Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2013/12/09 12:0 a.m.121 views

ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities

ESA-2013-078.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities EMC Identifier: ESA-2013-078 CVE Identifier: CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 Severity Rating: CVSS v2 Base Score: See bel...

6.8CVSS7.4AI score0.02403EPSS
Exploits0
securityvulns
securityvulns
added 2013/08/28 12:0 a.m.121 views

[PSA-2013-0819-1] Oracle Java BytePackedRaster.verify() Signed Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/29 12:0 a.m.121 views

Basic Forum by JM LLC - Multiple Vulnerabilities

Dear all, I have discovered some vulnerabilities in Basic Forum, developed by JM LLC. Cheers, Sp3ctrecore ADVISORY ================================================ Basic Forum by JM LLC - Multiple Vulnerabilities ================================================ Software................: Basic For...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.121 views

[Full-disclosure] Magnolia CMS multiple access control vulnerabilities

Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...

1.9AI score0.01762EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/27 12:0 a.m.121 views

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own)

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow MS13-037 / Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included a...

9.3CVSS8.3AI score0.74096EPSS
Exploits9
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.121 views

[waraxe-2013-SA#102] - Reflected XSS in phpMyAdmin 3.5.7

waraxe-2013-SA102 - Reflected XSS in phpMyAdmin 3.5.7 =============================================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html Description of vulnerable software: phpMyAdmi...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.121 views

Cisco Video Surveillance Operations Manager Multiple vulnerabilities

Exploit Title:Cisco Video Surveillance Operations Manager Multiple vulnerabilities Google Dork: intitle:"Video Surveillance Operations Manager Login" Date: 22 Feb 2013 reported to the vendor Exploit Author: Bassem | bassem.co Vendor Homepage: www.cisco.com Version: Version 6.3.2 Tested on: Versio...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.121 views

APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 o...

10CVSS0.2AI score0.85882EPSS
Exploits10
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.121 views

Multiple Vulnerabilities in Linksys WAG200G

Device Name: Linksys WAG200G Vendor: Linksys/Cisco ============ Device Description: ============ The WAG200G is a Linksys Wireless-G ADSL Home Gateway which has a high-speed ADSL2+ modem that gives you a fast connection to the Internet. Source:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2012/05/01 12:0 a.m.121 views

Re: The history of a -probably- 13 years old Oracle bug: TNS Poison

I wanted to comment on the workarounds for this problem: 1 Setting SQLNET.ENCRYPTIONSERVER=REQUIRED on the server is not enough to protect you. To avoid "man in the middle" attacks, you need to have an SSL certificate on the server and SSLSERVERDNMATCH=TRUE in the client's sqlnet.ora. 2 Another w...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.121 views

ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-022 February 8, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Tota...

Exploits0
securityvulns
securityvulns
added 2012/01/02 12:0 a.m.121 views

n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.004 28-Dec-2011 Vendors: PHP, http://www.php.net Oracle, http://www.oracle.com Microsoft, http://www.microsoft.com Python, http://www.python.org Ruby, http://www.ruby.org Google, http://www.google.com Affected Products: PHP 4 and ...

7.8CVSS8.8AI score0.04246EPSS
Exploits2
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.121 views

Novell Sentinel Log Manager <=1.2.0.1 Path Traversal

Vuln: Path Traversal Application: Sentinel Log Manager Vendor: Novell Version affected: = 1.2.0.1 Website: http://www.novell.com/products/sentinel-log-manager/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it The latest version of Sentinel Log Manager...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.121 views

Multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications

Hello 3APA3A! I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in flvPlayer, which is...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.121 views

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability

------------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Vulnerability ------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...

7.5CVSS0.2AI score0.52477EPSS
Exploits12
securityvulns
securityvulns
added 2011/05/26 12:0 a.m.121 views

[USN-1137-1] Eucalyptus vulnerability

========================================================================== Ubuntu Security Notice USN-1137-1 May 26, 2011 eucalyptus, rampart vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

6.5CVSS0.6AI score0.02174EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/10 12:0 a.m.121 views

[DCA-2011-0006] Hiawatha 7.4 - Denial-of-Service

Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software - Hiawatha WebServer 7.4 Vendor Product Description - Hiawatha is an open source webserver with a focus on security. I started Hiawatha in January 2002. Before that time, I had used several...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2010/04/15 12:0 a.m.121 views

Microsoft SMB client multiple security vulnerabilities

Memory corruptions, race conditions...

10CVSS2.2AI score0.50186EPSS
Exploits8References3Affected Software1
securityvulns
securityvulns
added 2010/02/16 12:0 a.m.121 views

Chrome Password Manager Cross Origin Weakness (CVE-2010-0556)

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Chrome Password Manager Cross Origin Weakness Release Date: 2010-02-15 Application: Google Chrome Web Browser Versions:...

