Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/01/28 12:0 a.m.150 views

Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Content Services Gateway Vulnerabilities Advisory ID: cisco-sa-20110126-csg2 http://www.cisco.com/warp/public/707/cisco-sa-20110126-csg2.shtml Revision 1.0 For Public Release 2011 January 26 1600 UTC GMT...

7.8CVSS1.1AI score0.04086EPSS
Exploits0
securityvulns
securityvulns
added 2010/07/08 12:0 a.m.150 views

DCP-Portal Multiple XSS Vulnerabilities

Title: DCP-Portal Multiple XSS Vulnerabilities Vendor: Worxware Product: DCP-Portal Tested Version: 7.0beta Threat Class: XSS Severity: High Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== Multiple XSS vulnerabilities found in the DCP-Portal. 1...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2010/05/05 12:0 a.m.150 views

SmartCMS v.2 SQL injection vulnerability

============ Ariko-Security - Advisory 1/5/2010 ============= SQL injection vulnerability in SmartCMS v.2 Vendor's Description of Software: http://www.smartwebsites.com.cy/index.php?pageid=13&lang=en Dork: n/a Application Info: Name: SmartCMS Versions: V.2 Vulnerability Info: Type: SQL injection...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2009/02/12 12:0 a.m.150 views

Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS

Calling window.print function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval...

2AI score
Exploits0References13Affected Software3
securityvulns
securityvulns
added 2008/05/14 12:0 a.m.150 views

[USN-612-2] OpenSSH vulnerability

=========================================================== Ubuntu Security Notice USN-612-2 May 13, 2008 openssh vulnerability CVE-2008-0166, http://www.ubuntu.com/usn/usn-612-1 =========================================================== A weakness has been discovered in the random number...

7.8CVSS6.5AI score0.70721EPSS
Exploits7
securityvulns
securityvulns
added 2008/04/08 12:0 a.m.150 views

phpTournois <= G4 Remote File Upload/Code Execution Exploit

?php / Name: phpTournois = G4 Remote File Upload/Code Execution Exploit Credits: Charles "real" F. charlesfolathotmail.fr Date: 04-06-08 - Remote Code Execution - Remote File Upload When testing if we are admin, phpTournois checks if $grade'a'=='a'. But when we are not loggued in, this var is not...

Exploits0
securityvulns
securityvulns
added 2008/03/09 12:0 a.m.150 views

Horde Webmail file inclusion proof of concept & patch.

Horde 3.1.6 arbitrary file inclusion vulnerability, proof of concept & patch. A severe security vulnerability affects any unix distribution running version 3.1.6 of the Horde webmail client included in most popular webhosting control panels. All previous versions are also affected and it is...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/02/29 12:0 a.m.150 views

123 Flash Chat Module for phpBB

Script : 123 Flash Chat Module for phpBB Discovered By : F10 Contact : [email protected] Site : http://by-f10.com Greetz : byemR3 , H0tturk , TaRanTuLa , gsy , ercu145 , LupuS , m0sted , CyberGhost ... . From : Turkey Download : http://php.arsivimiz.com/indir.php?ID=996&sIslem=Indir The bugs are ...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2008/02/13 12:0 a.m.150 views

Cacti 0.8.7a Multiple Vulnerabilities

Cacti 0.8.7a Multiple Vulnerabilities Name Multiple Vulnerabilities in Cacti Systems Affected Cacti 0.8.7a and possibly earlier versions Severity High Impact CVSSv2 High 9/10, vector: AV:N/AC:L/Au:N/C:C/I:P/A:P Vendor http://www.cacti.net/ Advisory...

Exploits0
securityvulns
securityvulns
added 2007/02/05 12:0 a.m.150 views

dvddb-0.6 media remote file include vuln.

