Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
•added 2008/11/10 12:0 a.m.•117 views

Metrica Service Assurance Multiple Cross Site Scripting

Metrica Service Assurance Multiple Cross Site Scripting Author: Francesco Bianchino Email: [email protected] Title: Metrica Service Assurance Multiple Cross Site Scripting Vendor: IBM Summary Metrica Service Assurance Framework implements a distributed, object-oriented, J2EE-based architectur...

0.7AI score
Exploits0
securityvulns
securityvulns
•added 2008/10/23 12:0 a.m.•117 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA Advisory ID: cisco-sa-20081022-asa http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml Revision 1.0 For Public Release 2008 October 22 1600 UTC GMT Summary =====...

7.8CVSS0.9AI score0.02945EPSS
Exploits3
securityvulns
securityvulns
•added 2008/06/23 12:0 a.m.•117 views

[Full-disclosure] PHP 5.2.6 chdir(), ftok() (standard ext) safe_mode bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.6 chdir,ftok standard ext safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.05.2008 - - Public: 17.06.2008 SecurityReason Research SecurityAlert Id: 55 CVE: CVE-2008-2666 CWE: CWE-264 SecurityRisk...

5CVSS8.4AI score0.13923EPSS
Exploits2
securityvulns
securityvulns
•added 2008/02/26 12:0 a.m.•117 views

Alkacon OpenCms tree_files.jsp resource XSS

Alkacon OpenCms treefiles.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/treefiles.jsp is...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2007/05/14 12:0 a.m.•117 views

[Full-disclosure] Cross-site Scripting in EQDKP 1.3.2c and prior

In listmembers.php, $show fails to properly sanitize user-supplied input. It's non persistent XSS :-/ Example: $path-to-eqdkp/listmembers.php?show=223E3Cplaintext3E kefka kefka at kevinbeardsucks.com Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htm...

0.9AI score
Exploits0
securityvulns
securityvulns
•added 2007/04/19 12:0 a.m.•117 views

Rezervi Generic 0.9(root)Remote File Include Vulnerablities

Rezervi Generic 0.9rootRemote File Include Vulnerablities D.Script: http://www.rezervi.com/www/german/download/rezerviGenericV09.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:Path/templates/datumVonDatumBis.inc.php?root=Shell...

0.8AI score
Exploits0
securityvulns
securityvulns
•added 2007/04/16 12:0 a.m.•117 views

Back-End CMS Database Tables v0.4.7 Cross Site Scripting

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

6.7AI score
Exploits0
securityvulns
securityvulns
•added 2007/04/05 12:0 a.m.•117 views

MySpeach <= 3.0.7 Remote/Local File Inclusion Vulnerability

/======================================= | Advisory :: MySpeach = 3.0.7 | +=======================================+--------------------------------------------------------------- | | | Download link : http://www.graphiks.net/scripts-php/script-7-1-0.html | | Official website : www.graphiks.net | ...

Exploits0
securityvulns
securityvulns
•added 2007/03/02 12:0 a.m.•117 views

ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability

ZDI-07-008: Apache Tomcat JK Web Server Connector Long URL Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-008.html March 2, 2007 -- CVE ID: CVE-2007-0774 -- Affected Vendor: Apache -- Affected Products: Tomcat JK Web Server Connector 1.2.19 Tomcat JK Web Server...

7.5CVSS0.81513EPSS
Exploits8
securityvulns
securityvulns
•added 2007/01/30 12:0 a.m.•117 views

Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello - Cisco has posted a Security Response in reference to this issue at the following URL: http://www.cisco.com/warp/public/707/cisco-sr-20070129-vtp.shtml Cisco Response ============== An issue has been reported to the Cisco PSIRT involving...

6.9AI score
Exploits0
securityvulns
securityvulns
•added 2006/11/16 12:0 a.m.•117 views

Selenium FTP Server / Conxint FTP directory traversal

Directory traversal in different FTP commands...

3.1AI score
Exploits0References2Affected Software2
securityvulns
securityvulns
•added 2006/11/14 12:0 a.m.•117 views

Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability

Title : Property Pro v1.0 virLogin.asp Remote Login ByPass SQL Injection Vulnerability Author : ajann Example: http://target/path/admin/ UserName: ' union select 0,0 from admin """"""""""""""""""""" ajann,Turkey ... Im not Hacker!...

