Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2009/05/04 12:0 a.m.139 views

“Cross-Site Scripting” vulnerability in MyBB 1.4.5

Advisory : “Cross-Site Scripting” vulnerability in MyBB Application: MyBB Vulnerable Versions: = 1.4.5 Reported By: Jacques Copeau Description MyBB is a forum package full of useful and to-the-point features, helping you to make administrating your bulletin board as easy as possible. We highlight...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2008/08/25 12:0 a.m.139 views

vim multiple security vulnerabilities

Code execution on file open...

9.3CVSS2.5AI score0.15044EPSS
Exploits0References8Affected Software1
securityvulns
securityvulns
added 2008/01/02 12:0 a.m.139 views

[HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise

HSC Multiple CSRF in Joomla all versions - Complete compromise Hackers Center Security Group http://www.hackerscenter.com Credit: Armando Romeo aka Zinho Class: CSRF Remote: Yes Risk: HIGH Product: Joomla Version: All 1.0.13 and 1.5 rc3 tested Vendor: http://www.joomla.com Patch: Joomla 1.5 RC4...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.139 views

Mozilla Foundation Security Advisory 2007-22

Mozilla Foundation Security Advisory 2007-22 Title: File type confusion due to 00 in name Impact: Low Announced: July 17, 2007 Reporter: Ronald van den Heetkamp Products: Firefox Fixed in: Firefox 2.0.0.5 Description Ronald van den Heetkamp reported that a filename URL containing 00 encoded null...

6.8CVSS0.01751EPSS
Exploits3
securityvulns
securityvulns
added 2007/02/15 12:0 a.m.139 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.10143EPSS
Exploits9References7Affected Software13
securityvulns
securityvulns
added 2007/01/30 12:0 a.m.139 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.5AI score0.69951EPSS
Exploits12References12Affected Software18
securityvulns
securityvulns
added 2006/05/03 12:0 a.m.139 views

[SA19913] phpkb Knowledge Base "searchkeyword" Cross-Site Scripting

TITLE: phpkb Knowledge Base "searchkeyword" Cross-Site Scripting SECUNIA ADVISORY ID: SA19913 VERIFY ADVISORY: http://secunia.com/advisories/19913/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: phpkb Knowledge Base 1.x http://secunia.com/product/9697/...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2005/04/05 12:0 a.m.139 views

SonicWALL SOHO/10 - XSS vulnerability

SonicWALL SOHO/10 - XSS and Code Injection vulnerability ======================================================== Product: ======== SonicWall SOHO/10 is the 2nd generation Internet Security Appliance from Sonicwall, with firewall-, vpn-, contentfiltering- and other capabilities. Vulnerability:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2001/10/10 12:0 a.m.139 views

Cisco CDP attacks

Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815++ Authors FX [email protected] FtR [email protected] kim0 [email protected] smoovB not disclosed Phenoelit Group http://www.phenoelit.de Affected Products Cisco IOS - several versions Known vulnerable combinations: Cisco 1005 IOS 11.1. Cisco 16...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2001/05/29 12:0 a.m.139 views

[synnergy] - Solaris mailtool(1) buffer overflow vulnerability

Vulnerability in Solaris mailtool1 Date Published: May 29, 2001 Advisory ID: N/A Bugtraq ID: N/A Sun Bug ID: 4458476 CVE CAN: Non currently assigned. Title: Solaris mailtool1 Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes Vulnerable...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.138 views

[USN-2769-1] Apache Commons HttpClient

========================================================================== Ubuntu Security Notice USN-2769-1 October 14, 2015 commons-httpclient vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

5.8CVSS0.7AI score0.19312EPSS
Exploits1
securityvulns
securityvulns
added 2015/04/16 12:0 a.m.138 views

Microsoft Windows multiple security vulnerabilities

Multiple Internet Explorer vulnerabilities, VBScript engine, graphics, HTTP.sys vulnerabilities, privilege escalation, code execution, restrictions bypass, information disclosure, DoS...

10CVSS2.6AI score0.99999EPSS
Exploits44References1Affected Software1
securityvulns
securityvulns
added 2015/02/23 12:0 a.m.138 views

[SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0227 Request Smuggling Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.41 Description: It was possible to craf...

6.4CVSS6.3AI score0.21045EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/30 12:0 a.m.138 views

[security bulletin] HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04307186 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04307186 Version: 1 HPSBMU03044 rev....

5CVSS0.7AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.138 views

[CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13

================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2014-2531 Solution Status: Fixed in Version...

6.5CVSS7.5AI score0.01123EPSS
Exploits6
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.138 views

Multiple Vulnerabilities in KrisonAV CMS

Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...

