Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2009/09/30 12:0 a.m.160 views

FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution

Security Advisory ----------------- FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution Researcher Information ---------------------- Discovered by: Giuseppe Zmax Fuggiano Website: http://www.giusef.net Contact: giuseppedotfuggianoatgmaildotcom Product Information...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/11/03 12:0 a.m.160 views

ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability

ZDI-08-071: IBM Tivoli Storage Manager Express for Microsoft SQL Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-071 October 30, 2008 -- Affected Vendors: IBM -- Affected Products: IBM Tivoli Storage Manager Express -- TippingPointTM IPS Customer Protection:...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2007/05/25 12:0 a.m.160 views

Cisco CallManager 4.1 Input Validation Vulnerability

Cisco CallManager 4.1 Input Validation Vulnerability scip AG Vulnerability ID 2977 03/13/2007 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977 I. INTRODUCTION Cisco CallManager, short CCM, is a professional voice-over-IP solution that tracks active components, including among others phones,...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/05/07 12:0 a.m.160 views

[MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue

MajorSecurity Advisory 47Simple Machines Forum SMF - Session fixation Issue Details ======= Product: Simple Machines Forum SMF Affected version: 1.1.2 and prior Remote-Exploit: yes Vendor-URL: http://www.simplemachines.org Vendor-Status: informed Advisory-Status: published Credits ============...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/01/24 12:0 a.m.160 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.07279EPSS
Exploits3References36Affected Software28
securityvulns
securityvulns
added 2000/10/19 12:0 a.m.160 views

IIS HACKING

Hi Folks, i have just compiled the well-known IIS tricks. I hope it will be helpful for securing your server. any comment,suggestion or insult...? wellcome MAB- SECURING IIS by BREAKING ===================================================== by Mount Ararat Blossom 9/15/2000...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.159 views

SiteCore XML Control Script Insertion

Hey All, Sitecores “special way” of displaying XML Controls directly allows for a Cross Site Scripting Attack – more can be achieved with these XML Controls and will be documented in another vulnerability report http://target/?xmlcontrol=body20onload=alert123...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2010/04/22 12:0 a.m.159 views

Openregistrecil 1.02 (RFI/LFI) Multiple File Include Vulnerability

================================================================== Openregistrecil 1.02 RFI/LFI Multiple File Include Vulnerability ================================================================== + Openregistrecil 1.02 RFI/LFI Multiple File Include Vulnerability...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2010/01/17 12:0 a.m.159 views

[ MDVSA-2010:003 ] sendmail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:003 http://www.mandriva.com/security/ Package : sendmail Date : January 11, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description...

7.5CVSS6.6AI score0.05741EPSS
Exploits5
securityvulns
securityvulns
added 2008/12/23 12:0 a.m.159 views

POC for CVE-2008-5619 (roundcubemail PHP arbitrary code injection)

Public Release Date of POC: 2008-12-22 Author: Jacobo Avariento Gimeno Sofistic CVE id: CVE-2008-5619 Bugtraq id: 32799 Severity: Critical Vulnerability reported by: RealMurphy Intro ---- Roundcube Webmail is a browser-based IMAP client that uses "chuggnutt.com HTML to Plain Text Conversion"...

10CVSS0.1AI score0.54003EPSS
Exploits15
securityvulns
securityvulns
added 2008/12/14 12:0 a.m.159 views

Max's Guestbook (XSS) Remote Vulnerability

Discovered by: GTADarkDude Disconvered on: 10 December 2008 Name: Max's Guestbook Version: 1.0 URL: http://www.phpf1.com/product/php-guestbook-script.html URL2: http://www.hotscripts.com/Detailed/78571.html Google Search: intitle:"Max's Guestbook" powered-by-PHP-F1 File maxGuestbook.class...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/12/06 12:0 a.m.159 views

zabbix privilege escalation

Super-user privileges are not droppen on user-supplied application execution...

2.1CVSS3.4AI score0.00777EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2007/08/18 12:0 a.m.159 views

iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Directory Creation Vulnerability

IBM DB2 Universal Database Directory Creation Vulnerability iDefense Security Advisory 08.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 16, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end databases. For...

