Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2008/03/09 12:0 a.m.150 views

Horde Webmail file inclusion proof of concept & patch.

Horde 3.1.6 arbitrary file inclusion vulnerability, proof of concept & patch. A severe security vulnerability affects any unix distribution running version 3.1.6 of the Horde webmail client included in most popular webhosting control panels. All previous versions are also affected and it is...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/02/13 12:0 a.m.150 views

Cacti 0.8.7a Multiple Vulnerabilities

Cacti 0.8.7a Multiple Vulnerabilities Name Multiple Vulnerabilities in Cacti Systems Affected Cacti 0.8.7a and possibly earlier versions Severity High Impact CVSSv2 High 9/10, vector: AV:N/AC:L/Au:N/C:C/I:P/A:P Vendor http://www.cacti.net/ Advisory...

Exploits0
securityvulns
securityvulns
added 2007/09/22 12:0 a.m.150 views

ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage

ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage http://www.zerodayinitiative.com/advisories/ZDI-07-053.html September 20, 2007 -- CVE ID: CVE-2007-4991 -- Affected Vendor: Microsoft -- Affected Products: ISA Server 2004 SP1 ISA Server 2004 SP2 -- TippingPointTM IPS Customer...

5CVSS0.5AI score0.16148EPSS
Exploits0
securityvulns
securityvulns
added 2006/02/07 12:0 a.m.150 views

PeopleSoft (Oracle) PSCipher Encryption Weakness

Vendor: PeopleSoft Product: People Tools Version: 8.4x Platform: Multi-platform Title: Weak Encryption Description: PeopleSoft uses PSCipher for encryption/hashing purposes. Based on observations from the output of PSCipher and on our familiarity with the cryptographic library objects and methods...

7AI score
Exploits0
securityvulns
securityvulns
added 2003/06/09 12:0 a.m.150 views

Etherleak information leak in Windows Server 2003 drivers

NGSSoftware Insight Security Research Advisory Name: Etherleak information leak in Windows Server 2003 drivers Systems Affected: Windows Server 2003 all versions Severity: Low/Medium Risk Vendor URL: http://www.microsoft.com/windowsserver2003/ Author: Chris Paget [email protected] Date: 9th...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2003/06/03 12:0 a.m.150 views

Mod_gzip Debug Mode Vulnerabilities

Multiple Vulnerabilities in modgzip Debugging Routines I. Synopsis Affected Systems: modgzip 1.3.26.1a and prior Risk: Development: High Production: Minimal Developer URL: http://www.sourceforge.net/projects/mod-gzip Status: Vendor is not supporting project at this time. II. Product Description...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2001/10/06 12:0 a.m.150 views

Progress Database vulnerabilities

strcpy and pstcopy dbutpstcopy are BAD!@@!$! you need to make use of strncpy or invent pstncopy This is straight from the unix man pages for strcpy NAME strcpy, strncpy - copy a string SYNOPSIS include string.h char strcpychar dest, const char src; BUGS If the destination string of a strcpy is no...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2001/05/19 12:0 a.m.150 views

ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS

=== Alliance Security Labs === === ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS === Advisory ID: ASLabs-2001-01 Vendor: eEye http://www.eEye.com Product: SecureIIS http://www.eeye.com/html/Products/SecureIIS/index.html Versions: v1.0.2 latest available - probably relevant for 1.0....

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/07/26 12:0 a.m.150 views

AnalogX Proxy DoS

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory AnalogX Proxy DoS ---------------------------------------------------------------------- FS Advisory ID: FS-072500-7-ANA.txt Release Date: July 25, 2000 Product: Proxy Vendor: AnalogX http://www.analogx.com...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.149 views

Sqlbuddy Path Traversal Vulnerability

Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.sqlbuddy.com Version: 1.3.3 SQL Buddy is an open source web based MySQL administration application. Advisory Information: ================== sqlbuddy suffers from directory traversal whereby a user can mov...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.149 views

CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS

Vulnerability title: Unauthenticated Blind SQL Injection in BSS Continuity CMS CVE: CVE-2014-3446 Vendor: BSS Product: Continuity CMS Affected version: 4.2.22640.0 Fixed version: N/A Reported by: Jerzy Kramarz Details: he following URL and parameters have been confirmed to suffer from Blind SQL...

