Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2013/07/15 12:0 a.m.143 views

CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2

DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...

4.2AI score0.01691EPSS
Exploits1
securityvulns
securityvulns
added 2012/10/28 12:0 a.m.143 views

Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities

Approx. 90 of diffent vulnerabilities in different applications...

10CVSS2.6AI score0.98945EPSS
Exploits56References2Affected Software12
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.143 views

Dropbear SSH server use-after-free vulnerability

Dropbear SSH server use-after-free vulnerability Impact: A remote authenticated user can execute arbitrary code on the target system. Class: Use After Free - CWE-416 CVE ID: CVE-2012-0920 CVSS: 8.5 AV:N/AC:M/AU:S/C:C/I:C/A:C Description: This vulnerability is located within the Dropbear daemon an...

7.1CVSS0.4AI score0.06489EPSS
Exploits0
securityvulns
securityvulns
added 2010/12/01 12:0 a.m.143 views

Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities CVE IDs in this security advisory: 1 Authentication bypass - CVE-2010-4279 2 OS Command Injection - CVE-2010-4278 3 SQL Injection - CVE-2010-4280 4 Blind SQL Injection -...

10CVSS8.4AI score0.65618EPSS
Exploits26
securityvulns
securityvulns
added 2010/03/11 12:0 a.m.143 views

Apache mod_isapi Dangling Pointer Vulnerability - Security Advisory - SOS-10-002

Apache modisapi Dangling Pointer Vulnerability - Security Advisory - SOS-10-002 Release Date. 5-Mar-2010 Last Update. - Vendor Notification Date. 9-Feb-2010 Product. Apache HTTP Server Platform. Microsoft Windows Affected versions. 2.2.14 verified and possibly others. Severity Rating. High Impact...

10CVSS0.94248EPSS
Exploits13
securityvulns
securityvulns
added 2009/12/04 12:0 a.m.143 views

[InterN0T] Google Analytics plugin for Wordpress - XSS Vulnerability

Yoast GA Plugin for WP - Cross Site Scripting Vulnerability Version Affected: 3.2.4 newest Info: The Google Analytics for WordPress plugin automatically tracks and segments all outbound links from within posts, comment author links, links within comments, blogroll links and downloads. It also...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2008/11/21 12:0 a.m.143 views

Social Engine 2.7 CRLF Injection + SQL injection

HACKATTACK Advisory 2008-11-20Social Engine 2.7 CRLF Injection + SQL injection Details Product: Social Engine Security-Risk: moderate Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David Vieira-Kurz of...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2008/07/04 12:0 a.m.143 views

[DSECRG-08-027] Multiple RFI-LFI in 1024 CMS 1.4.3, 1.4.4 RFC

Digital Security Research Group DSecRG Advisory DSECRG-08-027 Application: 1024 CMS Versions Affected: 1.4.3, 1.4.4 RFC Vendor URL: http://www.1024cms.com/ Bug: Multiple Remote/Local File Include Exploits: YES Reported: 18.06.2008 Second report: 27.06.2008 Vendor Response: NONE Solution: NONE Dat...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/03/10 12:0 a.m.143 views

PHP-Nuke SQL injection Module "Hadith" [cat]

R B T - 4 C R E W www.rbt-4.net ----------------------------------------------- AUTHOR : Lovebug PHP-Nuke Module "Hadith" cat Sql injection Original Advisory: http://www.rbt-4.net/forum/viewthread.php?forumid=51&threadid=3078 Exploit...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/10/15 12:0 a.m.143 views

[Full-disclosure] PHP File Sharing System 1.5.1

PHP File Sharing System - Directory traversal +--------------------------------------------+ Author: Jonas Thambert Date: 2007-10-13 URL: http://sourceforge.net/projects/phpfilesadmin/ Vendor Notified. Version: 1.5.1 latest - Description - PHP File Sharing System is vulnerable to directory...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/07/12 12:0 a.m.143 views

iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability

SquirrelMail G/PGP Plugin deleteKey Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital signature...

