Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2014/05/05 12:0 a.m.141 views

Wordpress all_in_one_carousel Plugin /XSS/CSRF/ Vuln

Exploit : centerbWordpress allinonecarousel Plugin Xss & Csrf Vulnerability /centerbrbr html head titleWordpress allinonecarousel Plugin Xss & Csrf Vulnerability IeDb TeaM/title /headbody form action="http://YourTarget.Com" id="formid" method="post" input name="name"...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.141 views

[USN-2000-1] Nova vulnerabilities

========================================================================== Ubuntu Security Notice USN-2000-1 October 23, 2013 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6CVSS0.6AI score0.02703EPSS
Exploits6
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.141 views

CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2

DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...

4.2AI score0.01691EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.141 views

Vulnerabilities in multiple plugins for WordPress with VideoJS

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2013/03/24 12:0 a.m.141 views

APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001 OS X Mountain Lion v10.8.3 and Security Update 2013-001 is now available and addresses the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lio...

9.3CVSS0.6AI score0.99449EPSS
Exploits39
securityvulns
securityvulns
added 2012/10/25 12:0 a.m.141 views

VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability

VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Java is a programming language and computing platform released by Sun Microsystems now Oracle. ...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2012/06/25 12:0 a.m.141 views

SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure

SEC Consult Vulnerability Lab Security Advisory 20120618-0 ======================================================================= title: WD ShareSpace WEB GUI Sensitive Data Disclosure product: WD ShareSpace network storage system vulnerable version: WD ShareSpace = v2.3.02 D and E series fixed...

7AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.141 views

[CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x Apache Wicket 1.3.x and 1.5.x are not affected Description: A Cross Site Scripting XSS attack is possible by manipulating the value of 'wicket:pageMapName' request parameter. Mitigation: Upgrade to...

2AI score0.03002EPSS
Exploits1
securityvulns
securityvulns
added 2010/08/05 12:0 a.m.141 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Advisory ID: cisco-sa-20100804-fwsm Revision 1.0 For Public Release 2010 August 04 1600 UTC GMT +---------------------------------------------------------------------...

7.8CVSS0.8AI score0.0122EPSS
Exploits0
securityvulns
securityvulns
added 2010/01/17 12:0 a.m.141 views

[CORELAN-10-004] TurboFTP Server 1.00.712 remote DoS

|------------------------------------------------------------------| | | | / / / / | | / / / / / / / / / / / | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2008/07/04 12:0 a.m.141 views

[DSECRG-08-027] Multiple RFI-LFI in 1024 CMS 1.4.3, 1.4.4 RFC

Digital Security Research Group DSecRG Advisory DSECRG-08-027 Application: 1024 CMS Versions Affected: 1.4.3, 1.4.4 RFC Vendor URL: http://www.1024cms.com/ Bug: Multiple Remote/Local File Include Exploits: YES Reported: 18.06.2008 Second report: 27.06.2008 Vendor Response: NONE Solution: NONE Dat...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/03/10 12:0 a.m.141 views

PHP-Nuke SQL injection Module "Hadith" [cat]

R B T - 4 C R E W www.rbt-4.net ----------------------------------------------- AUTHOR : Lovebug PHP-Nuke Module "Hadith" cat Sql injection Original Advisory: http://www.rbt-4.net/forum/viewthread.php?forumid=51&threadid=3078 Exploit...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/02/10 12:0 a.m.141 views

iDefense Security Advisory 02.08.08: Adobe Reader Security Provider Unsafe Libary Path Vulnerability

iDefense Security Advisory 02.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2008 I. BACKGROUND Adobe Reader is a program for viewing Portable Document Format PDF documents. More information is available at the following URLs. http://www.adobe.com/products/reader/ II...

6.2CVSS0.3AI score0.01368EPSS
Exploits1
securityvulns
securityvulns
added 2007/09/21 12:0 a.m.141 views

PhpBB Xs 2 profile.php Permanent Xss Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PhpBB Xs 2 profile.php Permanent Xss Vulnerability +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Found By Seph1roth +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ POST METHOD Corrupted page:...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2007/04/18 12:0 a.m.141 views

Oracle Critical Patch Update - April 2007

Oracle Critical Patch Update - April 2007 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Due to the threat posed by a successful...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/03/04 12:0 a.m.141 views

Multiple PHP bugs

Buffer overflows, integer overflows, DoS conditions, crossite scripting...