7.5CVSS7.4AI score0.0126EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.149 views

[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

CVE-2014-0096 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The default servlet allows web applications to define at multiple leve...

4.3CVSS8AI score0.06905EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.149 views

Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities

Title: ====== Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=443 VL-ID: ===== 443 Introduction: ============= The Enterasys C5 is a scalable, high-performance Gigabit Ethernet switch...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/02/16 12:0 a.m.149 views

Security update available for Adobe Shockwave Player

Security update available for Adobe Shockwave Player Release date: February 14, 2012 Vulnerability identifier: APSB12-02 CVE number: CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766 Platform: Windows and Macintos...

10CVSS3.1AI score0.06012EPSS
Exploits1
securityvulns
securityvulns
added 2008/12/09 12:0 a.m.149 views

PHP proc_open() safe_mode bypass

It's possible to execute any code from shared library via procopen...

3.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2008/02/29 12:0 a.m.149 views

123 Flash Chat Module for phpBB

Script : 123 Flash Chat Module for phpBB Discovered By : F10 Contact : [email protected] Site : http://by-f10.com Greetz : byemR3 , H0tturk , TaRanTuLa , gsy , ercu145 , LupuS , m0sted , CyberGhost ... . From : Turkey Download : http://php.arsivimiz.com/indir.php?ID=996&sIslem=Indir The bugs are ...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/02/05 12:0 a.m.149 views

dvddb-0.6 media remote file include vuln.

Title : dvddb-0.6 media remote file include vuln. Author : Blaster Download : http://globalmegacorp.org/dvddb/dvddb-0.6.zip Contact : [email protected] Vuln Code: require$config /"themes"; ExpLoit : http://target/path/inc/common.php?config=attacker GreetZ: BLaCKWHITE, HackerBox.Eu...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2006/09/28 12:0 a.m.149 views

net2ftp: a web based FTP client :) <= Remote File Inclusion

+-------------------------------------------------------------------- + + net2ftp: a web based FTP client : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: net2ftp: a web based FTP client + Venedor ...........:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/04/17 12:0 a.m.149 views

Уязвимость в Денвере-2: XSS

Здравствуйте, vuln. Найдена уязвимость типа XSS в пакете для web-разработчика Денвер-2 http://www.denwer.ru/ Пример: www.site.ru/scriptalert'XSS!'/script появится страница с сообщением об ошибке 403 и выполнится скрипт Уязвимость возможна из-за ошибки в файле, появляющемся при ошибке 403. Его...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2004/07/21 12:0 a.m.149 views

[NT] LBE Web HelpDesk SQL Injection

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

8.5AI score
Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.148 views

APPLE-SA-2015-09-16-1 iOS 9

APPLE-SA-2015-09-16-1 iOS 9 iOS 9 is now available and addresses the following: Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log...

10CVSS0.1AI score0.2447EPSS
Exploits6
securityvulns
securityvulns
added 2015/07/20 12:0 a.m.148 views

15 TOTOLINK router models vulnerable to multiple RCEs

Hash: SHA512 Advisory Information Title: 15 TOTOLINK router models vulnerable to multiple RCEs Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt Blog URL: https://pierrekim.github.io/blog/2015-07-16-15-TOTOLINK-products-vulnerable-to-multiple-RCEs.html Date published:...

7.5CVSS0.84292EPSS
Exploits6
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.148 views

[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)

Hi, tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE. SysAid have informed me they all have been fixed in 15.2, but no re-test was performed. Full advisory below, and a copy can be obtained at 1. 5 Metasploit modules have been released and currently awaiting merge in the moderati...

8.5CVSS8AI score0.86643EPSS
Exploits28
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.148 views

CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages

Vulnerability title: Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages CVE: CVE-2014-3445 Vendor: HandsomeWeb Product: SOS Webpages Affected version: 1.1.11 and earlier Fixed version: 1.1.12 Reported by: Freakyclown Details: The default setup allows an unauthenticated use...

9.8AI score0.05345EPSS
Exploits2
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.148 views

Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti

Deutsche Telekom CERT Advisory DTC-A-20140324-001 Summary: Three vulnerabilities were found in cacti version 0.8.7g. The vulnerabilities are: 1 Stored Cross-Site Scripting XSS via URL 2 Missing CSRF Cross-Site Request Forgery token allows execution of arbitrary commands 3 The use of exec-like...

