Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2013/03/11 12:0 a.m.114 views

[security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03684249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03684249 Version: 1 HPSBPI02851...

8.8CVSS0.0246EPSS
Exploits0
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.114 views

Multiple Vulnerabilities in Linksys E1500/E2500

Device Name: Linksys E1500 / E2500 Vendor: Linksys ============ Device Description: ============ The Linksys E1500 is a Wireless-N Router with SpeedBoost. It lets you access the Internet via a wireless connection or through one of its four switched ports. You can also use the Linksys E1500 to sha...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2013/02/04 12:0 a.m.114 views

Kohana Framework v2.3.3 - Directory Traversal Vulnerability

Title: ====== Kohana Framework v2.3.3 - Directory Traversal Vulnerability Date: ===== 2013-01-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=841 VL-ID: ===== 837 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: ============...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.114 views

ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities

ESA-2012-029.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2012-029 CVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131 Severity Rating: See below for scores for individual issues Affected Products: All versio...

7.5CVSS0.5AI score0.73327EPSS
Exploits12
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.114 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.04697EPSS
Exploits34References28Affected Software25
securityvulns
securityvulns
added 2012/09/02 12:0 a.m.114 views

[SE-2012-01] New security issue affecting Java SE 7 Update 7

Hello All, Yesterday, an out-of-band patch was released by Oracle 1, which among other things incorporated fixes for the issues exploited by the recent Java SE 7 attack code ClassFinder / MethodFinder bugs. One of the fixes incorporated in the released update also addressed the exploitation vecto...

10CVSS9.6AI score0.98536EPSS
Exploits10
securityvulns
securityvulns
added 2012/08/13 12:0 a.m.114 views

[SECURITY] [DSA 2522-1] fckeditor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2522-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez August 05, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.8AI score0.04251EPSS
Exploits2
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.114 views

CakePHP 2.x-2.2.0-RC2 XXE Injection

Exploit title: CakePHP XXE injection Date: 01.07.2012 Software Link: http://www.cakephp.org Vulnerable version: 2.x - 2.2.0-RC2 Tested on: Windows and Linux Author: Pawel Wylecial http://h0wl.pl 1. Background Short description from the project website: "CakePHP makes building web applications...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.114 views

'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)

'PHP Grade Book' Unauthenticated SQL Database Export CVE-2012-1670 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the entire application database by...

5CVSS6.7AI score0.07755EPSS
Exploits6
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.114 views

NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI

Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/01/20 12:0 a.m.114 views

Microsoft Anti-XSS Library Bypass (MS12-007)

Introduction ------------- Microsoft Anti-XSS Library is used to protect applications from Cross-Site Scripting attacks, by providing methods for input sanitization. Vulnerability ------------- Microsoft Anti-XSS Library 3.0 and 4.0 are vulnerable to an attack in which an attacker is able to crea...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/01/09 12:0 a.m.114 views

OpenKM 5.1.7 OS Command Execution (XSRF based)

COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.114 views

Multiple vulnerabilities in Browser CRM

Vulnerability ID: HTB23059 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinbrowsercrm.html Product: Browser CRM Vendor: BrowserCRM Limited http://www.browsercrm.com Vulnerable Version: 5.100.01 and probably prior Tested Version: 5.100.01 Vendor Notification: 23 November 2011...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/12/04 12:0 a.m.114 views

Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress 1-jquery-photo-gallery-slideshow-flash plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team http://irist.ir/forum/ Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.114 views

FootBall Cms (view_table_lig.php?group) XSS Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD XSS Vulnerability FootBall Cms viewtablelig.php?group AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "inurl:viewtablelig.php?group=" Exploite: www.victim.com/viewtablelig.php?group=1&namelig=XSS...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2011/04/21 12:0 a.m.114 views

[security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Se

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02738731 Version: 1 HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager SIM for HP-UX, Linux, and Windows, Remote Cross Site Scripting XSS, Cross Site Request Forgery CSRF, Execution of...

9.3CVSS0.5AI score0.21599EPSS
Exploits4
securityvulns
securityvulns
added 2011/04/06 12:0 a.m.114 views

StartSite.ir Cross-site Scripting Vulnerability

------------In The Name Of God------------ StartSite.ir Cross-site Scripting Vulnerability AUTHOR: md.r00t Mail: [email protected] Website: www.r00t.gigfa.com Forum: http://ajaxtm.com/forum Google D0rk: "Powered by StartSite.ir" xss EXPLOIT: scriptalert/0//script script...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2011/04/05 12:0 a.m.114 views

HTB22912: Multiple SQL Injections in Eleanor CMS

Vulnerability ID: HTB22912 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionsineleanorcms.html Product: Eleanor CMS Vendor: Eleanor CMS http://eleanor-cms.ru/ Vulnerable Version: rc5 Vendor Notification: 22 March 2011 Vulnerability Type: SQL Injection Status: Fixed by Vendor Risk...

