Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2000/04/13 12:0 a.m.132 views

TalentSoft Web+ Input Validation Bug Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sword & Shield Enterprise Security, Inc. - Security Advisory www.sses.net, Copyright c 2000 Advisory: TalentSoft Web+ Input Validation Bug Vulnerability Release Date: April 12, 2000 Application: webpsvr Severity: A remote user can access web server...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.131 views

CollabNet Subversion Edge weak password policy

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement a strong password policy Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Risk: Medi...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/11/03 12:0 a.m.131 views

Incredible PBX remote command execution exploit

!/usr/bin/perl Title: Incredible PBX remote command execution exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 September 2014 Coded: 21 October 2014 Published: 21 October 2014 MorXploit Research http://www.MorXploit.com Vendor: PBX in a Flash Vendor url:...

Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.131 views

CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability

Application Performance Guard Vendor CapaSystems Link http://www.capasystems.com/it-performance-monitorin Discovered by Kerem Kocaer kerem.kocaeratgmaildotcom Problem ------- Path traversal vulnerability in the "download logs" section allows remote attackers to read arbitrary files by interceptin...

5CVSS1.3AI score0.01899EPSS
Exploits3
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.131 views

CVE-2013-3568 - Linksys CSRF + Root Command Injection

Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin...

0.4AI score0.25129EPSS
Exploits8
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.131 views

Vulnerabilities in jPlayer

Hello 3APA3A! I want to inform you about multiple vulnerabilities in jPlayer. These are Cross-Site Scripting and Content Spoofing and vulnerabilities in jPlayer. Which is used at tens thousands of web sites and in multiple web applications. ------------------------- Affected products:...

4.3CVSS5.7AI score0.05494EPSS
Exploits2
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.131 views

PHP-Fusion 7.02.05 SQL Injection

SQL Injection vulnerability exists in releases since 7.02.01 till 7.02.05 of PHP-Fusion CMS. The vulnerability allows the attacker to authenticate as an arbitrary user and act with its rights which might lead to the code execution. Because of exploitation simplicity, the potential risk is very...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/01/02 12:0 a.m.131 views

CubeCart 5.0.7 and lower | Open URL Redirection Vulnerability

OVERVIEW CubeCart 4.4.6 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.131 views

VaM Shop Cross-Site Scripting and Blind SQL Injection Vulnerabilities

Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,69 and probably prior versions. Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: Security Effect Teamhttp://seceffect.tumblr.com/ Vulnerability Details: 1. Blind SQL injection in...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.131 views

Jrobalian CMS SQL Injection Vulnerability

===================================================== Jrobalian CMS SQL Injection Vulnerability ===================================================== :----------------------------------------------------------------------------------------------------------------------------------------: :...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2012/01/09 12:0 a.m.131 views

[security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03128302 Version: 1 HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soo...

10CVSS0.7AI score0.08526EPSS
Exploits0
securityvulns
securityvulns
added 2011/06/19 12:0 a.m.131 views

ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability

ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-199 June 14, 2011 -- CVE ID: CVE-2011-0802 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

10CVSS0.4AI score0.06277EPSS
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.131 views

VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.131 views

ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability

ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-185 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

10CVSS0.7AI score0.06277EPSS
Exploits0
securityvulns
securityvulns
added 2010/04/12 12:0 a.m.131 views

VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2010-0007 Synopsis: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues Issue date: 2010-04-09...

10CVSS9.2AI score0.162EPSS
Exploits8
securityvulns
securityvulns
added 2010/01/15 12:0 a.m.131 views

Oracle Critical Patch Update Advisory - January 2010

Oracle Critical Patch Update Advisory - January 2010 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...

10CVSS0.8AI score0.73376EPSS
Exploits26
securityvulns
securityvulns
added 2009/09/15 12:0 a.m.131 views

vBulletin 3.8.2 Denial of Service Exploit

!usr/bin/perl vBulletin® Version 3.8.2 D3n14l 0f S3rv1c3 Expl01t HaCker Anger - [email protected] Modules use IO::SOCKET; Object interface if @ARGV1 print" Author : Hacker Anger TeaM : The Assassin Scorpion TeaM Home : http://Baloma.NeT Mail : [email protected] -vBulletin 3.8.2 Denial of Service Exploi...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2009/08/09 12:0 a.m.131 views

CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP

Hello 3APA3A! I want to warn you about new security vulnerabilities in XAMPP. These are Cross-Site Request Forgery, SQL Injection and Full path disclosure vulnerabilities. CSRF: http://site/xampp/cds-fpdf.php It's possible to delete or add data in test table as via CSRF, and as via Insufficient...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2009/05/29 12:0 a.m.131 views

MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-->

---------------------------------------------------------- MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1-- ---------------------------------------------------------- CMS INFORMATION: --WEB: http://spirate.net/foro/ --DOWNLOAD: http://spirate.net/foro/ --DEMO:...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2009/02/26 12:0 a.m.131 views

Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability Advisory ID: cisco-sa-20090225-mtgplace Revision 1.0 For Public Release 2009 February 25 1600 UTC GMT...