Title : dvddb-0.6 media remote file include vuln. Author : Blaster Download : http://globalmegacorp.org/dvddb/dvddb-0.6.zip Contact : [email protected] Vuln Code: require$config /"themes"; ExpLoit : http://target/path/inc/common.php?config=attacker GreetZ: BLaCKWHITE, HackerBox.Eu...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2006/09/28 12:0 a.m.150 views

net2ftp: a web based FTP client :) <= Remote File Inclusion

+-------------------------------------------------------------------- + + net2ftp: a web based FTP client : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: net2ftp: a web based FTP client + Venedor ...........:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/04/17 12:0 a.m.150 views

Уязвимость в Денвере-2: XSS

Здравствуйте, vuln. Найдена уязвимость типа XSS в пакете для web-разработчика Денвер-2 http://www.denwer.ru/ Пример: www.site.ru/scriptalert'XSS!'/script появится страница с сообщением об ошибке 403 и выполнится скрипт Уязвимость возможна из-за ошибки в файле, появляющемся при ошибке 403. Его...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2003/06/09 12:0 a.m.150 views

Etherleak information leak in Windows Server 2003 drivers

NGSSoftware Insight Security Research Advisory Name: Etherleak information leak in Windows Server 2003 drivers Systems Affected: Windows Server 2003 all versions Severity: Low/Medium Risk Vendor URL: http://www.microsoft.com/windowsserver2003/ Author: Chris Paget [email protected] Date: 9th...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2003/06/03 12:0 a.m.150 views

Mod_gzip Debug Mode Vulnerabilities

Multiple Vulnerabilities in modgzip Debugging Routines I. Synopsis Affected Systems: modgzip 1.3.26.1a and prior Risk: Development: High Production: Minimal Developer URL: http://www.sourceforge.net/projects/mod-gzip Status: Vendor is not supporting project at this time. II. Product Description...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2001/05/19 12:0 a.m.150 views

ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS

=== Alliance Security Labs === === ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS === Advisory ID: ASLabs-2001-01 Vendor: eEye http://www.eEye.com Product: SecureIIS http://www.eeye.com/html/Products/SecureIIS/index.html Versions: v1.0.2 latest available - probably relevant for 1.0....

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/07/26 12:0 a.m.150 views

AnalogX Proxy DoS

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory AnalogX Proxy DoS ---------------------------------------------------------------------- FS Advisory ID: FS-072500-7-ANA.txt Release Date: July 25, 2000 Product: Proxy Vendor: AnalogX http://www.analogx.com...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/07/20 12:0 a.m.149 views

15 TOTOLINK router models vulnerable to multiple RCEs

Hash: SHA512 Advisory Information Title: 15 TOTOLINK router models vulnerable to multiple RCEs Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt Blog URL: https://pierrekim.github.io/blog/2015-07-16-15-TOTOLINK-products-vulnerable-to-multiple-RCEs.html Date published:...

7.5CVSS0.84292EPSS
Exploits6
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.149 views

CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS

Vulnerability title: Unauthenticated Blind SQL Injection in BSS Continuity CMS CVE: CVE-2014-3446 Vendor: BSS Product: Continuity CMS Affected version: 4.2.22640.0 Fixed version: N/A Reported by: Jerzy Kramarz Details: he following URL and parameters have been confirmed to suffer from Blind SQL...

7.5CVSS7.4AI score0.0126EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.149 views

[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

CVE-2014-0096 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The default servlet allows web applications to define at multiple leve...

4.3CVSS8AI score0.06905EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/16 12:0 a.m.149 views

Security update available for Adobe Shockwave Player

Security update available for Adobe Shockwave Player Release date: February 14, 2012 Vulnerability identifier: APSB12-02 CVE number: CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766 Platform: Windows and Macintos...

10CVSS3.1AI score0.06012EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.149 views

HP Network Node Manager i information leakage

No description provided...

6.5CVSS0.8AI score0.79415EPSS
Exploits29References5Affected Software1
securityvulns
securityvulns
added 2011/04/05 12:0 a.m.149 views

HTB22913: Multiple CSRF (Cross-Site Request Forgery) in UseBB

Vulnerability ID: HTB22913 Reference: http://www.htbridge.ch/advisory/multiplecsrfcrosssiterequestforgeryinusebb.html Product: UseBB Vendor: UseBB http://www.usebb.net/ Vulnerable Version: 1.0.11 Vendor Notification: 22 March 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Lo...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2010/11/18 12:0 a.m.149 views

AWCM v2.2 Auth Bypass Vulnerabilities

AWCM v2.2 Auth Bypass Vulnerabilities / / / / L /' / , / / /' , / /' /' / /' / / / / / / L / / / // // // ///////////L // ////// // //...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/05/20 12:0 a.m.149 views

[security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02171256 Version: 1 HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of...

