Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/10/16 12:0 a.m.118 views

iDefense Security Advisory 10.12.11: Apple MobileSafari Attachment Viewing Cross Site Scripting Vulnerability

iDefense Security Advisory 10.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 12, 2011 I. BACKGROUND MobileSafari is Apple's mobile we browser for iOS devices. For more information about MobileSafari, please the visit following website:...

4.3CVSS4.8AI score0.01821EPSS
Exploits1
securityvulns
securityvulns
added 2011/08/30 12:0 a.m.118 views

bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability bizConsulting prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.bizconsulting.it/ Persian Gulf 4 Ever! Dork : "Powered by: bizConsulting"...

3.3AI score
Exploits0
securityvulns
securityvulns
added 2011/08/17 12:0 a.m.118 views

[ MDVSA-2011:126 ] java-1.6.0-openjdk

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:126 http://www.mandriva.com/security/ Package : java-1.6.0-openjdk Date : August 15, 2011 Affected: 2009.0, 2010.1, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities were discovered and...

10CVSS9.1AI score0.06277EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/05 12:0 a.m.118 views

ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability

ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-115 April 1, 2011 -- CVSS: 9.3, AV:N/AC:M/Au:N/C:C/I:C/A:C -- Affected Vendors: IBM -- Affected Products: IBM solidDB -- TippingPointTM IPS Customer...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2010/04/07 12:0 a.m.118 views

MKPortal lenta module XSS Vulnerability

======================================= MKPortal lenta module XSS Vulnerability ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// // // // // //...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2010/01/19 12:0 a.m.118 views

Code to mitigate IE event zero-day (CVE-2010-0249)

Here's a mitigation for the CVE-2010-0249 IE createEventObject srcElement zero-day. Quite simply, it just disables the createEventObject method by mangling its name in memory. If anyone knows an important web application that uses createEventObject, please respond to the mailing list. Use this co...

9.3CVSS0.3AI score0.91885EPSS
Exploits16
securityvulns
securityvulns
added 2010/01/19 12:0 a.m.118 views

0day vulnerability Sogou input method to obtain system privileges

0day vulnerability Sogou input method to obtain system privileges Vulnerability: Do not intend to found a very serious vulnerability, and the year 3389 input loophole similar.However, no system was not being loaded does not affect input method logged in system. If the remote server installed ,...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2009/04/03 12:0 a.m.118 views

OSCommerce Session Fixation Vulnerability

There is a flaw in the way OSCommerce handles sessions. When a client visits a OSCommerce web page, the server sends a cookie. That cookie will be the session cookie for every further requests. Thus, once logged in, the cookie will be used to authenticate the user. When logging in without cookies...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2008/12/14 12:0 a.m.118 views

ASP-CMS v.1.0 Sql Injection/Database Disclosure

ASP-CMS v.1.0 Sql Injection/Database Disclosure AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2008/10/23 12:0 a.m.118 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA Advisory ID: cisco-sa-20081022-asa http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml Revision 1.0 For Public Release 2008 October 22 1600 UTC GMT Summary =====...

7.8CVSS0.9AI score0.02945EPSS
Exploits3
securityvulns
securityvulns
added 2008/03/25 12:0 a.m.118 views

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

Discovered By : Arsalan Emamjomehkashan aeries browser interfaceABI 3.8.3.14 Remote SQL Injection Website:http://aeries.com/ SQL injection: GradebookOptions.asp?GrdBk=SQL loginproc.asp If you post variable "SchlCode" XSS: UserName variable on loginproc.asp and usr on Login.asp...

3.3AI score
Exploits0
securityvulns
securityvulns
added 2008/02/26 12:0 a.m.118 views

Alkacon OpenCms tree_files.jsp resource XSS

Alkacon OpenCms treefiles.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/treefiles.jsp is...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/12/05 12:0 a.m.118 views

[ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability

ECHOADV86$2007 ----------------------------------------------------------------------------------------- ECHOADV86$2007 Mambo/Joomla Component rsgallery = 2.0 beta 5 catid Remote SQL Injection Vulnerability -----------------------------------------------------------------------------------------...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.118 views

Mozilla Foundation Security Advisory 2007-25

Mozilla Foundation Security Advisory 2007-25 Title: XPCNativeWrapper pollution Impact: Moderate Announced: July 17, 2007 Reporter: shutdown and mozbugra4 Products: Firefox Fixed in: Firefox 2.0.0.5 Description shutdown and mozbugra4 reported two separate ways to modify an XPCNativeWrapper such th...

9.3CVSS9.3AI score0.03799EPSS
Exploits1
securityvulns
securityvulns
added 2007/06/26 12:0 a.m.118 views

SHTTPD V1.38 server source code disclosure

SHTTPD V1.38 server source code disclosure ------------------------------------ link:http://shttpd.sourceforge.net/ info: The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/05/25 12:0 a.m.118 views

SQL-Injection in IP-TRACKING Mod for phpBB2.0.x

Information: The IP-Tracking Mod is a Extension for phpBB2.0.x which logs all Page hits the user of the Boards do including Referer, IP and Username. It contains a SQL-Injection on Admin-Level. You can get it from: http://www.phpbb.de/viewtopic.php?t=63690&postdays=0&postorder=asc&start=0 Steps t...

