Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/12/26 12:0 a.m.148 views

appRain CMF v0.1.5 - Multiple Web Vulnerabilities

Title: ====== appRain CMF v0.1.5 - Multiple Web Vulnerabilities Date: ===== 2011-12-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=362 VL-ID: ===== 362 Introduction: ============= appRain is one of the first officially released Opensource Content Management Framewor...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2011/11/21 12:0 a.m.148 views

[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057508 Version: 2 HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information NOTICE: The information in...

5CVSS0.4AI score0.79415EPSS
Exploits28
securityvulns
securityvulns
added 2011/01/26 12:0 a.m.149 views

[DSECRG-00153] Oracle Document Capture Actbar2.ocx - insecure method

ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-00153 Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: insecure method, File overwriting Exploits: YES Reported: 22.03.2010 Vendor response:...

9.3CVSS5.6AI score0.11818EPSS
Exploits10
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.148 views

[ONSEC-09-010] Undersky CMS SQL injection

ONSEC-09-010 Undersky CMS SQL injection Цель: Undersky CMS http://www.undersky.ru Тип: SQL инъекция Угроза: Высокая Дата обнаружения: 03.07.2009 Дата оповещения разработчика: 03.07.2009 Дата выхода исправления: 05.07.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описани...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/04/29 12:0 a.m.148 views

Reporting new vulnerabilities

Hi SecurityVulns team, I write to report three vulnerabilities that I found in the last version of Aardvark Topsites PHP5.2.1 and older versions. The cause of all of them is the incorrect verification of input parameters. Here are the vulnerabilities: ================== HTML Injection up to 5.2.0...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2008/03/10 12:0 a.m.148 views

VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

!/usr/bin/php -q ?php This file requires the PhpSploit class. If you want to use this class, the latest version can be downloaded from acid-root.new.fr. errorreportingEALL ^ ENOTICE; require'phpsploitclass.php'; darkfig@darky:/ ./vhcssploit.php -url http://localhost/vhcs2/ VHCS = 2.4.7.1...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.148 views

SQL-injection, XSS in OSSIM (Open Source Security Information Management)

Application: OSSIM http://www.ossim.net Version: 0.9.9rc5 Note: it is possible that the problem affects also earlier OSSIM versions Platforms: Linux Bug: SQL injection, Cross Site Scripting Exploitation: remote Date: 21 Feb 2008 Author: Marcin Kopec E-mail: marcindotkopecathotmaildotcom...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/11/14 12:0 a.m.148 views

Aria-Security.Net: MetaCart SQL Injection

Aria-Security Team, http://Aria-Security.net ------------------------------- Shout Outs: AurA, imm02tal Vendor: http://metalinks.com/ http://site.ltd/metacartpath/productsByCategory.asp?intCatalogID='SQL INJECTION Regards, The-0utl4w Credits Goes To Aria-Security.Net...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/06/27 12:0 a.m.148 views

[Full-disclosure] PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass Vulnerability

Source: http://securityreason.com/achievementsecurityalert/45 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.3 PHP 4.4.7, htaccess safemode and openbasedir Bypass Vulnerability Author: Maksymilian Arciemowicz cXIb8O3 SecurityReason Date: - - Written: 10.02.2007 - - Public: 27.06.2007...

6.8CVSS8.6AI score0.05331EPSS
Exploits2
securityvulns
securityvulns
added 2006/01/16 12:0 a.m.148 views

[SA18473] RedKernel Referrer Tracker "rkrt_stats.php" Cross-Site Scripting

TITLE: RedKernel Referrer Tracker "rkrtstats.php" Cross-Site Scripting SECUNIA ADVISORY ID: SA18473 VERIFY ADVISORY: http://secunia.com/advisories/18473/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: RedKernel Referrer Tracker 1.x http://secunia.com/product/682...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/09/09 12:0 a.m.148 views

DC++ and its mods remote DoS in bzip2 decompression routine

DC++ and its mods remote DoS in bzip2 decompression routine Critical Security research: http://www.critical.lt Original advisory may be found: http://www.critical.lt/?vulnerabilities/22 PoC file may be found here: http://www.critical.lt/research/dc.zip Vulnerable product: DC++ and its mods all...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/07/06 12:0 a.m.148 views