5.8CVSS0.5AI score0.87264EPSS
Exploits14
securityvulns
securityvulns
added 2008/12/09 12:0 a.m.149 views

PHP proc_open() safe_mode bypass

It's possible to execute any code from shared library via procopen...

3.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2008/07/09 12:0 a.m.149 views

Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege 941203 Published: July 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately disclosed vulnerabilities. The more serious of...

9CVSS1.2AI score0.61927EPSS
Exploits1
securityvulns
securityvulns
added 2008/01/03 12:0 a.m.149 views

XSS Vulnerabilities in Common Shockwave Flash Files

Hi. Recently, there has been news regarding Flash authoring tools and XSS, but the articles contained little technical information. So, I created a detailed report at: http://docs.google.com/Doc?docid=ajfxntc4dmsq14dt57ssdw An abbreviated version intended for full-disclosure, bugtraq, and...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/08/21 12:0 a.m.149 views

Cisco 7940 SIP IPPhones DoS

A sequence of malformed SIP requests causes device to crash...

2.4AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2007/04/01 12:0 a.m.149 views

Remot File Include In Aardvark Topsites PHP 5

By Hasadya Raed Contact : [email protected] Israel ---------------------------------------- Script : Aardvark Topsites PHP 5 Dork : "Copyright c 2003-2005 Jeremy Scheff. All rights reserved" --------------------------------------- B.Files : settingssql.php newday.php...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2004/07/21 12:0 a.m.149 views

[NT] LBE Web HelpDesk SQL Injection

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

8.5AI score
Exploits0
securityvulns
securityvulns
added 2000/11/08 12:0 a.m.149 views

Filesystem Access + VolanoChat = VChat admin (fwd)

Title: VolanoChatPro stores plain text password in a publicly accessible file. Date: November 4, 2000 Risk: Low. No system privileges are granted. Vendor Site: http://www.volano.com ================================================= VolanoChatPro, a widely used chat server on the Internet, allows...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/08/18 12:0 a.m.149 views

Htgrep CGI Arbitrary File Viewing Vulnerability

Software: Htgrep URL: http://www.iam.unibe.ch/scg/Src/Doc/ Version: All Versions Platforms: Unix maybe Winnt? Author status: Notified Summary: Any remote user can view arbitrary files on the system with the privileges of the web user Vulnerability: The CGI allows a user to specify a header and...

Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.148 views

APPLE-SA-2015-09-16-1 iOS 9

APPLE-SA-2015-09-16-1 iOS 9 iOS 9 is now available and addresses the following: Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log...

10CVSS0.1AI score0.2447EPSS
Exploits6
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.148 views

[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)

Hi, tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE. SysAid have informed me they all have been fixed in 15.2, but no re-test was performed. Full advisory below, and a copy can be obtained at 1. 5 Metasploit modules have been released and currently awaiting merge in the moderati...

8.5CVSS8AI score0.86643EPSS
Exploits28
securityvulns
securityvulns
added 2014/12/23 12:0 a.m.148 views

[SECURITY] [DSA 3109-1] firebird2.5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3109-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 21, 2014 http://www.debian.org/security/faq -...

5CVSS1.8AI score0.02896EPSS
Exploits1
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.148 views

CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages

Vulnerability title: Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages CVE: CVE-2014-3445 Vendor: HandsomeWeb Product: SOS Webpages Affected version: 1.1.11 and earlier Fixed version: 1.1.12 Reported by: Freakyclown Details: The default setup allows an unauthenticated use...

9.8AI score0.05345EPSS
Exploits2
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.148 views

Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti

Deutsche Telekom CERT Advisory DTC-A-20140324-001 Summary: Three vulnerabilities were found in cacti version 0.8.7g. The vulnerabilities are: 1 Stored Cross-Site Scripting XSS via URL 2 Missing CSRF Cross-Site Request Forgery token allows execution of arbitrary commands 3 The use of exec-like...

