Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2007/05/14 12:0 a.m.144 views

[Full-disclosure] MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory 17 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities Description: MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. Full control over your discussion system is presented right at the tip of your fingers, from multiple styles...

5CVSS6.4AI score0.01618EPSS
Exploits1
securityvulns
securityvulns
added 2007/04/08 12:0 a.m.144 views

MOPB-39-2007:PHP str_replace() Memory Allocation Integer Overflow Vulnerability

Summary When strreplace is called in a way that a single char is replaced by a long string and the single char occurs very often in the subject this will result in an integer overflow when the size of the memory buffer is calculated. The allocation of a too small buffer will result in a buffer...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/02/23 12:0 a.m.144 views

JBrowser acces to admin/config files

JBrowser acces to admin/config files By : sn0oPy Risk : high Dork : inurl:"JBrowser/index.php" exploit : juste replace the http://www.target.ma/jbrowser/index.php by http://www.target.ma/jbrowser/admin/ contact : [email protected] greetz : subzero, Avg...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/02/22 12:0 a.m.144 views

SaphpLesson v3.0 SQL Injection Exploit

//////////////////2007///////////////////// //SaphpLesson v3.0 SQL Injection Exploit// ////////////////////////////////////////// Found by:SwEET-DeViL&HaCKeR sUn TeaM AL-GaRNi------------------ Application : SaphpLesson------ version : v3.0----------------- URL : No-----------------------...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/03/06 12:0 a.m.144 views

[SA19098] DVguestbook "dv_gbook.php" Cross-Site Scripting Vulnerability

TITLE: DVguestbook "dvgbook.php" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19098 VERIFY ADVISORY: http://secunia.com/advisories/19098/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: DVguestbook 1.x http://secunia.com/product/8572/ DESCRIPTION:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/04/05 12:0 a.m.144 views

Sakki's guestbook V.1.01 script injection vulnerability.

This advisory can be found at www.blacktigerz.org. Description: Easy to manage and configure asp powered guestbook. Works with MS Access database or without it. Vendor: http://www.sakki.net Vulnerability: gb.asp neglects filtering user input allowing for script injection to the guestbook via "nam...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.143 views

APPLE-SA-2015-09-16-3 iTunes 12.3

APPLE-SA-2015-09-16-3 iTunes 12.3 iTunes 12.3 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: Applications that use CoreText may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption...

9.3CVSS0.6AI score0.2447EPSS
Exploits5
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.143 views

[SYSS-2015-041] XSS in OpenText Secure MFT

Advisory ID: SYSS-2015-041 Product: Secure MFT Vendor: OpenText Affected Versions: 2013 R1, 2014 R1, 2014 R2 Tested Versions: 2014 R2 SP4 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Vendor Notification: 2015-08-05 Solution Date: 2015-08-14 Public...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2015/03/16 12:0 a.m.143 views

ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities CVE Identifier: CVE-2015-0235, CVE-2015-0524, CVE-2015-0525 Severity Rating: CVSSv2 Base Score: See below for individual scores for each CVE Affected...

10CVSS1.8AI score0.94859EPSS
Exploits34
securityvulns
securityvulns
added 2014/06/19 12:0 a.m.143 views

[oss-security] CVE request for vulnerability in OpenStack Heat

A vulnerability was discovered in OpenStack see below. In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Heat template URL information leakage Reporter: Jason...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2014/05/02 12:0 a.m.143 views

[security bulletin] HPSBMU03030 rev.1 - HP Service Pack for ProLiant (SPP) Bundled Software running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04271396 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04271396 Version: 1 HPSBMU03030 rev....