4.3CVSS2.8AI score0.48895EPSS
Exploits2References12Affected Software1
securityvulns
securityvulns
added 2006/08/18 12:0 a.m.141 views

PHP 4.4.4 and PHP 5.1.5 Released

PHP 4.4.4 and PHP 5.1.5 Released 17-Aug-2006 The PHP development team would like to announce the immediate availability of PHP 5.1.5 and 4.4.4. These two releases address a series of security problems that were discovered since the release of PHP 5.1.4 and 4.4.3. The new releases include the...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2006/07/26 12:0 a.m.141 views

[Full-disclosure] TP-Book <= 1.00 Cross Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: TP-Book = 1.00 Cross Site Scripting Vulnerabilities Release Date: 2006/07/25 Last Modified: 2006/07/25 Author: Tamriel tamriel at gmx dot net Application: TP-Book = 1.00 Risk: Low Vendor Status: not contacted Vendor Site:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/05/16 12:0 a.m.141 views

Confixx 3.1.2 <= Code Injection

// Confixx 3.1.2 = Code Injection // ----------------------------------------------------------------- Advisory by: LoK-Crew - Exploit: http://www.example.com/ftplogin/?login="XSSdiv style= - Googledork: inurl:confixx inurl:login|anmeldung + Greetz to: Bluegeek + Visit: www.LoK-Crew.de...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2005/09/29 12:0 a.m.141 views

PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure

PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure site: http://www.php-fusion.co.uk - if magicquotes off - SQL Injection, poc: http://target/pathtoPhpFusion/messages.php?msgsend=' UNION SELECT userpassword FROM fusionusers WHERE username='adminusername'/ now hash is showed i...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2005/04/06 12:0 a.m.141 views

[NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure

Hello All, I have discovered a number of remote vulnerabilities in: CubeCart 2.0.6. Authors Site: http://www.cubecart.com CubeCart is described by its authors as: 'What is CubeCart? CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful online store as lo...

Exploits0
securityvulns
securityvulns
added 2005/04/05 12:0 a.m.141 views

SonicWALL SOHO/10 - XSS vulnerability

SonicWALL SOHO/10 - XSS and Code Injection vulnerability ======================================================== Product: ======== SonicWall SOHO/10 is the 2nd generation Internet Security Appliance from Sonicwall, with firewall-, vpn-, contentfiltering- and other capabilities. Vulnerability:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/02/15 12:0 a.m.141 views

VMWare virtual machine privilege escalation

Dynamic libraries are searched in world writable directory...

3.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/07/17 12:0 a.m.141 views

Buffer overflow in explorer.exe

Buffer overflow on desktop.ini parsing...

5AI score
Exploits0References3
securityvulns
securityvulns
added 2002/03/05 12:0 a.m.141 views

ReBB javascripts vulnerability

Hi! Another php - board named ReBB http://www.rebb.net has a img vulnerability. Exploit: Use this string my favorite : - imgjavascript:alert'test'/img Possible decision: All urls in img tag should start with http:// SliderGod...

Exploits0
securityvulns
securityvulns
added 2000/12/07 12:0 a.m.141 views

IBM DB2 default account and password Vulnerability

1.Description The DB2 Universal Database builds upon the stability and performance of DB2 on the mainframe and provides the features required in a distributed database product. DB2 Universal Database UDB is IBM's relational database server solution for the UNIX, OS/2 and Windows NT/2000 operating...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2015/11/01 12:0 a.m.140 views

cURL security vulnerabilitiies

Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS...

9CVSS2.6AI score0.3763EPSS
Exploits1References3Affected Software2
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.140 views

[USN-2769-1] Apache Commons HttpClient

========================================================================== Ubuntu Security Notice USN-2769-1 October 14, 2015 commons-httpclient vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

5.8CVSS0.7AI score0.19312EPSS
Exploits1
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.140 views

[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

8.3AI score0.24148EPSS
Exploits5
securityvulns
securityvulns
added 2014/05/10 12:0 a.m.140 views

Cross-Site Scripting (XSS) in Offiria

Advisory ID: HTB23210 Product: Offiria Vendor: Slashes Dots Sdn Bhd. Vulnerable Versions: 2.1.0 and probably prior Tested Version: 2.1.0 Advisory Publication: April 2, 2014 without technical details Vendor Notification: April 2, 2014 Public Disclosure: May 7, 2014 Vulnerability Type: Cross-Site...

4.3CVSS0.7AI score0.01193EPSS
Exploits3
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.140 views

ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities

ESA-2013-089.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities EMC Identifier: ESA-2013-089 CVE Identifier: CVE-2013-6810 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C...

10CVSS0.7AI score0.17004EPSS
Exploits9
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.140 views

Samsung DVR authentication bypass

Title: Samsung DVR authentication bypass Version affected: firmware version = 1.10 Vendor: Samsung - www.samsung-security.com Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Samsung provides a wide range of DVR...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.140 views

[MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7

We don't release 0days... except when vendors show no interest in fixing their their bugs. http://umbraco.com/umbraco/dashboard/FeedProxy.aspx?url=http://en.wikipedia.org/wiki/Openproxy Have fun. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory...

7.5CVSS0.2AI score0.03481EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/06 12:0 a.m.140 views

XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3

Information -------------------- Name : XSS and SQL Injection Vulnerabilities on Symphony CMS Software : Symphony CMS 2.2.3 and possibly below Vendor Homepage : http://symphony-cms.com Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Mesut Timur mesut a...

Exploits0
securityvulns
securityvulns
added 2011/10/12 12:0 a.m.140 views

[ MDVSA-2011:144 ] apache

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:144 http://www.mandriva.com/security/ Package : apache Date : September 8, 2011 Affected: 2009.0, 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected i...

