Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2009/10/22 12:0 a.m.162 views

US-CERT Technical Cyber Security Alert TA09-294A -- Oracle Updates for Multiple Vulnerabilities

Oracle Critical Patch Update Advisory - October 2009 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...

10CVSS0.2AI score0.76361EPSS
Exploits17
securityvulns
securityvulns
added 2007/11/25 12:0 a.m.162 views

PBLang <= 4.99.17.q Remote File Rewriting / Remote Command Execution

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg Original Here:...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/02/11 12:0 a.m.162 views

XSS in Rainbow with Rainbow.Zen

hey ,, Vulnerable : rainbowportal web : http://rainbowportal.net/ XSS : 1- http://example.net/jira/secure/BrowseProject.jspa?id="scriptalert'BLacKZeRo'/script Discovered By BLacK ZeRo [email protected] Best regards ,,...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2002/03/26 12:0 a.m.162 views

Etnus TotalView 5.

Program: Etnus TotalView Version: 5.0.0-4 DESCRIPTION ----------- TotalView is a multiprocess source-level debugger for programs written in the C, C++, and Fortran programming languages. TotalView is part of a suite of programming tools from Etnus, LLC. PROBLEM ------- Failed to install the files...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2001/03/03 12:0 a.m.162 views

def-2001-09: Winzip32 zipandemail Buffer Overflow

====================================================================== Defcom Labs Advisory def-2001-09 Winzip32 zipandemail Buffer Overflow Author: Peter Grьndl [email protected] Release Date: 2001-03-02 ======================================================================...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2014/07/22 12:0 a.m.161 views

[ MDVSA-2014:133 ] gd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:133 http://www.mandriva.com/en/support/security/ Package : gd Date : July 10, 2014 Affected: Business Server 1.0 Problem Description: Updated gd and libgd packages fix security vulnerability: The...

4.3CVSS7.2AI score0.22319EPSS
Exploits3
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.161 views

[USN-2192-1] OpenSSL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2192-1 May 05, 2014 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.3CVSS0.5AI score0.43828EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/12 12:0 a.m.161 views

APPLE-SA-2012-06-11-1 iTunes 10.6.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-06-11-1 iTunes 10.6.3 iTunes 10.6.3 is now available and addresses the following: iTunes Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later Impact: Importing a maliciously crafted .m3u playlist may lead to an...

9.3CVSS0.1AI score0.15357EPSS
Exploits17
securityvulns
securityvulns
added 2011/06/08 12:0 a.m.161 views

Multiple Cross-Site Scripting vulnerabilities in BLOG:CMS

Advisory: Multiple Cross-Site Scripting vulnerabilities in BLOG:CMS Advisory ID: SSCHADV2011-007 Author: Stefan Schurtz Affected Software: Successfully tested on: version 4.2.1.f Vendor URL: http://www.blogcms.com Vendor Status: resolved CVE-ID: - ========================== Vulnerability...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/09/30 12:0 a.m.161 views

FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution

Security Advisory ----------------- FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution Researcher Information ---------------------- Discovered by: Giuseppe Zmax Fuggiano Website: http://www.giusef.net Contact: giuseppedotfuggianoatgmaildotcom Product Information...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/03/09 12:0 a.m.161 views

Audacity buffer overflow

buffer overflow on .gro files parsing...

9.3CVSS5.2AI score0.16625EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2008/11/03 12:0 a.m.161 views

ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability

ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-071 October 30, 2008 -- Affected Vendors: IBM -- Affected Products: IBM Tivoli Storage Manager Express -- TippingPointTM IPS Customer Protection:...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2008/07/18 12:0 a.m.161 views

Oracle Critical Patch Update Advisory - July 2008

Oracle Critical Patch Update Advisory - July 2008 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...