6.8CVSS0.3AI score0.03514EPSS
Exploits4
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.148 views

Joomla! VirtueMart component <= 2.0.22a - SQL Injection

------------------------------------------------------------ Joomla! VirtueMart component = 2.0.22a - SQL Injection ------------------------------------------------------------ == Description == - Software link: http://www.virtuemart.net/ - Affected versions: All versions between 2.0.8 and 2.0.22...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.148 views

Tftpd32 DNS Server Denial Of Service Vulnerability

Title: Tftpd32 DNS Server Denial Of Service Vulnerability Software : Tftpd32 Software Version : v4.00 Vendor: http://tftpd32.jounin.net/ Vulnerability Published : 2012-05-26 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P Bug Description : Tftpd32 ...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/11/21 12:0 a.m.148 views

[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057508 Version: 2 HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information NOTICE: The information in...

5CVSS0.4AI score0.79415EPSS
Exploits28
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.148 views

HP Network Node Manager i information leakage

No description provided...

6.5CVSS0.8AI score0.79415EPSS
Exploits29References5Affected Software1
securityvulns
securityvulns
added 2011/04/05 12:0 a.m.148 views

HTB22913: Multiple CSRF (Cross-Site Request Forgery) in UseBB

Vulnerability ID: HTB22913 Reference: http://www.htbridge.ch/advisory/multiplecsrfcrosssiterequestforgeryinusebb.html Product: UseBB Vendor: UseBB http://www.usebb.net/ Vulnerable Version: 1.0.11 Vendor Notification: 22 March 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Lo...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2010/11/18 12:0 a.m.148 views

AWCM v2.2 Auth Bypass Vulnerabilities

AWCM v2.2 Auth Bypass Vulnerabilities / / / / L /' / , / / /' , / /' /' / /' / / / / / / L / / / // // // ///////////L // ////// // //...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/05/20 12:0 a.m.148 views

[security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02171256 Version: 1 HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of...

5.8CVSS0.5AI score0.87264EPSS
Exploits14
securityvulns
securityvulns
added 2009/04/29 12:0 a.m.148 views

Reporting new vulnerabilities

Hi SecurityVulns team, I write to report three vulnerabilities that I found in the last version of Aardvark Topsites PHP5.2.1 and older versions. The cause of all of them is the incorrect verification of input parameters. Here are the vulnerabilities: ================== HTML Injection up to 5.2.0...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2008/07/09 12:0 a.m.148 views

Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege 941203 Published: July 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately disclosed vulnerabilities. The more serious of...

9CVSS1.2AI score0.61927EPSS
Exploits1
securityvulns
securityvulns
added 2008/03/10 12:0 a.m.148 views

VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

!/usr/bin/php -q ?php This file requires the PhpSploit class. If you want to use this class, the latest version can be downloaded from acid-root.new.fr. errorreportingEALL ^ ENOTICE; require'phpsploitclass.php'; darkfig@darky:/ ./vhcssploit.php -url http://localhost/vhcs2/ VHCS = 2.4.7.1...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.148 views

SQL-injection, XSS in OSSIM (Open Source Security Information Management)

Application: OSSIM http://www.ossim.net Version: 0.9.9rc5 Note: it is possible that the problem affects also earlier OSSIM versions Platforms: Linux Bug: SQL injection, Cross Site Scripting Exploitation: remote Date: 21 Feb 2008 Author: Marcin Kopec E-mail: marcindotkopecathotmaildotcom...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/01/03 12:0 a.m.148 views

XSS Vulnerabilities in Common Shockwave Flash Files

Hi. Recently, there has been news regarding Flash authoring tools and XSS, but the articles contained little technical information. So, I created a detailed report at: http://docs.google.com/Doc?docid=ajfxntc4dmsq14dt57ssdw An abbreviated version intended for full-disclosure, bugtraq, and...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/08/21 12:0 a.m.148 views

Cisco 7940 SIP IPPhones DoS

A sequence of malformed SIP requests causes device to crash...