5CVSS8.8AI score0.90734EPSS
Exploits12
securityvulns
securityvulns
added 2011/09/20 12:0 a.m.140 views

[Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ?Onapsis Security Advisory 2011-014: SAP WebAS Remote Denial of Service 1. Impact on Business ========================= By exploiting this vulnerability, an unauthenticated attacker would be able to remotely disrupt the SAP Application Server. This...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/02/03 12:0 a.m.140 views

Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints Advisory ID: cisco-sa-20110202-tandberg Revision 1.0 For Public Release 2011 February 2 1600 UTC GMT...

10CVSS0.6AI score0.13988EPSS
Exploits4
securityvulns
securityvulns
added 2010/06/09 12:0 a.m.140 views

Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)

Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege 2028554 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed and two privately reported...

6.8CVSS0.2AI score0.28707EPSS
Exploits2
securityvulns
securityvulns
added 2010/04/14 12:0 a.m.140 views

CVE-2009-4511: TANDBERG VCS Arbitrary File Retrieval

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Arbitrary File Retrieval Release Date:...

4CVSS0.3AI score0.05479EPSS
Exploits1
securityvulns
securityvulns
added 2009/06/05 12:0 a.m.140 views

[SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0033: Apache Tomcat denial of service vulnerability Severity: important Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 The unsupported Tomcat 3.x, 4.0.x and 5.0.x...

5CVSS0.10053EPSS
Exploits1
securityvulns
securityvulns
added 2008/12/29 12:0 a.m.140 views

ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities

=============================================================== !vuln ViArt Shopping Cart v3.5 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. ===============================================================...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2008/01/02 12:0 a.m.140 views

[HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise

HSC Multiple CSRF in Joomla all versions - Complete compromise Hackers Center Security Group http://www.hackerscenter.com Credit: Armando Romeo aka Zinho Class: CSRF Remote: Yes Risk: HIGH Product: Joomla Version: All 1.0.13 and 1.5 rc3 tested Vendor: http://www.joomla.com Patch: Joomla 1.5 RC4...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/12/24 12:0 a.m.141 views

America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution

Sorry for the brief post but Im still able to bypass filters that aol has put in place. So again with frustration I come to FD to imply pressure on a company to patch correct. From reading feedback from AOL they feel the vulnerability is put to bed and requires no more attention. I am not posting...

Exploits0
securityvulns
securityvulns
added 2007/11/27 12:0 a.m.140 views

Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/11/21 12:0 a.m.140 views

Several persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS)

http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs The following vulns were found on 24 June 2007 and were tested against firmware V1.00.06. The specific persistent XSS holes mentioned in this advisory were fixed by Cisco on firmware versio...

4.3CVSS0.5AI score0.0194EPSS
Exploits2
securityvulns
securityvulns
added 2007/11/20 12:0 a.m.140 views

Wordpress Cookie Authentication Vulnerability

Wordpress Cookie Authentication Vulnerability Original release date: 2007-11-19 Last revised: 2007-11-19 Latest version: http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-auth.txt CVE ID: pending Source: Steven J. Murdoch http://www.cl.cam.ac.uk/users/sjm217/ Systems Affected:...

8.7AI score
Exploits0
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.140 views

Mozilla Foundation Security Advisory 2007-22

Mozilla Foundation Security Advisory 2007-22 Title: File type confusion due to 00 in name Impact: Low Announced: July 17, 2007 Reporter: Ronald van den Heetkamp Products: Firefox Fixed in: Firefox 2.0.0.5 Description Ronald van den Heetkamp reported that a filename URL containing 00 encoded null...

6.8CVSS0.01751EPSS
Exploits3
securityvulns
securityvulns
added 2007/07/12 12:0 a.m.140 views

iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability

SquirrelMail G/PGP Plugin deleteKey Command Injection Vulnerability iDefense Security Advisory 07.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 11, 2007 I. BACKGROUND The SquirrelMail G/PGP Encrpytion Plugin is a general purpose encryption, decryption, and digital signature...

9.3CVSS0.8AI score0.10263EPSS
Exploits1
securityvulns
securityvulns
added 2006/11/30 12:0 a.m.140 views

PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability

Title : PHP Event Calendar 1.5.1 index.php Remote File Include Vulnerability Discovered By :::: ThE-LoRd-Of-CrAcKiNg MeHdi ------------------------------------------------------------------------ Sorce Code: http://www.scriptdungeon.com/jump.php?ScriptID=633 Affected software description : Title:...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/11/23 12:0 a.m.140 views

уязвимости скриптов с www.wr-script.ru (wr-board 1.4Lite)

1 DoS. Не проверяется значение параметра page в index.php http://wr-script.host/board/index.php?event=list&id=112420973596&page=-10000000000000000 2 Открытая почтовая форма. Адрес по которому будет отправлено сообщение с доски передается в поле uemail hidden. Пример использования:...

0.1AI score
Exploits0
Total number of security vulnerabilities5000