Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2015/08/24 12:0 a.m.169 views

OpenSSH resreictions bypass

It's possible to bypass MaxAuthTries restrictions...

8.5CVSS2AI score0.09302EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.169 views

SQL Injection in AdRotate

Advisory ID: HTB23201 Product: AdRotate Vendor: AJdG Solutions Vulnerable Versions: 3.9.4 and probably prior Tested Version: 3.9.4 Advisory Publication: January 30, 2014 without technical details Vendor Notification: January 30, 2014 Vendor Patch: January 31, 2014 Public Disclosure: February 20,...

7.5CVSS0.2AI score0.05412EPSS
Exploits7
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.169 views

Code Execution vulnerability in Contact Form 7 for WordPress

Hello 3APA3A! I want to inform you about vulnerability in Contact Form 7 plugin for WordPress. This is Code Execution via Arbitrary File Uploading vulnerability. ------------------------- Affected products: ------------------------- Vulnerable are Contact Form 7 3.5.2 and previous versions. After...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.169 views

Authentication bypass on Netgear WNR1000

Authentication bypass on Netgear WNR1000 ======================================== ADVISORY INFORMATION Title: Authentication bypass on Netgear WNR1000 Discovery date: 10/11/2012 Release date: 29/03/2013 Credits: Roberto Paleari [email protected], twitter: @rpaleari VULNERABILITY INFORMATION...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.169 views

Exploit for stealing admin's account in Question2Answer

Hello! Here is exploit for stealing admin's account in Question2Answer. This exploit uses Cross-Site Request Forgery vulnerability at http://site/account and Insufficient Anti-automation vulnerabilities at http://site/forgot and http://site/reset, which I've described in the second advisory about...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.169 views

RedTeam Pentesting GmbH

Advisory: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes The Owl Intranet Engine uses no salting in the password hashing procedure. Furthermore, users in the "Administrators" group are able to see the MD5 password hashes of every user using the web interface. Details...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2011/02/03 12:0 a.m.169 views

Aruba Mobility Controller - multiple advisories: DoS and authentication bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ADVISORY NUMBER 013111 Advisory 1: TITLE Malformed 802.11 Probe Request frame causes Denial of Service condition on an Access Point. SUMMARY A Denial of Service DoS vulnerability was discovered during standard bug reporting procedures. A malformed...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2010/12/12 12:0 a.m.169 views

www.eVuln.com : HTTP Response Splitting in WWWThreads (php version)

www.eVuln.com advisory: HTTP Response Splitting in WWWThreads php version Summary: http://evuln.com/vulns/156/summary.html Details: http://evuln.com/vulns/156/description.html -----------Summary----------- eVuln ID: EV0156 Software: n/a Vendor: WWWThreads Version: 2006.11.25 Critical Level: low...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/11/25 12:0 a.m.169 views

Aria-Security.net: CoolShot E-Lite POS 1.0

Aria-Security Team http://aria-security.net ------------------------------------- CoolShot E-Lite POS 1.0 http://coolshot.net/index.php/works/49-e-lite-pos Original Advisory @ http://aria-security.net/forum/showthread.php?p=1108post1108 Published on November 24 2007 users.userid users.username...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.169 views

Title : VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities

Title : VP-ASP Shopping Cart 6.09 Remote Multiple Vulnerabilities Author : ajann Contact : : S.Page : http://www.vpasp.com $$ : $49.00 - $350.00 - $495.00 SQL--------------------------------------------------------- http://target/path//shopgiftregsearch.asp?LoginLastname=SQL Example:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/09/20 12:0 a.m.169 views

Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit

==================================================================== Pie Cart Pro = HomePath Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz http://www.doodlebabies.com/...

Exploits0
securityvulns
securityvulns
added 2006/08/10 12:0 a.m.169 views

PhpwCMS 1.2.6 <= Multiple Remote file inclusion vulnerabilities

PhpwCMS 1.2.6 = Multiple Remote file inclusion vulnerabilities Discovered by : |/| . .. | || ||| | | Vuln In : include $spawroot.'class/lang.class.php'; Affected Files : include/incext/spaw/dialogs/table.php include/incext/spaw/dialogs/a.php include/incext/spaw/dialogs/colorpicker.php...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2015/04/09 12:0 a.m.168 views

APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004 OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following: Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain...

10CVSS0.5AI score0.98685EPSS
Exploits60
securityvulns
securityvulns
added 2015/01/02 12:0 a.m.168 views

[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability

----------------------------------------------------------------------------- Mantis Bug Tracker = 1.2.17 ImportXml.php PHP Code Injection Vulnerability ----------------------------------------------------------------------------- - Software Link: http://www.mantisbt.org/ - Affected Versions: All...

7.5CVSS0.3AI score0.50561EPSS
Exploits8
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.168 views

VUPEN Security Research - Oracle Java Preloader Click-2-Play Warning Bypass Vulnerability

VUPEN Security Research - Oracle Java Applet Preloader Click-2-Play Warning Bypass Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Java is the foundation for virtually every type of networked application and is the global standa...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.168 views

[security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03179046 Version: 1 HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as...