6.8CVSS6.6AI score0.01826EPSS
Exploits6
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.138 views

Multiple Vulnerabilities in TP-Link TL-WA701N / TL-WA701ND

Device Name: TL-WA701N / TL-WA701ND Vendor: TP-Link ============ Vulnerable Firmware Releases: ============ Firmware Version: 3.12.6 Build 110210 Rel.37112n Firmware Version: 3.12.16 Build 120228 Rel.37317n - Published Date 2/28/2012 Hardware Version: WA701N v1 00000000 Model No.: TL-WA701N /...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2012/12/12 12:0 a.m.138 views

Multiple critical vulnerabilities in Maxthon and Avant browsers

Hi, Below you can find a short summary of discovered vulnerabilities in Maxthon and Avant browsers. Such vulnerabilities were demonstrated during HITBAMS2012 security conference and more recently at HackPra. Affected Products - Maxthon www.maxthon.com - Avant Browser www.avantbrowser.com Security...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/08/20 12:0 a.m.138 views

ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-142 August 17, 2012 - -- CVE ID: CVE-2012-1713 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected...

10CVSS0.5AI score0.05983EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.138 views

Liferay 6.1 can be compromised in its default configuration

Liferay 6.1 can be compromised in its default configuration Description: Liferay Portal is an enterprise portal written in Java By utilizing the json webservices exposed by the platform you can register a new user with any role in the system, including the built in administrator role. The problem...

Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.138 views

Iciniti Store SQL Injection - Security Advisory - SOS-12-003

Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impact. Manipulation of data Attack...

Exploits0
securityvulns
securityvulns
added 2011/12/04 12:0 a.m.138 views

Ariadne 2.7.6 Multiple XSS vulnerabilities

Advisory: Ariadne 2.7.6 Multiple XSS vulnerabilities Advisory ID: SSCHADV2011-038 Author: Stefan Schurtz Affected Software: Successfully tested on Ariadne 2.7.6 Vendor URL: http://www.ariadne-cms.org/ Vendor Status: informed ========================== Vulnerability Description...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.138 views

Apple iPhone multiple security vulnerabilities

Multiple vulnerabilities in different system components and applications...

10CVSS2.4AI score0.73327EPSS
Exploits46References5Affected Software3
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.138 views

Agent Image (news_details.php?news_ID) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Agent Image newsdetails.php?newsID AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.agentimage.com/ Persian Gulf 4 Ever! Dork : "Design by Agent Image"...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2010/11/24 12:0 a.m.138 views

[ MDVSA-2010:239 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:239 http://www.mandriva.com/security/ Package : php Date : November 19, 2010 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A possible double free flaw was found ...

5CVSS6.8AI score0.06008EPSS
Exploits0
securityvulns
securityvulns
added 2010/11/04 12:0 a.m.138 views

CVE-2010-3863: Apache Shiro information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2010-3863: Apache Shiro information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shiro 1.0.0-incubating The unsupported JSecurity 0.9.x versions are also affected Description:...

5CVSS5.8AI score0.54799EPSS
Exploits2
securityvulns
securityvulns
added 2010/06/09 12:0 a.m.138 views

Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)

Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege 2028554 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed and two privately reported...

6.8CVSS0.2AI score0.28707EPSS
Exploits2
securityvulns
securityvulns
added 2010/04/22 12:0 a.m.138 views

CSRF in e107

Vulnerability ID: HTB22344 Reference: http://www.htbridge.ch/advisory/xsrfcsrfine107.html Product: e107 Website System Vendor: e107 Vulnerable Version: 0.7.19 and Probably Prior Versions Vendor Notification: 05 April 2010 Vulnerability Type: CSRF Cross-Site Request Forgery Status: Not Fixed, Vend...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2009/06/05 12:0 a.m.138 views

[SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0580: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.27 Tomcat 6.0.0 to 6.0.18 The unsupported Tomcat 3.x, 4.0.x and 5.0.x version...

4.3CVSS4.9AI score0.9444EPSS
Exploits4
securityvulns
securityvulns
added 2008/12/29 12:0 a.m.138 views

ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities

=============================================================== !vuln ViArt Shopping Cart v3.5 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. ===============================================================...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2008/06/05 12:0 a.m.138 views

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Directory Traversal Vulnerabilities

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

10CVSS0.1AI score0.194EPSS
Exploits1
securityvulns
securityvulns
added 2006/12/02 12:0 a.m.138 views

[Aria-Security Team] DuWare DuNews SQL Injection Vuln

Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory: http://www.aria-security.com/forum/showthread.php?t=61 ----------------------------------------------------------- Software: DuNews Method: SQL Injection Vendor: http://www.duware.co...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2006/11/23 12:0 a.m.138 views

уязвимости скриптов с www.wr-script.ru (wr-board 1.4Lite)

1 DoS. Не проверяется значение параметра page в index.php http://wr-script.host/board/index.php?event=list&id=112420973596&page=-10000000000000000 2 Открытая почтовая форма. Адрес по которому будет отправлено сообщение с доски передается в поле uemail hidden. Пример использования:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.138 views

ContentNow CMS 1.39 'pageid' Sql Injection + Path Disclosure Vulnerabilities

ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities Severity : Medium risk Vendor : www.contentnow.mf4k.de Author : Alfredo 'revenge' Pesoli -------------------------------------------------- Description ContentNow is a PHP Content Management System web 2.0 compliant, more info ca...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/10/13 12:0 a.m.138 views

Ethernet frame padding information leakage

Incorrect memory managment causes ethernet fame padding bytes may contain sensitive information...

