Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2015/07/20 12:0 a.m.149 views

15 TOTOLINK router models vulnerable to multiple RCEs

Hash: SHA512 Advisory Information Title: 15 TOTOLINK router models vulnerable to multiple RCEs Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt Blog URL: https://pierrekim.github.io/blog/2015-07-16-15-TOTOLINK-products-vulnerable-to-multiple-RCEs.html Date published:...

7.5CVSS0.84292EPSS
Exploits6
securityvulns
securityvulns
added 2014/12/23 12:0 a.m.149 views

[SECURITY] [DSA 3109-1] firebird2.5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3109-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 21, 2014 http://www.debian.org/security/faq -...

5CVSS1.8AI score0.02896EPSS
Exploits1
securityvulns
securityvulns
added 2014/11/03 12:0 a.m.149 views

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

Quarterly update covers 138 different vulnerabilities...

10CVSS3.1AI score0.96121EPSS
Exploits25References3Affected Software34
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.149 views

[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

CVE-2014-0096 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The default servlet allows web applications to define at multiple leve...

4.3CVSS8AI score0.06905EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.149 views

Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities

Title: ====== Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities Date: ===== 2013-07-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=791 VL-ID: ===== 791 Common Vulnerability Scoring System: ==================================== 3.5 Introduction:...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.149 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.19191EPSS
Exploits3References3Affected Software4
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.149 views

Tftpd32 DNS Server Denial Of Service Vulnerability

Title: Tftpd32 DNS Server Denial Of Service Vulnerability Software : Tftpd32 Software Version : v4.00 Vendor: http://tftpd32.jounin.net/ Vulnerability Published : 2012-05-26 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P Bug Description : Tftpd32 ...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/11/21 12:0 a.m.149 views

[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057508 Version: 2 HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information NOTICE: The information in...

5CVSS0.4AI score0.79415EPSS
Exploits28
securityvulns
securityvulns
added 2010/04/14 12:0 a.m.149 views

CVE-2009-4510: TANDBERG VCS Static SSH Host Keys

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Static SSH Host Keys Release Date:...

8.5CVSS0.5AI score0.02148EPSS
Exploits0
securityvulns
securityvulns
added 2008/07/09 12:0 a.m.149 views

Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege 941203 Published: July 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately disclosed vulnerabilities. The more serious of...

9CVSS1.2AI score0.61927EPSS
Exploits1
securityvulns
securityvulns
added 2008/03/28 12:0 a.m.149 views

CISCO routers IOS multiple security vulnerabilities

MVPN information leak, UDP DoS, multiple VPDN and DLSw DoS, multiple OSPF and MPLS vulnerabilities...

7.8CVSS1.9AI score0.05584EPSS
Exploits5References6Affected Software1
securityvulns
securityvulns
added 2008/03/10 12:0 a.m.149 views

VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

!/usr/bin/php -q ?php This file requires the PhpSploit class. If you want to use this class, the latest version can be downloaded from acid-root.new.fr. errorreportingEALL ^ ENOTICE; require'phpsploitclass.php'; darkfig@darky:/ ./vhcssploit.php -url http://localhost/vhcs2/ VHCS = 2.4.7.1...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.149 views

SQL-injection, XSS in OSSIM (Open Source Security Information Management)

Application: OSSIM http://www.ossim.net Version: 0.9.9rc5 Note: it is possible that the problem affects also earlier OSSIM versions Platforms: Linux Bug: SQL injection, Cross Site Scripting Exploitation: remote Date: 21 Feb 2008 Author: Marcin Kopec E-mail: marcindotkopecathotmaildotcom...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/01/15 12:0 a.m.149 views

F5 BIG-IP Web Management List Search XSS

F5 BIG-IP Web Management List Search XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a cross-site scripting vulnerability in the Search function present on several list-like pages. Parameter SearchString is not sanitized before it gets...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/12/13 12:0 a.m.149 views

iDefense Security Advisory 12.11.07: Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability

iDefense Security Advisory 12.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 11, 2007 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. and included as part of Microsoft Windows since 1995. The setExpression method is commonly used to assign...

