Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2009/01/09 12:0 a.m.135 views

FreeBSD Security Advisory FreeBSD-SA-09:01.lukemftpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:01.lukemftpd Security Advisory The FreeBSD Project Topic: Cross-site request forgery in lukemftpd8 Category: core Module: lukemftpd Announced: 2009-01-07...

7.5CVSS6.2AI score0.04045EPSS
Exploits1
securityvulns
securityvulns
added 2008/06/19 12:0 a.m.135 views

CA ARCserve Backup Discovery Service Denial of Service Vulnerability

Title: CA ARCserve Backup Discovery Service Denial of Service Vulnerability CA Advisory Date: 2008-06-17 Reported By: Luigi Auriemma Impact: A remote attacker can cause a denial of service. Summary: CA ARCserve Backup contains a vulnerability in the Discovery service casdscsvc that can allow a...

5CVSS6.3AI score0.03634EPSS
Exploits1
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.135 views

S21SEC-043-en:Cezanne SW Blind SQL Injection

S21Sec Advisory - Title: Cezanne SW login required Blind SQL Injection ID: S21SEC-043-en Severity: High History: 02.Jan.2008 Vulnerability discovered Authors: Juan de la Fuente Costa [email protected] Fco Javier Puerta Rubio [email protected] URL: http://www.s21sec.com/avisos/s21sec-43-en.txt...

Exploits0
securityvulns
securityvulns
added 2007/07/23 12:0 a.m.135 views

Webspell 4.x Local File Inclusion

muH - $Title: Webspell 4.x Local File Inclusion Win $Damage Factor: Medium - High $Requires: Win Box & Php Supporting 00 $Discovered by muH $Usage: http://server.com/index.php?site=c:windowsrepairsam00...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2007/05/02 12:0 a.m.135 views

Sendcard (sendcard.php) Sendcard Local File Inclusion Vulnerability

Sendcard sendcard.php Sendcard Local File Inclusion Vulnerability Discovered: ettee Dork: "Powered by sendcard - an advanced PHP e-card program" -site:sendcard.org "powered by Sendcard" Bug: "// Get the template details if!isset$form || $form == '' $form = "form"; if!isset$des || $des == '' $des ...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2006/01/25 12:0 a.m.135 views

[Full-disclosure] HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability

------------------------------------------------------ HYSA-2006-001 h4cky0u.org Advisory 010 ------------------------------------------------------ Date - Wed Jan 25 2006 TITLE: ====== phpBB 2.0.19 search.php and profile.php DOS Vulnerability SEVERITY: ========= High SOFTWARE: ========= phpBB...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2005/10/01 12:0 a.m.135 views

[SECURITY] [DSA 829-1] New mysql packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 829-1 [email protected] http://www.debian.org/security/ Martin Schulze September 30, 2005 http://www.debian.org/security/faq -...

4.6CVSS0.3AI score0.02328EPSS
Exploits0
securityvulns
securityvulns
added 2005/02/14 12:0 a.m.135 views

Infostring crash and shutdown in the Quake 3 engine

Luigi Auriemma Application: Quake 3 engine http://www.idsoftware.com Games: - Call of Duty = 1.5 - Call of Duty: United Offensive = 1.51 - Heavy Metal: F.A.K.K.2 = 1.02 - Quake III Arena = 1.32 - Return to Castle Wolfenstein = 1.41 - Soldier of Fortune II: Double Helix = 1.03 - Star Trek Voyager:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2003/02/18 12:0 a.m.135 views

D-Forum (PHP)

Informations : °°°°°°°°°°°°°° Website : http://www.adalis.fr/adalis.html Versions : 1.00 - 1.11 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° /includes/header.php3 : --------------------------- ?php if $myheader!="" include $myheader; else ? ... --------------------------...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2001/10/17 12:0 a.m.135 views

[ ** Snes9x buffer overflow vulnerability ** ]

Snes9x buffer overflow vulnerability Affected version: v1.37 prior versions might also be affected. Tested platforms: FreeBSD, NetBSD, OpenBSD and Linux. A buffer overflow vulnerability exists in the snes9x emulator. The problem is that rom names given as an argument upon execution of the program...

