Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2014/10/15 12:0 a.m.140 views

[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

8.3AI score0.24148EPSS
Exploits5
securityvulns
securityvulns
added 2014/05/10 12:0 a.m.140 views

Cross-Site Scripting (XSS) in Offiria

Advisory ID: HTB23210 Product: Offiria Vendor: Slashes Dots Sdn Bhd. Vulnerable Versions: 2.1.0 and probably prior Tested Version: 2.1.0 Advisory Publication: April 2, 2014 without technical details Vendor Notification: April 2, 2014 Public Disclosure: May 7, 2014 Vulnerability Type: Cross-Site...

4.3CVSS0.7AI score0.01193EPSS
Exploits3
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.140 views

Samsung DVR authentication bypass

Title: Samsung DVR authentication bypass Version affected: firmware version = 1.10 Vendor: Samsung - www.samsung-security.com Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Samsung provides a wide range of DVR...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.140 views

[MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7

We don't release 0days... except when vendors show no interest in fixing their their bugs. http://umbraco.com/umbraco/dashboard/FeedProxy.aspx?url=http://en.wikipedia.org/wiki/Openproxy Have fun. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory...

7.5CVSS0.2AI score0.03481EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.140 views

Iciniti Store SQL Injection - Security Advisory - SOS-12-003

Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impact. Manipulation of data Attack...

Exploits0
securityvulns
securityvulns
added 2011/11/06 12:0 a.m.140 views

XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3

Information -------------------- Name : XSS and SQL Injection Vulnerabilities on Symphony CMS Software : Symphony CMS 2.2.3 and possibly below Vendor Homepage : http://symphony-cms.com Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Mesut Timur mesut a...

Exploits0
securityvulns
securityvulns
added 2011/10/12 12:0 a.m.140 views

[ GLSA 201110-06 ] PHP: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 201110-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

10CVSS0.1AI score0.22724EPSS
Exploits94
securityvulns
securityvulns
added 2011/09/20 12:0 a.m.140 views

Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit

?php / Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration Web Service getSubKeys Remote SQL Injection Exploit tested against: Microsoft Windows Server 2003 r2 sp2 Microsoft SQL Server 2005 Express download uri:...

8.8AI score
Exploits0
securityvulns
securityvulns
added 2011/09/20 12:0 a.m.140 views

[Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ?Onapsis Security Advisory 2011-014: SAP WebAS Remote Denial of Service 1. Impact on Business ========================= By exploiting this vulnerability, an unauthenticated attacker would be able to remotely disrupt the SAP Application Server. This...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.140 views

CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server

-----BEGIN PGP SIGNED MESSAGE----- CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server Issued: April 26, 2011 CA Technologies support is alerting customers to multiple security risks with CA Arcot WebFort Versatile Authentication Server. Two vulnerabilities exist...

5.8CVSS1AI score0.01363EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.140 views

XSS in Oracle default fcgi-bin/echo

Long ago, I wrote about an XSS vulnerability in Oracle fcgi-bin/echo : http://lists.grok.org.uk/pipermail/full-disclosure/2010-October/076794.html http://www.securityfocus.com/archive/1/514181 The issue may now be fixed in the latest versions of Oracle web servers:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2011/02/03 12:0 a.m.140 views

Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints Advisory ID: cisco-sa-20110202-tandberg Revision 1.0 For Public Release 2011 February 2 1600 UTC GMT...

10CVSS0.6AI score0.13988EPSS
Exploits4
securityvulns
securityvulns
added 2010/11/04 12:0 a.m.140 views

CVE-2010-3863: Apache Shiro information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2010-3863: Apache Shiro information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shiro 1.0.0-incubating The unsupported JSecurity 0.9.x versions are also affected Description:...

5CVSS5.8AI score0.54799EPSS
Exploits2
securityvulns
securityvulns
added 2010/06/09 12:0 a.m.140 views

Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)

Microsoft Security Bulletin MS10-039 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege 2028554 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed and two privately reported...

6.8CVSS0.2AI score0.28707EPSS
Exploits2
securityvulns
securityvulns
added 2010/04/14 12:0 a.m.140 views

CVE-2009-4511: TANDBERG VCS Arbitrary File Retrieval

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Arbitrary File Retrieval Release Date:...

4CVSS0.3AI score0.05479EPSS
Exploits1
securityvulns
securityvulns
added 2009/08/09 12:0 a.m.140 views

OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error

Application: OpenCms Version: 7.5.0 Hardware: Tomcat/Oracle Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error Overview: Various URL's within the deployed OpenCms application version 7.5.0 are open to attacks, including Cross-Site Scripting, Phishing Through Frames an...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2008/12/29 12:0 a.m.140 views

ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities

=============================================================== !vuln ViArt Shopping Cart v3.5 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. ===============================================================...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2008/06/05 12:0 a.m.140 views

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Directory Traversal Vulnerabilities

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

10CVSS0.1AI score0.194EPSS
Exploits1
securityvulns
securityvulns
added 2007/12/24 12:0 a.m.141 views

America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution

Sorry for the brief post but Im still able to bypass filters that aol has put in place. So again with frustration I come to FD to imply pressure on a company to patch correct. From reading feedback from AOL they feel the vulnerability is put to bed and requires no more attention. I am not posting...