9.3CVSS6.3AI score0.35508EPSS
Exploits1
securityvulns
securityvulns
added 2007/04/01 12:0 a.m.149 views

Remot File Include In Aardvark Topsites PHP 5

By Hasadya Raed Contact : [email protected] Israel ---------------------------------------- Script : Aardvark Topsites PHP 5 Dork : "Copyright c 2003-2005 Jeremy Scheff. All rights reserved" --------------------------------------- B.Files : settingssql.php newday.php...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/01/16 12:0 a.m.149 views

[SA18473] RedKernel Referrer Tracker "rkrt_stats.php" Cross-Site Scripting

TITLE: RedKernel Referrer Tracker "rkrtstats.php" Cross-Site Scripting SECUNIA ADVISORY ID: SA18473 VERIFY ADVISORY: http://secunia.com/advisories/18473/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: RedKernel Referrer Tracker 1.x http://secunia.com/product/682...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/09/09 12:0 a.m.149 views

DC++ and its mods remote DoS in bzip2 decompression routine

DC++ and its mods remote DoS in bzip2 decompression routine Critical Security research: http://www.critical.lt Original advisory may be found: http://www.critical.lt/?vulnerabilities/22 PoC file may be found here: http://www.critical.lt/research/dc.zip Vulnerable product: DC++ and its mods all...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/11/08 12:0 a.m.149 views

Filesystem Access + VolanoChat = VChat admin (fwd)

Title: VolanoChatPro stores plain text password in a publicly accessible file. Date: November 4, 2000 Risk: Low. No system privileges are granted. Vendor Site: http://www.volano.com ================================================= VolanoChatPro, a widely used chat server on the Internet, allows...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/08/18 12:0 a.m.149 views

Htgrep CGI Arbitrary File Viewing Vulnerability

Software: Htgrep URL: http://www.iam.unibe.ch/scg/Src/Doc/ Version: All Versions Platforms: Unix maybe Winnt? Author status: Notified Summary: Any remote user can view arbitrary files on the system with the privileges of the web user Vulnerability: The CGI allows a user to specify a header and...

Exploits0
securityvulns
securityvulns
added 2000/04/14 12:0 a.m.149 views

BizDB Search Script Enables Shell Command Execution at the Server

BizDB Search Script Enables Shell Command Execution at the Server Perfecto's Black Watch Labs Security Advisory 00-04 April 7th, 2000 Name: BizDB Search Script Enables Shell Command Execution at the Server Black Watch Labs ID: BWL-00-04 Date Released: April 7th, 2000 Category: ApplicationHTML:...

7AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.148 views

APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002

APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 Mac EFI Security Update 2015-002 is now available and addresses the following: EFI Available for: OS X Mavericks v10.9.5 Impact: An attacker can exercise unused EFI functions Description: An issue existed with EFI argument handling. This was...

7.5CVSS8.9AI score0.01838EPSS
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.148 views

[SYSS-2015-032] Broken Authentication and Session Management (CWE-930) in Page2Flip Premium App 2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-032 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Broken Authentication...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.148 views

[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)

Hi, tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE. SysAid have informed me they all have been fixed in 15.2, but no re-test was performed. Full advisory below, and a copy can be obtained at 1. 5 Metasploit modules have been released and currently awaiting merge in the moderati...

8.5CVSS8AI score0.86643EPSS
Exploits28
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.148 views

Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280

Information ------------ Advisory by Netsparker. Name: XSS Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Cross-site Scripting Severity : Critical CVE-ID: CVE-2014-6280 Netsparker Advisory...

4.3CVSS7.2AI score0.01892EPSS
Exploits2
securityvulns
securityvulns
added 2014/06/17 12:0 a.m.148 views

[oss-security] CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE

Hi All I have raised this twice with [email protected], on 30 April and June 3. I have received no response either time, therefore I am raising it on oss-security. CVE-2014-0114 describes a well-known issue in Apache Struts 1: "It was found that the Struts 1 ActionForm object allowed access to...