9.3CVSS0.8AI score0.10263EPSS
Exploits1
securityvulns
securityvulns
added 2006/05/16 12:0 a.m.143 views

Confixx 3.1.2 <= Code Injection

// Confixx 3.1.2 = Code Injection // ----------------------------------------------------------------- Advisory by: LoK-Crew - Exploit: http://www.example.com/ftplogin/?login="XSSdiv style= - Googledork: inurl:confixx inurl:login|anmeldung + Greetz to: Bluegeek + Visit: www.LoK-Crew.de...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/02/04 12:0 a.m.143 views

[eVuln] MyQuiz Arbitrary Command Execution Vulnerability

New eVuln Advisory: MyQuiz Arbitrary Command Execution Vulnerability http://evuln.com/vulns/57/summary.html --------------------Summary---------------- Software: MyQuiz Sowtware's Web Site: http://www.corantodemo.net/ Versions: 1.01 Critical Level: Dangerous Type: Command Execution Class: Remote...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2004/12/16 12:0 a.m.143 views

DJB's students release 44 *nix software vulnerability advisories

Widely deployed open source software is commonly believed to contain fewer security vulnerabilities than similar closed source software due to the possibility of unrestricted third party source code auditing. Predictably, most users of open source software do not invest a significant amount of ti...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2003/07/17 12:0 a.m.143 views

Buffer overflow in explorer.exe

Buffer overflow on desktop.ini parsing...

5AI score
Exploits0References3
securityvulns
securityvulns
added 2001/03/31 12:0 a.m.143 views

Incorrect MIME Header Can Cause IE to Execute E-mail Attachment

Hi, Microsoft has released a security bulletin http://www.microsoft.com/technet/security/bulletin/ms01-020.asp entitled "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment". EML files are MIME multipart files that IE 5 will parse. There is a vulnerability allowing arbitrary code...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.142 views

[USN-2769-1] Apache Commons HttpClient

========================================================================== Ubuntu Security Notice USN-2769-1 October 14, 2015 commons-httpclient vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

5.8CVSS0.7AI score0.19312EPSS
Exploits1
securityvulns
securityvulns
added 2015/05/10 12:0 a.m.142 views

[SYSS-2015-019] BullGuard Antivirus - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-019 Product: BullGuard Antivirus Vendor: BullGuard Ltd. Affected Versions: 15.0.297 Tested Versions: 15.0.297 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solution...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.142 views

[USN-2591-1] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-2591-1 April 30, 2015 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

9CVSS1.2AI score0.3763EPSS
Exploits0
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.142 views

BookFresh - Persistent Clients Invite Vulnerability

Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID VL-ID: ==================================== 1351...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2014/09/15 12:0 a.m.142 views

[SECURITY] [DSA 3022-1] curl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3022-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez September 10, 2014 http://www.debian.org/security/faq -...

5CVSS1.8AI score0.07432EPSS
Exploits0
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.142 views

Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699)

Document Title: =============== Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities BNSEC-699 References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=750 BARRACUDA NETWORK SECURITY ID: BNSEC-699 Release Date: ============= 2014-08-22...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.142 views

ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities

ESA-2013-089.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities EMC Identifier: ESA-2013-089 CVE Identifier: CVE-2013-6810 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C...

10CVSS0.7AI score0.17004EPSS
Exploits9
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.142 views

[SECURITY] [DSA 2832-1] memcached security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2832-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq -...

5CVSS2.1AI score0.22317EPSS
Exploits4
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.142 views

[USN-2000-1] Nova vulnerabilities

========================================================================== Ubuntu Security Notice USN-2000-1 October 23, 2013 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6CVSS0.6AI score0.02703EPSS
Exploits6
securityvulns
securityvulns
added 2013/03/24 12:0 a.m.142 views

APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001 OS X Mountain Lion v10.8.3 and Security Update 2013-001 is now available and addresses the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lio...

