Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/04/06 12:0 a.m.114 views

StartSite.ir Cross-site Scripting Vulnerability

------------In The Name Of God------------ StartSite.ir Cross-site Scripting Vulnerability AUTHOR: md.r00t Mail: [email protected] Website: www.r00t.gigfa.com Forum: http://ajaxtm.com/forum Google D0rk: "Powered by StartSite.ir" xss EXPLOIT: scriptalert/0//script script...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2011/02/03 12:0 a.m.114 views

Majordomo2 - Directory Traversal (SMTP/HTTP)

Original Advisory: https://sitewat.ch/en/Advisory/View/1 Credit: Michael Brooks https://sitewat.ch Vulnerability: Directory Traversal Software: Majordomo2 Identifier:CVE-2011-0049 Vendor: http://www.mj2.org/ Affected Build: 20110121 and prior Special thanks to Dave Miller, Reed Loden and the rest...

5CVSS1.3AI score0.95388EPSS
Exploits10
securityvulns
securityvulns
added 2011/01/28 12:0 a.m.114 views

Microsoft IIS 6 parsing directory “x.asp” Vulnerability

Microsoft IIS 6 parsing directory Vulnerability Discovered by: Pouya daneshmand whhiranATyahooDOTcom http://securitylab.ir/blog Introduction: Using this vulnerability you can bypass some Security filters, for example a file with “.jpg” or “.rar” extension can be executed as an asp Active Server...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/12/01 12:0 a.m.114 views

[eVuln.com] Multiple XSS in Alguest

New eVuln Advisory: Multiple XSS in Alguest Summary: http://evuln.com/vulns/151/summary.html Details: http://evuln.com/vulns/151/description.html -----------Summary----------- eVuln ID: EV0151 Software: Alguest Vendor: n/a Version: 1.1c-patched Critical Level: low Type: Cross Site Scripting Statu...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/11/18 12:0 a.m.114 views

vBulletin 4.0.8 - Persistent XSS via Profile Customization

vBulletin - Persistent Cross Site Scripting via Profile Customization Versions Affected: 4.0.8 3.8. is not vulnerable. Info: Content publishing, search, security, and more— vBulletin has it all. Whether it’s available features, support, or ease-of-use, vBulletin offers the most for your money...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2010/04/23 12:0 a.m.114 views

XSS and Content Injection in HTC Windows Mobile SMS Preview PopUp

------------------------------------------------------------------ XSS and Content Injection in HTC Windows Mobile SMS Preview PopUp Date: 22.04.2010 ------------------------------------------------------------------- - Description Windows Mobile shows message previews if configured to do so. Due...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2010/02/04 12:0 a.m.114 views

Tinypug Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: Tinypug Multiple Vulnerabilities Vendor: http://platformassociates.com/ project hosted at http://code.google.com/p/tinypug/ Vulnerable Version: 0.9.5 and prior versions Exploitation: Remote with browser Fix: N/A - Description: Tinypug is a...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/01/26 12:0 a.m.114 views

[SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.0 to 5.5.28 Tomcat 6.0.0 to 6.0.20 The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be...

5.8CVSS4.2AI score0.1078EPSS
Exploits0
securityvulns
securityvulns
added 2009/12/16 12:0 a.m.114 views

[ISecAuditors Security Advisories] WP-Forum <= 2.3 SQL Injection vulnerabilities

============================================= INTERNET SECURITY AUDITORS ALERT 2009-010 - Original release date: September 28th, 2009 - Last revised: December 15th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3703 - Severity: 8.5/10 CVSS Base Score...

7.5CVSS0.2AI score0.02626EPSS
Exploits9
securityvulns
securityvulns
added 2009/10/28 12:0 a.m.114 views

Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point. Aruba Advisory ID: AID-102609 Revision: 1.0 For Public Release on 10/26/2009...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2009/04/10 12:0 a.m.114 views

net2ftp <= 0.97 Cross-Site Scripting/Request Forgery

=cicatriz [email protected]==advisories= / / / / // / / // / o / / .-/ =net2ftp = 0.97 Cross-Site Scripting/Request Forgery==/= == =Advisory & Vulnerability Information=== Title: net2ftp = 0.97 Cross-Site Scripting/Request Forgery Advisory ID: VUDO-2009-0804 Advisory URL:...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2008/09/20 12:0 a.m.114 views

PHP pro bid v 6.04 SQL injection

Affected software: PHP pro bid v 6.04 as at 2008-09-11 Vendor description: The Leading Proffessional sic Auction Script Software available online today written in PHP/ Mysql Impact: SQL injection Description: categories.php and other pages of php pro bid accept user-supplied order-by and ASC/DESC...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2008/04/08 12:0 a.m.114 views

Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution 948590 Published: April 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these...

