Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2007/08/18 12:0 a.m.178 views

iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Multiple Race Condition Vulnerabilities

IBM DB2 Universal Database Multiple Race Condition Vulnerabilities iDefense Security Advisory 08.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 16, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end...

6.9CVSS0.4AI score0.00328EPSS
Exploits1
securityvulns
securityvulns
added 2006/08/11 12:0 a.m.178 views

Mafia Moblog <= 6 (pathtotemplate) Remote File Inclusion Vulnerability

------------------------------------------------------------------------ ------------------- Mafia Moblog pathtotemplate Remote File Inclusion ------------------------------------------------------------------------ ------------------- Author : Sh3ll Date : 2006/04/30 HomePage : http://www.sh3ll....

1AI score
Exploits0
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.177 views

HttpFileServer 2.3.x Remote Command Execution

Affected software: http://sourceforge.net/projects/hfs/ Version : 2.3x Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 11-09-2014 Remote: Yes Exploit Author: Daniele Linguaglossa Vendor Homepage: http://rejetto.com/ Software Link:...

7.5CVSS3.3AI score0.99323EPSS
Exploits23
securityvulns
securityvulns
added 2014/07/28 12:0 a.m.177 views

Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability

Document Title: =============== Barracuda Networks Spam&Virus Firewall v6.0.2 600 & Vx - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=890 Barracuda Networks Security ID BNSEC: BNSEC-1176...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.177 views

ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability

ESA-2013-094.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability EMC Identifier: ESA-2013-094 CVE Identifier: CVE-2012-0874 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Affected products: • A...

6.8CVSS1.3AI score0.15561EPSS
Exploits1
securityvulns
securityvulns
added 2013/10/03 12:0 a.m.177 views

Insecure CHIASMUS encryption in GSTOOL

== Insecure CHIASMUS encryption in GSTOOL == GSTOOL versions 3.0 to 4.7 inclusive contain an insecure encryption feature using the non-public CHIASMUS block cipher. Due to the use of an insecure PRNG for key generation, files encrypted using the encryption feature of this tool can be decrypted...

Exploits0
securityvulns
securityvulns
added 2012/03/10 12:0 a.m.177 views

ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-038 February 22, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - --...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.177 views

Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress the-welcomizer plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Iran Hack Security Team & Islamic Republic Of Iran Security Team http://IranHack.Org & http://irist.ir/forum/ Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/04 12:0 a.m.177 views

PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability

Advisory: PHP Inventory 1.3.1 Remote Auth Bypass SQL Injection Vulnerability Advisory ID: INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on PHP Inventory 1.3.1 Vendor URL: http://www.phpwares.com/ Vendor Status: fixed CVE-ID:...

7.5CVSS0.2AI score0.01475EPSS
Exploits3
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.177 views

Avant-Garde Technologies (display-section.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Avant-Garde Technologies display-section.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.agtsindia.com/ Persian Gulf 4 Ever! Dork : "Powered by Avant-Garde...

2.5AI score
Exploits0
securityvulns
securityvulns
added 2010/03/02 12:0 a.m.177 views

Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities

========================================= Yaniv Miron aka "Lament" Advisory Feb 28, 2010 Sparta Systems TrackWise TeamAccess module Multiple Cross Site Scripting Vulnerabilities ========================================= ===================== I. BACKGROUND ===================== TrackWise® by Spart...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/05/29 12:0 a.m.177 views

Backdoor in com_rsgallery2 gallery extension for joomla

Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.177 views

WoltLab Burning Board 2.3.5(WBB) in XSS

Hi WBB in XSS We aren't able to bite from the Avatar ,But attachment.php With xss code are able to bite. HEX editor With GIF picture Open , JS code are writing. GIF89ajscode Js Code:Hex:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/08/23 12:0 a.m.177 views

Remote IIS 5.x and IIS 6.0 Server Name Spoof

Remote IIS 5.x and IIS 6.0 Server Name Spoof It is possible to remotely spoof the "SERVERNAME" Microsoft® Internet Information Server® 5.0, 5.1 and 6.0 server variable by doing a modified HTTP request. Thus potentially revealing sensitive ASP code through the IIS 500-100.asp error page, the spoof...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2003/04/10 12:0 a.m.177 views

[ARL03-A16] Multiple Security Issues in phPay

+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL03-A16 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : Multiple Security Issues in...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2002/05/15 12:0 a.m.177 views

Information leakage in Quake2

It's possible to retrieve any server variables vaules including $rconpassword by using modified client without $-variables expanding...

3.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.176 views

Arbitrary File Disclosure and Open Redirect in Bonita BPM

Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...

5.8CVSS6.5AI score0.17681EPSS
Exploits6
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.176 views

icecast DoS

NULL pointer dereference on authentication by URL...

