Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/12/19 12:0 a.m.120 views

BF, XSS, IAA и CSRF уязвимости в poMMo

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force, Cross-Site Scripting, Insufficient Anti-automation и Cross-Site Request Forgery уязвимостях в poMMo. Brute Force WASC-11: http://site/pommo/index.php XSS WASC-08:...

Exploits0
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.120 views

A1 Solutions (cat_sell.php?cid) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability A1 Solutions catsell.php?cid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.a1sols.com/ Persian Gulf 4 Ever! Dork : "Powered by A1 Solutions" "inurl:catsell.php?cid="...

3.3AI score
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.120 views

ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability

ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-187 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

10CVSS0.6AI score0.06277EPSS
Exploits0
securityvulns
securityvulns
added 2010/11/18 12:0 a.m.120 views

[security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02004333 Version: 1 HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files NOTICE: The...

7.8CVSS0.1AI score0.1313EPSS
Exploits14
securityvulns
securityvulns
added 2010/09/27 12:0 a.m.120 views

[USN-989-1] PHP vulnerabilities

=========================================================== Ubuntu Security Notice USN-989-1 September 20, 2010 php5 vulnerabilities CVE-2010-0397, CVE-2010-1128, CVE-2010-1129, CVE-2010-1130, CVE-2010-1866, CVE-2010-1868, CVE-2010-1917, CVE-2010-2094, CVE-2010-2225, CVE-2010-2531, CVE-2010-2950,...

7.5CVSS0.6AI score0.12652EPSS
Exploits11
securityvulns
securityvulns
added 2010/04/12 12:0 a.m.120 views

Secunia Research: Pulse CMS Arbitrary File Upload Vulnerability

====================================================================== Secunia Research 08/04/2010 - Pulse CMS Arbitrary File Upload Vulnerability - ====================================================================== Table of Contents Affected...

6CVSS0.9AI score0.0156EPSS
Exploits0
securityvulns
securityvulns
added 2010/02/17 12:0 a.m.120 views

Huawei HG510 CSRF, Auth Bypass, DoS

Hello, Huawei HG510 is a device offered by the Serbian telecom operator, to provide ADSL Internet connection. Administration of settings on this device is allowed only from local LAN network but not only from private IP address eg 192.168.1.1 then You can access with public IP address only from...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2009/03/11 12:0 a.m.120 views

djbdns misformats some long response packets; patch and example attack

The DNS packet format allows names to be compressed by replacing the suffix of a name with an encoded offset to another location in the packet where the suffix already exists. Because of the encoding scheme, valid offsets are limited to 16384. In djbdns 1.05, response.c handles name compression...

Exploits0
securityvulns
securityvulns
added 2008/11/04 12:0 a.m.120 views

A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/08/26 12:0 a.m.120 views

ZoneMinder Multiple Vulnerabilities

ZoneMinder Multiple Vulnerabilities by Filip Palian filip dot palian at pjwstk dot edu dot pl Software affected: ZoneMinder = 1.23.3 Severity: Critical Description from the vendor site: ZoneMinder is an integrated set of applications which provide a complete surveillance solution allowing capture...

1AI score
Exploits0
securityvulns
securityvulns
added 2008/06/05 12:0 a.m.120 views

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Authorization Bypass Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

7.5CVSS0.03268EPSS
Exploits0
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.120 views

S21SEC-041-en:Cezanne SW Cross-Site Scripting

S21Sec Advisory - Title: Cezanne SW Cross-Site Scripting ID: S21SEC-041-en Severity: Medium History: 02.Jan.2008 Vulnerability discovered Authors: Juan de la Fuente Costa [email protected] Fco Javier Puerta Rubio [email protected] URL: http://www.s21sec.com/avisos/s21sec-41-en.txt SUMMARY...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/11/29 12:0 a.m.120 views

PHPSlideShow XSS Update

Vendor Site: http://www.zinkwazi.com/wp/scripts/ Version affected: 0.9.9.2 URL:http://www.example.com/scripts/demo/phpslideshow.php?directory=photos BID ref: 26576 By Jose Luis Gуngora Fernбndez PHPSlideShow is also susceptible the following inputs:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.120 views

Mozilla Foundation Security Advisory 2007-24

Mozilla Foundation Security Advisory 2007-24 Title: Unauthorized access to wyciwyg:// documents Impact: High Announced: July 17, 2007 Reporter: Michal Zalewski Products: Firefox Fixed in: Firefox 2.0.0.5 Description Michal Zalewski reported that it was possible to bypass the same-origin checks an...