Exploits0
securityvulns
securityvulns
added 2007/11/21 12:0 a.m.140 views

Several persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS)

http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs The following vulns were found on 24 June 2007 and were tested against firmware V1.00.06. The specific persistent XSS holes mentioned in this advisory were fixed by Cisco on firmware versio...

4.3CVSS0.5AI score0.0194EPSS
Exploits2
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.140 views

Mozilla Foundation Security Advisory 2007-22

Mozilla Foundation Security Advisory 2007-22 Title: File type confusion due to 00 in name Impact: Low Announced: July 17, 2007 Reporter: Ronald van den Heetkamp Products: Firefox Fixed in: Firefox 2.0.0.5 Description Ronald van den Heetkamp reported that a filename URL containing 00 encoded null...

6.8CVSS0.01751EPSS
Exploits3
securityvulns
securityvulns
added 2007/02/27 12:0 a.m.140 views

ViewCVS 0.9.4 issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! Short version for the busy ones: o Security issue on ViewCVS 0.9.4 o Not really exploitable unless malicious users have CVS write access AND victim visits pre-crafted URL ViewCVS 0.9.4...

4.3CVSS5.4AI score0.01235EPSS
Exploits0
securityvulns
securityvulns
added 2006/12/02 12:0 a.m.140 views

[Aria-Security Team] DuWare DuNews SQL Injection Vuln

Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory: http://www.aria-security.com/forum/showthread.php?t=61 ----------------------------------------------------------- Software: DuNews Method: SQL Injection Vendor: http://www.duware.co...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.140 views

ContentNow CMS 1.39 'pageid' Sql Injection + Path Disclosure Vulnerabilities

ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities Severity : Medium risk Vendor : www.contentnow.mf4k.de Author : Alfredo 'revenge' Pesoli -------------------------------------------------- Description ContentNow is a PHP Content Management System web 2.0 compliant, more info ca...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/05/03 12:0 a.m.140 views

[SA19913] phpkb Knowledge Base "searchkeyword" Cross-Site Scripting

TITLE: phpkb Knowledge Base "searchkeyword" Cross-Site Scripting SECUNIA ADVISORY ID: SA19913 VERIFY ADVISORY: http://secunia.com/advisories/19913/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: phpkb Knowledge Base 1.x http://secunia.com/product/9697/...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2005/10/13 12:0 a.m.140 views

Ethernet frame padding information leakage

Incorrect memory managment causes ethernet fame padding bytes may contain sensitive information...

5CVSS1.9AI score0.73006EPSS
Exploits15References6Affected Software1
securityvulns
securityvulns
added 2001/05/29 12:0 a.m.140 views

[synnergy] - Solaris mailtool(1) buffer overflow vulnerability

Vulnerability in Solaris mailtool1 Date Published: May 29, 2001 Advisory ID: N/A Bugtraq ID: N/A Sun Bug ID: 4458476 CVE CAN: Non currently assigned. Title: Solaris mailtool1 Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes Vulnerable...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2000/05/16 12:0 a.m.140 views

Security Advisory: Cisco IOS HTTP Server Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco IOS HTTP Server Vulnerability Revision 1.0 For public release 2000 May 14 at 09:00 US/Eastern UTC+0400 ------------------------------------------------------------------------ Summary A defect in multiple releases of Cisco IOS software will cause a Cisco...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2014/12/29 12:0 a.m.139 views

Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities

Document Title: =============== Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239 CVE-ID: ======= CVE-2014-2239 Release Date:...

6.3AI score
Exploits6
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.139 views

Multiple Vulnerabilities in KrisonAV CMS

Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...

6.8CVSS6.6AI score0.01826EPSS
Exploits6
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.139 views

Alt-N MDaemon's WorldClient Username Enumeration Vulnerability

==================================================================== Alt-N MDaemon's WorldClient Username Enumeration Vulnerability ==================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/12/12 12:0 a.m.139 views

Multiple critical vulnerabilities in Maxthon and Avant browsers

Hi, Below you can find a short summary of discovered vulnerabilities in Maxthon and Avant browsers. Such vulnerabilities were demonstrated during HITBAMS2012 security conference and more recently at HackPra. Affected Products - Maxthon www.maxthon.com - Avant Browser www.avantbrowser.com Security...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/11/01 12:0 a.m.139 views

Content Spoofing and Cross-Site Scripting vulnerabilities in Bitrix Site Manager

Hello 3APA3A! I want to warn you about security vulnerabilities in Bitrix Site Manager. It is commercial CMS. These are Content Spoofing and Cross-Site Scripting vulnerabilities. These holes bypass built-in WAF and all other protections of Bitrix. ------------------------- Affected products:...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2012/08/20 12:0 a.m.139 views

ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-142 August 17, 2012 - -- CVE ID: CVE-2012-1713 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected...