0.8AI score
Exploits0
securityvulns
securityvulns
•added 2006/10/12 12:0 a.m.•117 views

Jinzora <= 2.1 Remote File Inclusion

Jinzora = 2.1 Remote File Inclusion Download Source : http://www.jinzora.com/downloads/j2.1.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; media.php bugs ; // include classes for extending. requireonce$includepath. 'backend/classes.php'; exmple and...

0.8AI score
Exploits0
securityvulns
securityvulns
•added 2005/11/07 12:0 a.m.•117 views

Netscape Flash Player Arbitrary Code Execution Vulnerability

Description: Versions Netscape Browser 8.0.3.3 and Netscape 7.2 are vulnerable due to affected, default Flash Player version included during installation process. File NPSWF32.dll Flash v7.0.19.0 is copied to C:Program FilesNetscapeNetscape Browserplugins and C:Program FilesNetscapeNetscapeplugin...

5.1CVSS1.4AI score0.06756EPSS
Exploits1
securityvulns
securityvulns
•added 2005/07/20 12:0 a.m.•117 views

Mozilla cleartext credentials leak bug report to excuse myself (Re[2]: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein)

Dear Amit Klein AKsecurity, --Tuesday, July 19, 2005, 10:22:59 PM, you wrote to [email protected]: AKA For example, no-one expects NTLM auth to protect data in transit. Actually, it may with NTLM Session Security. AKA Few years ago Internet Explorer was patched to use NTLM authentication on...

6.9AI score
Exploits0
securityvulns
securityvulns
•added 2005/07/19 12:0 a.m.•117 views

Run any OS Command via unauthorized Oracle Forms

Name Run any OS Command via unauthorized Oracle Forms Systems Affected Oracle Web Forms 4.5, 5.0, 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 18 July 2005 V 1.00 Advisory...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2004/10/06 12:0 a.m.•117 views

Multiple cups bugs

Empty packet to UDP/631 causes browsing service to fail. Foomatic printers driver code execution, information leak from log files...

3.9AI score
Exploits0References3Affected Software1
securityvulns
securityvulns
•added 2001/04/19 12:0 a.m.•117 views

Cyberscheduler remote root compromise

====================================================================== Defcom Labs Advisory def-2000-18 Cyberscheduler remote root/execution compromise Author: Enrique A. Sanchez Montellano [email protected] Release Date: 2001-04-17...

7.9AI score
Exploits0
securityvulns
securityvulns
•added 2015/06/13 12:0 a.m.•116 views

[USN-2639-1] OpenSSL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2639-1 June 11, 2015 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.9AI score0.74483EPSS
Exploits1
securityvulns
securityvulns
•added 2015/05/12 12:0 a.m.•116 views

[CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities

Exploit Title: Landesk Management Suite RFI and CSRF vulnerabilities Product: Landesk Management Suite Vulnerable Versions: 9.5 and possible previous versions, 9.6 Tested Version: 9.5 Advisory Publication: 16/04/2015 Latest Update: 16/04/2015 Vulnerability Type: Cross-site request forgery CWE-352...

6.8CVSS7.3AI score0.03162EPSS
Exploits5
securityvulns
securityvulns
•added 2015/05/05 12:0 a.m.•116 views

ProFTPD unauthorized files access

Unauthorized files copy via modcopy...

10CVSS3.9AI score0.96803EPSS
Exploits21References1Affected Software1
securityvulns
securityvulns
•added 2015/01/19 12:0 a.m.•116 views

Two XSS vulnerabilities in Simple Security WordPress Plugin

Advisory ID: HTB23244 Product: Simple Security WordPress Plugin Vendor: MyWebsiteAdvisor Vulnerable Versions: 1.1.5 and probably prior Tested Version: 1.1.5 Advisory Publication: December 17, 2014 without technical details Vendor Notification: December 17, 2014 Public Disclosure: January 14, 2015...

4.3CVSS0.1AI score0.01618EPSS
Exploits3
securityvulns
securityvulns
•added 2014/09/21 12:0 a.m.•116 views

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following: apachemodphp Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple...

10CVSS0.7AI score0.99977EPSS
Exploits26
securityvulns
securityvulns
•added 2014/05/05 12:0 a.m.•116 views

Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities

Quarterly update fixes 144 different vulnerabilities...

10CVSS2.2AI score0.59558EPSS
Exploits27References5Affected Software33
securityvulns
securityvulns
•added 2014/03/27 12:0 a.m.•116 views

Synology DiskStation Manager code execution

Code execution via web interface...