4.3CVSS0.2AI score0.01047EPSS
Exploits0
securityvulns
securityvulns
added 2009/12/09 12:0 a.m.121 views

Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer (976325)

Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer 976325 Published: December 08, 2009 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in...

9.3CVSS1.3AI score0.71802EPSS
Exploits8
securityvulns
securityvulns
added 2009/11/30 12:0 a.m.121 views

Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others

Hi! I've just released the working exploit for CTXSYS.DRVXTABC.CREATETABLES injection on Oracle DB 9i/10g CVE-2009-1991 You can find the code on my site, http://rawlab.mindcreations.com In particular, Classic SQL injection:...

3.6CVSS2.5AI score0.01712EPSS
Exploits0
securityvulns
securityvulns
added 2009/08/17 12:0 a.m.121 views

Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007

Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007 Release Date. 17-Aug-2009 Last Update. - Vendor Notification Date. 15-Jun-2009 Product. Piwigo Platform. Independent Affected versions. 2.0.0 verified, possibly others Severity Rating. Medium Impact. Manipulation of data Attack...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/07/28 12:0 a.m.121 views

cross site scripting the browser google "chrome"

autor : bikolinux Vuln: cross site scripting the browser google "chrome" Download: http://www.google.com/chrome error local EMAIL [email protected] [email protected] vercion test 2.0.172.37 cross site scripting the browser google "chrome" The error is when making a request to record path =...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2009/04/10 12:0 a.m.121 views

SASPCMS Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: SASPCMS Multiple Vulnerabilities Vendor: http://www.lgasoft.com Vulnerable Version: 0.9 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: SASPCMS is an ASP Content Management System . SASPCMS witc...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/03/11 12:0 a.m.121 views

djbdns misformats some long response packets; patch and example attack

The DNS packet format allows names to be compressed by replacing the suffix of a name with an encoded offset to another location in the packet where the suffix already exists. Because of the encoding scheme, valid offsets are limited to 16384. In djbdns 1.05, response.c handles name compression...

Exploits0
securityvulns
securityvulns
added 2008/12/10 12:0 a.m.121 views

Joomla Component mydyngallery

Joomla Component mydyngallery AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : http://mydyngallery.mon-cottenchy.fr DORK : inurl:option=commydyngallery Bug...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2008/07/22 12:0 a.m.121 views

Maran PHP Blog Xss By Khashayar Fereidani

---------------------------------------------------------------- Script : Maran PHP Blog Type : XSS Pasive Method : GET Alert : Medium ---------------------------------------------------------------- Discovered by : Khashayar Fereidani a.k.a. Dr.Crash My Offical Website : HTTP://FEREIDANI.IR...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2008/05/24 12:0 a.m.121 views

PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script

Update: To exploit this in both firefox and IE requires an extra char "=" in the end. Using the same PoC URL we get: https://target.tld/my.logon.php3?"/scripttextareaHTMLinjectiontest/textarea!--= Client environment: firefox 2.0.0.11 and IE 6.0.2900.2180 Ricardo Martins, CISA Security Consultant...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/03/09 12:0 a.m.121 views

PHP-Nuke KutubiSitte "kid" SQL Injection

RBT-4 Crew rbt-4.net PHP-Nuke KutubiSitte "kid" SQL Injection http://www.rbt-4.net/forum/viewthread.php?forumid=51&threadid=3058 AUTHOR : Lovebug modules.php?name=KutubiSitte&hop=hadisgoster&kid= Exploit :...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/07/23 12:0 a.m.121 views

Minb Is Not A Blog default password directory

Minb Is Not A Blog default password directory http://sourceforge.net/projects/minb Via looking in a default directory, any user can access the users.db file which contains the username and encrypted password of the person running the board. Try it for your self: www.example.com/minb/db/users.db T...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/06/18 12:0 a.m.121 views

Webif.cgi local file inclusion

.:: WEBIF.CGI LOCALE FILE INCLUSION ::. AUTHOR: maiosyet CONTACT: [email protected] SITE: http://www.mawk.org ORIGINAL ADV: http://www.mawk.org/mods.php?mods=Core&page=view&id=102 SOFTWARE: Webif.cgi http://www.ifnet.it/webif/ DESCRIPTION: Webif is the natural solution for librarianships who want...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/04/17 12:0 a.m.121 views

DNS birthday attacks

DNS uses 2-bytes message identificator to prevent spoofing attack. The problem is if few same requests came in same time they are forwarded with different IDs from same UDP port. It increases chances to spoof reply so called birthdey effect: probability that among 60 randomely choosen persons the...

