Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2008/05/22 12:0 a.m.131 views

ZDI-08-029: Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability

ZDI-08-029: Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-029 May 21, 2008 -- Affected Vendors: Cerulean Studios -- Affected Products: Cerulean Studios Trillian -- TippingPointTM IPS Customer Protection: TippingPoint IPS...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2008/04/27 12:0 a.m.131 views

Wordpress 2.5 Cookie Integrity Protection Vulnerability

Wordpress 2.5 Cookie Integrity Protection Vulnerability Original release date: 2008-04-25 Last revised: 2008-04-25 Latest version: http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-integrity.txt CVE ID: CVE-2008-1930 Source: Steven J. Murdoch http://www.cl.cam.ac.uk/users/sjm217/...

7.5CVSS0.8AI score0.05001EPSS
Exploits3
securityvulns
securityvulns
added 2008/04/22 12:0 a.m.131 views

Powered by gCards v1.46 SQL

Powered by gCards v1.46 SQL AUTHOR : TurkishWarriorr HOME : http://www.1923turk.org DORKS 1 : Powered by gCards v1.46 DORKS 2 : gcards/ EXPLOIT : gcards/getnewsitem.php?newsid=1+union+select+1,2,concatusername,char45,userpass,4,5+FROM+gccardusers-- www.1923turk.org [email protected]...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.131 views

Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability

Advisory 1 "Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability" $ Author : Morgan ARMAND $ Contact : armandm at epitech dot net $ Vendor URL : http://www.dotclear.net $ Vendor Contacted : 07/04/2008 $ Vendor Status : No response $ Affected Software : Dotclear = 1.2.7.1 $ Severity :...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/11/25 12:0 a.m.131 views

Mp3 ToolBox 1.0 beta 5 Remote File İnclude Vulnerability

+By CrackersChild+ Script.......: Mp3 ToolBox 1.0 beta 5 Download.....: http://www.radiotoolbox.com/downloads/mp3toolbox/mp3toolboxbeta-5.zip Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote File nclude Vulnerability Dork.........: intitle:M...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.131 views

EzDatabase Multiple Cross-Site Scripting Vulnerability

EzDatabase Multiple Cross-Site Scripting Vulnerability Written in PHP and MySQL, ezDatabase is the foundation for your online databases. It is a powerful web based application that allows users with basic HTML knowledge to create online databases for their website. ezDatabase will do the hard wor...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/10/21 12:0 a.m.131 views

[DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue

------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-025 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Highly critical Exploitable from: Remote...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2006/07/08 12:0 a.m.131 views

Sparklet game format string vulnerabilitity

Format string vulnerability on player name displaying...

2.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/10/10 12:0 a.m.131 views

Переполнение буфера при обработке структуры макроса

Затронутые продукты: Microsoft Word 97, Microsoft Word 2000 SR-1. В Microsoft Word XP этот баг пофиксен. При обработке документа Microsoft Word, содержащего макросы, может произойти переполнение буфера в стеке. Анализ недокументированной структуры макроса в документе, осуществляемый процессом...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2001/03/12 12:0 a.m.131 views

CORRECTION to CODE: FormMail.pl can be used to send anonymous email

Hi All, I did a little playing with FormMail.pl after a run in with a spammer abusing our webserver. Apparently ALL FormMail.pl cgi-bin scripts can be used to spam anonymously. I found another server with FormMail.pl and tried the same exploit to send myself an email and it worked. The email will...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.131 views

RESIN ServletExec JSP Source Disclosure Vulnerability(IIS 5)

Resintm serves the fastest servlets and JSP. With Java and JavaScript support, Resin gives web applications the flexibility to choose the right language for the task. Resin's leading XSL XML stylesheet language support encourages separation of content from formatting. Resin provides a fast servle...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2000/06/28 12:0 a.m.131 views

Concerning the LDAP Enabled Netscape FTP Server

Over the last few days a great number of people have mailed us in regards to the "Netscape Professional Services FTP Server Vulnerability" http://www.securityfocus.com/bid/1375 discovered by Michal Zalewski [email protected] and posted to the Bugtraq mailing list on Wed, 21 Jun 2000. The following...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/04/17 12:0 a.m.131 views

qnx crypt comprimised

the crypt function for qnx turned out to a bit mixer, not a hash function. It's now possible to extract plaintext from the hashes. On a related note, all IOpeners running qnx use the same root password. Telnetd is running, and allows remote login as root. This is a huge security hole, as you can...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.130 views

APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001 OS X 10.10.2 and Security Update 2015-001 are now available and address the following: AFP Server Available for: OS X Mavericks v10.9.5 Impact: A remote attacker may be able to determine...

10CVSS0.6AI score0.99999EPSS
Exploits47
securityvulns
securityvulns
added 2014/07/22 12:0 a.m.130 views

[security bulletin] HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04281279 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04281279 Version: 1 HPSBST03039 rev....

9CVSS0.8AI score0.03662EPSS
Exploits0
securityvulns
securityvulns
added 2014/06/13 12:0 a.m.130 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Buffer overflows, memory corruptions, clickjacking...