10CVSS4.2AI score0.84571EPSS
Exploits9References1Affected Software1
securityvulns
securityvulns
•added 2014/03/24 12:0 a.m.•116 views

[ MDVSA-2014:065 ] apache

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:065 http://www.mandriva.com/en/support/security/ Package : apache Date : March 20, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and...

5CVSS8.5AI score0.26831EPSS
Exploits2
securityvulns
securityvulns
•added 2014/02/03 12:0 a.m.•116 views

SQL Injection in JV Comment Joomla Extension

Advisory ID: HTB23195 Product: JV Comment Joomla Extension Vendor: joomlavi.com Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: January 2, 2014 without technical details Vendor Notification: January 2, 2014 Vendor Patch: January 14, 2014 Public Disclosure...

4.3CVSS7.8AI score0.01391EPSS
Exploits5
securityvulns
securityvulns
•added 2013/11/18 12:0 a.m.•116 views

[security bulletin] HPSBHF02939 rev.1 - HP Integrated Lights-Out 4 (iLO4), Remote Cross Site Scripting (XSS), Unauthorized Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03996804 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03996804 Version: 1 HPSBHF02939 rev....

6.8CVSS0.7AI score0.02262EPSS
Exploits0
securityvulns
securityvulns
•added 2013/10/09 12:0 a.m.•116 views

HP Intelligent Management Center multiple security vulnerabilities

Code execution, authentication bypass, SQL injection, unauthorized access...

10CVSS2.6AI score0.62617EPSS
Exploits12References2
securityvulns
securityvulns
•added 2013/09/09 12:0 a.m.•116 views

Drupal Node View Permissions module and Flag module Vulnerabilities

The drupal security team has released the following security advisories. https://drupal.org/node/2076315 https://drupal.org/node/2076221 Regards, Daniel http://www.itsecuritycenter.com/...

0.7AI score
Exploits0
securityvulns
securityvulns
•added 2012/10/28 12:0 a.m.•116 views

Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities

Approx. 90 of diffent vulnerabilities in different applications...

10CVSS2.6AI score0.98945EPSS
Exploits56References2Affected Software12
securityvulns
securityvulns
•added 2012/09/18 12:0 a.m.•116 views

VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060)

VUPEN Security Research - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free CVE-2012-1856 / MS12-060 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems a...

9.3CVSS0.2AI score0.72119EPSS
Exploits1
securityvulns
securityvulns
•added 2012/06/03 12:0 a.m.•116 views

b2ePMS 1.0 Authentication Bypass Vulnerability

b2ePMS 1.0 Authentication Bypass Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor Information: "b2ePMS stands for Browser to Email Phone Message System. It is intended to replace the standard paper/carbon phone message slips commonly used in offices, with the capability o...

0.7AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/25 12:0 a.m.•116 views

Mozilla Foundation Security Advisory 2011-46

Mozilla Foundation Security Advisory 2011-46 Title: loadSubScript unwraps XPCNativeWrapper scope parameter 1.9.2 branch Impact: Critical Announced: November 8, 2011 Reporter: mozbugra4 Products: Firefox, Thunderbird Fixed in: Firefox 3.6.24 Thunderbird 3.1.16 Description Mozilla security research...

9.3CVSS0.01876EPSS
Exploits0
securityvulns
securityvulns
•added 2011/09/05 12:0 a.m.•116 views

Sana Net (viewpages.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Sana Net viewpages.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.sana-net.com/ Persian Gulf 4 Ever! Dork : inurl:"viewpages.php?id=" " " Exploite:...

2.8AI score
Exploits0
securityvulns
securityvulns
•added 2011/04/21 12:0 a.m.•116 views

HTB22944: Path disclousure in ZENphoto

Vulnerability ID: HTB22944 Reference: http://www.htbridge.ch/advisory/pathdisclousureinzenphoto.html Product: ZENphoto Vendor: Zenphoto http://www.zenphoto.org/ Vulnerable Version: 1.4.0.3 Vendor Notification: 07 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech...

7AI score
Exploits0
securityvulns
securityvulns
•added 2011/02/08 12:0 a.m.•116 views

[SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-0013 Apache Tomcat Manager XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.5 - - Tomcat 6.0.0 to 6.0.29 - - Tomcat 5.5.0 to 5.5.31 - - Earlier, unsupported versions may also be...

