Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2001/02/10 12:0 a.m.134 views

BindView advisory: sshd remote root (bug in deattack.c)

Remote vulnerability in SSH daemon crc32 compensation attack detector ----------------------------------------------------------------------- Issue date: 8 February 2001 Author: Michal Zalewski [email protected] Contact: Scott Blake [email protected] CVE: CAN-2001-0144 Topic:...

10CVSS0.5AI score0.32416EPSS
Exploits1
securityvulns
securityvulns
added 2015/07/13 12:0 a.m.133 views

[USN-2658-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2658-1 July 06, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

10CVSS1.2AI score0.50129EPSS
Exploits19
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.133 views

CollabNet Subversion Edge downloadHook local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "filename" parameter of the "downloadHook" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.133 views

CollabNet Subversion Edge weak password policy

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement a strong password policy Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Risk: Medi...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/05/13 12:0 a.m.133 views

Adobe Flash Player multiple security vulnerabilities

Buffer overflows, memory corruptions, integer overflows, race conditions, restriction bypass...

10CVSS3.5AI score0.87303EPSS
Exploits10Affected Software1
securityvulns
securityvulns
added 2014/05/10 12:0 a.m.133 views

[oss-security] [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations

There is a vulnerability in the 'implicit render' functionality in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0130. Versions Affected: All Supported Not affected: None Fixed Versions: 4.1.1, 4.0.5, 3.2.18 Impact ------ The implicit render functionality allows...

4.3CVSS0.2AI score0.53703EPSS
Exploits2
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.133 views

Ammyy Admin - Hidden hard-coded option and Access Control vulnerability.

Title: ==== Ammyy Admin - Hidden hard-coded option and Access Control vulnerability. Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ==== - CVE-2013-5581 for hidden hard-coded option CWE-255. - CVE-2013-5582 for failure...

0.2AI score0.03636EPSS
Exploits5
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.133 views

[USN-2003-1] Glance vulnerability

========================================================================== Ubuntu Security Notice USN-2003-1 October 23, 2013 glance vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

3.5CVSS0.5AI score0.03082EPSS
Exploits1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.133 views

[SECURITY] [DSA 2747-1] cacti security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2747-1 [email protected] http://www.debian.org/security/ Florian Weimer August 31, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.01988EPSS
Exploits1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.133 views

Exploit for D-Link DAP 1150

Hello! Here is exploit for D-Link DAP 1150. About vulnerabilities in it, which were used in this exploit, I've wrote in 2011. I've presented this exploit in my article "CSRF Attacks on Network Devices" in the magazine PenTest Extra 02/2012 http://pentestmag.com/pentestextra022012/, released in...

Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.133 views

Fileutils ruby gem possible remote command execution and insecure file handling in /tmp

Fileutils ruby gem possible remote command execution and insecure file handling in /tmp 2/23/2013 Hi list, I was looking at some gem files and noticed a few issues with fileutils-0.7 http://rubygems.org/gems/fileutils "A set of utility classes to extract meta data from different file types"...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2012/11/18 12:0 a.m.133 views

Microsoft Internet Information Services security vulnerabilities

log files information leakage, FTP STARTTLS session command injection...

5CVSS1.4AI score0.41968EPSS
Exploits2Affected Software1
securityvulns
securityvulns
added 2012/10/28 12:0 a.m.133 views

HP/H3C / Huawei equipment information leakage

Information leakage via SNMP...

8.5CVSS1.8AI score0.02263EPSS
Exploits0References2
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.133 views

[waraxe-2012-SA#089] - Multiple Vulnerabilities in TorrentTrader 2.08

waraxe-2012-SA089 - Multiple Vulnerabilities in TorrentTrader 2.08 =============================================================================== Author: Janek Vind "waraxe" Date: 17. September 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-89.html Description of vulnerable...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/06/25 12:0 a.m.133 views

Commentics 2.0 <= Multiple Vulnerabilities

Commentics 2.0 = Multiple Vulnerabilities Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Commentics is a free, advanced PHP comment script with many features. Professionally written and with open source code, its main aims are to be integrable, customizable and secure."...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.133 views

AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections

Hi all, nevisProxy is a Swiss secure reverse proxy with integrated web application firewall WAF. It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/06/13 12:0 a.m.133 views

ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-083 June 6, 2012 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - -- Affected...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/06/12 12:0 a.m.133 views

[USN-1467-1] MySQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-1467-1 June 11, 2012 mysql-5.1, mysql-5.5, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities ========================================================================== A security issue affects these...

5.1CVSS0.4AI score0.96188EPSS
Exploits9
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.133 views

[CVE-2012-1574] Apache Hadoop user impersonation vulnerability

Hello, Users of Apache Hadoop should be aware of a security vulnerability recently discovered, as described by the following CVE. In particular, please note the "Users affected", "Versions affected", and "Mitigation" sections. Best, Aaron -- Aaron T. Myers Software Engineer, Cloudera CVE-2012-157...

