Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2012/10/28 12:0 a.m.177 views

Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities

Approx. 90 of diffent vulnerabilities in different applications...

10CVSS2.6AI score0.98945EPSS
Exploits56References2Affected Software12
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.177 views

Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress the-welcomizer plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Iran Hack Security Team & Islamic Republic Of Iran Security Team http://IranHack.Org & http://irist.ir/forum/ Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.177 views

Avant-Garde Technologies (display-section.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Avant-Garde Technologies display-section.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.agtsindia.com/ Persian Gulf 4 Ever! Dork : "Powered by Avant-Garde...

2.5AI score
Exploits0
securityvulns
securityvulns
added 2011/05/04 12:0 a.m.177 views

Cisco IOS SNMP Message Processing Denial Of Service Vulnerability

Cisco IOS SNMP Message Processing Denial Of Service Vulnerability ------------------------------------------------------------------ I. Summary Cisco Internetwork Operating System IOS 15.0 attempts to process SNMP solicited operations on improper ports UDP 161,162, which allows remote attackers t...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2009/06/14 12:0 a.m.177 views

VUPEN Security - Microsoft Office Word Document Parsing Buffer Overflow Vulnerability

VUPEN Security Research Advisory - VUPEN-SR-2008-06 Advisory URL: http://www.vupen.com/english/advisories/2009/1546 June 9, 2009 I. BACKGROUND ----------------------- Microsoft Office Word, included in the Microsoft Office system, is a powerful authoring program that gives you the ability to crea...

9.3CVSS8.1AI score0.40503EPSS
Exploits8
securityvulns
securityvulns
added 2009/01/30 12:0 a.m.177 views

Oracle Application Server Portal 10g Cross Site Scripting Vulnerability

OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environment for accessing and interacting with enterprise software services and information resources. A vulnerability has been identified in Oracle Application Server 10g, This could b...

1AI score
Exploits0
securityvulns
securityvulns
added 2008/12/18 12:0 a.m.177 views

Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer (960714)

Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer 960714 Published: December 17, 2008 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a...

9.3CVSS1AI score0.66513EPSS
Exploits10
securityvulns
securityvulns
added 2007/03/02 12:0 a.m.177 views

MOPB-04-2007:PHP 4 unserialize() ZVAL Reference Counter Overflow

Summary The Month of PHP Bugs started with one of the possible ways to exploit the 16bit reference counter of PHP 4. It was only exploitable with local access. However because PHP does not protect against these overflows anywhere there are other exploit vectors. With unserialize it is triggerable...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/06/20 12:0 a.m.177 views

[Full-disclosure] Cisco VPN Concentrator Groupname Enumeration Vulnerability

Cisco VPN Concentrator Groupname Enumeration Vulnerability 1. Overview: NTA Monitor has discovered a groupname enumeration vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer. The vulnerability affects remote access VPNs with...

Exploits0
securityvulns
securityvulns
added 2003/06/02 12:0 a.m.177 views

[Windows XP] ntdll.dll Buffer Overflow Vulnerability - Yet Another MS03-007

--------------------------------------------------------------------------- SUMMARY : Windows XP ntdll.dll Buffer Overflow Vulnerability PRODUCT : Windows XP ntdll.dll VERSIONS : 5.1.2600.1106 VENDOR : Microsoft Corporation http://www.microsoft.com/ SEVERITY : Critical. Code Execution, Privilege...

7.5CVSS0.2AI score0.86396EPSS
Exploits13
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.176 views

Arbitrary File Disclosure and Open Redirect in Bonita BPM

Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...

5.8CVSS6.5AI score0.17681EPSS
Exploits6
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.176 views

Cross-Site Scripting (XSS) in Ilch CMS

Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure: March 5, 2014 Vulnerability Type: Cross-Site...