1AI score
Exploits0
securityvulns
securityvulns
added 2011/02/03 12:0 a.m.114 views

Majordomo2 - Directory Traversal (SMTP/HTTP)

Original Advisory: https://sitewat.ch/en/Advisory/View/1 Credit: Michael Brooks https://sitewat.ch Vulnerability: Directory Traversal Software: Majordomo2 Identifier:CVE-2011-0049 Vendor: http://www.mj2.org/ Affected Build: 20110121 and prior Special thanks to Dave Miller, Reed Loden and the rest...

5CVSS1.3AI score0.95388EPSS
Exploits10
securityvulns
securityvulns
added 2011/01/28 12:0 a.m.114 views

Microsoft IIS 6 parsing directory “x.asp” Vulnerability

Microsoft IIS 6 parsing directory Vulnerability Discovered by: Pouya daneshmand whhiranATyahooDOTcom http://securitylab.ir/blog Introduction: Using this vulnerability you can bypass some Security filters, for example a file with “.jpg” or “.rar” extension can be executed as an asp Active Server...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/11/18 12:0 a.m.114 views

vBulletin 4.0.8 - Persistent XSS via Profile Customization

vBulletin - Persistent Cross Site Scripting via Profile Customization Versions Affected: 4.0.8 3.8. is not vulnerable. Info: Content publishing, search, security, and more— vBulletin has it all. Whether it’s available features, support, or ease-of-use, vBulletin offers the most for your money...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2010/04/09 12:0 a.m.114 views

MKPortal Recommend module XSS Vulnerability

=========================================== MKPortal Recommend module XSS Vulnerability =========================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// //...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2010/02/04 12:0 a.m.114 views

Tinypug Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: Tinypug Multiple Vulnerabilities Vendor: http://platformassociates.com/ project hosted at http://code.google.com/p/tinypug/ Vulnerable Version: 0.9.5 and prior versions Exploitation: Remote with browser Fix: N/A - Description: Tinypug is a...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/12/16 12:0 a.m.114 views

[ISecAuditors Security Advisories] WP-Forum <= 2.3 SQL Injection vulnerabilities

============================================= INTERNET SECURITY AUDITORS ALERT 2009-010 - Original release date: September 28th, 2009 - Last revised: December 15th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3703 - Severity: 8.5/10 CVSS Base Score...

7.5CVSS0.2AI score0.02626EPSS
Exploits9
securityvulns
securityvulns
added 2009/11/05 12:0 a.m.114 views

ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability

ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-079 November 4, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPointTM IPS Customer Protection: TippingPoint IPS...

Exploits0
securityvulns
securityvulns
added 2009/10/28 12:0 a.m.114 views

Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point. Aruba Advisory ID: AID-102609 Revision: 1.0 For Public Release on 10/26/2009...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2009/04/10 12:0 a.m.114 views

net2ftp <= 0.97 Cross-Site Scripting/Request Forgery

=cicatriz [email protected]==advisories= / / / / // / / // / o / / .-/ =net2ftp = 0.97 Cross-Site Scripting/Request Forgery==/= == =Advisory & Vulnerability Information=== Title: net2ftp = 0.97 Cross-Site Scripting/Request Forgery Advisory ID: VUDO-2009-0804 Advisory URL:...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2008/09/20 12:0 a.m.114 views

PHP pro bid v 6.04 SQL injection

Affected software: PHP pro bid v 6.04 as at 2008-09-11 Vendor description: The Leading Proffessional sic Auction Script Software available online today written in PHP/ Mysql Impact: SQL injection Description: categories.php and other pages of php pro bid accept user-supplied order-by and ASC/DESC...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2008/09/10 12:0 a.m.114 views

ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability

ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-055 September 9, 2008 -- CVE ID: CVE-2008-3015 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Windows XP Microsoft Windows Server 2008 Microsoft Windows...

9.3CVSS1.3AI score0.39272EPSS
Exploits1
securityvulns
securityvulns
added 2008/03/26 12:0 a.m.114 views

Mozilla Foundation Security Advisory 2008-15

Mozilla Foundation Security Advisory 2008-15 Title: Crashes with evidence of memory corruption rv:1.8.1.13 Impact: Critical Announced: March 25, 2008 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.13 Thunderbird 2.0.0.13 SeaMonkey 1.1....