6.5CVSS1.6AI score0.04827EPSS
Exploits1
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.133 views

Squid / McAfee Web Gateway URL filtering bypass

Server trusts to Host: header in CONNECT request...

5CVSS1.2AI score0.12314EPSS
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2012/01/20 12:0 a.m.133 views

[SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure

CVE-2011-3375 Apache Tomcat Information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.21 - Tomcat 6.0.30 to 6.0.33 - Earlier versions are not affected Description: For performance reasons, information parsed from a request is often...

5CVSS0.6AI score0.06694EPSS
Exploits2
securityvulns
securityvulns
added 2011/12/04 12:0 a.m.133 views

Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress skysa-official plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities Download......:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/11/11 12:0 a.m.133 views

APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X...

10CVSS0.6AI score0.96714EPSS
Exploits19
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.133 views

WordPress Plugin BackWPUp 2.1.4 - Security Advisory - SOS-11-012

Sense of Security - Security Advisory - SOS-11-012 Release Date. 17-Oct-2011 Vendor Notification Date. 14-Oct-2011 Product. BackWPUp Platform. WordPress Affected versions. 2.1.4 Severity Rating. High Impact. System access Attack Vector. Remote without authentication Solution Status. Upgrade to...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/09/15 12:0 a.m.133 views

vBulletin 3.8.2 Denial of Service Exploit

!usr/bin/perl vBulletin® Version 3.8.2 D3n14l 0f S3rv1c3 Expl01t HaCker Anger - [email protected] Modules use IO::SOCKET; Object interface if @ARGV1 print" Author : Hacker Anger TeaM : The Assassin Scorpion TeaM Home : http://Baloma.NeT Mail : [email protected] -vBulletin 3.8.2 Denial of Service Exploi...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2009/06/25 12:0 a.m.133 views

Trustwave's SpiderLabs Security Advisory TWSL2009-002

Trustwave's SpiderLabs Security Advisory TWSL2009-002: Cisco ASA Web VPN Multiple Vulnerabilities Published: 2009-06-24 Version: 1.0 Vendor: Cisco Systems, Inc. http://www.cisco.com Versions affected: 8.04, 8.1.2, and 8.2.1 Description: Cisco's Adaptive Security Appliance ASA provides a number of...

6CVSS0.3AI score0.08828EPSS
Exploits3
securityvulns
securityvulns
added 2009/05/29 12:0 a.m.133 views

MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-->

---------------------------------------------------------- MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-- ---------------------------------------------------------- CMS INFORMATION: --WEB: http://spirate.net/foro/ --DOWNLOAD: http://spirate.net/foro/ --DEMO:...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2009/02/26 12:0 a.m.133 views

Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability Advisory ID: cisco-sa-20090225-mtgplace Revision 1.0 For Public Release 2009 February 25 1600 UTC GMT...

9CVSS0.3AI score0.02554EPSS
Exploits1
securityvulns
securityvulns
added 2009/01/11 12:0 a.m.133 views

Java Runtime UTF-8 Decoder Smuggling Vector

Due to misconfiguration of mailing lists, it was just pointed out this is already public. Apologies to those vendors who have not reacted to Sun's announcements of December 2nd in a timely manner; Mitre ID: CVE-2008-2938 Initial title: Java Runtime UTF-8 Decoding Flaw Actual title: Java Runtime...

4.3CVSS7.4AI score0.99708EPSS
Exploits22
securityvulns
securityvulns
added 2008/02/18 12:0 a.m.133 views

joomla SQL Injection(com_filebase)

joomla SQL Injectioncomfilebase AUTHOR : S@BUN HOME 1 : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl: comfilebase DORK 2 : allinurl: EXPLOIT :...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2007/10/12 12:0 a.m.133 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References5Affected Software2
securityvulns
securityvulns
added 2007/08/17 12:0 a.m.133 views

IBM Rational ClearQuest Web SQL Injection Login Bypass

+==============================================================+ + IBM Rational ClearQuest Web Login Bypass SQL Injection + +==============================================================+ DISCOVERED BY: ============== SecureState sasquatch - [email protected] rel1k - [email protected]...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/04/12 12:0 a.m.133 views

cattaDoc 2.21(download2.php fn1)Remote File Disclosure Vulnerability

cattaDoc 2.21download2.php fn1Remote File Disclosure Vulnerability D.Script: http://cattadoc.com/download/cattadoc-2.21.tgz Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group V.Code: $tp = $REQUEST'mtp'; $ofn =...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/01/25 12:0 a.m.133 views

[Full-disclosure] HYSA-2006-001 phpBB 2.0.19 search.php and profile.php DOS Vulnerability

------------------------------------------------------ HYSA-2006-001 h4cky0u.org Advisory 010 ------------------------------------------------------ Date - Wed Jan 25 2006 TITLE: ====== phpBB 2.0.19 search.php and profile.php DOS Vulnerability SEVERITY: ========= High SOFTWARE: ========= phpBB...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2005/10/01 12:0 a.m.133 views

[SECURITY] [DSA 829-1] New mysql packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 829-1 [email protected] http://www.debian.org/security/ Martin Schulze September 30, 2005 http://www.debian.org/security/faq -...