4.3CVSS6.5AI score0.03295EPSS
Exploits6
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.176 views

SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2

SIP Witch 0.7.4 w/libosip2-4.0.0 Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 DoS by the NULL pointer derefence in libosip2. True, found in the ancient version of sipwitch default in BT5 but the problem lies in the library used by it and may...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.176 views

Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption.

httpMakeVaryMark header value 'value' http.cc:603 line Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.2.5 It takes combination of a 5x requests and responses in less than 10 seconds to crash the parent: Request -- cut -- !/usr/bin/env...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2012/02/03 12:0 a.m.176 views

APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following: Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2...

10CVSS0.1AI score0.73327EPSS
Exploits47
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.176 views

HP Network Node Manager i information leakage

No description provided...

6.5CVSS0.8AI score0.79415EPSS
Exploits29References5Affected Software1
securityvulns
securityvulns
added 2010/07/23 12:0 a.m.176 views

XSS vulnerability in Spitfire

Vulnerability ID: HTB22484 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfire1.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor Notification: 08 July 2010 Vulnerability Type: XSS Cross Site...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/02/12 12:0 a.m.176 views

Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)

Maybe this is related to http://bugs.proftpd.org/showbug.cgi?id=3173 ? That bug only applies to 1.3.1, so 1.3.0 is not affected. 1.3.2 is supposed to fix this bug. Sergio Aguayo ----- Original Message ----- From: [email protected] To: [email protected] Sent: Tuesday, February 10, 2009...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.176 views

[SA23643] FirePass Cross-Site Scripting Vulnerabilities

TITLE: FirePass Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA23643 VERIFY ADVISORY: http://secunia.com/advisories/23643/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote OPERATING SYSTEM: FirePass 6.x http://secunia.com/product/13146/ FirePass 5.x...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/03/09 12:0 a.m.176 views

ADP Forum 2.0,* script İnjection

http://biyosecurity.be/bugs/adpforum2.html ADP Forum 2.0, script njection ---------------------------------------------------- site:http://www.linux.it/fedro/ demo:http://www.adp.host.sk/Forum203/ -------------------------------------------------- Post This Code: scriptalert/Liz0ziM//script...

Exploits0
securityvulns
securityvulns
added 2005/07/29 12:0 a.m.176 views

Advisory 12/2005: UseBB Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: UseBB Multiple Vulnerabilities Release Date: 2005/07/28 Last Modified: 2005/07/28 Author: Stefan Esser [email protected] Application: UseBB = 0.5.1 Severity: Multiple S...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2005/01/13 12:0 a.m.176 views

Security Advisory: BiTBOARD xss

Advisory Information -------------------- Advisory name : BiTBOARD XSS Discovered by : drhankey / it-security23.net Vendor Name : the bitshifters sdc Vendor Homepage : http://www.bitshifters.net Software : Bitboard Vulnerability Type : Cross-Site-Scripting Vulnerable Versions : 2.5 and prior...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.175 views

Apple watchOS security vulnerabilities

Information disclosure, memory corruptions, multiple vulnerabilities in different libraries...

10CVSS2AI score0.2447EPSS
Exploits7References2Affected Software1
securityvulns
securityvulns
added 2015/03/23 12:0 a.m.175 views

CVE-2014-8487: Kony EMM insecurity Direct Object Reference

------------------------------------------------------------------------ Product: Enterprise Mobile Management Vendor: Kony Vulnerable Versions: Kony EMM 1.2 and probably older versions Tested Version: Drupal Kony EMM 1.2 Advisory Publication: 24 December 2014 Vendor Notification: 8 December 2014...

4CVSS0.9AI score0.01003EPSS
Exploits2
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.175 views

[Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory2014-022: SAP HANA IU5 SDK Authentication Bypass This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2014/07/22 12:0 a.m.175 views

[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04369484 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04369484 Version: 1 HPSBHF02913 rev....

8.5CVSS6.2AI score0.046EPSS
Exploits0
securityvulns
securityvulns
added 2013/10/27 12:0 a.m.175 views

[ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30

============================================= INTERNET SECURITY AUDITORS ALERT 2013-011 - Original release date: March 21st, 2013 - Last revised: March 21st, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2652...

