Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2013/07/15 12:0 a.m.120 views

Apache security vulnerabilities

moddav malformed MERGE request crash, modrewrite log manipulation...

7.5CVSS1.7AI score0.29484EPSS
Exploits6References1Affected Software1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.120 views

[Foreground Security 2013-001]: Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability

Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting XSS vulnerability ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-001 - Original release date: July 10, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/07/01 12:0 a.m.120 views

CVE-2013-2155: Apache Santuario C++ denial of service vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2155: Apache Santuario XML Security for C++ contains denial of service and hash length bypass issues while processing HMAC signatures Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security...

5.8CVSS0.4AI score0.06348EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/27 12:0 a.m.120 views

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own)

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow MS13-037 / Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included a...

9.3CVSS8.3AI score0.74096EPSS
Exploits9
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.120 views

Cisco Video Surveillance Operations Manager Multiple vulnerabilities

Exploit Title:Cisco Video Surveillance Operations Manager Multiple vulnerabilities Google Dork: intitle:"Video Surveillance Operations Manager Login" Date: 22 Feb 2013 reported to the vendor Exploit Author: Bassem | bassem.co Vendor Homepage: www.cisco.com Version: Version 6.3.2 Tested on: Versio...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.120 views

Multiple Vulnerabilities in Linksys WAG200G

Device Name: Linksys WAG200G Vendor: Linksys/Cisco ============ Device Description: ============ The WAG200G is a Linksys Wireless-G ADSL Home Gateway which has a high-speed ADSL2+ modem that gives you a fast connection to the Internet. Source:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.120 views

[SE-2012-01] Details of issues fixed by Feb 2013 Java SE CPU

Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU 1. Issue 29 This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages...

10CVSS0.2AI score0.07714EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.120 views

Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008

Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform. ASP.NET Affected versions. Elcom Community Manager version 7.4.10 and...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.120 views

ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-022 February 8, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Tota...

Exploits0
securityvulns
securityvulns
added 2012/01/02 12:0 a.m.120 views

n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.004 28-Dec-2011 Vendors: PHP, http://www.php.net Oracle, http://www.oracle.com Microsoft, http://www.microsoft.com Python, http://www.python.org Ruby, http://www.ruby.org Google, http://www.google.com Affected Products: PHP 4 and ...

7.8CVSS8.8AI score0.04246EPSS
Exploits2
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.120 views

BF, XSS, IAA и CSRF уязвимости в poMMo

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force, Cross-Site Scripting, Insufficient Anti-automation и Cross-Site Request Forgery уязвимостях в poMMo. Brute Force WASC-11: http://site/pommo/index.php XSS WASC-08:...

Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.120 views

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability

------------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Vulnerability ------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...

7.5CVSS0.2AI score0.5341EPSS
Exploits12
securityvulns
securityvulns
added 2011/05/26 12:0 a.m.120 views

[USN-1137-1] Eucalyptus vulnerability

========================================================================== Ubuntu Security Notice USN-1137-1 May 26, 2011 eucalyptus, rampart vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

6.5CVSS0.6AI score0.02174EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/10 12:0 a.m.120 views

[DCA-2011-0006] Hiawatha 7.4 - Denial-of-Service

Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software - Hiawatha WebServer 7.4 Vendor Product Description - Hiawatha is an open source webserver with a focus on security. I started Hiawatha in January 2002. Before that time, I had used several...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/08/17 12:0 a.m.120 views

Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007

Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007 Release Date. 17-Aug-2009 Last Update. - Vendor Notification Date. 15-Jun-2009 Product. Piwigo Platform. Independent Affected versions. 2.0.0 verified, possibly others Severity Rating. Medium Impact. Manipulation of data Attack...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/04/10 12:0 a.m.120 views

SASPCMS Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: SASPCMS Multiple Vulnerabilities Vendor: http://www.lgasoft.com Vulnerable Version: 0.9 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: SASPCMS is an ASP Content Management System . SASPCMS witc...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/12/10 12:0 a.m.120 views

Joomla Component mydyngallery

Joomla Component mydyngallery AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : http://mydyngallery.mon-cottenchy.fr DORK : inurl:option=commydyngallery Bug...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2008/11/04 12:0 a.m.120 views

A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/03/26 12:0 a.m.120 views

Mozilla Foundation Security Advisory 2008-14

Mozilla Foundation Security Advisory 2008-14 Title: JavaScript privilege escalation and arbitrary code execution Impact: Critical Announced: March 25, 2008 Reporter: mozbugra4, Boris Zbarsky, Johnny Stenback Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.13 Thunderbird 2.0.0.13...