5CVSS1.9AI score0.73006EPSS
Exploits15References6Affected Software1
securityvulns
securityvulns
added 2005/02/15 12:0 a.m.138 views

VMWare virtual machine privilege escalation

Dynamic libraries are searched in world writable directory...

3.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/05/16 12:0 a.m.138 views

ISS Alert: IIS URL Decoding Vulnerability

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to [email protected] Contact [email protected] for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Aler...

7.5CVSS0.7AI score0.9077EPSS
Exploits8
securityvulns
securityvulns
added 2000/05/16 12:0 a.m.138 views

Security Advisory: Cisco IOS HTTP Server Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco IOS HTTP Server Vulnerability Revision 1.0 For public release 2000 May 14 at 09:00 US/Eastern UTC+0400 ------------------------------------------------------------------------ Summary A defect in multiple releases of Cisco IOS software will cause a Cisco...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2015/04/16 12:0 a.m.137 views

[SYSS-2015-014] Panda Global Protection 2015 - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-014 Product: Panda Global Protection 2015 Vendor: Panda Security Affected Versions: 15.1.0 Tested Versions: 15.1.0 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium Solutio...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.137 views

E-Journal CMS (ID) - Multiple Web Vulnerabilities

Document Title: =============== E-Journal CMS ID - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1380 Release Date: ============= 2014-12-17 Vulnerability Laboratory ID VL-ID: ==================================== 1380 Commo...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2014/10/18 12:0 a.m.137 views

APPLE-SA-2014-10-16-5 OS X Server v2.2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-5 OS X Server v2.2.5 OS X Server v2.2.5 is now available and addresses the following: Server Available for: OS X Mountain Lion v10.8.5 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known...

4.3CVSS4.5AI score0.99999EPSS
Exploits7
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.137 views

ntopng 1.2.0 XSS injection using monitored network traffic

ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of the software is vulnerable to...

7AI score
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.137 views

[SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection

Dell SecureWorks Security Advisory SWRX-2014-001 Open Web Analytics Pre-Auth SQL Injection Advisory Information Title: Open Web Analytics Pre-Auth SQL Injection Advisory ID: SWRX-2014-001 Advisory URL: http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-001/ Date published:...

7.5CVSS0.3AI score0.02495EPSS
Exploits7
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.137 views

ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability

ESA-2014-019.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability EMC Identifier: ESA-2014-019 CVE Identifier: CVE-2014-0636 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected Products:...

5.8CVSS0.2AI score0.00663EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/29 12:0 a.m.137 views

Xymon Systems and Network Monitor - remote file deletion vulnerability

Advisory ID: HTB23163 Product: Magnolia CMS Vendor: Magnolia International Ltd Vulnerable Versions: 4.5.7, 4.5.8, 4.5.9, 5.0 and 5.0.1 Community Edition Tested Version: 5.0 Community Edition Vendor Notification: July 3, 2013 Vendor Patch: July 18, 2013 Public Disclosure: July 24, 2013 Vulnerabili...

4.3CVSS0.8AI score0.0353EPSS
Exploits3
securityvulns
securityvulns
added 2013/07/29 12:0 a.m.137 views

Cross-Site Scripting (XSS) in Magnolia CMS

Advisory ID: HTB23163 Product: Magnolia CMS Vendor: Magnolia International Ltd Vulnerable Versions: 4.5.7, 4.5.8, 4.5.9, 5.0 and 5.0.1 Community Edition Tested Version: 5.0 Community Edition Vendor Notification: July 3, 2013 Vendor Patch: July 18, 2013 Public Disclosure: July 24, 2013 Vulnerabili...

4.3CVSS0.6AI score0.0353EPSS
Exploits3
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.137 views

Alt-N MDaemon's WorldClient Username Enumeration Vulnerability

==================================================================== Alt-N MDaemon's WorldClient Username Enumeration Vulnerability ==================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/11/06 12:0 a.m.137 views

Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting

Advisory: Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting vulnerabilities Advisory ID: SSCHADV2011-017 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 with Karma Ranking Plugin version 1.1 Vendor URL: http://www.s9y.org Vendor Status: fixed...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2010/04/06 12:0 a.m.137 views

ZDI-10-060: Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability

ZDI-10-060: Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-060 April 5, 2010 -- CVE ID: CVE-2010-0842 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -...

7.5CVSS0.5AI score0.77721EPSS
Exploits9
securityvulns
securityvulns
added 2009/09/10 12:0 a.m.137 views

Arbitrary File Upload vulnerability in TinyBrowser

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Arbitrary File Upload уязвимости в TinyBrowser - файл менеджере для редактора TinyMCE. Arbitrary File Upload: http://site/path/tinybrowser.php?type=file При доступе к TinyBrowser, доступ к которому не ограничивается, можно загрузить через встроенн...

7.2AI score
Exploits0
Total number of security vulnerabilities5000