5CVSS2.6AI score0.08311EPSS
Exploits0References2
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.121 views

php-generics 1.0 Remote File Inclusion Vulnerabilities

-------------------------------------------------------- php-generics 1.0 Remote File Inclusion Vulnerabilities -------------------------------------------------------- Software: php-generics 1.0Beta Vendor: http://ie.archive.ubuntu.com/sourceforge/p/ph/php-generics/php-generics-1.0.0-beta.zip...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/02 12:0 a.m.121 views

iPhotoAlbum v1.1(header.php)Remote File Include Vulnerability

iPhotoAlbum v1.1header.phpRemote File Include Vulnerability D.Script: http://sourceforge.net/projects/iphotoalbum/ Discovered by: GloDM = Mahmoodali Homepage: http://www.Tryag.cc V.Code ?php ifisset$setmenu include"$setmenu"; ? Exploit:Path/lib/static/header.php?setmenu=SheLL Greetz To: Tryag-Tea...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/11/05 12:0 a.m.121 views

SazCart <= 1.5 (cart.php) Remote File Include Vulnerability

sazcart v1.5 cart.php Remote File include ---Hitamputih crew--- Bug Found By : IbnuSina vendor : http://sazcart.com/site Risk : High Greetz : Solpot,permenhack,barbarosa,cah|gemblunkz,fungmen,setiawan,irvian,meteoroid and all member hitamputih crew community www.kaipank.org/forum especially thx t...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/07/11 12:0 a.m.121 views

SQuery <= 4.5(libpath) Remote File Inclusion Exploit

================================================================= SQuery = 4.5libpath Remote File Inclusion Exploit ================================================================= Worked On : ALL VERSIONS | | Critical Level : Dangerous | | Gug Found In : gore.php |...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2005/06/10 12:0 a.m.121 views

[SA15658] Ovidentia FX "babInstallPath" File Inclusion Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/01/24 12:0 a.m.121 views

Multiple applications fd_set structure bitmap array index overflow

Issue: Multiple applications fdset structure bitmap array index overflow Type: remote Date: December, 12 2004 Original URL: http://www.security.nnov.ru/advisiories/sockets.asp Author: 3APA3A URL: http://www.security.nnov.ru/ Affected: gnugk 2.2.0 confirmed, fixed by vendor gnugk is OpenH323...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2003/08/06 12:0 a.m.121 views

Windows drivers privilege escalation

During access to driver memory range for input/output buffers is not checked...

5.9AI score
Exploits0References3Affected Software2
securityvulns
securityvulns
added 2000/09/02 12:0 a.m.121 views

UW c-client library vulnerability

It seems, that c-client libraries by University of Washington have some bugs, that makes some programs that depend upon those libraries go crazy. AFAIK affected programs include at least Pine read "pain", ipop3d and IMAPD. And those programs and libraries are commonly used in Unixes. I don't know...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.120 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.10986EPSS
Exploits14References34Affected Software13
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.120 views

[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-011 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date:...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.120 views

ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities EMC Identifier: ESA-2015-002 CVE Identifier: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2012-5885, CVE-2011-3389, CVE-2013-1767, CVE-2012-2137,...

10CVSS0.5AI score0.99999EPSS
Exploits57
securityvulns
securityvulns
added 2015/01/13 12:0 a.m.120 views

[USN-2459-1] OpenSSL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2459-1 January 12, 2015 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS0.6AI score0.98685EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.120 views

FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:09.openssl Security Advisory The FreeBSD Project Topic: OpenSSL use-after-free vulnerability Category: contrib Module: openssl Announced: 2014-04-30 Affects:...

4CVSS7.5AI score0.34132EPSS
Exploits0
securityvulns
securityvulns
added 2014/02/01 12:0 a.m.120 views

Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability

Document Title: =============== Mozilla Bug Bounty 5 - WireTap Remote Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking ID: 875818 Video: http://www.vulnerability-lab.com/getcontent.php?id=1182 Partner News...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.120 views

EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution

EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution tested against: Microsoft Windows Server 2008 r2 sp1 EMC Data Protection Advisor 5.8 sp5 vulnerability: the "DPA Illuminator" service DPAIlluminator.exe listening on public port 8090 tcp/http and 8453 tcp/https is...

4AI score
Exploits0
securityvulns
securityvulns
added 2013/11/05 12:0 a.m.120 views

[security bulletin] HPSBMU02933 rev.1 - HP SiteScope, issueSiebelCmd SOAP Request, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03969435 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03969435 Version: 1 HPSBMU02933 rev....

7.5CVSS0.6AI score0.71003EPSS
Exploits5
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.120 views

[CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities

Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Watchguard Server Center Vendor URL: www.watchguard.com Type: Cross-Site Scripting CWE-79 Date...

4.3CVSS0.3AI score0.00974EPSS
Exploits2
securityvulns
securityvulns
added 2013/08/14 12:0 a.m.120 views

[PSA-2013-0811-1] Oracle Java storeImageArray() Invalid Array Indexing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0811-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

0.3AI score
Exploits0
Total number of security vulnerabilities5000