7.5CVSS0.2AI score0.11336EPSS
Exploits7
securityvulns
securityvulns
added 2007/05/25 12:0 a.m.161 views

Cisco CallManager 4.1 Input Validation Vulnerability

Cisco CallManager 4.1 Input Validation Vulnerability scip AG Vulnerability ID 2977 03/13/2007 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977 I. INTRODUCTION Cisco CallManager, short CCM, is a professional voice-over-IP solution that tracks active components, including among others phones,...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.161 views

uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability

Title : uniForum = v4 wbsearch.aspx Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : ... Vendor : http://uniforum.biz/ $$ : $99 SQL--------------------------------------------------------- http://target/path//wbsearch.aspx POST Method SQL Example: //Fin the -wbsearch.aspx...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2007/01/24 12:0 a.m.161 views

Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability

Advisory: //////////// Microsoft Visual C++ 6.0 is prone to stack based memory corruption vulnerability during processing .RC resource files, caused by the lack of input data boundary check. Vulnerable software: //////////////////// Microsoft Visual Studio 6.0 SP6 Impact: /////// Remote code...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/05/03 12:0 a.m.161 views

zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities

Hi all, I've found several vulnerabilities in zenphoto, which is a great and simple photo gallery. I notified the team a month ago, and the new release zenphoto 1.0.2 beta fixes all the vulnerabilities. Thanks to the team for their great application and the fixes...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2001/01/04 12:0 a.m.161 views

SECURITY.NNOV advisory - The Bat! directory traversal (public release)

This advisory is being provided to you under the policy documented at http://www.wiretrip.net/rfp/policy.html. SECURITY.NNOV advisory - The Bat! directory traversal Topic: The Bat! attachments directory traversal Author: 3APA3A [email protected] Affected Software: The Bat! Version = 1.48f...

7AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.160 views

[USN-1110-1] KDE-Libs vulnerabilities

========================================================================== Ubuntu Security Notice USN-1110-1 April 14, 2011 kde4libs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.3CVSS0.5AI score0.02673EPSS
Exploits2
securityvulns
securityvulns
added 2011/03/03 12:0 a.m.160 views

vsftpd 2.3.2 remote denial-of-service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 vsftpd 2.3.2 remote denial-of-service Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 23.12.2010 - - Pub.: 01.03.2011 CVE: CVE-2011-0762 CERT: VU590604 Fix: vsftpd 2.3.4 15.02.2011 Affected Software verified...

7.8CVSS0.1AI score0.7332EPSS
Exploits18
securityvulns
securityvulns
added 2010/06/25 12:0 a.m.160 views

ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability

ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-113 June 23, 2010 -- CVE ID: CVE-2010-1199 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.6.x -- TippingPointTM IPS Customer Protection:...

9.3CVSS0.7AI score0.11418EPSS
Exploits5
securityvulns
securityvulns
added 2010/04/23 12:0 a.m.160 views

[SECURITY] CVE-2010-1157: Apache Tomcat information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x and 5.0.x versions ma...

2.6CVSS4.7AI score0.52507EPSS
Exploits6
securityvulns
securityvulns
added 2010/01/17 12:0 a.m.160 views

[ MDVSA-2010:003 ] sendmail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:003 http://www.mandriva.com/security/ Package : sendmail Date : January 11, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description...

7.5CVSS6.6AI score0.05741EPSS
Exploits5
securityvulns
securityvulns
added 2008/12/23 12:0 a.m.160 views

POC for CVE-2008-5619 (roundcubemail PHP arbitrary code injection)

Public Release Date of POC: 2008-12-22 Author: Jacobo Avariento Gimeno Sofistic CVE id: CVE-2008-5619 Bugtraq id: 32799 Severity: Critical Vulnerability reported by: RealMurphy Intro ---- Roundcube Webmail is a browser-based IMAP client that uses "chuggnutt.com HTML to Plain Text Conversion"...

