Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2003/10/28 12:0 a.m.120 views

Les Visiteurs v2.0.1 code injection vulnerability

Les Visiteurs is a great statistics script written in php. It gives you some graphicals informations on visitors of your website. This script was distributed by phpinfo.net but is no more maintained since a year. --------- In this version severals unprotected includes can be found in files: -...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2003/06/26 12:0 a.m.120 views

Microsoft Security Bulletin MS03-022: Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (Q822343)

-----BEGIN PGP SIGNED MESSAGE----- - - ------------------------------------------------------------------ Title: Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution 822343 Date: 25 June 2003 Software: Microsoftr Windowsr 2000 Impact: Allow an attacker to execute code of...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2000/10/26 12:0 a.m.120 views

Security Bulletin (MS00-081)

Microsoft Security Bulletin MS00-081 - -------------------------------------- Patch Available for New Variant of "VM File Reading" Vulnerability Originally posted: October 25, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoftr virtual...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.119 views

[ MDVSA-2015:228 ] nodejs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:228 http://www.mandriva.com/en/support/security/ Package : nodejs Date : May 6, 2015 Affected: Business Server 2.0 Problem Description: Updated nodejs package fixes security vulnerability: It was found that...

10CVSS3.8AI score0.03242EPSS
Exploits0
securityvulns
securityvulns
added 2015/04/09 12:0 a.m.119 views

Apple Mac OS X multiple security vulnerabilities

Unsafe cookie handling, code execution via different formats and protocols, privilege escalation, information leakage...

10CVSS3.3AI score0.34968EPSS
Exploits4References1Affected Software1
securityvulns
securityvulns
added 2014/05/30 12:0 a.m.119 views

OpenSSL security vulnerabilities

Information leakage, key recovery. This vulnerability is actively used in-the-wild...

5CVSS2.3AI score0.99999EPSS
Exploits89References44Affected Software41
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.119 views

APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4 Safari 6.1.4 and Safari 7.0.4 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact...

7.5CVSS0.1AI score0.03252EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.119 views

CVE-2014-5880 - Authentication Bypass in Oracle Demantra

Vulnerability title: Authentication Bypass in Oracle Demantra CVE: CVE-2014-5880 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: The authentication filter in Oracle Demantra is broken by design. For example the page:...

0.2AI score
Exploits5
securityvulns
securityvulns
added 2014/02/11 12:0 a.m.119 views

Microsoft Windows multiple security vulnerabilities

XML services information leakage, IPv6 DoS, Direct2D memory corruption, .Net privilege escalation, VBScript code execution...

9.3CVSS3.1AI score0.69801EPSS
Exploits13Affected Software1
securityvulns
securityvulns
added 2013/12/30 12:0 a.m.119 views

Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4.9 PHP 5.0.x PHP 5.1.x PHP 5.2.x PHP 5.3....

7.5CVSS7.6AI score0.35635EPSS
Exploits8
securityvulns
securityvulns
added 2013/12/24 12:0 a.m.119 views

[ MDVSA-2013:298 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:298 http://www.mandriva.com/en/support/security/ Package : php Date : December 20, 2013 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in php: The...

7.5CVSS7.9AI score0.35635EPSS
Exploits8
securityvulns
securityvulns
added 2013/11/18 12:0 a.m.119 views

Android su applications privilege escalation

Unsafe environment variables and file descriptors usage...

10CVSS4.6AI score0.016EPSS
Exploits9References3Affected Software2
securityvulns
securityvulns
added 2013/08/28 12:0 a.m.119 views

Oracle Java multiple security vulnerabilities

40 different vulnerabilities...

10CVSS2.4AI score0.98704EPSS
Exploits32References4Affected Software2
securityvulns
securityvulns
added 2013/08/12 12:0 a.m.119 views

SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness

SEC Consult Vulnerability Lab Security Advisory 20130805-0 ======================================================================= title: Vodafone EasyBox Default WPS PIN Algorithm Weakness product: EasyBox 802 & EasyBox 803 vulnerable version: EasyBox 802 - all versions EasyBox 803 - Production...

