Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2003/08/06 12:0 a.m.121 views

Windows drivers privilege escalation

During access to driver memory range for input/output buffers is not checked...

5.9AI score
Exploits0References3Affected Software2
securityvulns
securityvulns
added 2000/10/26 12:0 a.m.121 views

Security Bulletin (MS00-081)

Microsoft Security Bulletin MS00-081 - -------------------------------------- Patch Available for New Variant of "VM File Reading" Vulnerability Originally posted: October 25, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoftr virtual...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/09/02 12:0 a.m.121 views

UW c-client library vulnerability

It seems, that c-client libraries by University of Washington have some bugs, that makes some programs that depend upon those libraries go crazy. AFAIK affected programs include at least Pine read "pain", ipop3d and IMAPD. And those programs and libraries are commonly used in Unixes. I don't know...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.120 views

EMC Secure Remote Services Virtual Edition multiple security vulnerabilities

Code execution, SQL injection, buffer overflow...

10CVSS4.2AI score0.94859EPSS
Exploits34References6Affected Software2
securityvulns
securityvulns
added 2015/04/13 12:0 a.m.120 views

Apple Mac OS X multiple security vulnerabilities

80 different vulnerabilities...

10CVSS2.1AI score0.98685EPSS
Exploits59References2Affected Software1
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.120 views

[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-011 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date:...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.120 views

Ahrareandeysheh CMS Cross-Site Scripting Vulnerability

Ahrareandeysheh CMS All version suffers from a Cross-Site Scripting Vulnerability @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2014/10/13 12:0 a.m.120 views

bash code execution

It's possible to place a function into content of any environment variable...

10CVSS4.1AI score0.99999EPSS
Exploits158References13Affected Software1
securityvulns
securityvulns
added 2014/05/30 12:0 a.m.120 views

OpenSSL security vulnerabilities

Information leakage, key recovery. This vulnerability is actively used in-the-wild...

5CVSS2.3AI score0.99999EPSS
Exploits89References44Affected Software41
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.120 views

APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4 Safari 6.1.4 and Safari 7.0.4 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact...

7.5CVSS0.1AI score0.03252EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.120 views

FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:09.openssl Security Advisory The FreeBSD Project Topic: OpenSSL use-after-free vulnerability Category: contrib Module: openssl Announced: 2014-04-30 Affects:...

4CVSS7.5AI score0.34132EPSS
Exploits0
securityvulns
securityvulns
added 2014/03/31 12:0 a.m.120 views

EMC VPLEX multiple security vulnerabilities

Directory traversal, protection bypass...

9CVSS3.3AI score0.73327EPSS
Exploits8References1Affected Software1
securityvulns
securityvulns
added 2014/02/28 12:0 a.m.120 views

[SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 6.0.33 to 6.0.37 Description: Previous fixes to path parameter handling 1 introduc...

4.3CVSS0.1AI score0.09895EPSS
Exploits1
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.120 views

EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution

EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution tested against: Microsoft Windows Server 2008 r2 sp1 EMC Data Protection Advisor 5.8 sp5 vulnerability: the "DPA Illuminator" service DPAIlluminator.exe listening on public port 8090 tcp/http and 8453 tcp/https is...

4AI score
Exploits0
securityvulns
securityvulns
added 2013/11/18 12:0 a.m.120 views

Android su applications privilege escalation

Unsafe environment variables and file descriptors usage...

10CVSS4.6AI score0.016EPSS
Exploits9References3Affected Software2
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.120 views

[CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities

Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Watchguard Server Center Vendor URL: www.watchguard.com Type: Cross-Site Scripting CWE-79 Date...

4.3CVSS0.3AI score0.00974EPSS
Exploits2
securityvulns
securityvulns
added 2013/08/28 12:0 a.m.120 views

Oracle Java multiple security vulnerabilities

40 different vulnerabilities...

10CVSS2.4AI score0.98704EPSS
Exploits32References4Affected Software2
securityvulns
securityvulns
added 2013/07/16 12:0 a.m.120 views

Re: [ MDVSA-2013:195 ] php

Hey guys, Related to this I?ve found a proof of concept test script: php -r 'xmlparseintostructxml parsercreatens, strrepeat"blah", 1000, $b;' Gabe twitter: @gmaggiotti On Mon, Jul 15, 2013 at 3:41 AM, [email protected] wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux...

6.8CVSS8.1AI score0.05186EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.120 views

[Foreground Security 2013-001]: Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability

Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting XSS vulnerability ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2013-001 - Original release date: July 10, 2013 - Discovered by: Adam Willard Software Security Analyst at Foreground...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/07/01 12:0 a.m.120 views

CVE-2013-2155: Apache Santuario C++ denial of service vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-2155: Apache Santuario XML Security for C++ contains denial of service and hash length bypass issues while processing HMAC signatures Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache Santuario XML Security...

