Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2009/08/19 12:0 a.m.121 views

ZDI-09-058: Oracle Secure Backup Administration Server Authentication Bypass Vulnerability

ZDI-09-058: Oracle Secure Backup Administration Server Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-058 -- CVE ID: CVE-2009-1977 -- Affected Vendors: Oracle -- Affected Products: Oracle Secure Backup -- Vulnerability Details: This vulnerability allows...

10CVSS1AI score0.72638EPSS
Exploits8
securityvulns
securityvulns
added 2009/07/28 12:0 a.m.121 views

cross site scripting the browser google "chrome"

autor : bikolinux Vuln: cross site scripting the browser google "chrome" Download: http://www.google.com/chrome error local EMAIL [email protected] [email protected] vercion test 2.0.172.37 cross site scripting the browser google "chrome" The error is when making a request to record path =...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2008/07/22 12:0 a.m.121 views

Maran PHP Blog Xss By Khashayar Fereidani

---------------------------------------------------------------- Script : Maran PHP Blog Type : XSS Pasive Method : GET Alert : Medium ---------------------------------------------------------------- Discovered by : Khashayar Fereidani a.k.a. Dr.Crash My Offical Website : HTTP://FEREIDANI.IR...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/07/23 12:0 a.m.121 views

Minb Is Not A Blog default password directory

Minb Is Not A Blog default password directory http://sourceforge.net/projects/minb Via looking in a default directory, any user can access the users.db file which contains the username and encrypted password of the person running the board. Try it for your self: www.example.com/minb/db/users.db T...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/07/12 12:0 a.m.121 views

Powered By Dvbbs Version 7.1.0 Sp1 By Pass

By : Hasadya Raed Contact : [email protected] Israel -------------------------- Script : Dvbbs Version 7.1.0 Sp1 Dork : "Powered By Dvbbs Version 7.1.0 Sp1" -------------------------- Exploit : http://www.victim.com/Data/Dvbbs7.mdb...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/04/04 12:0 a.m.121 views

Microsoft Security Bulletin MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

Microsoft Security Bulletin MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution 925902 Published: April 3, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

9.3CVSS1.9AI score0.7288EPSS
Exploits18
securityvulns
securityvulns
added 2007/04/02 12:0 a.m.121 views

iPhotoAlbum v1.1(header.php)Remote File Include Vulnerability

iPhotoAlbum v1.1header.phpRemote File Include Vulnerability D.Script: http://sourceforge.net/projects/iphotoalbum/ Discovered by: GloDM = Mahmoodali Homepage: http://www.Tryag.cc V.Code ?php ifisset$setmenu include"$setmenu"; ? Exploit:Path/lib/static/header.php?setmenu=SheLL Greetz To: Tryag-Tea...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.121 views

LBlog <= "comments.asp" SQL Injection Exploit

LBlog = "comments.asp" SQL Injection Exploit - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Credit by | Chironex Fleckeri Mail | [email protected] Googledork | Powered By LBlog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Usage :...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/03/22 12:0 a.m.121 views

[ Positive Technologies #SA] Phorum "location" HTTP Response Splitting Vulnerability

Positive Technologies SA-20050322 Phorum "location" HTTP Response Splitting Vulnerability. Release Date: 03/22/2005 Date Reported: 03/10/2005 Severity: Medium Application: Phorum Platform: PHP Vendor: http://www.phorum.org Affects versions: 5.0.14a Other versions may also be affected. I. BACKGROU...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2005/02/09 12:0 a.m.121 views

Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282)

Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer 867282 Issued: February 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

10CVSS0.3AI score0.6349EPSS
Exploits3
securityvulns
securityvulns
added 2005/01/26 12:0 a.m.121 views

[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 200501-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

10CVSS0.3AI score0.09334EPSS
Exploits1
securityvulns
securityvulns
added 2004/11/11 12:0 a.m.121 views

RealVNC DoS

More than 60 concurrent TCP connections causes server to crash...

1.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/06/05 12:0 a.m.121 views

Internet Explorer Object Type Property Overflow

Internet Explorer Object Type Property Overflow Release Date: June 4, 2003 Severity: High Remote Code Execution Systems Affected: Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 for Windows Server 2003 Description: T...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2001/10/20 12:0 a.m.121 views

Outlook Express and SPA (Secure Password Authentication)

Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A [email protected] Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2000/09/05 12:0 a.m.121 views

Linux news 5.09.00

Linux 2.2.17 Вышло новое ядро из стабильной серии - 2.2.17 Подробнее: http://www.linux.org.uk/VERSION/relnotes.2217.html Linux 2.2.18pre3 Alan Cox выпустил 1-ю pre-версию "после-следующего" стабильного ядра Linux - 2.2.18. Работа над следующим стабильным ядром Linux, 2.2.17, закончилась на pre20,...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2000/09/02 12:0 a.m.121 views

UW c-client library vulnerability

It seems, that c-client libraries by University of Washington have some bugs, that makes some programs that depend upon those libraries go crazy. AFAIK affected programs include at least Pine read "pain", ipop3d and IMAPD. And those programs and libraries are commonly used in Unixes. I don't know...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/08/07 12:0 a.m.121 views

Redhat Linux 6.x remote root exploit

Hi, Included below is an exploit for the recently exposed linux rpc.statd format string vulnerability0. I have tailored it towards current Redhat Linux 6.x installations. It can easily be incorporated into attacks against the other vulnerable Linux distributions. I am not a security expert, but...

8AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.120 views

APPLE-SA-2015-10-21-1 iOS 9.1

APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A...

10CVSS0.5AI score0.067EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/11 12:0 a.m.120 views

A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE

Hello, Please find a text-only version below sent to security mailing-lists. The html version on analysing the vulnerabilities in Huawei 3G routers is posted here: https://pierrekim.github.io/blog/2015-10-07-Huawei-routers-vulnerable-to-multiple-threats.html === text-version of the advisory ===...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2015/06/21 12:0 a.m.120 views

OS Command Injection in Vesta Control Panel

Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 3, 2015 Public Disclosure: June 17,...

6.5CVSS0.7AI score0.11207EPSS
Exploits4
securityvulns
securityvulns
added 2015/01/02 12:0 a.m.120 views

[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability

------------------------------------------------------------------------------ Symantec Web Gateway = 5.2.1 restore.php OS Command Injection Vulnerability ------------------------------------------------------------------------------ - Software Link: http://www.symantec.com/web-gateway/ - Affecte...

6.5CVSS0.7AI score0.50324EPSS
Exploits6
securityvulns
securityvulns
added 2014/10/27 12:0 a.m.120 views

python integer overflow

Integer overflow in buffer...

6.4CVSS3.8AI score0.05307EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.120 views

SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop

SEC Consult Vulnerability Lab Security Advisory 20140710-1 ======================================================================= title: Multiple high risk vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v2 new codebase impact: high...

8AI score
Exploits0
securityvulns
securityvulns
added 2014/02/01 12:0 a.m.120 views

Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability

Document Title: =============== Mozilla Bug Bounty 5 - WireTap Remote Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking ID: 875818 Video: http://www.vulnerability-lab.com/getcontent.php?id=1182 Partner News...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.120 views

ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities

ESA-2013-078.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities EMC Identifier: ESA-2013-078 CVE Identifier: CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 Severity Rating: CVSS v2 Base Score: See bel...

6.8CVSS7.4AI score0.02403EPSS
Exploits0
securityvulns
securityvulns
added 2013/08/14 12:0 a.m.120 views

[PSA-2013-0811-1] Oracle Java storeImageArray() Invalid Array Indexing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0811-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.120 views

Apache security vulnerabilities

moddav malformed MERGE request crash, modrewrite log manipulation...

7.5CVSS1.7AI score0.29484EPSS
Exploits6References1Affected Software1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.120 views

[Foreground Security 2013-001]: Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability

Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting XSS vulnerability ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-001 - Original release date: July 10, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/05/27 12:0 a.m.120 views

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own)

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow MS13-037 / Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included a...

9.3CVSS8.3AI score0.74096EPSS
Exploits9
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.120 views

Cisco Video Surveillance Operations Manager Multiple vulnerabilities

Exploit Title:Cisco Video Surveillance Operations Manager Multiple vulnerabilities Google Dork: intitle:"Video Surveillance Operations Manager Login" Date: 22 Feb 2013 reported to the vendor Exploit Author: Bassem | bassem.co Vendor Homepage: www.cisco.com Version: Version 6.3.2 Tested on: Versio...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.120 views

Multiple Vulnerabilities in Linksys WAG200G

Device Name: Linksys WAG200G Vendor: Linksys/Cisco ============ Device Description: ============ The WAG200G is a Linksys Wireless-G ADSL Home Gateway which has a high-speed ADSL2+ modem that gives you a fast connection to the Internet. Source:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.120 views

[SE-2012-01] Details of issues fixed by Feb 2013 Java SE CPU

Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU 1. Issue 29 This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages...

10CVSS0.2AI score0.07714EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.120 views

Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008

Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform. ASP.NET Affected versions. Elcom Community Manager version 7.4.10 and...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.120 views

Novell Sentinel Log Manager <=1.2.0.1 Path Traversal

Vuln: Path Traversal Application: Sentinel Log Manager Vendor: Novell Version affected: = 1.2.0.1 Website: http://www.novell.com/products/sentinel-log-manager/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it The latest version of Sentinel Log Manager...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.120 views

Multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications

Hello 3APA3A! I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in flvPlayer, which is...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2010/09/27 12:0 a.m.120 views

[security bulletin] HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02518794 Version: 1 HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote URL Redirection NOTICE: The information in this Security Bulletin should be acte...

