Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2008/04/08 12:0 a.m.111 views

Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution 948590 Published: April 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these...

9.3CVSS1.8AI score0.56828EPSS
Exploits6
securityvulns
securityvulns
added 2008/03/13 12:0 a.m.111 views

Vulnerabilities in Timbuktu Pro 8.6.5

Luigi Auriemma Application: Timbuktu Pro Remote Control Software http://www.netopia.com/software/products/tb2/ Versions: = 8.6.5 RC 229 Platforms: Windows Mac OS X has not been tested Bugs: A Denial of Service B limited upload directory traversal Exploitation: remote Date: 10 Mar 2008 Author: Lui...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/03/10 12:0 a.m.111 views

[SECURITY] [DSA 1514-1] New moin packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1514-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 9, 2008 http://www.debian.org/security/faq -...

5.8CVSS0.14787EPSS
Exploits2
securityvulns
securityvulns
added 2007/07/15 12:0 a.m.111 views

MSIE7 entrapment again (+ FF tidbit)

Hello again, Microsoft Internet Explorer seems to have a soft spot for browser entrapment vulnerabilities. Just to recap, in these attacks, the user is made believe he had left a webpage and the URL bar or SSL state data reinforce him in this belief - but in reality, is prevented from doing so, a...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2007/07/04 12:0 a.m.111 views

[Full-disclosure] Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure

Advisory: Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure RedTeam Pentesting discovered an information disclosure in the Fujitsu- Siemens BX300 Switch Blade during a penetration test. By accessing URLs of the web interface directly and aborting the authentication dialog, one is...

5CVSS6.3AI score0.01757EPSS
Exploits3
securityvulns
securityvulns
added 2007/05/21 12:0 a.m.111 views

Gnats XSS vuln

GNATS XSS vuln Vuln. discovered by : r0t Date: 19 May 2007 vendor:http://www.gnu.org/software/gnats/ affected versions: tested on Gnatsweb v4.00, Gnats v4.1.99 orginal advisory:http://pridels-team.blogspot.com/2007/05/blog-post.html Gnats contains a flaw that allows a remote Cross-Site Scripting...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.111 views

fipsCMS v2.1 Remote SQL injection Vulnerability

fipsCMS v2.1 Remote SQL injection Vulnerability // AYYILDIZ.ORG Gururla Sunar ... Script: fipsCMS v2.1 Download: http://fipsasp.com/subs/login/Download.asp?ID=60&CatID=5&AccLvl=0 Author: iLker Kandemir [email protected] ThanKs: h0tturk,Ekin0x,Gencnesil,Gencturk,Ajann Exploit:...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2007/05/02 12:0 a.m.111 views

E-Annu (home.php) Remote SQL Injection Vulnerability

-------------------------------------------------AYYILDIZ.ORG PreSents... Script: E-Annu Script D.: http://www.alic.ch/sources/annu.rar Script Demo: http://www.autocash.ch/annu/ Contact: ilker Kandemir ilkerkandemiratmynet.com info: / Siz Yokken AYYILDIZ Vardi. /...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/19 12:0 a.m.111 views

Mambo module Calendar (Agenda) <= 155 (com_calendar.php) Multiple RFI Vuln

================================================================== Mambo module Calendar Agenda = 155 comcalendar.php Multiple RFI Vuln ================================================================== Found By : Cold z3ro , [email protected]...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.111 views

PHP121 Instant Messenger 2.2 Local File Inclusion Vulnerability

+========================I=R=A=N============================+ PHP121 Version 2.2 =========================I=R=A=N============================= +========================I=R=A=N============================+ Author : Dj7xpl / Dj7xplatYahoodotcom...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.111 views

witshare 0.9 Local File Include Vulnerabilitiy

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/04/05 12:0 a.m.111 views

MapLab MS4W 2.2.1 Remote File Inclusion Vulnerability

Bug Found By ka0x D.O.M TEAM we are: anonyph;arp;ka0x;xarnuz Contact: [email protected] FROM SPAIN --- Script: MapLab Version: 2.2.1 Official Site: http://www.maptools.org Download: http://www.maptools.org/dl/ms4w/maplabms4w-2.2.1.zip -- Bug File: params.php Path: /htdocs/gmapfactory/params.php Bu...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2007/02/26 12:0 a.m.111 views

