporter/index.php?t=tupd&id=SQL http://host/supporter/index.php?t=tupd&id=XSS Author : Vampire [email protected] Homepage : Www.HackerZ.iR Www.H4ckerZ.Com Iran HackerZ Security Team...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/06/22 12:0 a.m.193 views

MercuryBoard 1.1.4 SQL Injection

RST/GHC Advisory 28 Product : MercuryBoard Version : 1.1.4 FILE : index.php VULN : SQL injection CODE : global.php ---------- 71 : $this-agent = isset$SERVER'HTTPUSERAGENT' ? $SERVER'HTTPUSERAGENT' : null; index.php --------- 154 : $mercury-db-query"REPLACE INTO $mercury-preactive activeid,...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2003/06/14 12:0 a.m.193 views

BAZARR THUG LIFE , DONT READ OR VIRUS INFECT YOU

/ typespeed server =v0.4.1 remote root vulnerability! / / by: bazarr / / [email protected] / / bazarr episode 5 / ---------------------- PREFACE caddis i just be messing wid you man relax --- caddis :No such nick/channel after reading tutorial on html programmering , i have redesigned website it...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.192 views

[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability

----------------------------------------------------------- Concrete5 = 5.7.4 Access.php SQL Injection Vulnerability ----------------------------------------------------------- - Software Link: https://www.concrete5.org/ - Affected Versions: Version 5.7.3.1, 5.7.4, and probably other versions. -...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2011/11/21 12:0 a.m.192 views

Tiki Wiki CMS Groupware Multiple XSS vulnerabilities

Advisory: Tiki Wiki CMS Groupware Multiple XSS vulnerabilities Advisory ID: INFOSERVE-ADV2011-01 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Tiki 7.2 & 8.0 RC1 Vendor URL: http://info.tiki.org/ Vendor Status: fixed for Tiki 7 New Tiki 6 LTS...

6AI score0.00949EPSS
Exploits3
securityvulns
securityvulns
added 2010/03/04 12:0 a.m.192 views

Vulnerabilities in DataLife Engine

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality и Insufficient Anti-automation уязвимостях в DataLife Engine DLE. Abuse of Functionality: http://site/index.php?do=register На странице регистрации функция "Проверить имя" позволяет выявить логины пользователей в системе...

Exploits0
securityvulns
securityvulns
added 2009/05/25 12:0 a.m.192 views

[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities

AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2007/07/23 12:0 a.m.192 views

[Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln.

Aria-Security Team Image Racer SearchResults.asp SQL Injection Vendor: http://www.junctionquest.com/Software.asp Example: http://www.TARGET.com/SearchResults.asp?SearchWord=SQL COMMAND&WordSearchCrit=Yes&image.x=0&image.y=0 Example : -1 'union select username,password from admin where FIND IT YOU...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.192 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.5AI score0.06681EPSS
Exploits3References19Affected Software16
securityvulns
securityvulns
added 2007/03/17 12:0 a.m.192 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.36967EPSS
Exploits6References17Affected Software20
securityvulns
securityvulns
added 2006/12/02 12:0 a.m.192 views

Aspee Ziyareti Defteri (tr) Sql injection Vuln.

LiderHack.Org Script name : Aspee Ziyaretзi Defteri tr Script Download : http://aspindir.com/goster/4575 Risk : High Found By : ShaFuck31 Thanks : Dekolax , DesquneR , ST@ReXT , SaboTaqe Vulnerable file : giris.asp Manual connect : Go to Admin Panel Login ----- http://victim.com/path to...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2005/05/12 12:0 a.m.192 views

Yappa-NG Multiple Vulnerabilities

GulfTech Security Research May 11th, 2005 Vendor : Fritz Berger URL : http://sourceforge.net/projects/yappa-ng/ Version : yappa-ng 2.3.1 && Earlier Risk : Multiple Vulnerabilities Description: Yappa-NG is the second generation new and improved version of Yappa yet another php photo album. There a...

7AI score
Exploits0
securityvulns
securityvulns
added 2000/10/24 12:0 a.m.192 views

Allaire JRUN 2.3 Arbitrary File Retrieval

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory Allaire JRUN 2.3 ---------------------------------------------------------------------- FS Advisory ID: FS-102300-13-JRUN Release Date: October 23, 2000 Product: Allaire JRUN 2.3 Vendor: Allaire Inc...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2015/09/15 12:0 a.m.191 views

[SECURITY] [DSA 3358-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 13, 2015 https://www.debian.org/security/faq...

7.5CVSS1.1AI score0.46801EPSS
Exploits7
securityvulns
securityvulns
added 2015/05/18 12:0 a.m.191 views

SEC Consult SA-20150513-0 :: Multiple critical vulnerabilities in WSO2 Identity Server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20150513-0 ======================================================================= title: Multiple critical vulnerabilities product: WSO2 Identity Server other WSO2 Carbon based products may be affected...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/10/17 12:0 a.m.191 views

[security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04472444 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04472444 Version: 1 HPSBMU03126 rev....

4.3CVSS0.3AI score0.034EPSS
Exploits5
securityvulns
securityvulns
added 2014/09/29 12:0 a.m.191 views

Glype proxy local address filter bypass

------------------------------------------------------------------------ Glype proxy local address filter bypass ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------ Abstract...

Exploits0
securityvulns
securityvulns
added 2011/08/17 12:0 a.m.191 views

QOLQA (categoria.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability QOLQA categoria.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.qolqa.com/ Persian Gulf 4 Ever! Dork : "QOLQA" "inurl:categoria.php?id=" Exploite:...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2008/08/25 12:0 a.m.191 views

PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Microsoft .NET framework comes with a request validation feature, configurable by the ValidateRequest setting. ValidateRequest has been a feature of ASP.NET since version 1.1. This feature consists of a series of filters, designed to prevent class...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2000/11/11 12:0 a.m.191 views

[hacksware] gbook.cgi remote command execution vulnerability

Bug Report 1. Name: gbook.cgi remote command execution vulnerability 2. Release Date: 2000.11.10 3. Affected Application: GBook - A web site guestbook By Bill Kendrick [email protected] http://zippy.sonoma.edu/kendrick/ 4. Author: [email protected] 5. Type: Input validation Error 6...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2000/05/26 12:0 a.m.191 views

Security Advisory: FreeBSD-SA-00:19.semconfig

============================================================================= FreeBSD-SA-00:19 Security Advisory FreeBSD, Inc. Topic: local users can prevent all processes from exiting Category: core Module: kernel Announced: 2000-05-26 Credits: Peter Wemm [email protected] Affects: 386BSD-derive...

6.8AI score
Exploits0
Total number of security vulnerabilities5000