6.8CVSS0.3AI score0.03514EPSS
Exploits4
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.148 views

Joomla! VirtueMart component <= 2.0.22a - SQL Injection

------------------------------------------------------------ Joomla! VirtueMart component = 2.0.22a - SQL Injection ------------------------------------------------------------ == Description == - Software link: http://www.virtuemart.net/ - Affected versions: All versions between 2.0.8 and 2.0.22...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.148 views

Tftpd32 DNS Server Denial Of Service Vulnerability

Title: Tftpd32 DNS Server Denial Of Service Vulnerability Software : Tftpd32 Software Version : v4.00 Vendor: http://tftpd32.jounin.net/ Vulnerability Published : 2012-05-26 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P Bug Description : Tftpd32 ...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.148 views

appRain CMF v0.1.5 - Multiple Web Vulnerabilities

Title: ====== appRain CMF v0.1.5 - Multiple Web Vulnerabilities Date: ===== 2011-12-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=362 VL-ID: ===== 362 Introduction: ============= appRain is one of the first officially released Opensource Content Management Framewor...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2011/11/21 12:0 a.m.148 views

[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057508 Version: 2 HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information NOTICE: The information in...

5CVSS0.4AI score0.79415EPSS
Exploits28
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.148 views

[ONSEC-09-010] Undersky CMS SQL injection

ONSEC-09-010 Undersky CMS SQL injection Цель: Undersky CMS http://www.undersky.ru Тип: SQL инъекция Угроза: Высокая Дата обнаружения: 03.07.2009 Дата оповещения разработчика: 03.07.2009 Дата выхода исправления: 05.07.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описани...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/04/29 12:0 a.m.148 views

Reporting new vulnerabilities

Hi SecurityVulns team, I write to report three vulnerabilities that I found in the last version of Aardvark Topsites PHP5.2.1 and older versions. The cause of all of them is the incorrect verification of input parameters. Here are the vulnerabilities: ================== HTML Injection up to 5.2.0...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2008/03/10 12:0 a.m.148 views

VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

!/usr/bin/php -q ?php This file requires the PhpSploit class. If you want to use this class, the latest version can be downloaded from acid-root.new.fr. errorreportingEALL ^ ENOTICE; require'phpsploitclass.php'; darkfig@darky:/ ./vhcssploit.php -url http://localhost/vhcs2/ VHCS = 2.4.7.1...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.148 views

SQL-injection, XSS in OSSIM (Open Source Security Information Management)

Application: OSSIM http://www.ossim.net Version: 0.9.9rc5 Note: it is possible that the problem affects also earlier OSSIM versions Platforms: Linux Bug: SQL injection, Cross Site Scripting Exploitation: remote Date: 21 Feb 2008 Author: Marcin Kopec E-mail: marcindotkopecathotmaildotcom...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/11/14 12:0 a.m.148 views

Aria-Security.Net: MetaCart SQL Injection

Aria-Security Team, http://Aria-Security.net ------------------------------- Shout Outs: AurA, imm02tal Vendor: http://metalinks.com/ http://site.ltd/metacartpath/productsByCategory.asp?intCatalogID='SQL INJECTION Regards, The-0utl4w Credits Goes To Aria-Security.Net...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/06/27 12:0 a.m.148 views

[Full-disclosure] PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability

Source: http://securityreason.com/achievementsecurityalert/45 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.3 PHP 4.4.7, htaccess safemode and openbasedir Bypass Vulnerability Author: Maksymilian Arciemowicz cXIb8O3 SecurityReason Date: - - Written: 10.02.2007 - - Public: 27.06.2007...

6.8CVSS8.6AI score0.05331EPSS
Exploits2
securityvulns
securityvulns
added 2006/01/16 12:0 a.m.148 views

[SA18473] RedKernel Referrer Tracker "rkrt_stats.php" Cross-Site Scripting

TITLE: RedKernel Referrer Tracker "rkrtstats.php" Cross-Site Scripting SECUNIA ADVISORY ID: SA18473 VERIFY ADVISORY: http://secunia.com/advisories/18473/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: RedKernel Referrer Tracker 1.x http://secunia.com/product/682...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/09/09 12:0 a.m.148 views

DC++ and its mods remote DoS in bzip2 decompression routine

DC++ and its mods remote DoS in bzip2 decompression routine Critical Security research: http://www.critical.lt Original advisory may be found: http://www.critical.lt/?vulnerabilities/22 PoC file may be found here: http://www.critical.lt/research/dc.zip Vulnerable product: DC++ and its mods all...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/07/06 12:0 a.m.148 views

Security Advisory: FreeBSD-SA-00:24.libedit

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:24 Security Advisory FreeBSD, Inc. Topic: libedit reads config file from current directory Category: core Module: libedit Announced: 2000-07-05 Affects: All versions of...

0.2AI score
Exploits0
Total number of security vulnerabilities5000