Exploits0
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.119 views

SQLi found in Kodak Insite

Hello ... While investigating a recent installation of Kodak's Insite Creative Workflow System for my current employer, an SQL Injection vulnerability was discovered in its "Forgot Your Password?" page. An example of this application can be seen on the Kodak site...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.119 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.6645EPSS
Exploits25References9Affected Software10
securityvulns
securityvulns
added 2012/12/07 12:0 a.m.119 views

CVE-2012-3546 Apache Tomcat Bypass of security constraints

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3546 Apache Tomcat Bypass of security constraints Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.35 Earlier unsupported versions may also be affected Descriptio...

4.3CVSS0.2AI score0.11975EPSS
Exploits1
securityvulns
securityvulns
added 2012/12/03 12:0 a.m.119 views

ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities

ESA-2012-057.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-057 CVE Identifier: CVE-2012-4614 CVE Identifier: CVE-2012-4615 Severity Rating: CVSS v2 Base Score: See below for individual...

9.3CVSS0.6AI score0.02281EPSS
Exploits0
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.119 views

Exploit - EasyITSP by Lemens Telephone Systems 2.0.2

?php errorreporting0; $arguments = getopt"a:b:c:"; $url = $arguments'a'; $idpod =$arguments'b'; $idend =$arguments'c'; ifcount$arguments!=3 echo ' Exploit - EasyITSP by Lemens Telephone Systems 2.0.2 '."n"; echo ' Discovery users with passwords '."n"; echo ' '."n"; echo ' Author: Michal Blaszczak...

Exploits0
securityvulns
securityvulns
added 2012/09/19 12:0 a.m.119 views

[SE-2012-01] Security vulnerabilities in IBM Java

Hello All, Security Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software 1. This is IBM 2 implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can lead t...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/08/13 12:0 a.m.119 views

Security Advisory in LedgerSMBv 1.3.20 and below: Denial of Service vulnerability

A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered. In most cases we do not believe this to be particularly severe in the absence o...

Exploits0
securityvulns
securityvulns
added 2012/08/13 12:0 a.m.119 views

Microsoft Windows multiple security vulnerabilities

TCP/IP privilege escalation, partition manager privilege escalation, multiple security vulnerabililities in .Net, Silverlight, font management, GDI+, window components, etc...

9.3CVSS2.5AI score0.78285EPSS
Exploits13References3Affected Software1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.119 views

[security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03263573 Version: 1 HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator OA, Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service DoS, URL Redirection NOTICE: The...

7.6CVSS0.5AI score0.87264EPSS
Exploits14
securityvulns
securityvulns
added 2011/08/12 12:0 a.m.119 views

Mambo CMS 4.6.x (4.6.5) | SQL Injection

Mambo CMS 4.6.x 4.6.5 | SQL Injection 1. OVERVIEW Mambo CMS 4.6.5 and lower versions are vulnerable to SQL Injection. 2. BACKGROUND Mambo is a full-featured, award-winning content management system that can be used for everything from simple websites to complex corporate applications. It is used...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.119 views

ESA-2011-024: EMC Captiva eInput multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-024: EMC Captiva eInput multiple vulnerabilities. EMC Identifier: ESA-2011-024 CVE Identifier: CVE-2011-1743, CVE-2011-1744 Affected products: EMC SW: EMC Captiva eInput 2.1.1 Vulnerability Summary: EMC Captiva eInput contains two...

5.8CVSS0.9AI score0.01013EPSS
Exploits0
securityvulns
securityvulns
added 2011/07/26 12:0 a.m.119 views

Indonesia Web Design (link-directory.php?cid) (link-directory.php?pid) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Indonesia Web Design link-directory.php?cid link-directory.php?pid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.webhostingbali.com/ Persian Gulf 4 Ever! Dork : "Powere...

3.1AI score
Exploits0
securityvulns
securityvulns
added 2011/05/02 12:0 a.m.119 views

Multiple Vendors libc/glob() GLOB_BRACE|GLOB_LIMIT memory exhaustion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vendors libc/glob GLOBBRACE|GLOBLIMIT memory exhaustion Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - Dis.: 19.01.2011 - Pub.: 02.05.2011 CVE: CVE-2011-0418 Affected Software...