4.3CVSS0.09659EPSS
Exploits1
securityvulns
securityvulns
added 2010/02/16 12:0 a.m.120 views

Chrome Password Manager Cross Origin Weakness (CVE-2010-0556)

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Chrome Password Manager Cross Origin Weakness Release Date: 2010-02-15 Application: Google Chrome Web Browser Versions:...

4.3CVSS0.2AI score0.01047EPSS
Exploits0
securityvulns
securityvulns
added 2009/12/09 12:0 a.m.120 views

Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer (976325)

Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer 976325 Published: December 08, 2009 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in...

9.3CVSS1.3AI score0.71802EPSS
Exploits8
securityvulns
securityvulns
added 2009/11/17 12:0 a.m.120 views

Home FTP Server 'MKD' Command Directory Traversal Vulnerability

Date of Discovery: 17-Nov-2009 Credits:zhangmcatmail.ustc.edu.cn Vendor: Ari Pikivirta http://downstairs.dnsalias.net/homeftpserver.html Affected: Home FTP Server 1.10.1.139 Earlier versions may also be affected Overview: Home FTP Server is an easy use FTP server Application. Directory Traversal...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/08/17 12:0 a.m.120 views

Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007

Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007 Release Date. 17-Aug-2009 Last Update. - Vendor Notification Date. 15-Jun-2009 Product. Piwigo Platform. Independent Affected versions. 2.0.0 verified, possibly others Severity Rating. Medium Impact. Manipulation of data Attack...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/04/16 12:0 a.m.120 views

XSS with mod_perl perl_status utility

Vulnerability found: 28th February 2009 Vendor informed: 1st March 2009 Advisory last updated: 1st March 2009 Severity: Medium/High Credits: Richard Brain of ProCheckUp Ltd www.procheckup.com CVE reference: CVE-2009-0796 BID: 34383 Many thanks to Torsten Foertsch for his kind assistance in fixing...

2.6CVSS9AI score0.29638EPSS
Exploits3
securityvulns
securityvulns
added 2009/04/10 12:0 a.m.120 views

SASPCMS Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: SASPCMS Multiple Vulnerabilities Vendor: http://www.lgasoft.com Vulnerable Version: 0.9 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: SASPCMS is an ASP Content Management System . SASPCMS witc...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/12/10 12:0 a.m.120 views

Joomla Component mydyngallery

Joomla Component mydyngallery AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : http://mydyngallery.mon-cottenchy.fr DORK : inurl:option=commydyngallery Bug...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2008/11/04 12:0 a.m.120 views

A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/06/26 12:0 a.m.120 views

mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability

hi mcGuestbook 1.2 lang Remote File Inclusion Vulnerability Found : Ghost Hacker R-H TeaM |, .-. .-. ,| HOME : www.Real-Hack.net | o/ o | Email : [email protected] |/ / | Script : mcGuestbook 1.2 Download Script : http://www.phpbank.net/admin/download.php?id=155 I love the Messenger of Allah...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.120 views

PHP-Nuke Siir SQL Injection(id)

PHP-Nuke Siir SQL Injectionid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl: modules-php-name-Siir all modules.php?name=xx subject have secret print and and cant see op=print but cann- use exploit EXPLOIT :...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/11/29 12:0 a.m.120 views

PHPSlideShow XSS Update

Vendor Site: http://www.zinkwazi.com/wp/scripts/ Version affected: 0.9.9.2 URL:http://www.example.com/scripts/demo/phpslideshow.php?directory=photos BID ref: 26576 By Jose Luis Gуngora Fernбndez PHPSlideShow is also susceptible the following inputs:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2007/06/22 12:0 a.m.120 views

[Full-disclosure] [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: CAID 35450, 35451, 35452, 35453: CA Products That Embed Ingres Multiple Vulnerabilities CA Vuln ID CAID: 35450, 35451, 35452, 35453 CA Advisory Date: 2007-06-21 Reported By: NGSSoftware, and iDefense Impact: Attackers can potentially execute...

10CVSS7.8AI score0.10321EPSS
Exploits8
securityvulns
securityvulns
added 2007/06/18 12:0 a.m.120 views

Webif.cgi local file inclusion

.:: WEBIF.CGI LOCALE FILE INCLUSION ::. AUTHOR: maiosyet CONTACT: [email protected] SITE: http://www.mawk.org ORIGINAL ADV: http://www.mawk.org/mods.php?mods=Core&page=view&id=102 SOFTWARE: Webif.cgi http://www.ifnet.it/webif/ DESCRIPTION: Webif is the natural solution for librarianships who want...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/04/17 12:0 a.m.120 views

DNS birthday attacks

DNS uses 2-bytes message identificator to prevent spoofing attack. The problem is if few same requests came in same time they are forwarded with different IDs from same UDP port. It increases chances to spoof reply so called birthdey effect: probability that among 60 randomely choosen persons the...

5CVSS2.6AI score0.08311EPSS
Exploits0References2
Total number of security vulnerabilities5000