10CVSS3.3AI score0.06381EPSS
Exploits0Affected Software3
securityvulns
securityvulns
added 2014/05/10 12:0 a.m.130 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.53703EPSS
Exploits16References11Affected Software8
securityvulns
securityvulns
added 2014/05/07 12:0 a.m.130 views

[security bulletin] HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04275280 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04275280 Version: 1 HPSBMU03037 rev....

5CVSS0.3AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.130 views

NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability

Document Title: =============== NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1150 Lab News Article: http://www.vulnerability-lab.com/news/getnews.php?id=115 Release Date: =============...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.130 views

Cross-Site Scripting (XSS) in Zikula Application Framework

Advisory ID: HTB23178 Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification: October 16, 2013 Vendor Patch:...

4.3CVSS6.3AI score0.0122EPSS
Exploits3
securityvulns
securityvulns
added 2013/11/26 12:0 a.m.130 views

nginx protection bypass

It's possible to bypass restrictions with "poisoned NUL bute"...

7.5CVSS2.8AI score0.67718EPSS
Exploits15References1Affected Software1
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.130 views

Novell GroupWise Multiple Remote Code Execution Vulnerabilities

Advisory ID: HTB23131 Product: Novell GroupWise Vendor: Novell Inc. Vulnerable Versions: 12.0.0.8586 and probably prior Tested Version: 12.0.0.8586 on Windows 7 SP1 and Internet Explorer 9.0 Vendor Notification: November 26, 2012 Vendor Patch: January 30, 2013 Public Disclosure: April 3, 2013...

10CVSS0.4AI score0.12398EPSS
Exploits0
securityvulns
securityvulns
added 2012/12/07 12:0 a.m.130 views

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.31 - - Tomcat 6.0.0 to 6.0.35 Description: The CSRF prevention filter could be bypassed ...

4.3CVSS0.09146EPSS
Exploits1
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.130 views

PG Dating Pro v1.0 CMS - Multiple Web Vulnerabilities

Title: ====== PG Dating Pro v1.0 CMS - Multiple Web Vulnerabilities Date: ===== 2012-10-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=736 VL-ID: ===== 736 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...

8.7AI score
Exploits0
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.130 views

[security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03538957 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03538957 Version: 1 HPSBUX02825...

0.5AI score0.12471EPSS
Exploits1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.130 views

Vulnerabilities in JW Player Pro

Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player Pro. These are Content Spoofing and Cross-Site Scripting vulnerabilities. In June I've wrote about vulnerabilities in JW Player http://securityvulns.ru/docs28176.html. And these are vulnerabilities in licensed version of...

Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.130 views

[USN-1543-1] Config-IniFiles vulnerability

========================================================================== Ubuntu Security Notice USN-1543-1 August 20, 2012 libconfig-inifiles-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

3.6CVSS0.3AI score0.00504EPSS
Exploits2
securityvulns
securityvulns
added 2012/06/06 12:0 a.m.130 views

US-CERT Alert TA12-156A -- Microsoft Windows Unauthorized Digital Certificates

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA12-156A Microsoft Windows Unauthorized Digital Certificates Original release date: June 04, 2012 Last revised: -- Source: US-CERT Systems Affected All supported versions of Microsoft Windows...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/02/16 12:0 a.m.130 views

http://www.adobe.com/support/security/bulletins/apsb12-03.html

Security update available for Adobe Flash Player Release date: February 15, 2012 Vulnerability identifier: APSB12-03 CVE number: CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767 Platform: All Platforms SUMMARY This update addresses critical...

10CVSS1.1AI score0.9203EPSS
Exploits13
securityvulns
securityvulns
added 2011/10/15 12:0 a.m.130 views

APPLE-SA-2011-10-12-1 iOS 5 Software Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-1 iOS 5 Software Update iOS 5 Software Update is now available and addresses the following: CalDAV Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch 3rd generation and later, iOS...

10CVSS0.73327EPSS
Exploits41
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.130 views

VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.130 views

ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability

ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-189 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java...

10CVSS0.7AI score0.06277EPSS
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.130 views

ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability

ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-186 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Ja...

10CVSS0.9AI score0.06277EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/11 12:0 a.m.130 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.8CVSS1.6AI score0.38775EPSS
Exploits0References17Affected Software5
securityvulns
securityvulns
added 2010/12/17 12:0 a.m.130 views

Alt-N WebAdmin information disclosure

It's possible to obtain file source code by adding 20 or 2e to request...

1.1AI score
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2010/09/27 12:0 a.m.130 views

[security bulletin] HPSBMA02578 SSRT100069 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02514929 Version: 1 HPSBMA02578 SSRT100069 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Information Disclosure NOTICE: The information in this Security Bulletin should ...

4.3CVSS0.01611EPSS
Exploits0
securityvulns
securityvulns
added 2010/06/25 12:0 a.m.130 views

Mozilla Foundation Security Advisory 2010-28

Mozilla Foundation Security Advisory 2010-28 Title: Freed object reuse across plugin instances Impact: Critical Announced: June 22, 2010 Reporter: Microsoft Vulnerability Research Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 SeaMonkey 2.0.5 Description Microsoft Vulnerabili...