4.6CVSS0.6AI score0.00414EPSS
Exploits1
securityvulns
securityvulns
added 2007/03/30 12:0 a.m.159 views

AIX 4.3 lsmcode local root command execution

It has been reported on http://www.securityfocus.com/bid/18114/ about this vulnerability in AIX 5.1 - 5.3, some exploits is published in milw0rm to exploits this issue http://milw0rm.com/exploits/701 I have an AIX 4.3 box and it seems vulnerable with this issue too bash-2.04$ mkdirhier /tmp/aap/b...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2004/02/17 12:0 a.m.159 views

[Full-Disclosure] EarlyImpact ProductCart shopping cart software multiple security vulnerabilities

S-Quadra Advisory 2004-02-16 Topic: EarlyImpact ProductCart shopping cart software multiple security vulnerabilities Severity: High Vendor URL: http://www.earlyimpact.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20040216.txt Release date: 16 Feb 2004 1. DESCRIPTION ProductCart is a...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2001/02/28 12:0 a.m.159 views

Orange Web Server v2.1 DoS

Introduction: Orange Web Server v2.1 is a powerful yet light- weight web server that runs on all Windows platforms. Easy to setup and use, Orange Web Server can turn any PC into a web server. The httpd is based on GoAhead c Technology. The Vendors website is:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2001/01/04 12:0 a.m.159 views

SECURITY.NNOV advisory - The Bat! directory traversal (public release)

This advisory is being provided to you under the policy documented at http://www.wiretrip.net/rfp/policy.html. SECURITY.NNOV advisory - The Bat! directory traversal Topic: The Bat! attachments directory traversal Author: 3APA3A [email protected] Affected Software: The Bat! Version = 1.48f...

7AI score
Exploits0
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.158 views

SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities

Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt Vendor: ================================ http://www.silverstripe.org/software/download Product: ================================ SilverStripe CMS & Framework v3.1.13...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.158 views

vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.158 views

AVAVoIP v1.5.12 - Multiple Web Vulnerabilities

Title: ====== AVAVoIP v1.5.12 - Multiple Web Vulnerabilities Date: ===== 2012-06-28 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=437 VL-ID: ===== 611 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= Designed fr...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2011/06/08 12:0 a.m.158 views

Multiple Cross-Site Scripting vulnerabilities in BLOG:CMS

Advisory: Multiple Cross-Site Scripting vulnerabilities in BLOG:CMS Advisory ID: SSCHADV2011-007 Author: Stefan Schurtz Affected Software: Successfully tested on: version 4.2.1.f Vendor URL: http://www.blogcms.com Vendor Status: resolved CVE-ID: - ========================== Vulnerability...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/03/03 12:0 a.m.158 views

vsftpd 2.3.2 remote denial-of-service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 vsftpd 2.3.2 remote denial-of-service Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 23.12.2010 - - Pub.: 01.03.2011 CVE: CVE-2011-0762 CERT: VU590604 Fix: vsftpd 2.3.4 15.02.2011 Affected Software verified...

7.8CVSS0.1AI score0.7332EPSS
Exploits18
securityvulns
securityvulns
added 2010/08/08 12:0 a.m.158 views

ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability

ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability SecPod Technologies www.secpod.com Author Sooraj K.S SecPod ID: 1003 07/28/2010 Issue Discovered 07/30/2010 Vendor Notified No Response from Vendor Class: Cross-Site Scripting Severity: Medium Overview: --------- ZeusCar...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2010/03/25 12:0 a.m.158 views

Linux GFS / GFS2 file system DoS

gfs2lock/gfslock doesn't check file permissions...

4.7CVSS1.8AI score0.00582EPSS
Exploits2References1
securityvulns
securityvulns
added 2009/09/15 12:0 a.m.158 views

[ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability

/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV111$2009 ----------------------------------------------------------------------------------------- ECHOADV111$2009 Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2009/04/28 12:0 a.m.158 views

Mozilla Foundation Security Advisory 2009-23

Mozilla Foundation Security Advisory 2009-23 Title: Crash in nsTextFrame::ClearTextRun Impact: Critical Announced: April 27, 2009 Reporter: Marc Gueury, Daniel Veditz Products: Firefox Fixed in: Firefox 3.0.10 Description One of the security fixes in Firefox 3.0.9 introduced a regression that...