5.8CVSS0.4AI score0.06348EPSS
Exploits0
securityvulns
securityvulns
added 2012/12/10 12:0 a.m.120 views

ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities

ESA-2012-052.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-052: RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities EMC Identifier: ESA-2012-052 CVE Identifier: CVE-2012-4608 CVE Identifier: CVE-2012-4609 Severity Rating: CVSS v2 Base Score: 6. 8...

6.8CVSS0.4AI score0.00958EPSS
Exploits0
securityvulns
securityvulns
added 2012/12/03 12:0 a.m.120 views

ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities

ESA-2012-057.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities EMC Identifier: ESA-2012-057 CVE Identifier: CVE-2012-4614 CVE Identifier: CVE-2012-4615 Severity Rating: CVSS v2 Base Score: See below for individual...

9.3CVSS0.6AI score0.02281EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/19 12:0 a.m.120 views

[SE-2012-01] Security vulnerabilities in IBM Java

Hello All, Security Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software 1. This is IBM 2 implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can lead t...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/07/11 12:0 a.m.120 views

Checkpoint Abra - Vulnerabilities

Check Point Abra Vulnerabilities Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Authors: Belov V., Komarov A. Group-IB Summary: Check Point Abra allow...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.120 views

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-305 October 26, 2011 -- CVE ID: CVE-2011-3544 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

10CVSS9.7AI score0.96714EPSS
Exploits13
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.120 views

ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability

ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-306 October 26, 2011 -- CVE ID: CVE-2011-3521 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java...

10CVSS1.1AI score0.03932EPSS
Exploits1
securityvulns
securityvulns
added 2011/08/12 12:0 a.m.120 views

Mambo CMS 4.6.x (4.6.5) | SQL Injection

Mambo CMS 4.6.x 4.6.5 | SQL Injection 1. OVERVIEW Mambo CMS 4.6.5 and lower versions are vulnerable to SQL Injection. 2. BACKGROUND Mambo is a full-featured, award-winning content management system that can be used for everything from simple websites to complex corporate applications. It is used...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.120 views

ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability

ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-187 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

10CVSS0.6AI score0.06277EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/03 12:0 a.m.120 views

HTB22856: XSS vulnerability in Pragyan CMS

Vulnerability ID: HTB22856 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinpragyancms1.html Product: Pragyan CMS Vendor: Pragyan Team http://sourceforge.net/projects/pragyan/ Vulnerable Version: v.3.0 beta Vendor Notification: 17 February 2011 Vulnerability Type: Stored XSS Cross Sit...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/02/02 12:0 a.m.120 views

[USN-1055-1] OpenJDK vulnerabilities

=========================================================== Ubuntu Security Notice USN-1055-1 February 01, 2011 openjdk-6, openjdk-6b18 vulnerabilities CVE-2010-4351, CVE-2011-0025 =========================================================== A security issue affects the following Ubuntu releases:...

6.8CVSS9.3AI score0.02578EPSS
Exploits0
securityvulns
securityvulns
added 2010/09/27 12:0 a.m.120 views

[USN-989-1] PHP vulnerabilities

=========================================================== Ubuntu Security Notice USN-989-1 September 20, 2010 php5 vulnerabilities CVE-2010-0397, CVE-2010-1128, CVE-2010-1129, CVE-2010-1130, CVE-2010-1866, CVE-2010-1868, CVE-2010-1917, CVE-2010-2094, CVE-2010-2225, CVE-2010-2531, CVE-2010-2950,...

7.5CVSS0.6AI score0.12652EPSS
Exploits11
securityvulns
securityvulns
added 2010/07/15 12:0 a.m.120 views

CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...

6.4CVSS5.8AI score0.06509EPSS
Exploits1
securityvulns
securityvulns
added 2010/04/12 12:0 a.m.120 views

Secunia Research: Pulse CMS Arbitrary File Upload Vulnerability

====================================================================== Secunia Research 08/04/2010 - Pulse CMS Arbitrary File Upload Vulnerability - ====================================================================== Table of Contents Affected...

6CVSS0.9AI score0.0156EPSS
Exploits0
securityvulns
securityvulns
added 2009/07/26 12:0 a.m.120 views

Oracle CPUjul2009

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi. Information about four vulnerabilities patched in Oracle CPUjul2009: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html ... is published at: CVE-2009-1970: http://blogs.conus.info/node/26 CVE-2009-1963...