9.3CVSS0.4AI score0.04812EPSS
Exploits0
securityvulns
securityvulns
added 2010/01/21 12:0 a.m.130 views

eWebeditor Directory Traversal Vulnerability

Securitylab.ir Application Info: Name: eWebeditor Version: all version Vulnerability Info: Type: Directory Traversal Risk: Medium Vulnerability: http://site.com/admin/ewebeditor/admin/upload.asp?id=16&dviewmode=&dir =./.. Discoverd By: Pouya Daneshmand Website: http://securitylab.ir Contacts:...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2009/12/15 12:0 a.m.130 views

Hacktics Advisory Dec09: Oracle eBusiness Suite - Multiple Vulnerabilities Allow Remote Takeover

Hacktics Research Group Security Advisory http://www.hacktics.com/details=;view=Resources7CAdvisory By Shay Chen, Hacktics. 14-Dec-2009 =========== I. Overview =========== During a penetration test performed by Hacktics' experts, certain vulnerabilities were identified in the Oracle eBusiness Sui...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2009/11/11 12:0 a.m.130 views

[MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News

MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Cute News and UTF-8 Cute News 1. Advisory Information ------------------------------------------------------------------------------------------------------------------------ Title: Multiple security...

7AI score
Exploits0
securityvulns
securityvulns
added 2008/10/03 12:0 a.m.130 views

[USN-649-1] OpenSSH vulnerabilities

=========================================================== Ubuntu Security Notice USN-649-1 October 01, 2008 openssh vulnerabilities CVE-2008-1657, CVE-2008-4109 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS...

6.5CVSS0.2AI score0.28601EPSS
Exploits9
securityvulns
securityvulns
added 2008/08/24 12:0 a.m.130 views

OneNews Beta 2 Multiple Vulnerabilities

/////////////// Name : OneNews Beta 2 Multiple Vulnerabilities Author : suN8HclfcrimsoNLoyd9, DaRk-CodeRs Group Source : http://sourceforge.net/project/showfiles.php?groupid=193198 Dork : Powered by One-News Greetz : all DaRk-CodeRs guys, e.wiZz, str0ke ========================== |1. XSS and html...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/12/24 12:0 a.m.130 views

[CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability

Title: CAID 35970: CA Products That Embed Ingres Authentication Vulnerability CA Vuln ID CAID: 35970 CA Advisory Date: 2007-12-19 Reported By: Ingres Corporation Impact: Attacker can gain elevated privileges. Summary: A potential vulnerability exists in the Ingres software that is embedded in...

5CVSS6AI score0.01814EPSS
Exploits1
securityvulns
securityvulns
added 2007/12/12 12:0 a.m.130 views

ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability

ZDI-07-073: Microsoft Internet Explorer setExpression Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-073.html December 11, 2007 -- CVE ID: CVE-2007-3902 -- Affected Vendor: Microsoft -- Affected Products: Internet Explorer 5.01 SP4 Internet Explorer 6 Internet...

9.3CVSS0.9AI score0.35508EPSS
Exploits1
securityvulns
securityvulns
added 2007/12/07 12:0 a.m.130 views

[security bulletin] HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01188923 Version: 1 HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager OV NNM Remote Unauthorized Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should...

10CVSS0.7AI score0.69613EPSS
Exploits9
securityvulns
securityvulns
added 2006/11/11 12:0 a.m.130 views

Avahi privilege escalation

Insufficient Netlink parameters validation allow to manipulate server parameters...

5.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/10/13 12:0 a.m.130 views

ExtCalThai_Component <= 0.9.1 Remote File Inclusion

ExtCalThaiComponent = 0.9.1 Remote File Inclusion Download Source : http://mamboxchange.com/frs/download.php/6004/ExtCalThaiComponentv0.9.1.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; adminevents.php extcalendar.p mail.inc.phphp bugs ; at -...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.130 views

MiniBB Forum <= 1.5a Remote File Include Vulnerabilities

--------------------------------------------------------------------------------- MiniBB Forum = 1.5a Remote File Include Vulnerabilities --------------------------------------------------------------------------------- Author : Matdhule Contact : [email protected] Application : MiniBB Forum...

2.1AI score
Exploits0
securityvulns
securityvulns
added 2000/04/20 12:0 a.m.130 views

Cisco Catalist позволяет любому пользователю получить администраторские привелегии.

В версии П/О 5.41 можно обойти проверку enable-пароля. Исправлено в 5.42...

0.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/04/17 12:0 a.m.130 views

StarOffice 5.1

Do you remember recent Microsoft Word and Wordpad vulnerabilities while reading .rtf documents? I realized that Sun StarOffice 5.1 is at least so buggy as M$ products. There are a lot of ways to cause overflow and crash or execution of arbitrary code while viewing documents - starting from html...

0.9AI score
Exploits0
Total number of security vulnerabilities5000