9.3CVSS1AI score0.08387EPSS
Exploits1
securityvulns
securityvulns
added 2009/02/11 12:0 a.m.158 views

Microsoft SQL Server memory corruption

spreplwritetovarbin stored procedure memory overwrite...

9CVSS2.1AI score0.87036EPSS
Exploits12References1Affected Software1
securityvulns
securityvulns
added 2008/07/18 12:0 a.m.158 views

Oracle Critical Patch Update Advisory - July 2008

Oracle Critical Patch Update Advisory - July 2008 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...

7.5CVSS0.2AI score0.11336EPSS
Exploits7
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.158 views

PHP-Nuke genaral print SQL Injection(id)

PHP-Nuke genaral print SQL Injectionid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl:"modules.php?name"print DORK 2 : allinurl:"modules.php?name=Hikaye" DORK : allinurl:"modules.php?name=Fikralar" DORK :...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/08/03 12:0 a.m.158 views

[Aria-Security.Net] Gallery In A Box Username & Password Parameters SQL Injection

A R I A - S E C U R I T Y Gallery In A Box Username & Password Parameters SQL Injection Vendor: http://www.kerberosdev.net/ http://target.com/adminconsole/index.asp Username: anything' OR 'x'='x Password: anything' OR 'x'='x Credits: Aria-Security Team http://aria-security.net...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/04/10 12:0 a.m.158 views

PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include Vulnerabilities

-------------------------------------------------- PhpOpenChat = 3.0.1 poc.php Multiple Remote File Include Vulnerabilities -------------------------------------------------- Author : SekoMirza Date Found : Nisan 11 2007 Location : Fransa // ... Critical Lvl : Highly critical Impact : System acce...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/01/24 12:0 a.m.158 views

phpAdsNew 2.0.7 Remote File Include

----------------------------------------------- phpAdsNew 2.0.7 Remote File Include ----------------------------------------------- Author: Alkmandz ----------------------------------------------- Vuln Code: includeonce $phpAdsgeoPlugin; ....................... function...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2004/07/08 12:0 a.m.158 views

Comersus Cart Improper Request Handling

Comersus Cart Improper Request Handling Release Date: July 6, 2004 Severity: Medium Vendor: Comersus Open Technologies Software: Tested on Comersus Cart 5.09 Previous versions may also be affected. Remote: Remotely executed from any web browser Technical Details: The unethical user is able to...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2002/02/27 12:0 a.m.158 views

Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)

Dear, Advisory was originally posted in 1-3 2 weeks ago, so I think it's enough time passed to publish some details, because 4,5 have enough information to re-discover vulnerability. ERRor erroratpochtamt.ru discovered IE 5.5 and 6.0 in some cases crash on embed src="filename.AAAAAAAAAAlot of 'A'...

7.5CVSS7.8AI score0.39767EPSS
Exploits0
securityvulns
securityvulns
added 2001/03/28 12:0 a.m.158 views

SCO 5.0.6 MMDF issues (deliver)

====================================================================== Strategic Reconnisiance Team Security AdvisorySRT2001-03 Topic: SCO 5.0.6 MMDF issues deliver Vendor: SCO Release Date: 03/27/01 ====================================================================== .: Description SCO...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2000/08/10 12:0 a.m.158 views

Security Bulletin (MS00-055)

Microsoft Security Bulletin MS00-055 - -------------------------------------- Patch Available for "Scriptlet Rendering" Vulnerability Originally Posted: August 09, 2000 Summary ======= Microsoft has released a patch that eliminates two security vulnerabilities in Microsoftr Internet Explorer. The...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.157 views

MiniUPnP library buffer overflow

Buffer overflow on network request processing...

6.8CVSS3.8AI score0.04783EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.157 views

Microsoft Windows multiple security vulnerabilities

Internet Explorer / Edge multiple security vulnerabilities, VBScript / Jscript code execution, Windows Shell code execution, kernel privilege escsalation...