Exploits0
securityvulns
securityvulns
added 2001/06/22 12:0 a.m.135 views

A-FTP Anonymous FTP Server Remote DoS attack Vulnerability

A-FTP Anonymous FTP Server Remote DoS attack Vulnerability Cartel Advisory Code: CART-0102 Vendor Affected: A-FTP Server - Eirik Helgeland [email protected] / [email protected] What It Is from the author: A free Unix Compatible Anonymous FTP server, running hidden from the user. Can be starte...

8AI score
Exploits0
securityvulns
securityvulns
added 2001/02/10 12:0 a.m.135 views

BindView advisory: sshd remote root (bug in deattack.c)

Remote vulnerability in SSH daemon crc32 compensation attack detector ----------------------------------------------------------------------- Issue date: 8 February 2001 Author: Michal Zalewski [email protected] Contact: Scott Blake [email protected] CVE: CAN-2001-0144 Topic:...

10CVSS0.5AI score0.32416EPSS
Exploits1
securityvulns
securityvulns
added 2000/12/22 12:0 a.m.135 views

Sample SecurID Token Emulator with Token Secret Import

Sample SecurID Token Emulator with Token Secret Import We have performed some cryptoanalysis and let's just say we do have grounds to believe that this algorithm is easily breakable. Once again, security of the cipher should be based entirely on the secrecy of the key, not the algorithm. Least...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/07/21 12:0 a.m.135 views

Security Update: DoS on gpm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Caldera Systems, Inc. Security Advisory Subject: DoS on gpm Advisory number: CSSA-2000-024.0 Issue date: 2000 July, 6 Cross reference: 1. Problem Description There are security problems within gpm General Purpose Mouse support daemon which allow remov...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.134 views

[SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-004 Product: Kaspersky Small Office Security KSOS Vendor: Kaspersky Lab ZAO Affected Versions: 13.0.4.233 Tested Versions: 13.0.4.233 Vulnerability Type: Use of a One-Way Hash without a Salt CWE-759 Risk Level: Low Solution...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.134 views

CollabNet Subversion Edge downloadHook local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "filename" parameter of the "downloadHook" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2015/04/08 12:0 a.m.134 views

FreeBSD Security Advisory FreeBSD-SA-15:07.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:07.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: 2015-04-07 Credits: Network Time...

4.3CVSS7.1AI score0.02219EPSS
Exploits0
securityvulns
securityvulns
added 2014/03/02 12:0 a.m.134 views

[slackware-security] subversion (SSA:2014-058-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security subversion SSA:2014-058-01 New subversion packages are available for Slackware 14.0, 14.1, and -current to fix denial-of-service issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

4.3CVSS8.4AI score0.11052EPSS
Exploits0
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.134 views

[USN-2003-1] Glance vulnerability

========================================================================== Ubuntu Security Notice USN-2003-1 October 23, 2013 glance vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

3.5CVSS0.5AI score0.03082EPSS
Exploits1
securityvulns
securityvulns
added 2013/06/17 12:0 a.m.134 views

APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002 OS X Mountain Lion v10.8.4 and Security Update 2013-002 is now available and addresses the following: CFNetwork Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: An...

10CVSS0.2AI score0.98582EPSS
Exploits31
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.134 views

[waraxe-2012-SA#089] - Multiple Vulnerabilities in TorrentTrader 2.08

waraxe-2012-SA089 - Multiple Vulnerabilities in TorrentTrader 2.08 =============================================================================== Author: Janek Vind "waraxe" Date: 17. September 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-89.html Description of vulnerable...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/24 12:0 a.m.134 views

APPLE-SA-2012-09-19-1 iOS 6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-1 iOS 6 iOS 6 is now available and addresses the following: CFNetwork Available for: iPhone 3GS and later, iPod touch 4th generation and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the...