5CVSS0.3AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2013/07/29 12:0 a.m.143 views

DoS and XSS vulnerabilities in Googlemaps plugin for Joomla

Hello 3APA3A! Earlier I wrote about multiple vulnerabilities in Googlemaps plugin for Joomla http://securityvulns.ru/docs29645.html. After my informing, the developer fixed these vulnerabilities in versions 2.19 and 3.1 of the plugin - by removing proxy functionality. And in version 3.2 of the...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.143 views

ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities

Title: ====== ASTPP VoIP Billing 4cf207a - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=687 VL-ID: ===== 687 Common Vulnerability Scoring System: ==================================== 4 Introduction: =============...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.143 views

Dropbear SSH server use-after-free vulnerability

Dropbear SSH server use-after-free vulnerability Impact: A remote authenticated user can execute arbitrary code on the target system. Class: Use After Free - CWE-416 CVE ID: CVE-2012-0920 CVSS: 8.5 AV:N/AC:M/AU:S/C:C/I:C/A:C Description: This vulnerability is located within the Dropbear daemon an...

7.1CVSS0.4AI score0.06489EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.143 views

[security bulletin] HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02735590 Version: 1 HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack PSP Running on Linux and Windows, Remote Cross Site Scripting XSS, URL Redirection, Information Disclosure NOTICE: The...

5CVSS0.2AI score0.02188EPSS
Exploits1
securityvulns
securityvulns
added 2011/04/06 12:0 a.m.143 views

XSS Vulnerability in Redmine 1.0.1 to 1.1.1

Information -------------------- Name : XSS vulnerability in Redmine Software : all Redmine versions from 1.0.1 to 1.1.1 Vendor Homepage : http://www.redmine.org Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur mesut at mavitunasecurity dot com Advisory Reference...

Exploits0
securityvulns
securityvulns
added 2010/12/01 12:0 a.m.143 views

Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities CVE IDs in this security advisory: 1 Authentication bypass - CVE-2010-4279 2 OS Command Injection - CVE-2010-4278 3 SQL Injection - CVE-2010-4280 4 Blind SQL Injection -...

10CVSS8.4AI score0.65618EPSS
Exploits26
securityvulns
securityvulns
added 2010/07/17 12:0 a.m.143 views

python security vulnerabilities

Buffer overflow in audioop.lin2lin, memory corruption in audioop.reverse...

5CVSS3.6AI score0.14643EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2010/03/11 12:0 a.m.143 views

Apache mod_isapi Dangling Pointer Vulnerability - Security Advisory - SOS-10-002

Apache modisapi Dangling Pointer Vulnerability - Security Advisory - SOS-10-002 Release Date. 5-Mar-2010 Last Update. - Vendor Notification Date. 9-Feb-2010 Product. Apache HTTP Server Platform. Microsoft Windows Affected versions. 2.2.14 verified and possibly others. Severity Rating. High Impact...

10CVSS0.94248EPSS
Exploits13
securityvulns
securityvulns
added 2009/12/04 12:0 a.m.143 views

[InterN0T] Google Analytics plugin for Wordpress - XSS Vulnerability

Yoast GA Plugin for WP - Cross Site Scripting Vulnerability Version Affected: 3.2.4 newest Info: The Google Analytics for WordPress plugin automatically tracks and segments all outbound links from within posts, comment author links, links within comments, blogroll links and downloads. It also...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2009/04/01 12:0 a.m.143 views

Cisco ASA5520 Web VPN Host Header XSS

Cisco ASA5520 Web VPN Host Header XSS - Description Cross-site scripting. - Product Cisco, ASA5520, IOS 7.2222 - PoC Modified request: POST /+webvpn+/index.html HTTP/1.1 Host: "'scriptalert'BugsNotHugs'/scriptmeta httpequiv="" content='"www.owasp.org Accept: image/gif, image/x-xbitmap,...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/03/19 12:0 a.m.143 views

[ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability

ECHOADV107$2009 ----------------------------------------------------------------------------------------- ECHOADV107$2009 FubarForum = 1.6 Critical File Disclosure Vulnerability ----------------------------------------------------------------------------------------- Author : K-159 Date : March, ...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2007/11/02 12:0 a.m.143 views

ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability

ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-058.html October 16, 2007 -- CVE ID: CVE-2007-5766 -- Affected Vendor: Oracle -- Affected Products: E-Business Suite 11 E-Business Suite 12 -- TippingPointTM IPS Customer Protection:...