9.3CVSS1.8AI score0.57102EPSS
Exploits6
securityvulns
securityvulns
added 2008/03/26 12:0 a.m.114 views

Mozilla Foundation Security Advisory 2008-15

Mozilla Foundation Security Advisory 2008-15 Title: Crashes with evidence of memory corruption rv:1.8.1.13 Impact: Critical Announced: March 25, 2008 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.13 Thunderbird 2.0.0.13 SeaMonkey 1.1....

6.8CVSS1.5AI score0.03373EPSS
Exploits1
securityvulns
securityvulns
added 2008/01/31 12:0 a.m.114 views

[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14

waraxe-2008-SA066 - Multiple Vulnerabilities in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 31. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-66.html Target software description:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/09/13 12:0 a.m.114 views

CS Guestbook Admin Name & Md5 Security Vuln

By Cr@zyKing http://ayyildiz.org Ayyildiz Team nternationel Force Cs Guestbook admin name & admin hass md5 vuln. http://xxx.com/base/usr/0.php admin name & md5 http://xxx.com/mod.php - go to admin panel Md5 Cracking : gdataonline.com & milw0rm.com Greatz : Eno7 , TamTurk , Metlak , Blackwolf ,...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/08/10 12:0 a.m.114 views

Education_info/edu_view.asp sql injection

Educationinfo/eduview.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam all members thx 3APA3A spec.note : "Live The Life" cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc 1-...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.114 views

fipsCMS v2.1 Remote SQL injection Vulnerability

fipsCMS v2.1 Remote SQL injection Vulnerability // AYYILDIZ.ORG Gururla Sunar ... Script: fipsCMS v2.1 Download: http://fipsasp.com/subs/login/Download.asp?ID=60&CatID=5&AccLvl=0 Author: iLker Kandemir [email protected] ThanKs: h0tturk,Ekin0x,Gencnesil,Gencturk,Ajann Exploit:...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.114 views

[Full-disclosure] Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities

netVigilance Security Advisory 12 Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags...

4.3CVSS0.4AI score0.01968EPSS
Exploits1
securityvulns
securityvulns
added 2007/04/01 12:0 a.m.114 views

Remot File Include In SLAED_CMS_2

By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/03/06 12:0 a.m.114 views

DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25

Hi; A person on the LedgerSMB core team has found a serious arbitrary code execution issue in LedgerSMB prior to 1.1.5 and SQL-Ledger. A version of SQL-Ledger which fixes this vulnerability was released today version 2.6.25. The vulnerability allows a user to specify a custom function to run when...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2006/11/05 12:0 a.m.114 views

phpDynaSite <= 3.2.2 (racine) Remote File Include Vulnerabilities

WwW.Deltahacking.NeT dynasite3.2.2 Class = Remote File Inclusion ; Download = http://jaist.dl.sourceforge.net:80/sourceforge/phpdynasite/dynasite3.2.2.tar.gz Found by = Dr.Pantagon [email protected]...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.114 views

anjel Mambo Component Remote File Include

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : anjel Mambo Component Remote File Include Vulnerabilities -------------------------------------------------------------------------------- Author: CrackersChild...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.114 views

SubberZ[Lite] - Remote File Include

Chironex Fleckeri SubberZLite - Remote File Include Find by Chironex Fleckeri Mail/MSN: [email protected] http://site/path/user-func.php?myadmindir=Shell...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/02/10 12:0 a.m.114 views

[ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion

/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV27$2006 --------------------------------------------------------------------------- ECHOADV27$2006 Indexu = 5.0.1 Remote File Inclusion --------------------------------------------------------------------------- Author : M.Hasran Addahroni...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2005/12/20 12:0 a.m.114 views

[SA18026] UStore Cross-Site Scripting and SQL Injection Vulnerabilities

TITLE: UStore Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18026 VERIFY ADVISORY: http://secunia.com/advisories/18026/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: UStore...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2005/09/05 12:0 a.m.114 views

ICMP and TCP timestamp attacks to reset TCP connections

By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease...

5CVSS2.6AI score0.02654EPSS
Exploits0References24Affected Software27
securityvulns
securityvulns
added 2005/07/19 12:0 a.m.114 views

Run any OS Command via unauthorized Oracle Reports

Name Run any OS Command via unauthorized Oracle Reports Systems Affected Oracle Reports 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Advisory AKSEC2003-014...

Exploits0
securityvulns
securityvulns
added 2005/04/27 12:0 a.m.114 views

Multiple SQL Injections in MetaCart2 for PayPal

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple SQL Injections in...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2004/09/13 12:0 a.m.114 views

StarOffice/OpenOffice symbolic links vulnerability

symlink problem during temporary files creation...