4.3CVSS5.2AI score0.10228EPSS
Exploits2
securityvulns
securityvulns
•added 2010/11/04 12:0 a.m.•116 views

BBcode XSS in eoCMS

Vulnerability ID: HTB22677 Reference: http://www.htbridge.ch/advisory/bbcodexssineocms.html Product: eoCMS Vendor: eocms.com http://eocms.com Vulnerable Version: 0.9.04 Vendor Notification: 21 October 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor Alerted, Awaiting...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2010/06/14 12:0 a.m.•116 views

[ MDVSA-2010:115 ] perl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:115 http://www.mandriva.com/security/ Package : perl Date : June 11, 2010 Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description: Multiple...

8.5CVSS8.9AI score0.03715EPSS
Exploits3
securityvulns
securityvulns
•added 2010/06/01 12:0 a.m.•116 views

GR Board v1.8.6.1 stab (page.php?theme) Remote File Inclusion Vulnerability

======================================================== GR Board v1.8.6.1 stab page.php?theme Remote File Inclusion Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 ...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2010/04/07 12:0 a.m.•116 views

MKPortal lenta module XSS Vulnerability

======================================= MKPortal lenta module XSS Vulnerability ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// // // // // //...

0.5AI score
Exploits0
securityvulns
securityvulns
•added 2010/03/23 12:0 a.m.•116 views

Harris Stratex StarMAX subscriber station running config CSRF exploit

===================================================================== Harris Stratex StarMAX subscriber station running config CSRF exploit ===================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / ...

0.8AI score
Exploits0
securityvulns
securityvulns
•added 2009/10/20 12:0 a.m.•116 views

[ MDVSA-2009:284 ] gd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:284 http://www.mandriva.com/security/ Package : gd Date : October 20, 2009 Affected: 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description: A...

9.3CVSS6.9AI score0.1021EPSS
Exploits1
securityvulns
securityvulns
•added 2009/08/17 12:0 a.m.•116 views

[ MDVSA-2009:203 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:203 http://www.mandriva.com/security/ Package : curl Date : August 15, 2009 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description: A...

7.5CVSS6.4AI score0.05741EPSS
Exploits4
securityvulns
securityvulns
•added 2008/12/15 12:0 a.m.•116 views

phpList vulnerability

phpList is a feature rich newsletter application written in PHP. phpList has a local file include vulnerability. The vulnerability has already been exploited. affected versions: any version up to including 2.10.7 fixed in version 2.10.8 Related links: www.phplist.com phpList homepage...

1.1AI score
Exploits0
securityvulns
securityvulns
•added 2008/12/14 12:0 a.m.•116 views

ASP-CMS v.1.0 Sql Injection/Database Disclosure

ASP-CMS v.1.0 Sql Injection/Database Disclosure AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...

1.2AI score
Exploits0
securityvulns
securityvulns
•added 2008/04/15 12:0 a.m.•116 views

BosNews v4.0 Remote add user admin

-------------------------------------------------------------------------------------------------------------- ----- H-T Team HouSSaMix + ToXiC350 from MoroCCo ---------------------------------------------------------...

1.2AI score
Exploits0
securityvulns
securityvulns
•added 2007/07/19 12:0 a.m.•116 views

Mozilla Foundation Security Advisory 2007-18

Mozilla Foundation Security Advisory 2007-18 Title: Crashes with evidence of memory corruption Impact: Critical Announced: July 17, 2007 Reporter: Mozilla developers and community Products: Firefox, Thunderbird and Seamonkey Fixed in: Firefox 2.0.0.5, Thunderbird 2.0.0.5 Description As part of th...

9.3CVSS0.1AI score0.02224EPSS
Exploits1
securityvulns
securityvulns
•added 2007/03/28 12:0 a.m.•116 views

HP JetDirect and HP printers buffer overflow

Buffer overflow in LIST, NLIST and RETR command of built-in FTP server...

7.8CVSS3.3AI score0.0331EPSS
Exploits1References3
securityvulns
securityvulns
•added 2007/02/27 12:0 a.m.•116 views

[Full-disclosure] Multiple SQL Injection bugs in TCS website

Hello list, The website of TCS Tata Consultancy Services is prone to multiple SQL injection bugs. I already sent them an email back in December 2006. They have not fixed the bug just yet, so Iam going to disclose the details here. http://kishfellow.blogspot.com The scripts are prone to multiple...

0.1AI score
Exploits0
Total number of security vulnerabilities5000