7.8CVSS5.7AI score0.32357EPSS
Exploits14
securityvulns
securityvulns
added 2011/04/05 12:0 a.m.119 views

ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability

ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-115 April 1, 2011 -- CVSS: 9.3, AV:N/AC:M/Au:N/C:C/I:C/A:C -- Affected Vendors: IBM -- Affected Products: IBM solidDB -- TippingPointTM IPS Customer...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2011/03/03 12:0 a.m.119 views

HTB22856: XSS vulnerability in Pragyan CMS

Vulnerability ID: HTB22856 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinpragyancms1.html Product: Pragyan CMS Vendor: Pragyan Team http://sourceforge.net/projects/pragyan/ Vulnerable Version: v.3.0 beta Vendor Notification: 17 February 2011 Vulnerability Type: Stored XSS Cross Sit...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/02/03 12:0 a.m.119 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References10Affected Software4
securityvulns
securityvulns
added 2010/12/28 12:0 a.m.119 views

[waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0

waraxe-2010-SA078 - Multiple Vulnerabilities in CruxCMS 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. December 2010 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-78.html Affected Software: CruxCMS is a...

Exploits0
securityvulns
securityvulns
added 2010/07/15 12:0 a.m.119 views

CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...

6.4CVSS5.8AI score0.06509EPSS
Exploits1
securityvulns
securityvulns
added 2010/04/26 12:0 a.m.119 views

[security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02029444 Version: 1 HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS, Denial of Service DoS, Execution of Arbitrary Code,...

10CVSS0.8AI score0.80134EPSS
Exploits23
securityvulns
securityvulns
added 2009/09/22 12:0 a.m.119 views

[USN-834-1] PostgreSQL vulnerabilities

=========================================================== Ubuntu Security Notice USN-834-1 September 21, 2009 postgresql-8.1, postgresql-8.3 vulnerabilities CVE-2009-3229, CVE-2009-3230, CVE-2009-3231 =========================================================== A security issue affects the...

6.8CVSS6.6AI score0.07568EPSS
Exploits0
securityvulns
securityvulns
added 2009/09/21 12:0 a.m.119 views

Mambo 4.6.3 arbitrary file upload

Step 1 Using post method send file to: http://victim.com/mambo4.6.5/mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php?Command=FileUpload file should have one of the following extensions: zip, doc, xls, pdf, rtf, csv, jpg, gif, jpeg, png, avi, mpg, mpeg, swf, fla...

7AI score
Exploits0
securityvulns
securityvulns
added 2009/06/25 12:0 a.m.119 views

(POST var 'resetpwemail') BLIND SQL INJECTION EXPLOIT --AlumniServer v-1.0.1-->

!/usr/bin/python -------------------------------------------------------------------------------- POST var 'resetpwemail' BLIND SQL INJECTION EXPLOIT --AlumniServer v-1.0.1-- -------------------------------------------------------------------------------- CMS INFORMATION: --WEB:...

8.5AI score
Exploits0
securityvulns
securityvulns
added 2009/06/10 12:0 a.m.119 views

Microsoft Security Bulletin MS09-026 - Important Vulnerability in RPC Could Allow Elevation of Privilege (970238)

Microsoft Security Bulletin MS09-026 - Important Vulnerability in RPC Could Allow Elevation of Privilege 970238 Published: June 9, 2009 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call RPC...

10CVSS1.6AI score0.32387EPSS
Exploits1
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.119 views

Oracle Secure Backup Multiple Denial Of Service vulnerabilities

Oracle Secure Backup Multiple Denial Of Service vulnerabilities 2009.January.13 Fortinet's FortiGuard Global Security Research Team Discovers multiple vulnerabilities in Oracle Secure Backup Summary: ======== Multiple Denial Of Service vulnerabilities exist Oracle Secure Backup 10.2.0.2 through...