10CVSS0.1AI score0.54003EPSS
Exploits15
securityvulns
securityvulns
added 2007/05/07 12:0 a.m.160 views

[MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue

MajorSecurity Advisory 47Simple Machines Forum SMF - Session fixation Issue Details ======= Product: Simple Machines Forum SMF Affected version: 1.1.2 and prior Remote-Exploit: yes Vendor-URL: http://www.simplemachines.org Vendor-Status: informed Advisory-Status: published Credits ============...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2001/03/28 12:0 a.m.160 views

SCO 5.0.6 MMDF issues (deliver)

====================================================================== Strategic Reconnisiance Team Security AdvisorySRT2001-03 Topic: SCO 5.0.6 MMDF issues deliver Vendor: SCO Release Date: 03/27/01 ====================================================================== .: Description SCO...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2000/10/19 12:0 a.m.160 views

IIS HACKING

Hi Folks, i have just compiled the well-known IIS tricks. I hope it will be helpful for securing your server. any comment,suggestion or insult...? wellcome MAB- SECURING IIS by BREAKING ===================================================== by Mount Ararat Blossom 9/15/2000...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.159 views

MiniUPnP library buffer overflow

Buffer overflow on network request processing...

6.8CVSS3.8AI score0.04783EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.159 views

SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities

Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt Vendor: ================================ http://www.silverstripe.org/software/download Product: ================================ SilverStripe CMS & Framework v3.1.13...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.159 views

vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2014/05/10 12:0 a.m.159 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.53703EPSS
Exploits16References11Affected Software8
securityvulns
securityvulns
added 2011/04/21 12:0 a.m.159 views

HTB22946: Multiple SQL Injection in Ajax Category Dropdown wordpress plugin

Vulnerability ID: HTB22946 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectioninajaxcategorydropdownwordpressplugin.html Product: Ajax Category Dropdown wordpress plugin Vendor: http://www.dyasonhat.com/ http://www.dyasonhat.com/ Vulnerable Version: 0.1.5 Vendor Notification: 07 April...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2010/04/22 12:0 a.m.159 views

Openregistrecil 1.02 (RFI/LFI) Multiple File Include Vulnerability

================================================================== Openregistrecil 1.02 RFI/LFI Multiple File Include Vulnerability ================================================================== + Openregistrecil 1.02 RFI/LFI Multiple File Include Vulnerability...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2009/11/11 12:0 a.m.159 views

ZDI-09-083: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability

ZDI-09-083: Microsoft Excel Shared Feature Header Pointer Offset Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-083 November 10, 2009 -- CVE ID: CVE-2009-3129 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Excel -- TippingPointTM IPS...

9.3CVSS0.4AI score0.85731EPSS
Exploits10
securityvulns
securityvulns
added 2009/10/28 12:0 a.m.159 views

CUPS / poppler / xpdf / Adobe Reader multipls security vulnerabilities

Integer overflows, race condiotions...

9.3CVSS3.4AI score0.10228EPSS
Exploits5References4Affected Software3
securityvulns
securityvulns
added 2008/12/14 12:0 a.m.159 views

Max's Guestbook (XSS) Remote Vulnerability

Discovered by: GTADarkDude Disconvered on: 10 December 2008 Name: Max's Guestbook Version: 1.0 URL: http://www.phpf1.com/product/php-guestbook-script.html URL2: http://www.hotscripts.com/Detailed/78571.html Google Search: intitle:"Max's Guestbook" powered-by-PHP-F1 File maxGuestbook.class...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.159 views

PHP-Nuke genaral print SQL Injection(id)

PHP-Nuke genaral print SQL Injectionid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl:"modules.php?name"print DORK 2 : allinurl:"modules.php?name=Hikaye" DORK : allinurl:"modules.php?name=Fikralar" DORK :...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/12/06 12:0 a.m.159 views

zabbix privilege escalation

Super-user privileges are not droppen on user-supplied application execution...

2.1CVSS3.4AI score0.00777EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2007/08/18 12:0 a.m.159 views

iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Directory Creation Vulnerability

IBM DB2 Universal Database Directory Creation Vulnerability iDefense Security Advisory 08.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 16, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end databases. For...