6.8CVSS1.5AI score0.03373EPSS
Exploits1
securityvulns
securityvulns
added 2008/01/31 12:0 a.m.114 views

[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14

waraxe-2008-SA066 - Multiple Vulnerabilities in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 31. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-66.html Target software description:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/09/13 12:0 a.m.114 views

CS Guestbook Admin Name & Md5 Security Vuln

By Cr@zyKing http://ayyildiz.org Ayyildiz Team nternationel Force Cs Guestbook admin name & admin hass md5 vuln. http://xxx.com/base/usr/0.php admin name & md5 http://xxx.com/mod.php - go to admin panel Md5 Cracking : gdataonline.com & milw0rm.com Greatz : Eno7 , TamTurk , Metlak , Blackwolf ,...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/08/10 12:0 a.m.114 views

Education_info/edu_view.asp sql injection

Educationinfo/eduview.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam all members thx 3APA3A spec.note : "Live The Life" cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc 1-...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.114 views

Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768)

Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer 931768 Published: May 8, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

9.3CVSS0.7AI score0.37366EPSS
Exploits0
securityvulns
securityvulns
added 2007/04/01 12:0 a.m.114 views

Remot File Include In SLAED_CMS_2

By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/03/06 12:0 a.m.114 views

DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25

Hi; A person on the LedgerSMB core team has found a serious arbitrary code execution issue in LedgerSMB prior to 1.1.5 and SQL-Ledger. A version of SQL-Ledger which fixes this vulnerability was released today version 2.6.25. The vulnerability allows a user to specify a custom function to run when...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2006/11/05 12:0 a.m.114 views

phpDynaSite <= 3.2.2 (racine) Remote File Include Vulnerabilities

WwW.Deltahacking.NeT dynasite3.2.2 Class = Remote File Inclusion ; Download = http://jaist.dl.sourceforge.net:80/sourceforge/phpdynasite/dynasite3.2.2.tar.gz Found by = Dr.Pantagon [email protected]...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/09/26 12:0 a.m.114 views

phpstak <= Remote File Include Vulnerability

PerSiaNFoX DigitaL SecuritY TeaM phpsatk= Remote File Include Vulnerabilities Script...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.114 views

anjel Mambo Component Remote File Include

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : anjel Mambo Component Remote File Include Vulnerabilities -------------------------------------------------------------------------------- Author: CrackersChild...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2005/12/20 12:0 a.m.114 views

[SA18026] UStore Cross-Site Scripting and SQL Injection Vulnerabilities

TITLE: UStore Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18026 VERIFY ADVISORY: http://secunia.com/advisories/18026/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: UStore...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2005/07/19 12:0 a.m.114 views

Run any OS Command via unauthorized Oracle Reports

Name Run any OS Command via unauthorized Oracle Reports Systems Affected Oracle Reports 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Advisory AKSEC2003-014...

Exploits0
securityvulns
securityvulns
added 2005/04/27 12:0 a.m.114 views

Multiple SQL Injections in MetaCart2 for PayPal

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple SQL Injections in...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2004/09/13 12:0 a.m.114 views

StarOffice/OpenOffice symbolic links vulnerability

symlink problem during temporary files creation...

1.3AI score
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2003/04/12 12:0 a.m.114 views

Ocean12 ASP Guestbook Manager v1.00

This advisory can be found at www.blacktigerz.org Subject: Ocean12 ASP Guestbook Manager v1.00. Description: Written entirely in ASP and VBScript this is a completely web-based, easy to install, ASP Guestbook Program. It stores data in an Access 2000 database and is configured 100 through the web...

Exploits0
securityvulns
securityvulns
added 2002/01/15 12:0 a.m.114 views

Слабые разрешения в Palm Desktop (weak permissions)

При синхронизации файлы открыты на чтение...

0.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/04/22 12:0 a.m.114 views

local user can delete arbitrary files on SuSE-Linux

Hello, If MAXDAYSINTMP 0 in /etc/rc.config on a SuSE-Linux system, a local user can delete arbitrary files by doing some commands like these: mkdir -p "/tmp/hhh /somedirectory" touch -t some-early-date "/tmp/hhh /somedirectory/somefile" sleep 1d The bug is in /etc/cron.daily/aaabase for SuSE...

Exploits0
securityvulns
securityvulns
added 2000/04/05 12:0 a.m.114 views

Timbuktu v3.0 and Public LDAP Server

Timbuktu v3.0 by Netopia, for those who don't know, is a remote control software package for Windows 9x, NT, and the Macintosh that gives you GUI console access. LDAP support was recently introduced to make it easier to find machines that have Timbuktu on them in your enterprise. This is good and...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.113 views

DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability in DataTables Affected Software : DataTables Affected Versions : 1.10.8 and possibly below Vendor Homepage : https://github.com/DataTables/DataTables Vulnerability Type : Cross-site Scripting Severity : Important...

4.3CVSS7AI score0.02679EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.113 views

[SECURITY] [DSA 3375-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...

4.3CVSS0.9AI score0.06389EPSS
Exploits2
securityvulns
securityvulns
added 2015/04/13 12:0 a.m.113 views

[USN-2565-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2565-1 April 09, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS5.5AI score0.03742EPSS
Exploits1
Total number of security vulnerabilities5000