Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2014/10/15 12:0 a.m.179 views

HttpFileServer 2.3.x Remote Command Execution

Affected software: http://sourceforge.net/projects/hfs/ Version : 2.3x Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 11-09-2014 Remote: Yes Exploit Author: Daniele Linguaglossa Vendor Homepage: http://rejetto.com/ Software Link:...

7.5CVSS3.3AI score0.99323EPSS
Exploits23
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.179 views

SEC Consult SA-20130625-0 :: Multiple vulnerabilities in IceWarp Mail Server

SEC Consult Vulnerability Lab Security Advisory 20130625-0 ======================================================================= title: Multiple vulnerabilities in IceWarp Mail Server product: IceWarp Mail Server vulnerable version: =10.4.5 fixed version: 10.4.5-1 impact: Critical homepage:...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.179 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Information leakage, multiple memory corruptions, crossite scripting, etc...

10CVSS1.7AI score0.42609EPSS
Exploits11Affected Software3
securityvulns
securityvulns
added 2009/04/14 12:0 a.m.179 views

Microsoft Windows WinHTTP servive multiple security vulnerabilities

Integer overflow, certificate spoofing, NTLM relaying...

10CVSS2.1AI score0.1415EPSS
Exploits7References1
securityvulns
securityvulns
added 2007/04/12 12:0 a.m.179 views

WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability

WebSPELL = 4.01.02 picture.php Remote File Disclosure Vulnerability Discovered by: Trex Visit: www.Trex-Online.net / www.UnderGround.ag Comment: Happy easter! / / / / / / / // / GIVE ME A CARROT OR I WILL O O/ BLOW UP YOUR HOUSE / / ^ / / / // / // /// Vulnerability 1: Advantage: works...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/04/09 12:0 a.m.179 views

[Full-disclosure] Some 0day Pocs

Mati Aharoni muts .@. offensive-security.com mailto:[email protected] http://www.offensive-security.com My 7 line python fuzzer found several file format bugs in 3 hours. Quite alarming. No deep analysis was done, I leave that to the community. These are some of the results: file789-1.d...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/12/31 12:0 a.m.179 views

ASPTicker 1.0 (admin.asp) Remote Login ByPass SQL Injection Vulnerability

Title : ASPTicker 1.0 admin.asp Remote Login ByPass SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.aspapps.com $$ : $ 17.00 SQL--------------------------------------------------------- http://target/path//admin.aspByPass Example: //Password 'union select 0,0,0 from...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2004/05/31 12:0 a.m.179 views

[waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]

================================================================================ waraxe-2004-SA031 ================================================================================ Multiple vulnerabilities in e107 version 0.615...

Exploits0
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.178 views

Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities

Document Title: =============== Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 37 - Filter Bypass & Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1103 Barracuda Networks Security ID BNSEC: BNSEC-1263...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.178 views

ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability

ESA-2013-094.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability EMC Identifier: ESA-2013-094 CVE Identifier: CVE-2012-0874 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Affected products: • A...

6.8CVSS1.3AI score0.15561EPSS
Exploits1
securityvulns
securityvulns
added 2013/10/03 12:0 a.m.178 views

Insecure CHIASMUS encryption in GSTOOL

== Insecure CHIASMUS encryption in GSTOOL == GSTOOL versions 3.0 to 4.7 inclusive contain an insecure encryption feature using the non-public CHIASMUS block cipher. Due to the use of an insecure PRNG for key generation, files encrypted using the encryption feature of this tool can be decrypted...

Exploits0
securityvulns
securityvulns
added 2013/10/02 12:0 a.m.178 views

[security bulletin] HPSBMU02900 rev.3 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 3 HPSBMU02900 rev....

7.5CVSS0.9AI score0.73327EPSS
Exploits27
securityvulns
securityvulns
added 2013/04/28 12:0 a.m.178 views

BF and IA vulnerabilities in IBM Lotus Domino

Hello 3APA3A! I want to warn you about Brute Force and Insufficient Authentication vulnerabilities in IBM Lotus Domino. These are vulnerabilities in Domino, which I've found at 03.05.2012 together with other holes. Last year I've announced multiple vulnerabilities in IBM software and after IBM...

Exploits0
securityvulns
securityvulns
added 2012/12/10 12:0 a.m.178 views

FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities

Title: ====== FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Date: ===== 2012-12-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=702 VL-ID: ===== 702 Common Vulnerability Scoring System: ==================================== 2.1 Introduction: =============...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2010/09/17 12:0 a.m.178 views

[security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02512995 Version: 1 HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS, HTTP Response Splitting, and Other Vulnerabilities...

10CVSS0.87264EPSS
Exploits22
securityvulns
securityvulns
added 2009/05/29 12:0 a.m.178 views

Backdoor in com_rsgallery2 gallery extension for joomla

Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/02/27 12:0 a.m.178 views

[ MDVSA-2008:050 ] - Updated cups packages fix multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:050 http://www.mandriva.com/security/ Package : cups Date : February 26, 2008 Affected: Corporate 3.0 Problem Description: Dave Camp at Critical Path Software discovered a buffer overflow in CUPS 1.1.23 and...