7.5CVSS7.8AI score0.96121EPSS
Exploits4
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.148 views

CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages

Vulnerability title: Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages CVE: CVE-2014-3445 Vendor: HandsomeWeb Product: SOS Webpages Affected version: 1.1.11 and earlier Fixed version: 1.1.12 Reported by: Freakyclown Details: The default setup allows an unauthenticated use...

9.8AI score0.05345EPSS
Exploits2
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.148 views

Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti

Deutsche Telekom CERT Advisory DTC-A-20140324-001 Summary: Three vulnerabilities were found in cacti version 0.8.7g. The vulnerabilities are: 1 Stored Cross-Site Scripting XSS via URL 2 Missing CSRF Cross-Site Request Forgery token allows execution of arbitrary commands 3 The use of exec-like...

6.8CVSS0.3AI score0.03543EPSS
Exploits4
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.148 views

Joomla! VirtueMart component <= 2.0.22a - SQL Injection

------------------------------------------------------------ Joomla! VirtueMart component = 2.0.22a - SQL Injection ------------------------------------------------------------ == Description == - Software link: http://www.virtuemart.net/ - Affected versions: All versions between 2.0.8 and 2.0.22...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.148 views

Multiple vulnerabilities in LogAnalyzer

Advisory ID: CSA-12005 Title: Multiple vulnerabilities in LogAnalyzer Product: LogAnalyzer Version: 3.4.2 and probably prior Vendor: adiscon.com Vulnerability type: SQL injection, XSS, Arbitrary File Read Risk level: 2 / 3 Credit: www.codseq.it CVE: Vendor notification: 2012-05-21 Public...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.148 views

appRain CMF v0.1.5 - Multiple Web Vulnerabilities

Title: ====== appRain CMF v0.1.5 - Multiple Web Vulnerabilities Date: ===== 2011-12-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=362 VL-ID: ===== 362 Introduction: ============= appRain is one of the first officially released Opensource Content Management Framewor...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2011/10/01 12:0 a.m.148 views

NGS00109 Patch Notification: ImpressPages CMS Remote code execution

High Risk Vulnerability in ImpressPages CMS 27 September 2011 David Middlehurst of NGS Secure has discovered a High risk vulnerability in ImpressPages CMS v1.0.12. Impact: Remote code execution Please update all instances of Impress Pages to the 1.0.13 release:...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2011/03/10 12:0 a.m.148 views

OpenSLP / VMWare ESX/ESXi SLPD DoS

CPU exhaustion vulnerability...

5CVSS1.8AI score0.17223EPSS
Exploits1References1Affected Software2
securityvulns
securityvulns
added 2011/01/26 12:0 a.m.149 views

[DSECRG-00153] Oracle Document Capture Actbar2.ocx - insecure method

ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-00153 Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: insecure method, File overwriting Exploits: YES Reported: 22.03.2010 Vendor response:...

9.3CVSS5.6AI score0.11818EPSS
Exploits10
securityvulns
securityvulns
added 2009/12/15 12:0 a.m.148 views

Oracle applications multiple security vulnerabilities

Oracle Critical Patch Update fixes 40 of different vulnerabilities in all Oracle applications...

10CVSS2.4AI score0.61309EPSS
Exploits45References24Affected Software7
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.148 views

[ONSEC-09-010] Undersky CMS SQL injection

ONSEC-09-010 Undersky CMS SQL injection Цель: Undersky CMS http://www.undersky.ru Тип: SQL инъекция Угроза: Высокая Дата обнаружения: 03.07.2009 Дата оповещения разработчика: 03.07.2009 Дата выхода исправления: 05.07.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описани...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/04/29 12:0 a.m.148 views

Reporting new vulnerabilities

Hi SecurityVulns team, I write to report three vulnerabilities that I found in the last version of Aardvark Topsites PHP5.2.1 and older versions. The cause of all of them is the incorrect verification of input parameters. Here are the vulnerabilities: ================== HTML Injection up to 5.2.0...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2007/11/14 12:0 a.m.148 views

Aria-Security.Net: MetaCart SQL Injection

Aria-Security Team, http://Aria-Security.net ------------------------------- Shout Outs: AurA, imm02tal Vendor: http://metalinks.com/ http://site.ltd/metacartpath/productsByCategory.asp?intCatalogID='SQL INJECTION Regards, The-0utl4w Credits Goes To Aria-Security.Net...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/11/14 12:0 a.m.148 views

Microsoft Security Bulletin MS07-061 – Critical Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

Microsoft Security Bulletin MS07-061 – Critical Vulnerability in Windows URI Handling Could Allow Remote Code Execution 943460 Published: November 13, 2007 Version: 1.0 General Information Executive Summary This update resolves a publicly reported vulnerability. A remote code execution...