5CVSS3AI score0.04344EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2013/10/03 12:0 a.m.176 views

Moodle 2.5.0-1 (badges/external.php) PHP Object Injection Vulnerability

============================================= - Original release date: 15 September, 2013 - Discovered by: Emilio Pinna Application Security Analyst at Abinsula - Contact: emilio pinn gmail ============================================= VULNERABILITY ---------------------- Moodle CMS version 2.5.0...

7.5CVSS0.4AI score0.02098EPSS
Exploits2
securityvulns
securityvulns
added 2013/10/02 12:0 a.m.176 views

[security bulletin] HPSBMU02900 rev.3 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 3 HPSBMU02900 rev....

7.5CVSS0.9AI score0.73327EPSS
Exploits27
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.176 views

SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2

SIP Witch 0.7.4 w/libosip2-4.0.0 Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 DoS by the NULL pointer derefence in libosip2. True, found in the ancient version of sipwitch default in BT5 but the problem lies in the library used by it and may...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.176 views

Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption.

httpMakeVaryMark header value 'value' http.cc:603 line Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.2.5 It takes combination of a 5x requests and responses in less than 10 seconds to crash the parent: Request -- cut -- !/usr/bin/env...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2010/09/17 12:0 a.m.176 views

[security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02512995 Version: 1 HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS, HTTP Response Splitting, and Other Vulnerabilities...

10CVSS0.87264EPSS
Exploits22
securityvulns
securityvulns
added 2009/06/14 12:0 a.m.176 views

VUPEN Security - Microsoft Office Word Document Parsing Buffer Overflow Vulnerability

VUPEN Security Research Advisory - VUPEN-SR-2008-06 Advisory URL: http://www.vupen.com/english/advisories/2009/1546 June 9, 2009 I. BACKGROUND ----------------------- Microsoft Office Word, included in the Microsoft Office system, is a powerful authoring program that gives you the ability to crea...

9.3CVSS8.1AI score0.40503EPSS
Exploits8
securityvulns
securityvulns
added 2008/12/18 12:0 a.m.176 views

Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer (960714)

Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer 960714 Published: December 17, 2008 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a...

9.3CVSS1AI score0.66513EPSS
Exploits10
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.176 views

[SA23643] FirePass Cross-Site Scripting Vulnerabilities

TITLE: FirePass Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA23643 VERIFY ADVISORY: http://secunia.com/advisories/23643/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote OPERATING SYSTEM: FirePass 6.x http://secunia.com/product/13146/ FirePass 5.x...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/03/09 12:0 a.m.176 views

ADP Forum 2.0,* script İnjection

http://biyosecurity.be/bugs/adpforum2.html ADP Forum 2.0, script njection ---------------------------------------------------- site:http://www.linux.it/fedro/ demo:http://www.adp.host.sk/Forum203/ -------------------------------------------------- Post This Code: scriptalert/Liz0ziM//script...

Exploits0
securityvulns
securityvulns
added 2014/07/22 12:0 a.m.175 views

[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04369484 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04369484 Version: 1 HPSBHF02913 rev....

8.5CVSS6.2AI score0.046EPSS
Exploits0
securityvulns
securityvulns
added 2013/10/02 12:0 a.m.175 views

HP System Management Homepage multiple security vulnerabilities

XSS, privilege escalation, unauthorized access, information leakage, DoS...

7.5CVSS1.8AI score0.73327EPSS
Exploits27References1Affected Software1
securityvulns
securityvulns
added 2012/12/12 12:0 a.m.175 views

[security bulletin] HPSBOV02834 SSRT101055 rev.1 - HP OpenVMS LOGIN or ACMELOGIN, Remote or Local Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03599086 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03599086 Version: 1 HPSBOV02834...

5CVSS0.3AI score0.0235EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/03 12:0 a.m.175 views

APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following: Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2...

10CVSS0.1AI score0.73327EPSS
Exploits47
securityvulns
securityvulns
added 2011/05/04 12:0 a.m.175 views

Cisco IOS SNMP Message Processing Denial Of Service Vulnerability

Cisco IOS SNMP Message Processing Denial Of Service Vulnerability ------------------------------------------------------------------ I. Summary Cisco Internetwork Operating System IOS 15.0 attempts to process SNMP solicited operations on improper ports UDP 161,162, which allows remote attackers t...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2011/01/26 12:0 a.m.175 views

[DSECRG-11-007] Oracle Document Capture ImportBodyText - read files

Digital Security Research Group DSecRG Advisory DSECRG-11-007 Internal DSECRG-00117 Application: Oracle Document Capture Versions Affected: 10.1350.0005 Vendor URL: http://www.oracle.com/technology/software/products/content-management/indexdc.html Bugs: Insecure READ method Exploits: YES Reported...