10CVSS9.5AI score0.05793EPSS
Exploits2
securityvulns
securityvulns
added 2007/08/18 12:0 a.m.178 views

iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Multiple Race Condition Vulnerabilities

IBM DB2 Universal Database Multiple Race Condition Vulnerabilities iDefense Security Advisory 08.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 16, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end...

6.9CVSS0.4AI score0.00328EPSS
Exploits1
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.178 views

WoltLab Burning Board 2.3.5(WBB) in XSS

Hi WBB in XSS We aren't able to bite from the Avatar ,But attachment.php With xss code are able to bite. HEX editor With GIF picture Open , JS code are writing. GIF89ajscode Js Code:Hex:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/08/23 12:0 a.m.178 views

Remote IIS 5.x and IIS 6.0 Server Name Spoof

Remote IIS 5.x and IIS 6.0 Server Name Spoof It is possible to remotely spoof the "SERVERNAME" Microsoft® Internet Information Server® 5.0, 5.1 and 6.0 server variable by doing a modified HTTP request. Thus potentially revealing sensitive ASP code through the IIS 500-100.asp error page, the spoof...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.177 views

icecast DoS

NULL pointer dereference on authentication by URL...

5CVSS3AI score0.04344EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2014/07/28 12:0 a.m.177 views

Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability

Document Title: =============== Barracuda Networks Spam&Virus Firewall v6.0.2 600 & Vx - Client Side Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=890 Barracuda Networks Security ID BNSEC: BNSEC-1176...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/03/10 12:0 a.m.177 views

ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-038 February 22, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - --...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.177 views

Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress the-welcomizer plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Iran Hack Security Team & Islamic Republic Of Iran Security Team http://IranHack.Org & http://irist.ir/forum/ Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/04 12:0 a.m.177 views

PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability

Advisory: PHP Inventory 1.3.1 Remote Auth Bypass SQL Injection Vulnerability Advisory ID: INFOSERVE-ADV2011-08 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on PHP Inventory 1.3.1 Vendor URL: http://www.phpwares.com/ Vendor Status: fixed CVE-ID:...

7.5CVSS0.2AI score0.01475EPSS
Exploits3
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.177 views

Avant-Garde Technologies (display-section.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Avant-Garde Technologies display-section.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.agtsindia.com/ Persian Gulf 4 Ever! Dork : "Powered by Avant-Garde...

2.5AI score
Exploits0
securityvulns
securityvulns
added 2010/08/11 12:0 a.m.177 views

Microsoft Windows Schannel memory corruption

Memory corruption on TLS/SSL certificate parsing, certificate spoofing, connection hijacking...

9.3CVSS3.3AI score0.87264EPSS
Exploits16References2
securityvulns
securityvulns
added 2009/06/14 12:0 a.m.177 views

VUPEN Security - Microsoft Office Word Document Parsing Buffer Overflow Vulnerability

VUPEN Security Research Advisory - VUPEN-SR-2008-06 Advisory URL: http://www.vupen.com/english/advisories/2009/1546 June 9, 2009 I. BACKGROUND ----------------------- Microsoft Office Word, included in the Microsoft Office system, is a powerful authoring program that gives you the ability to crea...

9.3CVSS8.1AI score0.40503EPSS
Exploits8
securityvulns
securityvulns
added 2009/01/30 12:0 a.m.177 views

Oracle Application Server Portal 10g Cross Site Scripting Vulnerability

OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environment for accessing and interacting with enterprise software services and information resources. A vulnerability has been identified in Oracle Application Server 10g, This could b...

1AI score
Exploits0
securityvulns
securityvulns
added 2008/12/18 12:0 a.m.177 views

Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer (960714)

Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer 960714 Published: December 17, 2008 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a...

9.3CVSS1AI score0.66513EPSS
Exploits10
securityvulns
securityvulns
added 2005/06/20 12:0 a.m.177 views

[Full-disclosure] Cisco VPN Concentrator Groupname Enumeration Vulnerability

Cisco VPN Concentrator Groupname Enumeration Vulnerability 1. Overview: NTA Monitor has discovered a groupname enumeration vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer. The vulnerability affects remote access VPNs with...

Exploits0
securityvulns
securityvulns
added 2003/04/10 12:0 a.m.177 views

[ARL03-A16] Multiple Security Issues in phPay

+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL03-A16 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : Multiple Security Issues in...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2002/05/15 12:0 a.m.177 views

Information leakage in Quake2

It's possible to retrieve any server variables vaules including $rconpassword by using modified client without $-variables expanding...

3.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.176 views

Arbitrary File Disclosure and Open Redirect in Bonita BPM

Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...

5.8CVSS6.5AI score0.17681EPSS
Exploits6
securityvulns
securityvulns
added 2013/10/03 12:0 a.m.176 views

Moodle 2.5.0-1 (badges/external.php) PHP Object Injection Vulnerability

============================================= - Original release date: 15 September, 2013 - Discovered by: Emilio Pinna Application Security Analyst at Abinsula - Contact: emilio pinn gmail ============================================= VULNERABILITY ---------------------- Moodle CMS version 2.5.0...