Security Advisory: FreeBSD-SA-00:24.libedit

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:24 Security Advisory FreeBSD, Inc. Topic: libedit reads config file from current directory Category: core Module: libedit Announced: 2000-07-05 Affects: All versions of...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/05/15 12:0 a.m.147 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

8.5CVSS1.6AI score0.34012EPSS
Exploits25References9Affected Software7
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.147 views

Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk

Deutsche Telekom CERT Advisory DTC-A-20140324-002 update140328 Summary: Several vulnerabilities were found in checkmk version 1.2.2p2. Update to original advisory: Corrected: vulnerability 5 and 6 not 4 and 5 are currently not fixed. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS...

8.5CVSS0.1AI score0.02068EPSS
Exploits4
securityvulns
securityvulns
added 2013/09/11 12:0 a.m.147 views

Microsoft Office multiple security vulnerabilities

Memory corruption on Outlook S/MIME parsing. Information leakage, multiple memory corruptions...

9.3CVSS3.3AI score0.28702EPSS
Exploits7Affected Software2
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.147 views

Path Traversal in DeWeS Web Server (Twilight CMS)

Advisory ID: HTB23167 Product: DeWeS web server Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 0.4.2 and probably prior Tested Version: 0.4.2 Vendor Notification: July 24, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Path Traversal CWE-22 CVE Reference:...

5CVSS0.04111EPSS
Exploits5
securityvulns
securityvulns
added 2013/08/12 12:0 a.m.147 views

HP / 3COM / H3C switches security vulnerabilities

Code execution, information leakage...

10CVSS1.8AI score0.10719EPSS
Exploits0References3
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.147 views

Sitecom WLM-3500 backdoor accounts

Sitecom WLM-3500 backdoor accounts ================================== ADVISORY INFORMATION Title: Sitecom WLM-3500 backdoor accounts Discovery date: 24/03/2013 Release date: 16/04/2013 Credits: Roberto Paleari [email protected], @rpaleari Advisory URL:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.147 views

CSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino

Hello 3APA3A! These are Cross-Site Request Forgery, Cross-Site Scripting and Redirector vulnerabilities in IBM Lotus Domino. At 30th of November IBM released the advisory concerning these vulnerabilities. CVE ID: CVE-2012-4842, CVE-2012-4844. SecurityVulns ID: 12789. IBM Security Bulletin for Ope...

5.8CVSS0.2AI score0.01045EPSS
Exploits1
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.147 views

SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin

Advisory ID: HTB23140 Product: Wysija Newsletters WordPress plugin Vendor: Wysija Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Vendor Notification: January 16, 2013 Vendor Patch: January 18, 2013 Public Disclosure: February 6, 2013 Vulnerability Type: SQL Injection CWE-89 CVE...

6.5CVSS0.3AI score0.04314EPSS
Exploits4
securityvulns
securityvulns
added 2011/10/01 12:0 a.m.147 views

NGS00109 Patch Notification: ImpressPages CMS Remote code execution

High Risk Vulnerability in ImpressPages CMS 27 September 2011 David Middlehurst of NGS Secure has discovered a High risk vulnerability in ImpressPages CMS v1.0.12. Impact: Remote code execution Please update all instances of Impress Pages to the 1.0.13 release:...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.147 views

VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/05/08 12:0 a.m.147 views

HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar

Vulnerability ID: HTB22969 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinvcalendar.html Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level:...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2011/03/10 12:0 a.m.147 views

OpenSLP / VMWare ESX/ESXi SLPD DoS

CPU exhaustion vulnerability...

5CVSS1.8AI score0.17223EPSS
Exploits1References1Affected Software2
securityvulns
securityvulns
added 2010/02/16 12:0 a.m.147 views

Oracle quarterly security update

Approximately 30 vulnerabilities in different applications are fixed...

10CVSS2.6AI score0.72638EPSS
Exploits18References13Affected Software8
securityvulns
securityvulns
added 2010/01/23 12:0 a.m.147 views

[SECURITY] [DSA-1976-1] New dokuwiki packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1976-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano January 22, 2010 http://www.debian.org/security/faq -...