10CVSS0.5AI score0.05983EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.139 views

Liferay 6.1 can be compromised in its default configuration

Liferay 6.1 can be compromised in its default configuration Description: Liferay Portal is an enterprise portal written in Java By utilizing the json webservices exposed by the platform you can register a new user with any role in the system, including the built in administrator role. The problem...

Exploits0
securityvulns
securityvulns
added 2010/11/24 12:0 a.m.139 views

[ MDVSA-2010:239 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:239 http://www.mandriva.com/security/ Package : php Date : November 19, 2010 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A possible double free flaw was found ...

5CVSS6.8AI score0.06008EPSS
Exploits0
securityvulns
securityvulns
added 2010/06/20 12:0 a.m.139 views

CVE-2010-1622: Spring Framework execution of arbitrary code

CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be affected Description: The Spring...

6CVSS0.5AI score0.52003EPSS
Exploits11
securityvulns
securityvulns
added 2010/04/30 12:0 a.m.139 views

Jcaptcha vulnerability

Hi, Jcaptcha has a design problem that allows a complete bypass of it's security features. Vendor was contacted on 12/Dec/09: http://jcaptcha.octo.com/jira/browse/FWK-114 Other captcha systems could be affected. Kind Regards, --------------------- Hugo Vazquez Carames "El trabajo que nunca se...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/11/18 12:0 a.m.139 views

Multiple TCP implementations different security vulnerabilities

Multiple security vulnerabilities in different operation sustems caused by resource exhaustions on maintaining TCP states table...

10CVSS1.8AI score0.35042EPSS
Exploits3References4Affected Software5
securityvulns
securityvulns
added 2009/05/04 12:0 a.m.139 views

“Cross-Site Scripting” vulnerability in MyBB 1.4.5

Advisory : “Cross-Site Scripting” vulnerability in MyBB Application: MyBB Vulnerable Versions: = 1.4.5 Reported By: Jacques Copeau Description MyBB is a forum package full of useful and to-the-point features, helping you to make administrating your bulletin board as easy as possible. We highlight...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2008/08/25 12:0 a.m.139 views

vim multiple security vulnerabilities

Code execution on file open...

9.3CVSS2.5AI score0.15044EPSS
Exploits0References8Affected Software1
securityvulns
securityvulns
added 2008/06/26 12:0 a.m.139 views

The Rat CMS (SQL/XSS) Multiple Remote Vulnerabilities

========================================================== The Rat CMS SQL/XSS Multiple Remote Vulnerabilities ========================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2008/03/28 12:0 a.m.139 views

CISCO routers IOS multiple security vulnerabilities

MVPN information leak, UDP DoS, multiple VPDN and DLSw DoS, multiple OSPF and MPLS vulnerabilities...

7.8CVSS1.9AI score0.05584EPSS
Exploits5References6Affected Software1
securityvulns
securityvulns
added 2007/02/22 12:0 a.m.139 views

Pics Navigator Directory Traversal Vulnerability

Pics Navigator Directory Traversal Vulnerability By : sn0oPy Risk : medium site : http://www.jeunes-webmasters.com/ Dork : "Powered by J-Web Pics Navigator v2.0" | inurl:"jwpn-photos.php" | exploit : for the v1.0 http://www.target/gallery directory/pn-menu.php?ret=Pics20Navigator&dir=../../../ fo...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2007/02/05 12:0 a.m.139 views

Adrenalin's ASP Chat XSS

Adrenalin's ASP Chat XSS By : sn0oPy Risk : high exploit : just inject any script at your psuedo or on chat, to apply it for all the users connected Dork : intitle:"ASP Chat" contact : [email protected] greetz : subzero, http://forums.avenir-geopolitique.net. reference :...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/08/31 12:0 a.m.139 views

[SA21672] Sony PSP TIFF Image Viewing Code Execution Vulnerability

TITLE: Sony PSP TIFF Image Viewing Code Execution Vulnerability SECUNIA ADVISORY ID: SA21672 VERIFY ADVISORY: http://secunia.com/advisories/21672/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote OPERATING SYSTEM: Sony PlayStation Portable PSP 2.x...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2004/11/22 12:0 a.m.139 views

Danware NetOp information leak

System information leak...

1.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/09/10 12:0 a.m.139 views

sql injection vulnerability in WBB 2.0 RC1 and below

Hi, I discovered a serious vulnerability in Woltlab Burning Board 2.0 RC 1 and below some weeks ago. The latest version WBB 2.0 RC 2 seems not vulnerable, but there are still sites using vulnerable versiones. versions tested vulnerable WBB 2.0 RC 1 WBB 2.0 beta 5 WBB 2.0 beta 4 WBB 2.0 beta 3...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/05/16 12:0 a.m.139 views

ISS Alert: IIS URL Decoding Vulnerability

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to [email protected] Contact [email protected] for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Aler...

7.5CVSS0.7AI score0.9077EPSS
Exploits8
securityvulns
securityvulns
added 2015/02/23 12:0 a.m.138 views

[SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0227 Request Smuggling Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.41 Description: It was possible to craf...

6.4CVSS6.3AI score0.21045EPSS
Exploits0
Total number of security vulnerabilities5000