6.8CVSS0.3AI score0.01966EPSS
Exploits1
securityvulns
securityvulns
added 2007/04/25 12:0 a.m.120 views

netbingo v 2000 >> RFI

name & version :netbingo & 2000 vendor: http://www.proactech.com by : www.hackerz.ir userz,s3rv3rhack3r,saeidonlylinux,farzad exploit :http://victim/bingoserver.php3?responsedir=http://shell...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.120 views

Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities

================================================== Joomla/Mambo Component Taskhopper 1.1 /inc/ mosConfigabsolutepath RFI ================================================== Found By : Cold z3ro , [email protected] ================================================== Homepage: www.Hack-Teach.com...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.120 views

LunarPoll (PollDir) Remote File Include Vulnerabilities

------------------------------------------------------------------------------------------------------------------- AYYILDIZ.ORG PreSents... Script:LunarPoll Script Download: dexxaboy.com/scripts/lunarpoll/download/ Contact: ilker Kandemir ilkerkandemiratmynet.com Code:...

3.4AI score
Exploits0
securityvulns
securityvulns
added 2006/09/28 12:0 a.m.120 views

Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit

============================================================================================== Kietu? = v4.0.0b2z urlhit Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Download from :...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/09/18 12:0 a.m.120 views

SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include

SolpotCrew Community phpBB XS phpbbrootpath Remote File Include Download file : http://www.phpbbxs.eu/dload.php?action=category&catid=2 Bug Found By : NoGe a.k.a dajackass contact: [email protected] Website : http://nyubicrew.org/adv/Nogeadv02.txt Greetz: skulmaticthanks for sharing knowledge...

Exploits0
securityvulns
securityvulns
added 2006/09/13 12:0 a.m.120 views

Signkorn Guestbook <= v1.3 (dir_path) Remote File Inclusion Exploit

============================================================================================== Signkorn Guestbook = v1.3 dirpath Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/05/17 12:0 a.m.120 views

[SA20136] FreeFTPd SFTP Key Exchange Algorithm String Buffer Overflow

TITLE: FreeFTPd SFTP Key Exchange Algorithm String Buffer Overflow SECUNIA ADVISORY ID: SA20136 VERIFY ADVISORY: http://secunia.com/advisories/20136/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: From remote SOFTWARE: FreeFTPd 1.x http://secunia.com/product/6138/ DESCRIPTION: A...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/01/29 12:0 a.m.120 views

PHP5 Globals Vulnerability: with ?GLOBALS[foobar] you can set the value of the un-initialized $foobar variable.

PHP5 Globals Vulnerability: with ?GLOBALSfoobar you can set the value of the un-initialized $foobar variable. PHP5 Globals Vulnerability Name PHP5 Globals Vulnerability Systems Affected PHP5 verified on 5.1.1 and 5.1.2 Severity Critical Vendor www.php.net Advisory...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2004/11/01 12:0 a.m.120 views

Sun Java System Web Proxy Server buffer overflow

No description provided...

3.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/10/28 12:0 a.m.120 views

Les Visiteurs v2.0.1 code injection vulnerability

Les Visiteurs is a great statistics script written in php. It gives you some graphicals informations on visitors of your website. This script was distributed by phpinfo.net but is no more maintained since a year. --------- In this version severals unprotected includes can be found in files: -...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2000/10/26 12:0 a.m.120 views

Security Bulletin (MS00-081)

Microsoft Security Bulletin MS00-081 - -------------------------------------- Patch Available for New Variant of "VM File Reading" Vulnerability Originally posted: October 25, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoftr virtual...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.119 views

[ MDVSA-2015:228 ] nodejs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:228 http://www.mandriva.com/en/support/security/ Package : nodejs Date : May 6, 2015 Affected: Business Server 2.0 Problem Description: Updated nodejs package fixes security vulnerability: It was found that...