4.3CVSS0.4AI score0.02528EPSS
Exploits2
securityvulns
securityvulns
added 2011/01/26 12:0 a.m.175 views

[DSECRG-11-007] Oracle Document Capture ImportBodyText - read files

Digital Security Research Group DSecRG Advisory DSECRG-11-007 Internal DSECRG-00117 Application: Oracle Document Capture Versions Affected: 10.1350.0005 Vendor URL: http://www.oracle.com/technology/software/products/content-management/indexdc.html Bugs: Insecure READ method Exploits: YES Reported...

7.8CVSS5.5AI score0.1193EPSS
Exploits5
securityvulns
securityvulns
added 2008/12/22 12:0 a.m.175 views

PHP APC vulnerable to local attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 PHP APC is an opcode cache for PHP, or, as the developers say: "APC is a free, open, and robust framework for caching and optimizing PHP intermediate code." http://pecl.php.net/package/APC While at least some of its developers do not consider this a...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.175 views

PHP-Nuke Module Dossiers Injection(did)

PHP-Nuke Module Dossiers Injectiondid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 :allinurl:"modules.php?name=Dossiers"did DORK 2 : allinurl: EXPLOIT : admin...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2006/07/14 12:0 a.m.175 views

ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability

ScozNews Final-Php =1.1 Remote File Inclusion Vulnerability ------------------------------------------ Discoverd By: XORON ------------------------------------------ cont@ct: x0r0nathotmaildotcom ------------------------------------------ script site: www.scoznet.com...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/07/14 12:0 a.m.175 views

flatnuke <= 2.5.7 arbitrary php file upload

12/07/200619.11.54 ----- Flatnuke 2.5.7 arbitrary file upload / remote code execution ------------- software: site: http://www.flatnuke.org/ -------------------------------------------------------------------------------- if user Gallery uploads are enabled not the default you can go to:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2014/07/21 12:0 a.m.174 views

Oracle / Sun / PeopleSoft / MySQL applications security vulnerabilities

Over 100 vulnerabilities in different applications are fixed in quarterly update...

10CVSS2.5AI score0.96121EPSS
Exploits36References1Affected Software36
securityvulns
securityvulns
added 2014/03/27 12:0 a.m.174 views

[security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iNote: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04122007 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04122007 Version: 2 HPSBMU02967 rev...

7.5CVSS0.9AI score0.06936EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.174 views

MiniMagic ruby gem remote code execution

MiniMagic ruby gem remote code execution 3/12/2013 https://github.com/hcatlin/minimagick A ruby wrapper for ImageMagick or GraphicsMagick command line. Tested on both Ruby 1.9.2 and Ruby 1.8.7. If a URL is from an untrusted source, commands can be injected into it for remote code execution with t...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.174 views

NetCat CMS v5.0.1 - Multiple Web Vulnerabilities

Title: ====== NetCat CMS v5.0.1 - Multiple Web Vulnerabilities Date: ===== 2012-10-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=738 VL-ID: ===== 738 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: ============= Vendor...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2010/09/12 12:0 a.m.174 views

XSS in Horde Application Framework <=3.3.8, icon_browser.php

Hi, Horde Application Framework v3.3.8 and lower are subject to a cross site scripting XSS vulnerability. The iconbrowser.php script fails to properly sanitize user supplied input to the 'subdir' URL parameter before printing it out as part of a HTML formatted error message. The following URL can...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/11/04 12:0 a.m.174 views

iDefense Security Advisory 11.03.08: Multiple Vendor CUPS SGI imagetops Heap Overflow Vulnerability

iDefense Security Advisory 10.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 09, 2008 I. BACKGROUND The Common UNIX Printing System, more commonly referred to as CUPS, provides a standard printer interface for various Unix based operating systems. "imagetops" is a part of CUPS...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/06/05 12:0 a.m.174 views

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Buffer Overflow Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

10CVSS0.3AI score0.0658EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/13 12:0 a.m.173 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Multiple buffer overflows, memory corruptions, information disclosures, restriction bypass...