1.3AI score
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2002/08/08 12:0 a.m.114 views

Security Advisory FreeBSD-SA-02:36.nfs

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:36.nfs Security Advisory The FreeBSD Project Topic: Bug in NFS server code allows remote denial of service Category: core Module: nfs Announced: 2002-08-05 Credits: Mike...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/04/22 12:0 a.m.114 views

local user can delete arbitrary files on SuSE-Linux

Hello, If MAXDAYSINTMP 0 in /etc/rc.config on a SuSE-Linux system, a local user can delete arbitrary files by doing some commands like these: mkdir -p "/tmp/hhh /somedirectory" touch -t some-early-date "/tmp/hhh /somedirectory/somefile" sleep 1d The bug is in /etc/cron.daily/aaabase for SuSE...

Exploits0
securityvulns
securityvulns
added 2000/04/05 12:0 a.m.114 views

Timbuktu v3.0 and Public LDAP Server

Timbuktu v3.0 by Netopia, for those who don't know, is a remote control software package for Windows 9x, NT, and the Macintosh that gives you GUI console access. LDAP support was recently introduced to make it easier to find machines that have Timbuktu on them in your enterprise. This is good and...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.113 views

DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability in DataTables Affected Software : DataTables Affected Versions : 1.10.8 and possibly below Vendor Homepage : https://github.com/DataTables/DataTables Vulnerability Type : Cross-site Scripting Severity : Important...

4.3CVSS7AI score0.02679EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.113 views

[SECURITY] [DSA 3375-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3375-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez October 19, 2015 https://www.debian.org/security/faq -...

4.3CVSS0.9AI score0.06389EPSS
Exploits2
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.113 views

[USN-2721-1] Subversion vulnerabilities

========================================================================== Ubuntu Security Notice USN-2721-1 August 20, 2015 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

7.8CVSS1.2AI score0.12841EPSS
Exploits0
securityvulns
securityvulns
added 2015/04/13 12:0 a.m.113 views

[USN-2565-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2565-1 April 09, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS5.5AI score0.03742EPSS
Exploits1
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.113 views

[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360)

Hi, This is part 12 of the ManageOwnage series. For previous parts, see 1. This time we have an arbitrary file download, directory content disclosure and blind SQL injection vulnerabilities in ManageEngine OpManager, Applications Manager and IT360. I've pushed two new Metasploit modules into the...

7.5CVSS0.3AI score0.83399EPSS
Exploits12
securityvulns
securityvulns
added 2014/10/13 12:0 a.m.113 views

bash code execution

It's possible to place a function into content of any environment variable...

10CVSS4.1AI score0.99999EPSS
Exploits158References13Affected Software1
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.113 views

APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6 Safari 6.1.6 and Safari 7.0.6 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4 Impact...

6.8CVSS0.3AI score0.02762EPSS
Exploits0
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.113 views

APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7....

10CVSS0.5AI score0.05599EPSS
Exploits6
securityvulns
securityvulns
added 2014/05/02 12:0 a.m.113 views

[security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04272892 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04272892 Version: 1 HPSBMU03033 rev....

5CVSS0.5AI score0.99999EPSS
Exploits88
securityvulns
securityvulns
added 2014/04/01 12:0 a.m.113 views

Barracuda Message Archiver 650 - Persistent Web Vulnerability

Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Release Date: ============= 2014-02-18 Vulnerability Laboratory ID...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/10/03 12:0 a.m.113 views

Microsoft Sharepoint Server multiple security vulnerabilities

DoS, crossite scripting, memory corruptions, code execution...

10CVSS2AI score0.77458EPSS
Exploits4References1Affected Software2
securityvulns
securityvulns
added 2013/08/28 12:0 a.m.113 views

Oracle Java multiple security vulnerabilities

40 different vulnerabilities...

10CVSS2.4AI score0.98704EPSS
Exploits32References4Affected Software2
securityvulns
securityvulns
added 2013/06/04 12:0 a.m.113 views

socat security vulnerabilities

Buffer overflow, file descriptor leakage...

6.2CVSS2.5AI score0.02061EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.113 views

Multiple Vulnerabilities in Piwigo

Advisory ID: HTB23144 Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.4.6 and probably prior Tested Version: 2.4.6 Vendor Notification: February 6, 2013 Vendor Patch: February 19, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Request Forgery CWE-352, Path...

7.6CVSS6.8AI score0.56011EPSS
Exploits12
securityvulns
securityvulns
added 2012/10/25 12:0 a.m.113 views

VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability

VUPEN Security Research - Oracle Java Font Processing "maxPointCount" Heap Overflow Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Java is a programming language and computing platform released by Sun Microsystems now Oracle. It...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2012/04/26 12:0 a.m.113 views

[USN-1406-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1406-1 March 27, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

10CVSS6.6AI score0.01014EPSS
Exploits4
securityvulns
securityvulns
added 2012/01/21 12:0 a.m.113 views

Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS

Exploit Title: Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS Google Dork: "inurl:"sites/all/modules/ckeditor" -drupalcode.org" Google Results: Approximately 379.000 results Date: 18th January 2012 Author: MaXe @InterN0T Found in a private Hatforce.com Penetration Test Software Link:...

Exploits0
Total number of security vulnerabilities5000