9.3CVSS0.6AI score0.99449EPSS
Exploits39
securityvulns
securityvulns
added 2012/10/25 12:0 a.m.142 views

VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability

VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Java is a programming language and computing platform released by Sun Microsystems now Oracle. ...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.142 views

TCExam Edit Cross-Site Scripting

/---------------------------------- | TCExam Edit Cross-Site Scripting | ----------------------------------/ Summary ======= TCExam 11.3.007 is subject to a cross-site scripting vulnerability. A 'questionsubjectid' parameter is not sufficiently sanitised before being written to the...

2.1CVSS5.6AI score0.00971EPSS
Exploits2
securityvulns
securityvulns
added 2012/06/25 12:0 a.m.142 views

SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure

SEC Consult Vulnerability Lab Security Advisory 20120618-0 ======================================================================= title: WD ShareSpace WEB GUI Sensitive Data Disclosure product: WD ShareSpace network storage system vulnerable version: WD ShareSpace = v2.3.02 D and E series fixed...

7AI score
Exploits0
securityvulns
securityvulns
added 2011/10/12 12:0 a.m.142 views

[ MDVSA-2011:144 ] apache

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:144 http://www.mandriva.com/security/ Package : apache Date : September 8, 2011 Affected: 2009.0, 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected i...

5CVSS8.8AI score0.90734EPSS
Exploits12
securityvulns
securityvulns
added 2011/09/20 12:0 a.m.142 views

[Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ?Onapsis Security Advisory 2011-014: SAP WebAS Remote Denial of Service 1. Impact on Business ========================= By exploiting this vulnerability, an unauthenticated attacker would be able to remotely disrupt the SAP Application Server. This...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/09/20 12:0 a.m.142 views

Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit

?php / Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration Web Service getSubKeys Remote SQL Injection Exploit tested against: Microsoft Windows Server 2003 r2 sp2 Microsoft SQL Server 2005 Express download uri:...

8.8AI score
Exploits0
securityvulns
securityvulns
added 2011/08/30 12:0 a.m.142 views

Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability Advisory ID: cisco-sa-20110830-apache Revision 1.0 For Public Release 2011 August 30 1600 UTC GMT Summary ======= The Apache HTTPd server contains a denial of service...

7.8CVSS0.6AI score0.98945EPSS
Exploits17
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.142 views

THE STUDIO (prod.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability THE STUDIO prod.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.thestudio.net/ Persian Gulf 4 Ever! Dork : "Site designed by The Studio, INC." "inurl:prod.php?id="...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.142 views

Kimia Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Kimia AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.kimia.co.za/ Persian Gulf 4 Ever! Dork : "Graphic design & Website design by Kimia" "inurl:id=" Exploite:...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2010/07/07 12:0 a.m.142 views

DDIVRT-2010-29 ALPHA Ethernet Adapter II Web-Manager 3.40.2 Authentication Bypass

Title ----- DDIVRT-2010-29 ALPHA Ethernet Adapter II Web-Manager 3.40.2 Authentication Bypass Severity -------- High Date Discovered --------------- April 30th, 2010 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Edward Bullard, James Robertson and r@b13$...

Exploits0
securityvulns
securityvulns
added 2010/06/25 12:0 a.m.142 views

Mozilla Foundation Security Advisory 2010-26

Mozilla Foundation Security Advisory 2010-26 Title: Crashes with evidence of memory corruption rv:1.9.2.4/ 1.9.1.10 Impact: Critical Announced: June 22, 2010 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 Thunderbird 3.0...

9.3CVSS0.2AI score0.06119EPSS
Exploits1
securityvulns
securityvulns
added 2009/11/18 12:0 a.m.142 views

Multiple TCP implementations different security vulnerabilities

Multiple security vulnerabilities in different operation sustems caused by resource exhaustions on maintaining TCP states table...

10CVSS1.8AI score0.35042EPSS
Exploits3References4Affected Software5
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.142 views

[ONSEC-09-014] 1C Bitrix WAF multiple XSS

Цель: 1C Bitrix WAF =8.0.5 Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 29.08.2009 Дата оповещения разработчика: 29.08.2009 Дата выхода исправления: 01.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Проактивный фильтр WAF системы управления...