10CVSS0.4AI score0.73164EPSS
Exploits22
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.134 views

Jrobalian CMS SQL Injection Vulnerability

===================================================== Jrobalian CMS SQL Injection Vulnerability ===================================================== :----------------------------------------------------------------------------------------------------------------------------------------: :...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.134 views

DomsHttpd 1.0 <= Remote Denial Of Service

DomsHttpd 1.0 = Remote Denial Of Service Discovered by: Jean Pascal Pereira [email protected] About DomsHttpd: "A very simple HTTP protocol program base on asynchronous socket model." Vendor URI: http://domshttpd.codeplex.com/ The remote attacker has the possibility to crash the application by...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/06/13 12:0 a.m.134 views

ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-083 June 6, 2012 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - -- Affected...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/06/12 12:0 a.m.134 views

[USN-1467-1] MySQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-1467-1 June 11, 2012 mysql-5.1, mysql-5.5, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities ========================================================================== A security issue affects these...

5.1CVSS0.4AI score0.96188EPSS
Exploits9
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.134 views

Squid / McAfee Web Gateway URL filtering bypass

Server trusts to Host: header in CONNECT request...

5CVSS1.2AI score0.12314EPSS
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2012/01/20 12:0 a.m.134 views

[SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure

CVE-2011-3375 Apache Tomcat Information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.21 - Tomcat 6.0.30 to 6.0.33 - Earlier versions are not affected Description: For performance reasons, information parsed from a request is often...

5CVSS0.6AI score0.06694EPSS
Exploits2
securityvulns
securityvulns
added 2011/11/11 12:0 a.m.134 views

APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X...

10CVSS0.6AI score0.96714EPSS
Exploits19
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.134 views

Oracle / Sun / People Soft applications multiple security vulnerabilities

Quarterly CPU fixes 50 security vulnereabilities...

9.3CVSS2.1AI score0.98945EPSS
Exploits20References4Affected Software11
securityvulns
securityvulns
added 2011/06/19 12:0 a.m.134 views

TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability

TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-06 June 15, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

10CVSS1.7AI score0.06277EPSS
Exploits0
securityvulns
securityvulns
added 2009/06/25 12:0 a.m.134 views

Trustwave's SpiderLabs Security Advisory TWSL2009-002

Trustwave's SpiderLabs Security Advisory TWSL2009-002: Cisco ASA Web VPN Multiple Vulnerabilities Published: 2009-06-24 Version: 1.0 Vendor: Cisco Systems, Inc. http://www.cisco.com Versions affected: 8.04, 8.1.2, and 8.2.1 Description: Cisco's Adaptive Security Appliance ASA provides a number of...

6CVSS0.3AI score0.08828EPSS
Exploits3
securityvulns
securityvulns
added 2009/06/05 12:0 a.m.134 views

[SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Updated to clarify affected versions as they vary for each affected Realm. CVE-2009-0580: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: MemoryRealm: Tomcat 4.1.0 to 4.1.39 Tomcat...

4.3CVSS4.9AI score0.9444EPSS
Exploits4
securityvulns
securityvulns
added 2008/11/04 12:0 a.m.134 views

Microsoft Windows code execution

It's possible toexecute code without authentication with RPC request UUID 4b324fc8-1670-01d3-1278-5a47bf6ee188 to browser service via SERVER LanmanServer service, TCP/139, TCP/445. Reccomendation is to disable browser service...

10CVSS3.9AI score0.98751EPSS
Exploits12References3
securityvulns
securityvulns
added 2008/11/01 12:0 a.m.134 views

PHP-Nuke Module Current_Issue (summary&id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability PHP-Nuke Module CurrentIssue summary&id AuTh0r : EhsanHp200 H0ME : www.only-4dl.tk Email : [email protected] Dork : "inurl:modules.php?name=CurrentIssue" Exploite:...