9CVSS0.5AI score0.12249EPSS
Exploits3
securityvulns
securityvulns
added 2009/07/03 12:0 a.m.120 views

[ISecAuditors Security Advisories] Joomla! < 1.5.12 Multiple XSS vulnerabilities in HTTP Headers

============================================= INTERNET SECURITY AUDITORS ALERT 2009-007 - Original release date: June 30th, 2009 - Last revised: July 2nd, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.8/10 CVSS Base Score ============================================= I. VULNERABILITY...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2008/12/16 12:0 a.m.120 views

About the security content of Security Update 2008-008 / Mac OS X v10.5.6

About the security content of Security Update 2008-008 / Mac OS X v10.5.6 Last Modified: December 15, 2008 Article: HT3338 Summary This document describes the security content of Security Update 2008-008 / Mac OS X v10.5.6, which can be downloaded and installed via Software Update preferences, or...

10CVSS0.2AI score0.18795EPSS
Exploits4
securityvulns
securityvulns
added 2008/06/05 12:0 a.m.120 views

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Multiple Command Injection Vulnerabilities

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

7.5CVSS0.8AI score0.03194EPSS
Exploits0
securityvulns
securityvulns
added 2008/06/05 12:0 a.m.120 views

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Authorization Bypass Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

7.5CVSS0.03268EPSS
Exploits0
securityvulns
securityvulns
added 2008/03/26 12:0 a.m.120 views

Mozilla Foundation Security Advisory 2008-18

Mozilla Foundation Security Advisory 2008-18 Title: Java socket connection to any local port via LiveConnect Impact: High Announced: March 25, 2008 Reporter: Gregory Fleischer Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.13 SeaMonkey 1.1.9 Description Security researcher Gregory Fleischer...

9.3CVSS2.2AI score0.05684EPSS
Exploits1
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.120 views

joomla SQL Injection(com_idvnews)

joomla SQL Injectioncomidvnews AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl:"comidvnews"catid DORK 2 : allinurl: EXPLOIT :...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/11/29 12:0 a.m.120 views

PHPSlideShow XSS Update

Vendor Site: http://www.zinkwazi.com/wp/scripts/ Version affected: 0.9.9.2 URL:http://www.example.com/scripts/demo/phpslideshow.php?directory=photos BID ref: 26576 By Jose Luis Gуngora Fernбndez PHPSlideShow is also susceptible the following inputs:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2007/11/05 12:0 a.m.120 views

OpenBSD DHCP server buffer overflow

Integer overflow with "maximum message size" option leads to buffer overflow...

10CVSS3.6AI score0.80265EPSS
Exploits7References1Affected Software1
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.120 views

Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities

================================================== Joomla/Mambo Component Taskhopper 1.1 /inc/ mosConfigabsolutepath RFI ================================================== Found By : Cold z3ro , [email protected] ================================================== Homepage: www.Hack-Teach.com...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/01/18 12:0 a.m.120 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.5AI score0.03279EPSS
Exploits6References5Affected Software9
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.120 views

LunarPoll (PollDir) Remote File Include Vulnerabilities

------------------------------------------------------------------------------------------------------------------- AYYILDIZ.ORG PreSents... Script:LunarPoll Script Download: dexxaboy.com/scripts/lunarpoll/download/ Contact: ilker Kandemir ilkerkandemiratmynet.com Code:...

3.4AI score
Exploits0
securityvulns
securityvulns
added 2006/09/28 12:0 a.m.120 views

Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit

============================================================================================== Kietu? = v4.0.0b2z urlhit Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Download from :...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/09/18 12:0 a.m.120 views

SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include

SolpotCrew Community phpBB XS phpbbrootpath Remote File Include Download file : http://www.phpbbxs.eu/dload.php?action=category&catid=2 Bug Found By : NoGe a.k.a dajackass contact: [email protected] Website : http://nyubicrew.org/adv/Nogeadv02.txt Greetz: skulmaticthanks for sharing knowledge...

Exploits0
securityvulns
securityvulns
added 2006/09/14 12:0 a.m.120 views

DCP-Portal SE 6.0 multiple injections

Hello,, DCP-Portal SE 6.0 multiple injections Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] sql injections if magicqoutesgpc = off // lostpassword.php you can recive the reset password email on your email for any user you...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/05/17 12:0 a.m.120 views

[SA20136] FreeFTPd SFTP Key Exchange Algorithm String Buffer Overflow

TITLE: FreeFTPd SFTP Key Exchange Algorithm String Buffer Overflow SECUNIA ADVISORY ID: SA20136 VERIFY ADVISORY: http://secunia.com/advisories/20136/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: From remote SOFTWARE: FreeFTPd 1.x http://secunia.com/product/6138/ DESCRIPTION: A...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2004/11/01 12:0 a.m.120 views

Sun Java System Web Proxy Server buffer overflow

No description provided...

3.3AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities5000