7.5CVSS0.4AI score0.02098EPSS
Exploits2
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.176 views

SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2

SIP Witch 0.7.4 w/libosip2-4.0.0 Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 DoS by the NULL pointer derefence in libosip2. True, found in the ancient version of sipwitch default in BT5 but the problem lies in the library used by it and may...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.176 views

Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption.

httpMakeVaryMark header value 'value' http.cc:603 line Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.2.5 It takes combination of a 5x requests and responses in less than 10 seconds to crash the parent: Request -- cut -- !/usr/bin/env...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2011/05/04 12:0 a.m.176 views

Cisco IOS SNMP Message Processing Denial Of Service Vulnerability

Cisco IOS SNMP Message Processing Denial Of Service Vulnerability ------------------------------------------------------------------ I. Summary Cisco Internetwork Operating System IOS 15.0 attempts to process SNMP solicited operations on improper ports UDP 161,162, which allows remote attackers t...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2009/02/12 12:0 a.m.176 views

Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)

Maybe this is related to http://bugs.proftpd.org/showbug.cgi?id=3173 ? That bug only applies to 1.3.1, so 1.3.0 is not affected. 1.3.2 is supposed to fix this bug. Sergio Aguayo ----- Original Message ----- From: [email protected] To: [email protected] Sent: Tuesday, February 10, 2009...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2007/03/02 12:0 a.m.176 views

MOPB-04-2007:PHP 4 unserialize() ZVAL Reference Counter Overflow

Summary The Month of PHP Bugs started with one of the possible ways to exploit the 16bit reference counter of PHP 4. It was only exploitable with local access. However because PHP does not protect against these overflows anywhere there are other exploit vectors. With unserialize it is triggerable...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.176 views

[SA23643] FirePass Cross-Site Scripting Vulnerabilities

TITLE: FirePass Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA23643 VERIFY ADVISORY: http://secunia.com/advisories/23643/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote OPERATING SYSTEM: FirePass 6.x http://secunia.com/product/13146/ FirePass 5.x...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/03/09 12:0 a.m.176 views

ADP Forum 2.0,* script İnjection

http://biyosecurity.be/bugs/adpforum2.html ADP Forum 2.0, script njection ---------------------------------------------------- site:http://www.linux.it/fedro/ demo:http://www.adp.host.sk/Forum203/ -------------------------------------------------- Post This Code: scriptalert/Liz0ziM//script...

Exploits0
securityvulns
securityvulns
added 2005/07/29 12:0 a.m.176 views

Advisory 12/2005: UseBB Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: UseBB Multiple Vulnerabilities Release Date: 2005/07/28 Last Modified: 2005/07/28 Author: Stefan Esser [email protected] Application: UseBB = 0.5.1 Severity: Multiple S...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2005/01/13 12:0 a.m.176 views

Security Advisory: BiTBOARD xss

Advisory Information -------------------- Advisory name : BiTBOARD XSS Discovered by : drhankey / it-security23.net Vendor Name : the bitshifters sdc Vendor Homepage : http://www.bitshifters.net Software : Bitboard Vulnerability Type : Cross-Site-Scripting Vulnerable Versions : 2.5 and prior...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2003/06/02 12:0 a.m.176 views

[Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007

--------------------------------------------------------------------------- SUMMARY : Windows XP ntdll.dll Buffer Overflow Vulnerability PRODUCT : Windows XP ntdll.dll VERSIONS : 5.1.2600.1106 VENDOR : Microsoft Corporation http://www.microsoft.com/ SEVERITY : Critical. Code Execution, Privilege...

7.5CVSS0.2AI score0.86396EPSS
Exploits13
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.175 views

Microsoft Windows multiple security vulnerabilities

Internet Explorer / Edge multiple security vulnerabilities, VBScript / Jscript code execution, Windows Shell code execution, kernel privilege escsalation...

9.3CVSS2.6AI score0.69997EPSS
Exploits18References1Affected Software1
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.175 views

[Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory2014-023: HTTP verb tampering issue in SAPJTECHS This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/07/22 12:0 a.m.175 views

[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04369484 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04369484 Version: 1 HPSBHF02913 rev....

8.5CVSS6.2AI score0.046EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.175 views

Cross-Site Scripting (XSS) in Ilch CMS

Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure: March 5, 2014 Vulnerability Type: Cross-Site...

4.3CVSS6.5AI score0.03295EPSS
Exploits6
securityvulns
securityvulns
added 2012/12/12 12:0 a.m.175 views

[security bulletin] HPSBOV02834 SSRT101055 rev.1 - HP OpenVMS LOGIN or ACMELOGIN, Remote or Local Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03599086 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03599086 Version: 1 HPSBOV02834...

5CVSS0.3AI score0.0235EPSS
Exploits0
Total number of security vulnerabilities5000