9.3CVSS3.3AI score0.06055EPSS
Exploits1
securityvulns
securityvulns
added 2008/03/09 12:0 a.m.120 views

PHP-Nuke KutubiSitte "kid" SQL Injection

RBT-4 Crew rbt-4.net PHP-Nuke KutubiSitte "kid" SQL Injection http://www.rbt-4.net/forum/viewthread.php?forumid=51&threadid=3058 AUTHOR : Lovebug modules.php?name=KutubiSitte&hop=hadisgoster&kid= Exploit :...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/11/29 12:0 a.m.120 views

PHPSlideShow XSS Update

Vendor Site: http://www.zinkwazi.com/wp/scripts/ Version affected: 0.9.9.2 URL:http://www.example.com/scripts/demo/phpslideshow.php?directory=photos BID ref: 26576 By Jose Luis Gуngora Fernбndez PHPSlideShow is also susceptible the following inputs:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2007/04/25 12:0 a.m.120 views

netbingo v 2000 >> RFI

name & version :netbingo & 2000 vendor: http://www.proactech.com by : www.hackerz.ir userz,s3rv3rhack3r,saeidonlylinux,farzad exploit :http://victim/bingoserver.php3?responsedir=http://shell...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/17 12:0 a.m.120 views

DNS birthday attacks

DNS uses 2-bytes message identificator to prevent spoofing attack. The problem is if few same requests came in same time they are forwarded with different IDs from same UDP port. It increases chances to spoof reply so called birthdey effect: probability that among 60 randomely choosen persons the...

5CVSS2.6AI score0.08311EPSS
Exploits0References2
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.120 views

Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities

================================================== Joomla/Mambo Component Taskhopper 1.1 /inc/ mosConfigabsolutepath RFI ================================================== Found By : Cold z3ro , [email protected] ================================================== Homepage: www.Hack-Teach.com...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/02/01 12:0 a.m.120 views

Multiple Orcale security vulnerabilities.... again...

Released security update fixes 17 security vulnerabilities for Oracle Database, 9 vulnerabilities in Oracle HTTP Server, 12 security vulnerabilities for Oracle Application Server, 7 vulnerabilities for Oracle E-Business Suite, 6 security bugs in Oracle Enterprise Manager, 3 bugs in Oracle...

8.5CVSS1.1AI score0.10609EPSS
Exploits10References10Affected Software1
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.120 views

LunarPoll (PollDir) Remote File Include Vulnerabilities

------------------------------------------------------------------------------------------------------------------- AYYILDIZ.ORG PreSents... Script:LunarPoll Script Download: dexxaboy.com/scripts/lunarpoll/download/ Contact: ilker Kandemir ilkerkandemiratmynet.com Code:...

3.4AI score
Exploits0
securityvulns
securityvulns
added 2006/11/05 12:0 a.m.120 views

SazCart <= 1.5 (cart.php) Remote File Include Vulnerability

sazcart v1.5 cart.php Remote File include ---Hitamputih crew--- Bug Found By : IbnuSina vendor : http://sazcart.com/site Risk : High Greetz : Solpot,permenhack,barbarosa,cah|gemblunkz,fungmen,setiawan,irvian,meteoroid and all member hitamputih crew community www.kaipank.org/forum especially thx t...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/09/26 12:0 a.m.120 views

evoBB <= v0.3 (path) Remote File Inclusion Exploit

============================================================================================== evoBB = v0.3 path Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2006/09/13 12:0 a.m.120 views

Signkorn Guestbook <= v1.3 (dir_path) Remote File Inclusion Exploit

============================================================================================== Signkorn Guestbook = v1.3 dirpath Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.120 views

Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities

====================================================================== Secunia Research 17/07/2006 - IceWarp Web Mail Two File Inclusion Vulnerabilities - ====================================================================== Table of Contents Affected...

5CVSS0.4AI score0.05452EPSS
Exploits2
securityvulns
securityvulns
added 2006/01/29 12:0 a.m.120 views

PHP5 Globals Vulnerability: with ?GLOBALS[foobar] you can set the value of the un-initialized $foobar variable.

PHP5 Globals Vulnerability: with ?GLOBALSfoobar you can set the value of the un-initialized $foobar variable. PHP5 Globals Vulnerability Name PHP5 Globals Vulnerability Systems Affected PHP5 verified on 5.1.1 and 5.1.2 Severity Critical Vendor www.php.net Advisory...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2005/06/10 12:0 a.m.120 views

[SA15658] Ovidentia FX "babInstallPath" File Inclusion Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2004/11/01 12:0 a.m.120 views

Sun Java System Web Proxy Server buffer overflow

No description provided...