7.8CVSS5.5AI score0.1193EPSS
Exploits5
securityvulns
securityvulns
added 2009/04/14 12:0 a.m.175 views

Microsoft Windows WinHTTP servive multiple security vulnerabilities

Integer overflow, certificate spoofing, NTLM relaying...

10CVSS2.1AI score0.1415EPSS
Exploits7References1
securityvulns
securityvulns
added 2009/02/12 12:0 a.m.175 views

Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)

Maybe this is related to http://bugs.proftpd.org/showbug.cgi?id=3173 ? That bug only applies to 1.3.1, so 1.3.0 is not affected. 1.3.2 is supposed to fix this bug. Sergio Aguayo ----- Original Message ----- From: [email protected] To: [email protected] Sent: Tuesday, February 10, 2009...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2009/01/30 12:0 a.m.175 views

Oracle Application Server Portal 10g Cross Site Scripting Vulnerability

OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environment for accessing and interacting with enterprise software services and information resources. A vulnerability has been identified in Oracle Application Server 10g, This could b...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.175 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.5AI score0.06681EPSS
Exploits3References19Affected Software16
securityvulns
securityvulns
added 2005/07/29 12:0 a.m.175 views

Advisory 12/2005: UseBB Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: UseBB Multiple Vulnerabilities Release Date: 2005/07/28 Last Modified: 2005/07/28 Author: Stefan Esser [email protected] Application: UseBB = 0.5.1 Severity: Multiple S...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2005/06/20 12:0 a.m.175 views

[Full-disclosure] Cisco VPN Concentrator Groupname Enumeration Vulnerability

Cisco VPN Concentrator Groupname Enumeration Vulnerability 1. Overview: NTA Monitor has discovered a groupname enumeration vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer. The vulnerability affects remote access VPNs with...

Exploits0
securityvulns
securityvulns
added 2003/06/02 12:0 a.m.175 views

[Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007

--------------------------------------------------------------------------- SUMMARY : Windows XP ntdll.dll Buffer Overflow Vulnerability PRODUCT : Windows XP ntdll.dll VERSIONS : 5.1.2600.1106 VENDOR : Microsoft Corporation http://www.microsoft.com/ SEVERITY : Critical. Code Execution, Privilege...

7.5CVSS0.2AI score0.86396EPSS
Exploits13
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.174 views

[Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory2014-023: HTTP verb tampering issue in SAPJTECHS This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.174 views

Cross-Site Scripting (XSS) in Ilch CMS

Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure: March 5, 2014 Vulnerability Type: Cross-Site...

4.3CVSS6.5AI score0.03295EPSS
Exploits6
securityvulns
securityvulns
added 2014/03/27 12:0 a.m.174 views

[security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iNote: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04122007 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04122007 Version: 2 HPSBMU02967 rev...

7.5CVSS0.9AI score0.06936EPSS
Exploits2
securityvulns
securityvulns
added 2013/07/29 12:0 a.m.174 views

Apache OpenOffice security vulnerabilities

Few memory corruptions...

6.8CVSS3AI score0.03958EPSS
Exploits2References2Affected Software1
securityvulns
securityvulns
added 2010/08/11 12:0 a.m.174 views

Microsoft Windows Schannel memory corruption

Memory corruption on TLS/SSL certificate parsing, certificate spoofing, connection hijacking...

9.3CVSS3.3AI score0.87264EPSS
Exploits16References2
securityvulns
securityvulns
added 2010/07/23 12:0 a.m.174 views

XSS vulnerability in Spitfire

Vulnerability ID: HTB22484 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfire1.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor Notification: 08 July 2010 Vulnerability Type: XSS Cross Site...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/12/22 12:0 a.m.174 views

PHP APC vulnerable to local attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 PHP APC is an opcode cache for PHP, or, as the developers say: "APC is a free, open, and robust framework for caching and optimizing PHP intermediate code." http://pecl.php.net/package/APC While at least some of its developers do not consider this a...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.174 views

PHP-Nuke Module Dossiers Injection(did)

PHP-Nuke Module Dossiers Injectiondid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 :allinurl:"modules.php?name=Dossiers"did DORK 2 : allinurl: EXPLOIT : admin...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2007/07/13 12:0 a.m.174 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.5CVSS1.5AI score0.05142EPSS
Exploits5References15Affected Software3
securityvulns
securityvulns
added 2007/03/02 12:0 a.m.174 views

MOPB-04-2007:PHP 4 unserialize() ZVAL Reference Counter Overflow

Summary The Month of PHP Bugs started with one of the possible ways to exploit the 16bit reference counter of PHP 4. It was only exploitable with local access. However because PHP does not protect against these overflows anywhere there are other exploit vectors. With unserialize it is triggerable...

0.5AI score
Exploits0
Total number of security vulnerabilities5000