5CVSS0.6AI score0.02776EPSS
Exploits0
securityvulns
securityvulns
added 2008/11/01 12:0 a.m.119 views

Aria-Security.com: Saba 2.0 Cross Site Scripting [PASSIVE]

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability PHP-Nuke 8.1 Module BookCatalog category&catid AuTh0r : EhsanHp200 H0ME : www.only-4dl.tk Email : [email protected] Persian Gulf 4 Ever! Dork : "inurl:modules.php?name=BookCatalog" Exploite for username:...

2.7AI score
Exploits0
securityvulns
securityvulns
added 2008/07/18 12:0 a.m.119 views

Oracle Application Server PLSQL injection flaw

NGSSoftware Insight Security Research Advisory Name: PLSQL Injection in Oracle Application Server Systems Affected: Oracle Application Server 9.0.4.3, 10.1.2.2, 10.1.4.1 Severity: Critical Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 9th October 200...

6.4CVSS0.1AI score0.01294EPSS
Exploits0
securityvulns
securityvulns
added 2008/04/03 12:0 a.m.119 views

Directory traversal in LANDesk Management Suite 8.80.1.1

Luigi Auriemma Application: LANDesk Management Suite http://www.landesk.com/products/ldms/index.aspx Versions: = 8.80.1.1 Platforms: Windows Bug: directory traversal Exploitation: remote Date: 01 Apr 2008 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 T...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2007/11/05 12:0 a.m.119 views

OpenBSD DHCP server buffer overflow

Integer overflow with "maximum message size" option leads to buffer overflow...

10CVSS3.6AI score0.80265EPSS
Exploits7References1Affected Software1
securityvulns
securityvulns
added 2007/08/10 12:0 a.m.119 views

Gstebuch Version 1.5 Remote Command Execution Vulnerability

Gastebuch Version 1.5 Remote Command Execution Vulnerability ----------------------------------------------------------------------- Script : Gastebuch Version Version : 1.5 Site : http://www.mapos-scripts.de/downloads.php?download=11 Founder : Rizgar Contact : [email protected] and...

2AI score
Exploits0
securityvulns
securityvulns
added 2007/04/16 12:0 a.m.119 views

FloweRS v2.0 Cross Site Scripting

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/04/16 12:0 a.m.119 views

Back-End CMS Database Tables v0.4.7 Remote File Include Vulnerabilities

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/04/04 12:0 a.m.119 views

Microsoft Windows multiple GDI vulnerabilities

No description provided...

9.3CVSS1.9AI score0.7288EPSS
Exploits18References1
securityvulns
securityvulns
added 2007/02/15 12:0 a.m.119 views

CodeAvalanche News SQL Injection

CodeAvalanche News SQL Injection Software: CodeAvalanche News Download: http://www.aspindir.com/indir.asp?id=3315 Risk: High Found by: beks http://target/path/inclistnews.asp?CATID=17+union+select+0,0,0,0,Password+from+Params...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.119 views

Weaknesses in Pingback Design

Advisory: Weaknesses in Pingback Design Advisory ID: 4tphi-sa-20070111-pingback Release Date: 01-24-2007 Author: Blake Matheny [email protected] Software: Multiple Impact: Remote DoS Overview: From Wikipedia, "A Pingback is one of three types of Linkbacks, methods for Web authors to request...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.119 views

Nwom topsites v3.0

Nwom topsites v3.0 http://www.nwom.net Vulnerable files: Comment input. index.php SQL info released on error: http://www.example.com/index.php?o=' XSS: http://www.example.com/index.php?o=IMG20SRC=javascript:alertString.fromCharCode88,83,83 - Luny...

Exploits0
securityvulns
securityvulns
added 2006/12/20 12:0 a.m.119 views

Mozilla Foundation Security Advisory 2006-72

Mozilla Foundation Security Advisory 2006-72 Title: XSS by setting img.src to javascript: URI Impact: High Announced: December 19, 2006 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7 Description mozbugra4...

6.8CVSS0.3AI score0.03971EPSS
Exploits0
Total number of security vulnerabilities5000