9CVSS0.3AI score0.02554EPSS
Exploits1
securityvulns
securityvulns
added 2008/11/04 12:0 a.m.131 views

Microsoft Windows code execution

It's possible toexecute code without authentication with RPC request UUID 4b324fc8-1670-01d3-1278-5a47bf6ee188 to browser service via SERVER LanmanServer service, TCP/139, TCP/445. Reccomendation is to disable browser service...

10CVSS3.9AI score0.98751EPSS
Exploits12References3
securityvulns
securityvulns
added 2008/05/30 12:0 a.m.131 views

About the security content of Security Update 2008-003 / Mac OS X 10.5.3

About the security content of Security Update 2008-003 / Mac OS X 10.5.3 Last Modified: May 28, 2008 Article: HT1897 Summary This document describes the security content of Security Update 2008-003 / Mac OS X 10.5.3, which can be downloaded and installed via Software Update preferences, or from...

10CVSS0.1AI score0.96436EPSS
Exploits39
securityvulns
securityvulns
added 2008/04/22 12:0 a.m.131 views

Powered by gCards v1.46 SQL

Powered by gCards v1.46 SQL AUTHOR : TurkishWarriorr HOME : http://www.1923turk.org DORKS 1 : Powered by gCards v1.46 DORKS 2 : gcards/ EXPLOIT : gcards/getnewsitem.php?newsid=1+union+select+1,2,concatusername,char45,userpass,4,5+FROM+gccardusers-- www.1923turk.org [email protected]...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.131 views

Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability

Advisory 1 "Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability" $ Author : Morgan ARMAND $ Contact : armandm at epitech dot net $ Vendor URL : http://www.dotclear.net $ Vendor Contacted : 07/04/2008 $ Vendor Status : No response $ Affected Software : Dotclear = 1.2.7.1 $ Severity :...

1AI score
Exploits0
securityvulns
securityvulns
added 2006/10/21 12:0 a.m.131 views

[DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue

------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-025 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Highly critical Exploitable from: Remote...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2005/05/11 12:0 a.m.131 views

WowBB view_user.php SQL Injection Vulnerability

An attacker can exploit this vulnerability to gain admin username and password. http://www.wowbb.com/ Vulnerable versions: 1.6 1.61 1.62 Proof of concept: http://www.example.com/wowbb/viewuser.php?list=1&letter=&sortby='SQL Injection...

2.5AI score
Exploits0
securityvulns
securityvulns
added 2003/10/10 12:0 a.m.131 views

Переполнение буфера при обработке структуры макроса

Затронутые продукты: Microsoft Word 97, Microsoft Word 2000 SR-1. В Microsoft Word XP этот баг пофиксен. При обработке документа Microsoft Word, содержащего макросы, может произойти переполнение буфера в стеке. Анализ недокументированной структуры макроса в документе, осуществляемый процессом...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.131 views

RESIN ServletExec JSP Source Disclosure Vulnerability(IIS 5)

Resintm serves the fastest servlets and JSP. With Java and JavaScript support, Resin gives web applications the flexibility to choose the right language for the task. Resin's leading XSL XML stylesheet language support encourages separation of content from formatting. Resin provides a fast servle...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2000/06/28 12:0 a.m.131 views

Concerning the LDAP Enabled Netscape FTP Server

Over the last few days a great number of people have mailed us in regards to the "Netscape Professional Services FTP Server Vulnerability" http://www.securityfocus.com/bid/1375 discovered by Michal Zalewski [email protected] and posted to the Bugtraq mailing list on Wed, 21 Jun 2000. The following...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/04/17 12:0 a.m.131 views

qnx crypt comprimised

the crypt function for qnx turned out to a bit mixer, not a hash function. It's now possible to extract plaintext from the hashes. On a related note, all IOpeners running qnx use the same root password. Telnetd is running, and allows remote login as root. This is a huge security hole, as you can...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.130 views

DbNinja 3.2.6 Flash XSS Vulnerabilities

Exploit Title: DbNinja Flash XSS Exploit Google Dork: intitle: Flash XSS Date: May 27, 2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.dbninja.com Software Link: www.dbninja.com Version: 3.2.6 Tested on: Windows 7 Category: Flash XSS CVE : NA Source...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.130 views

[SECURITY] [DSA 3248-1] libphp-snoopy security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3248-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 02, 2015 http://www.debian.org/security/faq -...