4.6CVSS0.6AI score0.00414EPSS
Exploits1
securityvulns
securityvulns
added 2007/03/30 12:0 a.m.159 views

AIX 4.3 lsmcode local root command execution

It has been reported on http://www.securityfocus.com/bid/18114/ about this vulnerability in AIX 5.1 - 5.3, some exploits is published in milw0rm to exploits this issue http://milw0rm.com/exploits/701 I have an AIX 4.3 box and it seems vulnerable with this issue too bash-2.04$ mkdirhier /tmp/aap/b...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/12/09 12:0 a.m.159 views

PHP 5.2.0 session.save_path safe_mode and open_basedir bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.0 session.savepath safemode and openbasedir bypass Author: Maksymilian Arciemowicz SecurityReason Date: - - Written: 02.10.2006 - - Public: 08.12.2006 SecurityAlert Id: 43 CVE: CVE-2006-6383 SecurityRisk: High Affected Software: PHP 5.2.0...

4.6CVSS0.01046EPSS
Exploits1
securityvulns
securityvulns
added 2006/06/10 12:0 a.m.159 views

P.A.I.D v2.2

P.A.I.D v2.2 Homepage: http://www.webexceluk.net Effected files: faq.php input form of logging in. index.php The input forms of logging into My Account do not sanatize user input. For PoC of a XSS attack simply put in: "IMG SRC=javascript:alert'XSS'" It also seems when logging in, even if your...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2004/02/17 12:0 a.m.159 views

[Full-Disclosure] EarlyImpact ProductCart shopping cart software multiple security vulnerabilities

S-Quadra Advisory 2004-02-16 Topic: EarlyImpact ProductCart shopping cart software multiple security vulnerabilities Severity: High Vendor URL: http://www.earlyimpact.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20040216.txt Release date: 16 Feb 2004 1. DESCRIPTION ProductCart is a...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2002/02/27 12:0 a.m.159 views

Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)

Dear, Advisory was originally posted in 1-3 2 weeks ago, so I think it's enough time passed to publish some details, because 4,5 have enough information to re-discover vulnerability. ERRor erroratpochtamt.ru discovered IE 5.5 and 6.0 in some cases crash on embed src="filename.AAAAAAAAAAlot of 'A'...

7.5CVSS7.8AI score0.39767EPSS
Exploits0
securityvulns
securityvulns
added 2001/02/28 12:0 a.m.159 views

Orange Web Server v2.1 DoS

Introduction: Orange Web Server v2.1 is a powerful yet light- weight web server that runs on all Windows platforms. Easy to setup and use, Orange Web Server can turn any PC into a web server. The httpd is based on GoAhead c Technology. The Vendors website is:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2000/08/10 12:0 a.m.159 views

Security Bulletin (MS00-055)

Microsoft Security Bulletin MS00-055 - -------------------------------------- Patch Available for "Scriptlet Rendering" Vulnerability Originally Posted: August 09, 2000 Summary ======= Microsoft has released a patch that eliminates two security vulnerabilities in Microsoftr Internet Explorer. The...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2012/12/10 12:0 a.m.158 views

FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability

Title: ====== FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability Date: ===== 2012-11-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=558 VL-ID: ===== 558 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: ============...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.158 views

AVAVoIP v1.5.12 - Multiple Web Vulnerabilities

Title: ====== AVAVoIP v1.5.12 - Multiple Web Vulnerabilities Date: ===== 2012-06-28 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=437 VL-ID: ===== 611 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= Designed fr...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2010/08/08 12:0 a.m.158 views

ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability

ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability SecPod Technologies www.secpod.com Author Sooraj K.S SecPod ID: 1003 07/28/2010 Issue Discovered 07/30/2010 Vendor Notified No Response from Vendor Class: Cross-Site Scripting Severity: Medium Overview: --------- ZeusCar...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2010/03/25 12:0 a.m.158 views

Linux GFS / GFS2 file system DoS

gfs2lock/gfslock doesn't check file permissions...

4.7CVSS1.8AI score0.00582EPSS
Exploits2References1
Total number of security vulnerabilities5000