9.3CVSS2.6AI score0.69997EPSS
Exploits18References1Affected Software1
securityvulns
securityvulns
added 2014/10/27 12:0 a.m.157 views

[ MDVSA-2014:197 ] python

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:197 http://www.mandriva.com/en/support/security/ Package : python Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Updated python packages fix security vulnerability: Python before...

6.4CVSS7.7AI score0.05307EPSS
Exploits1
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.157 views

DNN (DotNetNuke®) CodeEditor Module Arbitrary File Download Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNN DotNetNuke® CodeEditor Module Arbitrary File Download Vulnerability Author : alieye vendor : http://www.mediaant.com/ , http://store.dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork:...

2.4AI score
Exploits0
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.157 views

[CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root

NETGEAR ReadyNAS with firmware 4.2.x before 4.2.24 and 4.1.x before 4.1.12 is prone to command injection from an unauthenticated HTTP GET request. This vulnerability can lead to complete root access as outlined on the Tripwire blog:...

0.2AI score0.71599EPSS
Exploits5
securityvulns
securityvulns
added 2012/12/10 12:0 a.m.157 views

FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability

Title: ====== FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability Date: ===== 2012-11-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=558 VL-ID: ===== 558 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: ============...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/06/25 12:0 a.m.157 views

Squiz CMS Multiple Vulnerabilities - Security Advisory - SOS-12-007

Sense of Security - Security Advisory - SOS-12-007 Release Date. 14-Jun-2012 Last Update. - Vendor Notification Date. 02-Apr-2012 Product. Squiz CMS Platform. Independent Affected versions. Squiz 4.6.3 verified and possibly others Severity Rating. Medium Impact. Exposure of session information...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2011/12/04 12:0 a.m.157 views

[PT-2011-43] Database information disclosure in Kayako Fusion

---------------------------------------------------------------------- PT-2011-43 Positive Technologies Security Advisory Database information disclosure in Kayako Fusion ---------------------------------------------------------------------- --- Vulnerable software Kayako Fusion Link:...

7AI score
Exploits0
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.157 views

HP Network Node Manager i information leakage

No description provided...

6.5CVSS0.8AI score0.79415EPSS
Exploits29References5Affected Software1
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.157 views

Zones Web Solution (status.asp?print) (search_result.php?loc_id) Remote SQL injection Vulnerabilities

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerabilities Zones Web Solution status.asp?print searchresult.php?locid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.zones.in/ Persian Gulf 4 Ever! Dork : "Powered by Zones Web...

3.8AI score
Exploits0
securityvulns
securityvulns
added 2009/12/29 12:0 a.m.157 views

Microsoft IIS 0Day Vulnerability in Parsing Files (semi-colon bug)

Microsoft IIS 0Day Vulnerability in Parsing Files semi-colon bug Application: Microsoft Internet Information Services - IIS All versions Impact: Highly Critical for Web Applications Finding Date: April 2007 Report Date: Dec. 2009 Found by: Soroush Dalili Irsdl 4t yahoo d0t com Website:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/10/28 12:0 a.m.157 views

CUPS / poppler / xpdf / Adobe Reader multipls security vulnerabilities

Integer overflows, race condiotions...

9.3CVSS3.4AI score0.10228EPSS
Exploits5References4Affected Software3
securityvulns
securityvulns
added 2009/05/21 12:0 a.m.157 views

[security bulletin] HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage (SMH) for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting (XSS), Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01743291 Version: 1 HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage SMH for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting XSS, Unauthorized Access NOTICE: Th...

5.8CVSS0.4AI score0.05146EPSS
Exploits1
securityvulns
securityvulns
added 2009/04/03 12:0 a.m.157 views

Asbru Web Content Management Vulnerabilities

aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 02-Apr-2009 Software: Asbru Software - Asbru Web Content Management http://www.asbrusoft.com/ "Ready to use, full-featured, database-driven web content management system CMS with integrated communit...

0.2AI score
Exploits0
Total number of security vulnerabilities5000