7.5CVSS0.10612EPSS
Exploits0
securityvulns
securityvulns
added 2009/02/16 12:0 a.m.147 views

Cross-site scripting in Samizdat 0.6.1

Software: Samizdat, an open publishing web application written in Ruby Vulnerability: cross-site scripting Vulnerable Versions: 0.6.1 and earlier Non-vulnerable Versions: 0.6.2, Debian package 0.6.1-3lenny1 Patch: http://samizdat.nongnu.org/release-notes/samizdat-0.6.1-xss-escape-title.patch...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2008/01/15 12:0 a.m.147 views

F5 BIG-IP Web Management List Search XSS

F5 BIG-IP Web Management List Search XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a cross-site scripting vulnerability in the Search function present on several list-like pages. Parameter SearchString is not sanitized before it gets...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/11/14 12:0 a.m.147 views

Microsoft Security Bulletin MS07-061 – Critical Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

Microsoft Security Bulletin MS07-061 – Critical Vulnerability in Windows URI Handling Could Allow Remote Code Execution 943460 Published: November 13, 2007 Version: 1.0 General Information Executive Summary This update resolves a publicly reported vulnerability. A remote code execution...

9.3CVSS1.4AI score0.53831EPSS
Exploits7
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.147 views

Mozilla Foundation Security Advisory 2007-21

Mozilla Foundation Security Advisory 2007-21 Title: Privilege escallation using an event handler attached to an element not in the document Impact: Critical Announced: July 17, 2007 Reporter: mozbugra4 Products: Firefox Fixed in: Firefox 2.0.0.5 Description An attecker can use an element outside ...

9.3CVSS1.7AI score0.04618EPSS
Exploits1
securityvulns
securityvulns
added 2006/12/05 12:0 a.m.147 views

[ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS

============================================= INTERNET SECURITY AUDITORS ALERT 2006-007 - Original release date: April 27, 2006 - Last revised: December 1, 2006 - Discovered by: Jesus Olmos Gonzalez - Severity: 2/5 ============================================= I. VULNERABILITY...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/02/16 12:0 a.m.147 views

XMB Forums Multiple Vulnerabilities

GulfTech Security Research February 12, 2006 Vendor : XMB Software URL : http://www.xmbforum.com/ Version : XMB Forums = 1.9.3 Risk : Multiple Vulnerabilities Description: XMB Forums is a popular forum software written in php and mysql that allows you to open up your own online community or...

Exploits0
securityvulns
securityvulns
added 2005/08/12 12:0 a.m.147 views

[Full-disclosure] Fudforum: incompletely check of user rights in tree view gaining access to all messages

Hello, We have found a security problem in the tree view of FUD Forum Bulletin Board Software http://www.fudforum.org in version 2.6.15, earlier versions maybe affected as well. Description: If a user enables tree view of messages he is able to view any message on the system, no matter he has the...

Exploits0
securityvulns
securityvulns
added 2001/05/26 12:0 a.m.147 views

WFTPD 32-bit (X86) 3.00 R5 Directory Traversal / Buffer Overflow / DoS

WFTPD 32-bit X86 3.00 R5 Directory Traversal / Buffer Overflow / DoS AFFECTED SYSTEMS WFTPD 32-bit X86 version 3.00 R5 on Windows 95 / 98 / SE / ME is vulnerable to a directory traversal, all versions of windows are likely to be vulnerable to the buffer overflow / DoS DESCRIPTION 1 Directory...