10CVSS0.8AI score0.0867EPSS
Exploits0
securityvulns
securityvulns
added 2011/08/17 12:0 a.m.168 views

Muzedon (dettaglio.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Muzedon dettaglio.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "Powered By Muzedon.com" "inurl:dettaglio.php?id=" Exploite:...

4.5AI score
Exploits0
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.168 views

Web Fusion Nepal (tour.php?category) XSS Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD XSS Vulnerability Web Fusion Nepal tour.php?category AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://webfusion.com.np/ Persian Gulf 4 Ever! Dork : "Powered by: Web Fusion Nepal" "inurl:tour.php?category="...

2.7AI score
Exploits0
securityvulns
securityvulns
added 2008/03/26 12:0 a.m.168 views

Aztech ADSL2/2+ 4 Port remote root

http://www.aztech.com cat versions VERSION=3.7.0 BUILD=070426 BOARD=AR7RD FSSTAMP=20070426171252 Example: $ lynx "http://192.168.0.5/cgi-bin/script?system20&20whoami" --source root $ lynx "http://192.168.0.5/cgi-bin/script?system20&20ls /" --source bin dev etc lib proc sbin usr var var.tar $...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.168 views

PhotoCart 3.9 (adminprint.php) Remote File Include Vulnerability

PhotoCart 3.9 adminprint.php Remote File Include Vulnerability Script site: http://www.picturespro.com/store/programs/129-photocart.html Dork : inurl :/PhotoCart/ Bug Found By : irvian GreetZ: jipank,kacung,trangkil,ibnusina,cah|gemblunkz,zoid Special greetz: patihack hitamputih nyubicrew bug fou...

1AI score
Exploits0
securityvulns
securityvulns
added 2006/09/29 12:0 a.m.168 views

UBB.threads Multiple input validation error

Hello,, UBB.threads Multiple input validation error Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] Tested on Version 6 6.5.1.1 and other versions maybe affected Remote File including :...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2005/04/13 12:0 a.m.168 views

SQL Injection in Oracle Forms

SQL Injection in Oracle Forms V1.00 © 2005 by Red-Database-Security GmbH 1/5 Summary: All Oracle Forms applications are vulnerable against SQL Injection by default. Oracle Applications =11.5.9 is not affected due to the default setting value “FORMSxxRESTRICTENTERQUERY = TRUE”. About Oracle Forms:...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2004/09/17 12:0 a.m.168 views

wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities

Westpoint Security Advisory --------------------------- Title: Multiple Browser Cookie Injection Vulnerabilities Risk Rating: Low Software: Multiple Web Browsers Platforms: Unix and Windows Author: Paul Johnston [email protected] assisted by Richard Moore [email protected] Date: 15...

7.5CVSS6.8AI score0.17183EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/02 12:0 a.m.167 views

[security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04268240 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04268240 Version: 1 HPSBMU03029 rev....

5CVSS0.5AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.167 views

TEMENOS T24 R07.03 Reflected Cross-Site Scripting

TEMENOS T24 R07.03 reflected cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to a reflected cross-site scripting vulnerability because it...

7AI score
Exploits0
securityvulns
securityvulns
added 2009/06/01 12:0 a.m.167 views

MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -->

---------------------------------------------------------------------------------- MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -- ---------------------------------------------------------------------------------- CMS INFORMATION: --WEB: http://www.onlinegrades.org...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/02/01 12:0 a.m.167 views

Apple multiple applications format string vulnerabilities

Format string vulnerabilities in multiple client applications...

7.1CVSS2AI score0.09872EPSS
Exploits2References1Affected Software5
securityvulns
securityvulns
added 2006/08/28 12:0 a.m.167 views

Multiple Fuji Xerox Printing Systems security vulnerabilities

FTP bounce attack, unauthorized Web interface access...

3.3AI score
Exploits0References1
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.166 views

Cosmoshop - XSS on Admin-Login Mask

author: l0om page: l0om.org date: 14.02.2015 Cosmoshop is a simple webshop designed for the german market. There is a simple XSS flaw at the admin-login panel in probably all cosmoshop versions. The admin login can be found at http://www.shop-site.de/cgi-bin/cosmoshop/admin/index.cgi This page wi...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/04/20 12:0 a.m.166 views

[security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04236062 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236062 Version: 1 HPSBMU02994 rev....

5CVSS0.5AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2013/11/26 12:0 a.m.166 views

[SECURITY] [DSA 2797-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2797-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 16, 2013 http://www.debian.org/security/faq -...

10CVSS0.7AI score0.10117EPSS
Exploits4
securityvulns
securityvulns
added 2012/07/16 12:0 a.m.166 views

security advisory: AirDroid 1.0.4 beta

Dear Sir or Madam, we'd like to publish the following advisory. Thanks in advance. TC-SA-2012-02: Several weaknesses in implementation of security features in AirDroid 1.0.4 beta Published: 2012/07/12 Advisory-Version: 1.0 Affected products: AirDroid 1.0.4 beta References: TC-SA-2012-02...