7AI score
Exploits0
securityvulns
securityvulns
added 2007/04/16 12:0 a.m.118 views

Back-End CMS Database Tables v0.4.7 Cross Site Scripting

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2007/04/04 12:0 a.m.118 views

Microsoft Windows animated cursors buffer overflow

Stack buffer overflow stack overrun is actively used for hidden malware installation...

10CVSS4.6AI score0.7288EPSS
Exploits24References7
securityvulns
securityvulns
added 2007/03/02 12:0 a.m.118 views

ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability

ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-008.html March 2, 2007 -- CVE ID: CVE-2007-0774 -- Affected Vendor: Apache -- Affected Products: Tomcat JK Web Server Connector 1.2.19 Tomcat JK Web Server...

7.5CVSS0.81513EPSS
Exploits8
securityvulns
securityvulns
added 2007/02/15 12:0 a.m.118 views

CodeAvalanche News SQL Injection

CodeAvalanche News SQL Injection Software: CodeAvalanche News Download: http://www.aspindir.com/indir.asp?id=3315 Risk: High Found by: beks http://target/path/inclistnews.asp?CATID=17+union+select+0,0,0,0,Password+from+Params...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/01/18 12:0 a.m.118 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.5AI score0.03279EPSS
Exploits6References5Affected Software9
securityvulns
securityvulns
added 2006/12/28 12:0 a.m.118 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.5AI score0.02896EPSS
Exploits0References3Affected Software2
securityvulns
securityvulns
added 2006/10/12 12:0 a.m.118 views

Jinzora <= 2.1 Remote File Inclusion

Jinzora = 2.1 Remote File Inclusion Download Source : http://www.jinzora.com/downloads/j2.1.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; media.php bugs ; // include classes for extending. requireonce$includepath. 'backend/classes.php'; exmple and...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2005/04/14 12:0 a.m.118 views

Internet Explorer wininet.dll URL parsing memory corruption details

Vendor: Microsoft Software: Internet Explorer 6.0, 5.5, 5.01 Problem: Memory corruption, code execution Remote: Yes Risk Level: Medium to low hard to exploit Authors: Axle ICQ 755756 bug discovery 3APA3A, http://www.security.nnov.ru/ bug research Original URL:...

7.5CVSS0.1AI score0.5791EPSS
Exploits0
securityvulns
securityvulns
added 2004/10/06 12:0 a.m.118 views

Multiple cups bugs

Empty packet to UDP/631 causes browsing service to fail. Foomatic printers driver code execution, information leak from log files...

3.9AI score
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2004/04/14 12:0 a.m.118 views

US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Microsoft Products Original release date: April 13, 2004 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows Operating Systems Microsoft Windows Remote Procedure Call RPC and Distributed Component Object Mod...

10CVSS0.5AI score0.8615EPSS
Exploits17
securityvulns
securityvulns
added 2001/05/23 12:0 a.m.118 views

Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator

Post date: 05/22/01 Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator Overview A potential security vulnerability has been discovered in Applications Desktop Integrator ADI version 7.X for Oracle E-Business Suite Release 11i. A debug version of the FNDPUB11I.DLL...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2001/05/23 12:0 a.m.118 views

Ошибки в Cisco 600 (TCP/IP stack problems)

Различные ошибки реализации стека TCP/IP...

1.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/04/19 12:0 a.m.118 views

Cyberscheduler remote root compromise

====================================================================== Defcom Labs Advisory def-2000-18 Cyberscheduler remote root/execution compromise Author: Enrique A. Sanchez Montellano [email protected] Release Date: 2001-04-17...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2001/03/31 12:0 a.m.118 views

Security Hole In Shareplex

Security Hole in Shareplex 2.x ------------------------------ Summary ------- Shareplex Quest Software's product for Oracle database replication contains a security hole which can allow local users to read any file on the system, effectively bypassing the permissions set at the OS level. Details...

2.5AI score
Exploits0
securityvulns
securityvulns
added 2000/06/17 12:0 a.m.118 views

Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability USSR Advisory Code: USSR-2000047 Release Date: June 16, 2000 Systems Affected: Small HTTP Server ver. 1.212 maybe others THE PROBLEM The Ussr Labs team has recently discovered a buffer...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2015/06/13 12:0 a.m.117 views

[USN-2639-1] OpenSSL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2639-1 June 11, 2015 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.9AI score0.74483EPSS
Exploits1
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.117 views

ProFTPD unauthorized files access

Unauthorized files copy via modcopy...

10CVSS3.9AI score0.96803EPSS
Exploits21References1Affected Software1
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.117 views

WebKitGTK+ Security Advisory WSA-2015-0001

------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL :...

10CVSS4.6AI score0.34782EPSS
Exploits12
securityvulns
securityvulns
added 2014/10/18 12:0 a.m.117 views

TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack

NCCIC / US-CERT National Cyber Awareness System: TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack 10/17/2014 12:27 PM EDT Original release date: October 17, 2014 Systems Affected All systems and applications utilizing the Secure Socket Layer SSL 3.0 with cipher-block chaining CBC mode...