10CVSS3.8AI score0.03242EPSS
Exploits0
securityvulns
securityvulns
added 2015/02/23 12:0 a.m.119 views

articleFR CMS 3.0.5 - Arbitrary File Upload

Vulnerability title: articleFR CMS 3.0.5 - Arbitrary File Upload Product: articleFR CMS Vendor: http://freereprintables.com Affected version: version 3.0.5 Fixed version: N/A Author: Tran Dinh Tien [email protected] & ITAS Team www.itas.vn ::DESCRITION:: - Vulnerabilities related to the upload ...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.119 views

FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:09.openssl Security Advisory The FreeBSD Project Topic: OpenSSL use-after-free vulnerability Category: contrib Module: openssl Announced: 2014-04-30 Affects:...

4CVSS7.5AI score0.34132EPSS
Exploits0
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.119 views

[CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities

Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Watchguard Server Center Vendor URL: www.watchguard.com Type: Cross-Site Scripting CWE-79 Date...

4.3CVSS0.3AI score0.00974EPSS
Exploits2
securityvulns
securityvulns
added 2013/07/10 12:0 a.m.119 views

nginx buffer overflow

Buffer overflow on proxypass upstream HTTP server response processing. Buffer overflow on chunked response parsing...

7.5CVSS2.9AI score0.87475EPSS
Exploits18References1Affected Software1
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.119 views

SQLi found in Kodak Insite

Hello ... While investigating a recent installation of Kodak's Insite Creative Workflow System for my current employer, an SQL Injection vulnerability was discovered in its "Forgot Your Password?" page. An example of this application can be seen on the Kodak site...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2012/12/03 12:0 a.m.119 views

ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities

ESA-2012-057.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-057 CVE Identifier: CVE-2012-4614 CVE Identifier: CVE-2012-4615 Severity Rating: CVSS v2 Base Score: See below for individual...

9.3CVSS0.6AI score0.02281EPSS
Exploits0
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.119 views

Exploit - EasyITSP by Lemens Telephone Systems 2.0.2

?php errorreporting0; $arguments = getopt"a:b:c:"; $url = $arguments'a'; $idpod =$arguments'b'; $idend =$arguments'c'; ifcount$arguments!=3 echo ' Exploit - EasyITSP by Lemens Telephone Systems 2.0.2 '."n"; echo ' Discovery users with passwords '."n"; echo ' '."n"; echo ' Author: Michal Blaszczak...

Exploits0
securityvulns
securityvulns
added 2012/08/13 12:0 a.m.119 views

Security Advisory in LedgerSMBv 1.3.20 and below: Denial of Service vulnerability

A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered. In most cases we do not believe this to be particularly severe in the absence o...

Exploits0
securityvulns
securityvulns
added 2012/07/29 12:0 a.m.119 views

python multiple security vulnerabilities

DoS, crissoite scripting, information leakage...

5CVSS1.4AI score0.0562EPSS
Exploits9References2Affected Software1
securityvulns
securityvulns
added 2012/07/11 12:0 a.m.119 views

Checkpoint Abra - Vulnerabilities

Check Point Abra Vulnerabilities Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Authors: Belov V., Komarov A. Group-IB Summary: Check Point Abra allow...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.119 views

Quake 3 / ioquake3 traffic amplification vulnerability

Source of getstatus UDP message is not checked...

7.8CVSS2.3AI score0.0211EPSS
Exploits0References1Affected Software4
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.119 views

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-305 October 26, 2011 -- CVE ID: CVE-2011-3544 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

10CVSS9.7AI score0.96714EPSS
Exploits13
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.119 views

ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability

ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-306 October 26, 2011 -- CVE ID: CVE-2011-3521 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java...