Exploits0
securityvulns
securityvulns
added 2008/09/24 12:0 a.m.142 views

Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098

Cross Site Scripting XSS Vulnerabilitiy in fuzzylime cms =3.02, CVE-2008-3098 References https://vulners.com/cve/CVE-2008-3098 http://cms.fuzzylime.co.uk http://www.datensalat.eu/fabian/cve/CVE-2008-3098-fuzzylime-cms.html Description Fuzzylime cms is a way to run websites and keep it up-to-date...

4.3CVSS5.8AI score0.01973EPSS
Exploits2
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.142 views

RFI Weatimages Hack

RFI Weatimages Hack Script name : Weatimages Script Download Adress:http://www.hotscripts.com/jump.php?listingid=52592&jumptype=1 Demo site:http://www.nazarkin.name/projects/weatimages/demo/index.php?inilangpack=shelladress Google Dork : inurl: index.php?inilangpack= Author:Co-Sarper-Der...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/03/04 12:0 a.m.142 views

Multiple PHP bugs

Buffer overflows, integer overflows, DoS conditions, crossite scripting...

4.3CVSS2.8AI score0.48895EPSS
Exploits2References12Affected Software1
securityvulns
securityvulns
added 2006/08/18 12:0 a.m.142 views

PHP 4.4.4 and PHP 5.1.5 Released

PHP 4.4.4 and PHP 5.1.5 Released 17-Aug-2006 The PHP development team would like to announce the immediate availability of PHP 5.1.5 and 4.4.4. These two releases address a series of security problems that were discovered since the release of PHP 5.1.4 and 4.4.3. The new releases include the...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2006/07/26 12:0 a.m.142 views

[Full-disclosure] TP-Book <= 1.00 Cross Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: TP-Book = 1.00 Cross Site Scripting Vulnerabilities Release Date: 2006/07/25 Last Modified: 2006/07/25 Author: Tamriel tamriel at gmx dot net Application: TP-Book = 1.00 Risk: Low Vendor Status: not contacted Vendor Site:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/09/29 12:0 a.m.142 views

PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure

PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure site: http://www.php-fusion.co.uk - if magicquotes off - SQL Injection, poc: http://target/pathtoPhpFusion/messages.php?msgsend=' UNION SELECT userpassword FROM fusionusers WHERE username='adminusername'/ now hash is showed i...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2005/04/06 12:0 a.m.142 views

[NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure

Hello All, I have discovered a number of remote vulnerabilities in: CubeCart 2.0.6. Authors Site: http://www.cubecart.com CubeCart is described by its authors as: 'What is CubeCart? CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful online store as lo...

Exploits0
securityvulns
securityvulns
added 2004/01/17 12:0 a.m.142 views

phpShop Vulnerabilities

Vendor : phpShop Project URL : http://www.phpshop.org Version : phpShop 0.6.1-b && Earlier Versions?? Risk : Multiple Vulnerabilities Description: phpShop is a PHP-based e-commerce application and PHP development framework. phpShop offers the basic features needed to run a successful e-commerce w...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.141 views

CollabNet Subversion Edge missing single login restriction

Vuln Title: The CollabNet Subversion Edge management missing single login restriction Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: No single login restriction Risk: Low Status:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.141 views

Wordpress all_in_one_carousel Plugin /XSS/CSRF/ Vuln

Exploit : centerbWordpress allinonecarousel Plugin Xss & Csrf Vulnerability /centerbrbr html head titleWordpress allinonecarousel Plugin Xss & Csrf Vulnerability IeDb TeaM/title /headbody form action="http://YourTarget.Com" id="formid" method="post" input name="name"...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.141 views

Samsung DVR authentication bypass

Title: Samsung DVR authentication bypass Version affected: firmware version = 1.10 Vendor: Samsung - www.samsung-security.com Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Samsung provides a wide range of DVR...

0.4AI score
Exploits0
Total number of security vulnerabilities5000