10CVSS2.5AI score0.07417EPSS
Exploits0Affected Software3
securityvulns
securityvulns
added 2014/03/27 12:0 a.m.173 views

CVE-2013-6955 Synology DSM remote code execution

Products Affected By CVE-2013-6955 Diskstation Manager 4.0 4.2 4.3 4.3-3810 Vendor: Synology Status: Patched webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary...

10CVSS0.7AI score0.84571EPSS
Exploits9
securityvulns
securityvulns
added 2014/01/14 12:0 a.m.173 views

TA14-013A: NTP Amplification Attacks Using CVE-2013-5211

NCCIC / US-CERT National Cyber Awareness System: TA14-013A: NTP Amplification Attacks Using CVE-2013-5211 01/13/2014 05:51 PM EST Original release date: January 13, 2014 | Last revised: January 14, 2014 Systems Affected NTP servers Overview A Network Time Protocol NTP Amplification attack is an...

5CVSS1.3AI score0.97549EPSS
Exploits23
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.173 views

[waraxe-2013-SA#106] - Multiple Vulnerabilities in Saurus CMS 4.7.1

waraxe-2013-SA106 - Multiple Vulnerabilities in Saurus CMS 4.7.1 ================================================================================ Author: Janek Vind "waraxe" Date: 14. July 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-106.html Description of vulnerable software...

Exploits0
securityvulns
securityvulns
added 2010/10/16 12:0 a.m.173 views

freeciv unauthorized access

It's possible to access files and execute commands via scenario...

10CVSS4.5AI score0.03342EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2009/03/12 12:0 a.m.173 views

Aryanic HighCMS and HighPortal multiple Vulnerabilities

================= IUT-CERT ================= Title: Aryanic HighPortal, HighCMS Multiple Vulnerabilities Vendor: www.aryanic.com Vulnerable Version: 10 and priors Type: Input.Validation.Vulnerability URI Injection, Frame Injection, XSS Fix: N/A ================== nsec.ir =================...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2008/10/16 12:0 a.m.173 views

iDefense Security Advisory 10.14.08: Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow

iDefense Security Advisory 10.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 09, 2008 I. BACKGROUND Sun Microsystems Inc's Java System is a collection of server applications bundled together. One such server application included is the Web Proxy Server. This software implements...

10CVSS0.08439EPSS
Exploits1
securityvulns
securityvulns
added 2007/11/17 12:0 a.m.173 views

Javamail login username and password same email problem

Javamail login username and password same email problem By Thet Aung Min Latt Yangon Myanmar 16 November 2007 1. First logon to examplemail.com http://examplemail.com/login.jsp And login with [email protected] in username and password box. User name: [email protected]...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2007/09/11 12:0 a.m.173 views

Netjuke 1.0-rc2 - sql injection & XSS

The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database and all the MP3, Ogg Vorbis and other format files that constitute your digital music collection. Supports images, language packs, multi-level security, random playlists, etc http://sourceforge.net/projects/netjuke...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.173 views

infinicart [ multiples injection sql & xss (post) ]

vendor site: http://www.ecommercemax.com/ product : infinicart bug: multiples injection sql & xss language : asp risk : high injection sql get: /infinicart-demo/browsegroup.asp?groupid=sql /infinicart-demo/addedtocart.asp?productid=sql /infinicart-demo/browsesubcat.asp?catid=sql...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/06/25 12:0 a.m.173 views

[Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability

Title: Kil13r-SA-20060622-1 NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability Author: Kil13r - http://www.kil13r.info/ Local / Remote: Remote Timeline: 2006/06/21 - Discovery 2006/06/21 - Vendor notification 2006/06/22 - Release Affected version: NetSoft SmartNet 2.0 Not affected version:...

1.6AI score
Exploits0
Total number of security vulnerabilities5000