10CVSS1.1AI score0.03932EPSS
Exploits1
securityvulns
securityvulns
added 2011/08/12 12:0 a.m.119 views

Mambo CMS 4.6.x (4.6.5) | SQL Injection

Mambo CMS 4.6.x 4.6.5 | SQL Injection 1. OVERVIEW Mambo CMS 4.6.5 and lower versions are vulnerable to SQL Injection. 2. BACKGROUND Mambo is a full-featured, award-winning content management system that can be used for everything from simple websites to complex corporate applications. It is used...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.119 views

ESA-2011-024: EMC Captiva eInput multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-024: EMC Captiva eInput multiple vulnerabilities. EMC Identifier: ESA-2011-024 CVE Identifier: CVE-2011-1743, CVE-2011-1744 Affected products: EMC SW: EMC Captiva eInput 2.1.1 Vulnerability Summary: EMC Captiva eInput contains two...

5.8CVSS0.9AI score0.01013EPSS
Exploits0
securityvulns
securityvulns
added 2011/05/02 12:0 a.m.119 views

Multiple Vendors libc/glob() GLOB_BRACE|GLOB_LIMIT memory exhaustion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vendors libc/glob GLOBBRACE|GLOBLIMIT memory exhaustion Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - Dis.: 19.01.2011 - Pub.: 02.05.2011 CVE: CVE-2011-0418 Affected Software...

7.8CVSS5.7AI score0.32357EPSS
Exploits14
securityvulns
securityvulns
added 2011/02/03 12:0 a.m.119 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References10Affected Software4
securityvulns
securityvulns
added 2011/02/02 12:0 a.m.119 views

[USN-1055-1] OpenJDK vulnerabilities

=========================================================== Ubuntu Security Notice USN-1055-1 February 01, 2011 openjdk-6, openjdk-6b18 vulnerabilities CVE-2010-4351, CVE-2011-0025 =========================================================== A security issue affects the following Ubuntu releases:...

6.8CVSS9.3AI score0.02578EPSS
Exploits0
securityvulns
securityvulns
added 2010/12/28 12:0 a.m.119 views

[waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0

waraxe-2010-SA078 - Multiple Vulnerabilities in CruxCMS 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. December 2010 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-78.html Affected Software: CruxCMS is a...

Exploits0
securityvulns
securityvulns
added 2010/07/15 12:0 a.m.119 views

CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...

6.4CVSS5.8AI score0.06509EPSS
Exploits1
securityvulns
securityvulns
added 2009/09/21 12:0 a.m.119 views

Mambo 4.6.3 arbitrary file upload

Step 1 Using post method send file to: http://victim.com/mambo4.6.5/mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php?Command=FileUpload file should have one of the following extensions: zip, doc, xls, pdf, rtf, csv, jpg, gif, jpeg, png, avi, mpg, mpeg, swf, fla...

7AI score
Exploits0
securityvulns
securityvulns
added 2009/06/25 12:0 a.m.119 views

(POST var 'resetpwemail') BLIND SQL INJECTION EXPLOIT --AlumniServer v-1.0.1-->

!/usr/bin/python -------------------------------------------------------------------------------- POST var 'resetpwemail' BLIND SQL INJECTION EXPLOIT --AlumniServer v-1.0.1-- -------------------------------------------------------------------------------- CMS INFORMATION: --WEB:...

8.5AI score
Exploits0
securityvulns
securityvulns
added 2009/06/10 12:0 a.m.119 views

Microsoft Security Bulletin MS09-026 - Important Vulnerability in RPC Could Allow Elevation of Privilege (970238)

Microsoft Security Bulletin MS09-026 - Important Vulnerability in RPC Could Allow Elevation of Privilege 970238 Published: June 9, 2009 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call RPC...

10CVSS1.6AI score0.32387EPSS
Exploits1
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.119 views

Oracle Secure Backup Multiple Denial Of Service vulnerabilities

Oracle Secure Backup Multiple Denial Of Service vulnerabilities 2009.January.13 Fortinet's FortiGuard Global Security Research Team Discovers multiple vulnerabilities in Oracle Secure Backup Summary: ======== Multiple Denial Of Service vulnerabilities exist Oracle Secure Backup 10.2.0.2 through...

5CVSS0.6AI score0.02776EPSS
Exploits0
Total number of security vulnerabilities5000