7.5CVSS1.4AI score0.0413EPSS
Exploits0
securityvulns
securityvulns
added 2015/03/18 12:0 a.m.130 views

[USN-2535-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2535-1 March 18, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.5CVSS1.4AI score0.41315EPSS
Exploits11
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.130 views

APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001 OS X 10.10.2 and Security Update 2015-001 are now available and address the following: AFP Server Available for: OS X Mavericks v10.9.5 Impact: A remote attacker may be able to determine...

10CVSS0.6AI score0.99999EPSS
Exploits47
securityvulns
securityvulns
added 2014/10/17 12:0 a.m.130 views

[slackware-security] openssl (SSA:2014-288-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security openssl SSA:2014-288-01 New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

7.1CVSS5AI score0.99999EPSS
Exploits7
securityvulns
securityvulns
added 2014/09/15 12:0 a.m.130 views

[SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4444 Remote Code Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 7.0.0 to 7.0.39 Description: In very limited circumstances, it was possible for an attacker to upload a malicious JSP t...

6.8CVSS8.8AI score0.1399EPSS
Exploits0
securityvulns
securityvulns
added 2014/07/22 12:0 a.m.130 views

[security bulletin] HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04281279 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04281279 Version: 1 HPSBST03039 rev....

9CVSS0.8AI score0.03662EPSS
Exploits0
securityvulns
securityvulns
added 2014/06/13 12:0 a.m.130 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Buffer overflows, memory corruptions, clickjacking...

10CVSS3.3AI score0.06381EPSS
Exploits0Affected Software3
securityvulns
securityvulns
added 2014/05/07 12:0 a.m.130 views

[security bulletin] HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04275280 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04275280 Version: 1 HPSBMU03037 rev....

5CVSS0.3AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.130 views

[security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04262472 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04262472 Version: 1 HPSBMU03020 rev....

5CVSS0.5AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2014/04/01 12:0 a.m.130 views

[slackware-security] curl (SSA:2014-086-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security curl SSA:2014-086-01 New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

6.4CVSS6AI score0.0508EPSS
Exploits3
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.130 views

Spamina email firewall directory traversal

Directory traversal in multiple requests...

3.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.130 views

NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability

Document Title: =============== NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1150 Lab News Article: http://www.vulnerability-lab.com/news/getnews.php?id=115 Release Date: =============...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.130 views

Cross-Site Scripting (XSS) in Zikula Application Framework

Advisory ID: HTB23178 Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification: October 16, 2013 Vendor Patch:...

4.3CVSS6.3AI score0.0122EPSS
Exploits3
securityvulns
securityvulns
added 2013/11/26 12:0 a.m.130 views

nginx protection bypass

It's possible to bypass restrictions with "poisoned NUL bute"...

7.5CVSS2.8AI score0.67718EPSS
Exploits15References1Affected Software1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.130 views

Cross-Site Scripting (XSS) in Twilight CMS

Advisory ID: HTB23166 Product: Twilight CMS Vendor: Strata Technologies LLC Vulnerable Versions: 5.17 and probably prior Tested Version: 5.17 Vendor Notification: July 24, 2013 Vendor Patch: August 15, 2013 Public Disclosure: August 21, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...

4.3CVSS0.01193EPSS
Exploits3
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.130 views

Novell GroupWise Multiple Remote Code Execution Vulnerabilities

Advisory ID: HTB23131 Product: Novell GroupWise Vendor: Novell Inc. Vulnerable Versions: 12.0.0.8586 and probably prior Tested Version: 12.0.0.8586 on Windows 7 SP1 and Internet Explorer 9.0 Vendor Notification: November 26, 2012 Vendor Patch: January 30, 2013 Public Disclosure: April 3, 2013...

10CVSS0.4AI score0.12398EPSS
Exploits0
securityvulns
securityvulns
added 2012/12/07 12:0 a.m.130 views

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.31 - - Tomcat 6.0.0 to 6.0.35 Description: The CSRF prevention filter could be bypassed ...

4.3CVSS0.09146EPSS
Exploits1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.130 views

Vulnerabilities in JW Player Pro

Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player Pro. These are Content Spoofing and Cross-Site Scripting vulnerabilities. In June I've wrote about vulnerabilities in JW Player http://securityvulns.ru/docs28176.html. And these are vulnerabilities in licensed version of...

Exploits0
securityvulns
securityvulns
added 2012/06/06 12:0 a.m.130 views

US-CERT Alert TA12-156A -- Microsoft Windows Unauthorized Digital Certificates

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA12-156A Microsoft Windows Unauthorized Digital Certificates Original release date: June 04, 2012 Last revised: -- Source: US-CERT Systems Affected All supported versions of Microsoft Windows...

0.2AI score
Exploits0
Total number of security vulnerabilities5000