9.3CVSS1.4AI score0.53831EPSS
Exploits7
securityvulns
securityvulns
added 2006/02/16 12:0 a.m.148 views

XMB Forums Multiple Vulnerabilities

GulfTech Security Research February 12, 2006 Vendor : XMB Software URL : http://www.xmbforum.com/ Version : XMB Forums = 1.9.3 Risk : Multiple Vulnerabilities Description: XMB Forums is a popular forum software written in php and mysql that allows you to open up your own online community or...

Exploits0
securityvulns
securityvulns
added 2000/07/06 12:0 a.m.148 views

Security Advisory: FreeBSD-SA-00:24.libedit

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:24 Security Advisory FreeBSD, Inc. Topic: libedit reads config file from current directory Category: core Module: libedit Announced: 2000-07-05 Affects: All versions of...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/04/07 12:0 a.m.148 views

PcAnywhere weak password encryption

PcAnywhere weak password encryption ---- Discussion ---- PcAnywhere 9.0.0 set to its default security value uses a trivial encryption method so user names and password are not sent directly in clear. Since most users have the encryption methods set to either "none" or "PcAnyWhere", their password...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2015/07/27 12:0 a.m.147 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.20829EPSS
Exploits25References17Affected Software11
securityvulns
securityvulns
added 2015/07/19 12:0 a.m.147 views

Adobe Flash Player multiple security vulnerabilities

Multiple memory corruptions, buffer overflows, information disclosure...

10CVSS2.1AI score0.99344EPSS
Exploits11Affected Software1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.147 views

Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk

Deutsche Telekom CERT Advisory DTC-A-20140324-002 update140328 Summary: Several vulnerabilities were found in checkmk version 1.2.2p2. Update to original advisory: Corrected: vulnerability 5 and 6 not 4 and 5 are currently not fixed. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS...

8.5CVSS0.1AI score0.02068EPSS
Exploits4
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.147 views

pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities

Document Title: =============== pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1130 Release Date: ============= 2013-11-01 Vulnerability Laboratory ID VL-ID:...

Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.147 views

Path Traversal in DeWeS Web Server (Twilight CMS)

Advisory ID: HTB23167 Product: DeWeS web server Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 0.4.2 and probably prior Tested Version: 0.4.2 Vendor Notification: July 24, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Path Traversal CWE-22 CVE Reference:...

5CVSS0.04111EPSS
Exploits5
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.147 views

Sitecom WLM-3500 backdoor accounts

Sitecom WLM-3500 backdoor accounts ================================== ADVISORY INFORMATION Title: Sitecom WLM-3500 backdoor accounts Discovery date: 24/03/2013 Release date: 16/04/2013 Credits: Roberto Paleari [email protected], @rpaleari Advisory URL:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.147 views

CSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino

Hello 3APA3A! These are Cross-Site Request Forgery, Cross-Site Scripting and Redirector vulnerabilities in IBM Lotus Domino. At 30th of November IBM released the advisory concerning these vulnerabilities. CVE ID: CVE-2012-4842, CVE-2012-4844. SecurityVulns ID: 12789. IBM Security Bulletin for Ope...

5.8CVSS0.2AI score0.01045EPSS
Exploits1
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.147 views

SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin

Advisory ID: HTB23140 Product: Wysija Newsletters WordPress plugin Vendor: Wysija Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Vendor Notification: January 16, 2013 Vendor Patch: January 18, 2013 Public Disclosure: February 6, 2013 Vulnerability Type: SQL Injection CWE-89 CVE...

6.5CVSS0.3AI score0.04314EPSS
Exploits4
Total number of security vulnerabilities5000