Exploits0
securityvulns
securityvulns
added 2000/04/11 12:0 a.m.147 views

BeOS syscall bug

Summary: BeOS crashes when system call with invalid parameters is issued. Details: When using direct kernel calls through int 0x25 not libroot.so functions BeOS dies on most system calls with invalid parameters/stack. Allthough Be has registered this bug before R5.0, it is present in R5.0, and is...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2000/04/07 12:0 a.m.147 views

PcAnywhere weak password encryption

PcAnywhere weak password encryption ---- Discussion ---- PcAnywhere 9.0.0 set to its default security value uses a trivial encryption method so user names and password are not sent directly in clear. Since most users have the encryption methods set to either "none" or "PcAnyWhere", their password...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.146 views

Microsoft Windows multiple security vulnerabilities

OLE code execution, Internet Explorer multiple vulnerabilities, Schannel code execution, XML Core Services code execution, TCP/IP privilege escalation, Windows Audio Service privilege escalation, .NET Framework privilege escalation, RDP restrictions bypass, IIS restrictions bypass, IME privilege...

10CVSS3.4AI score0.95988EPSS
Exploits66References2Affected Software1
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.146 views

Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities

Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities Vendor: http://www.sefrengo.org/ Download link: http://forum.sefrengo.org/index.php?showtopic=3368 https://github.com/sefrengo-cms/sefrengo-1.x/tree/22c0d16bfd715631ed317cc99 0785ccede478f07 CVE ID: CVE-2015-1428...

7.5CVSS0.02789EPSS
Exploits5
securityvulns
securityvulns
added 2014/10/17 12:0 a.m.146 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.99974EPSS
Exploits39References27Affected Software16
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.146 views

Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280

Information ------------ Advisory by Netsparker. Name: XSS Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Cross-site Scripting Severity : Critical CVE-ID: CVE-2014-6280 Netsparker Advisory...

4.3CVSS7.2AI score0.01892EPSS
Exploits2
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.146 views

[SECURITY] CVE-2014-0119 Apache Tomcat information disclosure

CVE-2014-0119 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.5 - Apache Tomcat 7.0.0 to 7.0.53 - Apache Tomcat 6.0.0 to 6.0.39 Description: In limited circumstances it was possible for a malicious web applicati...

4.3CVSS8AI score0.07616EPSS
Exploits0
securityvulns
securityvulns
added 2014/04/08 12:0 a.m.146 views

[USN-2164-1] OpenSSH vulnerability

========================================================================== Ubuntu Security Notice USN-2164-1 April 07, 2014 openssh vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5.8CVSS0.01988EPSS
Exploits1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.146 views

pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities

Document Title: =============== pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1130 Release Date: ============= 2013-11-01 Vulnerability Laboratory ID VL-ID:...

Exploits0
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.146 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.19191EPSS
Exploits3References3Affected Software4
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.146 views

[SECURITY] [DSA 2365-1] dtc security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2365-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 18, 2011 http://www.debian.org/security/faq -...

6.5CVSS0.5AI score0.01555EPSS
Exploits0
securityvulns
securityvulns
added 2011/09/09 12:0 a.m.146 views

Abarkam (detail.php?input) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Abarkam detail.php?input AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.abarkam.com/ Persian Gulf 4 Ever! Dork : allinurl:"detail.php?input=" Exploite:...

3AI score
Exploits0
securityvulns
securityvulns
added 2010/07/24 12:0 a.m.146 views

ZDI-10-132: Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability

ZDI-10-132: Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-132 July 20, 2010 -- CVE ID: CVE-2010-1214 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Mozilla Firefox -- Affected...

9.3CVSS0.2AI score0.07585EPSS
Exploits5
securityvulns
securityvulns
added 2010/06/25 12:0 a.m.146 views

Mozilla Foundation Security Advisory 2010-31

Mozilla Foundation Security Advisory 2010-31 Title: focus behavior can be used to inject or steal keystrokes Impact: Moderate Announced: June 22, 2010 Reporter: Michal Zalewski Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 SeaMonkey 2.0.5 Description Google security research...

5.8CVSS9AI score0.02018EPSS
Exploits0
securityvulns
securityvulns
added 2010/04/14 12:0 a.m.146 views

CVE-2009-4510: TANDBERG VCS Static SSH Host Keys

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Static SSH Host Keys Release Date:...

8.5CVSS0.5AI score0.02148EPSS
Exploits0
securityvulns
securityvulns
added 2010/01/05 12:0 a.m.146 views

n.player buffer overflow

Buffer overflow on skin file parsing...

4.7AI score
Exploits0References1
Total number of security vulnerabilities5000