7.5CVSS0.7AI score0.01309EPSS
Exploits0
securityvulns
securityvulns
added 2007/10/15 12:0 a.m.143 views

[Full-disclosure] PHP File Sharing System 1.5.1

PHP File Sharing System - Directory traversal +--------------------------------------------+ Author: Jonas Thambert Date: 2007-10-13 URL: http://sourceforge.net/projects/phpfilesadmin/ Vendor Notified. Version: 1.5.1 latest - Description - PHP File Sharing System is vulnerable to directory...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/07/12 12:0 a.m.143 views

iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability

SquirrelMail G/PGP Plugin deleteKey Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital signature...

9.3CVSS0.8AI score0.10263EPSS
Exploits1
securityvulns
securityvulns
added 2006/05/16 12:0 a.m.143 views

Confixx 3.1.2 <= Code Injection

// Confixx 3.1.2 = Code Injection // ----------------------------------------------------------------- Advisory by: LoK-Crew - Exploit: http://www.example.com/ftplogin/?login="XSSdiv style= - Googledork: inurl:confixx inurl:login|anmeldung + Greetz to: Bluegeek + Visit: www.LoK-Crew.de...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/02/01 12:0 a.m.143 views

[Full-disclosure] ZRCSA-200601: SPIP - Multiple Vulnerabilities

Zone-H Research Center Security Advisory 200601 http://www.zone-h.fr Date of release: 31/01/2006 Software: SPIP http://www.spip.net Affected versions: 1.8.2-e , 1.9 Alpha 2 5539 Risk: Medium Discovered by: Kevin Fernandez "Siegfried" and Benot Sklnard "netcraft" from the Zone-H Research Team...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2005/08/04 12:0 a.m.143 views

Metasploit Framework Defanged mode protection bypass

It's possible to overwrite Defanged environment variable with StateToOptions function...

4.3AI score
Exploits0References1
securityvulns
securityvulns
added 2005/02/15 12:0 a.m.143 views

VMWare virtual machine privilege escalation

Dynamic libraries are searched in world writable directory...

3.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/07/17 12:0 a.m.143 views

Buffer overflow in explorer.exe

Buffer overflow on desktop.ini parsing...

5AI score
Exploits0References3
securityvulns
securityvulns
added 2001/03/31 12:0 a.m.143 views

Incorrect MIME Header Can Cause IE to Execute E-mail Attachment

Hi, Microsoft has released a security bulletin http://www.microsoft.com/technet/security/bulletin/ms01-020.asp entitled "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment". EML files are MIME multipart files that IE 5 will parse. There is a vulnerability allowing arbitrary code...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/08/31 12:0 a.m.143 views

[COVERT-2000-10] Windows NetBIOS Unsolicited Cache Corruption

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Network Associates, Inc. COVERT Labs Security Advisory August 29, 2000 Windows NetBIOS Unsolicited Cache Corruption COVERT-2000-10 o Synopsis The Microsoft Windows implementation of the NetBIOS cache allows a remote attacker to insert and flush dynami...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.142 views

Microsoft Windows multiple security vulnerabilities

OpenType fonts parsing code execution, multiple Internet Explorer and Edge vulnerabilities, code execution and information disclosure in system libraries, code execution via RDP and AMB, privilege escalation, information disclosure via WebDAV...