4.3CVSS0.7AI score0.99999EPSS
Exploits7
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.117 views

Linux kernel multiple security vulnerabilities

Memory corruptions in STCP, DCCP and CIFS, KVM and pseudo tty privilege escalations, DoS...

10CVSS2.7AI score0.22475EPSS
Exploits29References8Affected Software1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.117 views

ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks

ESA-2012-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST Browser Exploit Against SSL/TLS attacks EMC Identifier: ESA-2012-032 CVE Identifier: CVE-2011-3389 Severity Rating: CVSS v2 Base Score: 4.3...

4.3CVSS0.1AI score0.73327EPSS
Exploits4
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.117 views

SQL Injection in appRain

Advisory ID: HTB23177 Product: appRain Vendor: appRain Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: October 9, 2013 without technical details Vendor Notification: October 9, 2013 Public Disclosure: November 6, 2013 Vulnerability Type: SQL Injection...

7.5CVSS0.2AI score0.0248EPSS
Exploits7
securityvulns
securityvulns
added 2013/11/18 12:0 a.m.117 views

[security bulletin] HPSBHF02939 rev.1 - HP Integrated Lights-Out 4 (iLO4), Remote Cross Site Scripting (XSS), Unauthorized Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03996804 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03996804 Version: 1 HPSBHF02939 rev....

6.8CVSS0.7AI score0.02262EPSS
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.117 views

Drupal Node View Permissions module and Flag module Vulnerabilities

The drupal security team has released the following security advisories. https://drupal.org/node/2076315 https://drupal.org/node/2076221 Regards, Daniel http://www.itsecuritycenter.com/...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2013/08/28 12:0 a.m.117 views

Oracle Java multiple security vulnerabilities

40 different vulnerabilities...

10CVSS2.4AI score0.98704EPSS
Exploits32References4Affected Software2
securityvulns
securityvulns
added 2013/08/12 12:0 a.m.117 views

SEC Consult SA-20130805-0 :: Vodafone EasyBox Default WPS PIN Algorithm Weakness

SEC Consult Vulnerability Lab Security Advisory 20130805-0 ======================================================================= title: Vodafone EasyBox Default WPS PIN Algorithm Weakness product: EasyBox 802 & EasyBox 803 vulnerable version: EasyBox 802 - all versions EasyBox 803 - Production...

Exploits0
securityvulns
securityvulns
added 2013/07/29 12:0 a.m.118 views

Microsoft Windows multiple security vulnerabilities

Multiple vulnerabilities in .Net and Silverlight, multiple kernel components vulnerabilities, GDI+ TrueType parsing memory corruption, DirectShow memory corruption, VMW parsing memory corruption, multiple Internet Explorer memory corruption, Windows Defender privilege escalation...

9.3CVSS3.2AI score0.70676EPSS
Exploits42References1Affected Software1
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.117 views

Re: Cisco/Linksys E1200 N300 Reflected XSS

Mitre has assigned the following CVE for this issue: CVE-2013-2679 On Mon, Apr 29, 2013 at 12:27 AM, Carl Benedict [email protected] wrote: Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently...

0.9AI score0.19646EPSS
Exploits6
securityvulns
securityvulns
added 2013/04/12 12:0 a.m.117 views

Microsoft Windows multiple security vulnerabilities

Multiple privilege escalations in kernel, CSRSS and drivers...

7.2CVSS4.3AI score0.04625EPSS
Exploits6Affected Software1
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.117 views

[USN-1779-1] GNOME Online Accounts vulnerability

========================================================================== Ubuntu Security Notice USN-1779-1 March 25, 2013 gnome-online-accounts vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

4.3CVSS0.4AI score0.01362EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.117 views

Stored XSS in Terillion Reviews Wordpress Plugin

CVE Assigned-CVE-2013-2501 Exploit Title : Stored XSS in Terillion Reviews Plugin Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 08/03/13 Software link: http://wordpress.org/extend/plugins/terillion-reviews/ The Terillion Reviews Plugin in Wordpress...

4.3CVSS0.3AI score0.05268EPSS
Exploits2
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.117 views

[SECURITY] [DSA 2620-1] rails security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2620-1 [email protected] http://www.debian.org/security/ Florian Weimer February 12, 2013 http://www.debian.org/security/faq -...

10CVSS1.2AI score0.07497EPSS
Exploits2
securityvulns
securityvulns
added 2012/12/07 12:0 a.m.117 views

CVE-2012-4534 Apache Tomcat denial of service

CVE-2012-4534 Apache Tomcat denial of service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.27 - Tomcat 6.0.0 to 6.0.35 Description: When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading...

2.6CVSS0.2AI score0.07452EPSS
Exploits1
securityvulns
securityvulns
added 2012/09/18 12:0 a.m.117 views

VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060)

VUPEN Security Research - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free CVE-2012-1856 / MS12-060 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems a...

9.3CVSS0.2AI score0.72119EPSS
Exploits1
Total number of security vulnerabilities5000