2.4AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2007/06/27 12:0 a.m.148 views

[Full-disclosure] PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability

Source: http://securityreason.com/achievementsecurityalert/45 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.3 PHP 4.4.7, htaccess safemode and openbasedir Bypass Vulnerability Author: Maksymilian Arciemowicz cXIb8O3 SecurityReason Date: - - Written: 10.02.2007 - - Public: 27.06.2007...

6.8CVSS8.6AI score0.05331EPSS
Exploits2
securityvulns
securityvulns
added 2007/04/01 12:0 a.m.148 views

Remot File Include In Aardvark Topsites PHP 5

By Hasadya Raed Contact : [email protected] Israel ---------------------------------------- Script : Aardvark Topsites PHP 5 Dork : "Copyright c 2003-2005 Jeremy Scheff. All rights reserved" --------------------------------------- B.Files : settingssql.php newday.php...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/01/16 12:0 a.m.148 views

[SA18473] RedKernel Referrer Tracker "rkrt_stats.php" Cross-Site Scripting

TITLE: RedKernel Referrer Tracker "rkrtstats.php" Cross-Site Scripting SECUNIA ADVISORY ID: SA18473 VERIFY ADVISORY: http://secunia.com/advisories/18473/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: RedKernel Referrer Tracker 1.x http://secunia.com/product/682...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/09/09 12:0 a.m.148 views

DC++ and its mods remote DoS in bzip2 decompression routine

DC++ and its mods remote DoS in bzip2 decompression routine Critical Security research: http://www.critical.lt Original advisory may be found: http://www.critical.lt/?vulnerabilities/22 PoC file may be found here: http://www.critical.lt/research/dc.zip Vulnerable product: DC++ and its mods all...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/08/18 12:0 a.m.148 views

Htgrep CGI Arbitrary File Viewing Vulnerability

Software: Htgrep URL: http://www.iam.unibe.ch/scg/Src/Doc/ Version: All Versions Platforms: Unix maybe Winnt? Author status: Notified Summary: Any remote user can view arbitrary files on the system with the privileges of the web user Vulnerability: The CGI allows a user to specify a header and...

Exploits0
securityvulns
securityvulns
added 2000/07/06 12:0 a.m.148 views

Security Advisory: FreeBSD-SA-00:24.libedit

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:24 Security Advisory FreeBSD, Inc. Topic: libedit reads config file from current directory Category: core Module: libedit Announced: 2000-07-05 Affects: All versions of...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/12/23 12:0 a.m.147 views

[SECURITY] [DSA 3109-1] firebird2.5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3109-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 21, 2014 http://www.debian.org/security/faq -...

5CVSS1.8AI score0.02896EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.147 views

Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk

Deutsche Telekom CERT Advisory DTC-A-20140324-002 update140328 Summary: Several vulnerabilities were found in checkmk version 1.2.2p2. Update to original advisory: Corrected: vulnerability 5 and 6 not 4 and 5 are currently not fixed. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS...

8.5CVSS0.1AI score0.02068EPSS
Exploits4
securityvulns
securityvulns
added 2013/09/11 12:0 a.m.147 views

Microsoft Office multiple security vulnerabilities

Memory corruption on Outlook S/MIME parsing. Information leakage, multiple memory corruptions...

9.3CVSS3.3AI score0.28702EPSS
Exploits7Affected Software2
securityvulns
securityvulns
added 2013/08/12 12:0 a.m.147 views

HP / 3COM / H3C switches security vulnerabilities

Code execution, information leakage...

10CVSS1.8AI score0.10719EPSS
Exploits0References3
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.147 views

Sitecom WLM-3500 backdoor accounts

Sitecom WLM-3500 backdoor accounts ================================== ADVISORY INFORMATION Title: Sitecom WLM-3500 backdoor accounts Discovery date: 24/03/2013 Release date: 16/04/2013 Credits: Roberto Paleari [email protected], @rpaleari Advisory URL:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.147 views

CSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino

Hello 3APA3A! These are Cross-Site Request Forgery, Cross-Site Scripting and Redirector vulnerabilities in IBM Lotus Domino. At 30th of November IBM released the advisory concerning these vulnerabilities. CVE ID: CVE-2012-4842, CVE-2012-4844. SecurityVulns ID: 12789. IBM Security Bulletin for Ope...

5.8CVSS0.2AI score0.01045EPSS
Exploits1
Total number of security vulnerabilities5000