7.5CVSS6.5AI score0.01431EPSS
Exploits5
securityvulns
securityvulns
added 2011/08/05 12:0 a.m.166 views

Android Browser Cross-Application Scripting (CVE-2011-2357)

============================================================= Android Browser Cross-Application Scripting CVE-2011-2357 ============================================================= 1 Background -------------- Android applications are executed in a sandbox environment, to ensure that no applicati...

4.3CVSS5.9AI score0.04615EPSS
Exploits3
securityvulns
securityvulns
added 2009/03/09 12:0 a.m.166 views

[SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0781: Apache Tomcat cross-site scripting vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 Description: The calendar application in the...

4.3CVSS0.2AI score0.09125EPSS
Exploits1
securityvulns
securityvulns
added 2007/02/22 12:0 a.m.166 views

Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak

Title: Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak Author: 3APA3A, http://securityvulns.com Affected: Microsoft Windows 2000,XP,2003,Vista Exploitable: Yes Type: Remote from local network, authentication required NULL session was not tested. Class: Information leak...

4.6CVSS6AI score0.0361EPSS
Exploits1
securityvulns
securityvulns
added 2006/01/29 12:0 a.m.166 views

PmWiki Multiple Vulnerabilities

This is both a PmWiki and PHP advisory, and works only with registerglobals on. I totally missed the PHP GLOBALS GPC injection vulnerability and rediscovered that by my own if just few month before! arg!. Basically in the worst scenario be are in front of two separate vulnerabilities: one regardi...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/05/10 12:0 a.m.166 views

Easy Message Board Directory Traversal and Remote Command

============================================================ ============================================================ Title: Easy Message Board Directory Traversal and Remote Command Execution Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 08/05/2005...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2004/12/21 12:0 a.m.166 views

AIX 5.1/5.2/5.3 local root exploits

hi, i found some local security holes in IBM's AIX versions 5.1, 5.2 and 5.3 unix for IBM RS/6000 powerpc. 1 the first is a bug in all setuid diag related tools that use an environment variable as a prefix to an external binary executed as root. 2 the second is a classical stack overflow in a too...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2002/03/25 12:0 a.m.166 views

memberlist.php of vBulletin

vBulletin ALL versions Vendor status: notified 3/18/2; no response Within the first few lines of code in memberlist.php, the variable $letterbits is evaled. Because of the way PHP initializes variables, we can inject HTML, or JavaScript into the document. So by directing a user to, for example:...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2000/08/25 12:0 a.m.166 views

DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server

============================================================================ Delphis Consulting Plc ============================================================================ Security Team Advisories 25/08/2000 [email protected] http://www.delphisplc.com/thinking/whitepapers/...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.165 views

Apple watchOS security vulnerabilities

Information disclosure, memory corruptions, multiple vulnerabilities in different libraries...

10CVSS2AI score0.2447EPSS
Exploits7References2Affected Software1
securityvulns
securityvulns
added 2015/03/18 12:0 a.m.165 views

libmagic / file / fileinfo / PHP security vulnerabilities

Vulnerabilities in ELF parsing...

7.5CVSS3.1AI score0.05926EPSS
Exploits0References2
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.165 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.11055EPSS
Exploits27References25Affected Software17
securityvulns
securityvulns
added 2014/11/24 12:0 a.m.165 views

[ MDVSA-2014:213 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:213 http://www.mandriva.com/en/support/security/ Package : curl Date : November 18, 2014 Affected: Business Server 1.0 Problem Description: Updated curl packages fix security vulnerability: Symeon Paraschoud...

4.3CVSS7.9AI score0.05121EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.165 views

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An...

5CVSS7.5AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.165 views

Open-Xchange Security Advisory 2013-04-17

Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...

5CVSS6.4AI score0.01046EPSS
Exploits0
securityvulns
securityvulns
added 2011/07/06 12:0 a.m.165 views

PHP directory traversal

Directory traversal in RFC 1867 files upload...

6.4CVSS2.9AI score0.19235EPSS
Exploits1Affected Software1
securityvulns
securityvulns
added 2011/02/22 12:0 a.m.165 views

[SECURITY] [DSA 2166-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2166-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano February 16, 2011 http://www.debian.org/security/faq -...

10CVSS4.7AI score0.02117EPSS
Exploits5
securityvulns
securityvulns
added 2010/12/21 12:0 a.m.165 views

XSS vulnerability in Habari

Vulnerability ID: HTB22731 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinhabari.html Product: Habari Vendor: Habari http://habariproject.org/en/ Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by Vendor Risk...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/07/15 12:0 a.m.165 views

Cross-Site Scripting vulnerabilities in SimpGB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting persistent XSS уязвимостях в SimpGB. Ранее я уже сообщал о других уязвимостях в SimpGB http://securityvulns.ru/news/CGI/2009.11.19.html. XSS: Это Persistent XSS в трёх функционалах веб приложения. POST запрос на страницах:...

5.8AI score
Exploits0
Total number of security vulnerabilities5000