4.6CVSS0.3AI score0.02328EPSS
Exploits0
securityvulns
securityvulns
added 2005/07/08 12:0 a.m.133 views

Multiple vulnerabilities in Lantronix SLC console server

Hi, I stumbled on another bug during my review for console servers: Summary: Lantronix SecureLinx console server: Retrieval of ssh-private keys and system logfiles Confirmed on SLC32, Software version: 2.0, 3.0 very likely on all models of SLC series SLC8, 16, 32, 48 www.lantronix.com Details:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2005/02/25 12:0 a.m.133 views

Multiple vulns in punBB

================================================= SQL Injections in punbb-1.2.1 register.php ================================================= Description ----------- A remote attacker can cause register.php to execute arbitrary SQL statements by supplying malicous values to the language or email...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2003/03/19 12:0 a.m.133 views

SIPS (PHP)

Product : SIPS Version : v0.2.2 WebSite : http://www.squishdot.org Problem : Viewing users account Description: ------------ You could easily look throught any user's account without any permissions. Each of them is in dir names after first letter of his login. For example foo will have url like...

7AI score
Exploits0
securityvulns
securityvulns
added 2001/10/17 12:0 a.m.133 views

[ ** Snes9x buffer overflow vulnerability ** ]

Snes9x buffer overflow vulnerability Affected version: v1.37 prior versions might also be affected. Tested platforms: FreeBSD, NetBSD, OpenBSD and Linux. A buffer overflow vulnerability exists in the snes9x emulator. The problem is that rom names given as an argument upon execution of the program...

Exploits0
securityvulns
securityvulns
added 2001/05/16 12:0 a.m.133 views

iPlanet - Netscape Enterprise Web Publisher Buffer Overflow

iPlanet – Netscape Enterprise Web Publisher Buffer Overflow Release Date: May 11, 2001 Severity: High Remote SYSTEM level code execution Systems Affected: Netscape Enterprise 4.1 and prior versions. Description: The Web Publisher feature in Netscape Enterprise 4.1 is vulnerable to a buffer...

8AI score
Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.132 views

[SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-004 Product: Kaspersky Small Office Security KSOS Vendor: Kaspersky Lab ZAO Affected Versions: 13.0.4.233 Tested Versions: 13.0.4.233 Vulnerability Type: Use of a One-Way Hash without a Salt CWE-759 Risk Level: Low Solution...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2015/04/08 12:0 a.m.132 views

FreeBSD Security Advisory FreeBSD-SA-15:07.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:07.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: 2015-04-07 Credits: Network Time...

4.3CVSS7.1AI score0.02219EPSS
Exploits0
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.132 views

PHP Code Execution in jui_filter_rules Parsing Library

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 PHP Code Execution in juifilterrules Parsing Library ====================================================== Researcher: Timo Schmid [email protected] Description =========== juifilterrules1 is a jQuery plugin which allows users to generate a rulese...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/03/13 12:0 a.m.132 views

[SECURITY] [DSA 2874-1] mutt security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2874-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 12, 2014 http://www.debian.org/security/faq -...

5CVSS1.9AI score0.05155EPSS
Exploits1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.132 views

CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability

Application Performance Guard Vendor CapaSystems Link http://www.capasystems.com/it-performance-monitorin Discovered by Kerem Kocaer kerem.kocaeratgmaildotcom Problem ------- Path traversal vulnerability in the "download logs" section allows remote attackers to read arbitrary files by interceptin...

5CVSS1.3AI score0.01899EPSS
Exploits3
securityvulns
securityvulns
added 2012/01/09 12:0 a.m.132 views

[security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03128302 Version: 1 HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soo...

10CVSS0.7AI score0.08526EPSS
Exploits0
securityvulns
securityvulns
added 2011/06/19 12:0 a.m.132 views

TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability

TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-06 June 15, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

10CVSS1.7AI score0.06277EPSS
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.132 views

ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability

ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-185 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

10CVSS0.7AI score0.06277EPSS
Exploits0
securityvulns
securityvulns
added 2011/02/26 12:0 a.m.132 views

Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities

Quarterly security update closes nearly 70 different vulnerabilities in all applications...

10CVSS2.2AI score0.87264EPSS
Exploits60References12Affected Software19
securityvulns
securityvulns
added 2010/02/10 12:0 a.m.132 views

Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: TLS Protocol Session Renegotiation Security Vulnerability Aruba Advisory ID: AID-020810 Revision: 1.0 For Public Release on 02/08/2010 +---------------------------------------------------- SUMMARY This advisory...

5.8CVSS8.8AI score0.87264EPSS
Exploits14
Total number of security vulnerabilities5000