3.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/10/28 12:0 a.m.120 views

Les Visiteurs v2.0.1 code injection vulnerability

Les Visiteurs is a great statistics script written in php. It gives you some graphicals informations on visitors of your website. This script was distributed by phpinfo.net but is no more maintained since a year. --------- In this version severals unprotected includes can be found in files: -...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2000/10/26 12:0 a.m.120 views

Security Bulletin (MS00-081)

Microsoft Security Bulletin MS00-081 - -------------------------------------- Patch Available for New Variant of "VM File Reading" Vulnerability Originally posted: October 25, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoftr virtual...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.119 views

[ MDVSA-2015:228 ] nodejs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:228 http://www.mandriva.com/en/support/security/ Package : nodejs Date : May 6, 2015 Affected: Business Server 2.0 Problem Description: Updated nodejs package fixes security vulnerability: It was found that...

10CVSS3.8AI score0.03242EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/04 12:0 a.m.119 views

[ MDVSA-2015:226 ] fcgi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:226 http://www.mandriva.com/en/support/security/ Package : fcgi Date : May 4, 2015 Affected: Business Server 1.0 Problem Description: Updated fcgi packages fix security vulnerability: FCGI does not perform...

5CVSS6.3AI score0.06086EPSS
Exploits0
securityvulns
securityvulns
added 2015/02/23 12:0 a.m.119 views

articleFR CMS 3.0.5 - Arbitrary File Upload

Vulnerability title: articleFR CMS 3.0.5 - Arbitrary File Upload Product: articleFR CMS Vendor: http://freereprintables.com Affected version: version 3.0.5 Fixed version: N/A Author: Tran Dinh Tien [email protected] & ITAS Team www.itas.vn ::DESCRITION:: - Vulnerabilities related to the upload ...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.119 views

[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-011 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date:...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2015/01/13 12:0 a.m.119 views

[USN-2459-1] OpenSSL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2459-1 January 12, 2015 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS0.6AI score0.98685EPSS
Exploits0
securityvulns
securityvulns
added 2014/12/29 12:0 a.m.119 views

Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability

Document Title: =============== Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1385 Release Date: ============= 2014-12-19 Vulnerability Laboratory ID VL-ID:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.119 views

FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:09.openssl Security Advisory The FreeBSD Project Topic: OpenSSL use-after-free vulnerability Category: contrib Module: openssl Announced: 2014-04-30 Affects:...

4CVSS7.5AI score0.34132EPSS
Exploits0
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.119 views

EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution

EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution tested against: Microsoft Windows Server 2008 r2 sp1 EMC Data Protection Advisor 5.8 sp5 vulnerability: the "DPA Illuminator" service DPAIlluminator.exe listening on public port 8090 tcp/http and 8453 tcp/https is...

4AI score
Exploits0
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.119 views

[CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities

Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Watchguard Server Center Vendor URL: www.watchguard.com Type: Cross-Site Scripting CWE-79 Date...

4.3CVSS0.3AI score0.00974EPSS
Exploits2
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.119 views

[Full-disclosure] Magnolia CMS multiple access control vulnerabilities

Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...

1.9AI score0.01762EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.119 views

nginx buffer overflow

Buffer overflow on proxypass upstream HTTP server response processing. Buffer overflow on chunked response parsing...

7.5CVSS2.9AI score0.87475EPSS
Exploits18References1Affected Software1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.119 views

APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 o...

10CVSS0.2AI score0.85882EPSS
Exploits10
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.119 views

SQLi found in Kodak Insite

Hello ... While investigating a recent installation of Kodak's Insite Creative Workflow System for my current employer, an SQL Injection vulnerability was discovered in its "Forgot Your Password?" page. An example of this application can be seen on the Kodak site...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2012/12/03 12:0 a.m.119 views

ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities

ESA-2012-057.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-057 CVE Identifier: CVE-2012-4614 CVE Identifier: CVE-2012-4615 Severity Rating: CVSS v2 Base Score: See below for individual...

9.3CVSS0.6AI score0.02281EPSS
Exploits0
securityvulns
securityvulns
added 2012/08/13 12:0 a.m.119 views

Security Advisory in LedgerSMBv 1.3.20 and below: Denial of Service vulnerability

A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered. In most cases we do not believe this to be particularly severe in the absence o...

Exploits0
Total number of security vulnerabilities5000