3.6AI score
Exploits0
securityvulns
securityvulns
added 2008/02/18 12:0 a.m.134 views

joomla SQL Injection(com_filebase)

joomla SQL Injectioncomfilebase AUTHOR : S@BUN HOME 1 : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl: comfilebase DORK 2 : allinurl: EXPLOIT :...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2007/12/05 12:0 a.m.134 views

Sql Injection in wordpress 2.3.1

Author : Beenu Arora Mail : [email protected] Application : WordPress 2.3.1 Homepage: http://wordpress.org/ SQL Injection Vulnerable URL : http://localhost/pathtowordpress/?feed=rss2&p= Parameter : P POC =...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/12/26 12:0 a.m.134 views

PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability

----------------------------------------------- PhpbbXtra v2.0 phpbbrootpath Remote File Include Vulnerability ----------------------------------------------- Author: xoron ----------------------------------------------- Vuln Code: include$phpbbrootpath . 'includes/bbcode.'.$phpEx;...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/10/13 12:0 a.m.134 views

zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities

Vendor: zenphoto Vulnerable: zenphoto 1.0.2 beta and below The vendor has been warned and the vulnerabilities have been addressed in 1.0.3 beta. Path Disclosure --------------- http://www.example.com/photos/zen/i.php?a=EXISTINGALBUMNAME&i=EXISTINGIMAGENAME&s=thumb00 which returns: Warning:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/07/08 12:0 a.m.134 views

Multiple vulnerabilities in Lantronix SLC console server

Hi, I stumbled on another bug during my review for console servers: Summary: Lantronix SecureLinx console server: Retrieval of ssh-private keys and system logfiles Confirmed on SLC32, Software version: 2.0, 3.0 very likely on all models of SLC series SLC8, 16, 32, 48 www.lantronix.com Details:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2005/02/25 12:0 a.m.134 views

Multiple vulns in punBB

================================================= SQL Injections in punbb-1.2.1 register.php ================================================= Description ----------- A remote attacker can cause register.php to execute arbitrary SQL statements by supplying malicous values to the language or email...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2003/03/19 12:0 a.m.134 views

SIPS (PHP)

Product : SIPS Version : v0.2.2 WebSite : http://www.squishdot.org Problem : Viewing users account Description: ------------ You could easily look throught any user's account without any permissions. Each of them is in dir names after first letter of his login. For example foo will have url like...

7AI score
Exploits0
securityvulns
securityvulns
added 2001/05/16 12:0 a.m.134 views

iPlanet - Netscape Enterprise Web Publisher Buffer Overflow

iPlanet – Netscape Enterprise Web Publisher Buffer Overflow Release Date: May 11, 2001 Severity: High Remote SYSTEM level code execution Systems Affected: Netscape Enterprise 4.1 and prior versions. Description: The Web Publisher feature in Netscape Enterprise 4.1 is vulnerable to a buffer...

8AI score
Exploits0
securityvulns
securityvulns
added 2015/07/13 12:0 a.m.133 views

[USN-2658-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2658-1 July 06, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

10CVSS1.2AI score0.50129EPSS
Exploits19
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.133 views

CollabNet Subversion Edge weak password policy

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement a strong password policy Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Risk: Medi...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/06/13 12:0 a.m.133 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Buffer overflows, memory corruptions, clickjacking...

10CVSS3.3AI score0.06381EPSS
Exploits0Affected Software3
securityvulns
securityvulns
added 2014/05/10 12:0 a.m.133 views

[oss-security] [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations

There is a vulnerability in the 'implicit render' functionality in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0130. Versions Affected: All Supported Not affected: None Fixed Versions: 4.1.1, 4.0.5, 3.2.18 Impact ------ The implicit render functionality allows...

4.3CVSS0.2AI score0.53703EPSS
Exploits2
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.133 views

Ammyy Admin - Hidden hard-coded option and Access Control vulnerability.

Title: ==== Ammyy Admin - Hidden hard-coded option and Access Control vulnerability. Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ==== - CVE-2013-5581 for hidden hard-coded option CWE-255. - CVE-2013-5582 for failure...

0.2AI score0.03636EPSS
Exploits5
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.133 views

[SECURITY] [DSA 2747-1] cacti security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2747-1 [email protected] http://www.debian.org/security/ Florian Weimer August 31, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.01988EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.133 views

Vulnerabilities in jPlayer

Hello 3APA3A! I want to inform you about multiple vulnerabilities in jPlayer. These are Cross-Site Scripting and Content Spoofing and vulnerabilities in jPlayer. Which is used at tens thousands of web sites and in multiple web applications. ------------------------- Affected products:...

4.3CVSS5.7AI score0.05494EPSS
Exploits2
Total number of security vulnerabilities5000