9.3CVSS6AI score0.8669EPSS
Exploits36References1Affected Software1
securityvulns
securityvulns
added 2015/07/27 12:0 a.m.142 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.20829EPSS
Exploits25References17Affected Software11
securityvulns
securityvulns
added 2015/05/10 12:0 a.m.142 views

[SYSS-2015-019] BullGuard Antivirus - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-019 Product: BullGuard Antivirus Vendor: BullGuard Ltd. Affected Versions: 15.0.297 Tested Versions: 15.0.297 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solution...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.142 views

BookFresh - Persistent Clients Invite Vulnerability

Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID VL-ID: ==================================== 1351...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.142 views

SEC Consult SA-20140411-0 :: Multiple vulnerabilities in Plex Media Server

SEC Consult Vulnerability Lab Security Advisory 20140411-0 ======================================================================= title: Multiple vulnerabilities product: Plex Media Server vulnerable version: confirmed in 0.9.9.10 fixed version: none impact: High homepage: http://www.plex.tv...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.142 views

[SECURITY] [DSA 2832-1] memcached security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2832-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq -...

5CVSS2.1AI score0.22317EPSS
Exploits4
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.142 views

ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities

ESA-2013-089.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities EMC Identifier: ESA-2013-089 CVE Identifier: CVE-2013-6810 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C...

10CVSS0.7AI score0.17004EPSS
Exploits9
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.142 views

[SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities

SOJOBO-ADV-13-01 - Zenphoto 1.4.5.2 multiple vulnerabilities I. Information ================== Name : Zenphoto 1.4.5.2 multiple vulnerabilities Software : Zenphoto 1.4.5.2 and possibly below. Vendor Homepage : http://www.zenphoto.org/ Vulnerability Type : SQL Injection, Reflected Cross-Site...

8.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.142 views

CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2

DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...

4.2AI score0.01691EPSS
Exploits1
securityvulns
securityvulns
added 2012/10/25 12:0 a.m.142 views

VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability

VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Java is a programming language and computing platform released by Sun Microsystems now Oracle. ...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.142 views

TCExam Edit Cross-Site Scripting

/---------------------------------- | TCExam Edit Cross-Site Scripting | ----------------------------------/ Summary ======= TCExam 11.3.007 is subject to a cross-site scripting vulnerability. A 'questionsubjectid' parameter is not sufficiently sanitised before being written to the...

2.1CVSS5.6AI score0.00971EPSS
Exploits2
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.142 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.12608EPSS
Exploits12References21Affected Software13
securityvulns
securityvulns
added 2011/08/30 12:0 a.m.142 views

Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability Advisory ID: cisco-sa-20110830-apache Revision 1.0 For Public Release 2011 August 30 1600 UTC GMT Summary ======= The Apache HTTPd server contains a denial of service...

7.8CVSS0.6AI score0.98945EPSS
Exploits17
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.142 views

THE STUDIO (prod.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability THE STUDIO prod.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.thestudio.net/ Persian Gulf 4 Ever! Dork : "Site designed by The Studio, INC." "inurl:prod.php?id="...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.142 views

Kimia Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Kimia AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.kimia.co.za/ Persian Gulf 4 Ever! Dork : "Graphic design & Website design by Kimia" "inurl:id=" Exploite:...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2010/07/07 12:0 a.m.142 views

DDIVRT-2010-29 ALPHA Ethernet Adapter II Web-Manager 3.40.2 Authentication Bypass

Title ----- DDIVRT-2010-29 ALPHA Ethernet Adapter II Web-Manager 3.40.2 Authentication Bypass Severity -------- High Date Discovered --------------- April 30th, 2010 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Edward Bullard, James Robertson and r@b13$...

Exploits0
securityvulns
securityvulns
added 2010/06/25 12:0 a.m.142 views

Mozilla Foundation Security Advisory 2010-26

Mozilla Foundation Security Advisory 2010-26 Title: Crashes with evidence of memory corruption rv:1.9.2.4/ 1.9.1.10 Impact: Critical Announced: June 22, 2010 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 Thunderbird 3.0...

9.3CVSS0.2AI score0.06119EPSS
Exploits1
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.142 views

[ONSEC-09-014] 1C Bitrix WAF multiple XSS

Цель: 1C Bitrix WAF =8.0.5 Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 29.08.2009 Дата оповещения разработчика: 29.08.2009 Дата выхода исправления: 01.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Проактивный фильтр WAF системы управления...

Exploits0
Total number of security vulnerabilities5000