sitex multiple vulnerabilities

global risk:critical upload vulnerability: in user profile upload an avatar with a double extension like : file.php.jpg once it's done,you gone get an error like:Fatal error: Call to undefined function imagedestroy in /. but the last extension jpg will be removed by the script, and stored in :...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/12/25 12:0 a.m.111 views

myPHPNuke Gallery Module (basepath) Remote File Include

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- myPHPNuke Gallery Module basepath Remote File Include =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Found: Cyber-Security.Org...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.111 views

UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability

Title : UltraSite 1.0 update.asp Remote SQL Injection Vulnerability Author : ajann Admin Panel= http://target/path//update.asp?id=SQL Example: //update.asp?id=-120union20select200,0,0,username,password,0,0,0,0,0,0,0,0,020from20members20where20id20like207 """"""""""""""""""""" ajann,Turkey ... Im...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2006/10/02 12:0 a.m.111 views

VAMP Webmail <= 2.0beta1 (yesno.phtml) Remote Include Vulnerability

ToXiC VAMP Webmail Remote File Inclusion by ToXiC CreW BuG FounD by Drago84 Application Affect:VAMP Webmail Page: yesno.phtml Dir : /setup/ Problem: ?if$answer=="Yes" include $yesurl; else include $nourl; ? ExPloit :...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/05/09 12:0 a.m.111 views

tseekdir.cgi<--Local File Include

---------------------------------- foud by: BoNy-m Site: http://www.alshmokh.com E-mail: [email protected] ---------------------------------- Search: allinurl:tseekdir.cgi example: /tseekdir.cgi?location=/etc/passwd00 /tseekdir.cgi?id=1055&location=/etc/passwd00...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2006/02/10 12:0 a.m.111 views

[ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion

/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV27$2006 --------------------------------------------------------------------------- ECHOADV27$2006 Indexu = 5.0.1 Remote File Inclusion --------------------------------------------------------------------------- Author : M.Hasran Addahroni...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2005/11/21 12:0 a.m.111 views

[SA17652] e-Quick Cart SQL Injection Vulnerabilities

TITLE: e-Quick Cart SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA17652 VERIFY ADVISORY: http://secunia.com/advisories/17652/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: e-Quick Cart http://secunia.com/product/6165/ DESCRIPTION: BiPiHaCk has...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2005/09/05 12:0 a.m.111 views

ICMP and TCP timestamp attacks to reset TCP connections

By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease...

5CVSS2.6AI score0.02654EPSS
Exploits0References24Affected Software27
securityvulns
securityvulns
added 2004/09/15 12:0 a.m.111 views

Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing GDI+ Could Allow Code Execution 833987 Issued: September 14, 2004 Version: 1.0 Summary Who should read this document: Customers who use any of the affected operating systems, affected software programs, or affected components...

9.3CVSS1.9AI score0.49024EPSS
Exploits0
securityvulns
securityvulns
added 2003/09/03 12:0 a.m.111 views

PtHProductions Gastenboek - XSS

------------------------------------------------------------------ - EXPL-A-2003-022 exploitlabs.com Advisory 022 ------------------------------------------------------------------ -= PtHProductions Gastenboek =- Donnie Werner Aug, 29 2003 Vunerabilitys: ---------------- 1. Persistant XSS injecti...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2002/01/15 12:0 a.m.111 views

Слабые разрешения в Palm Desktop (weak permissions)

При синхронизации файлы открыты на чтение...

0.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/11/17 12:0 a.m.111 views

vixie cron...

Attached shell-script exploits fopen + preserved umask vulnerability in Paul Vixie's cron code. It will work on systems where /var/spool/cron is user-readable eg. 0755 - AFAIR Debian does so. RedHat at least 6.1 and previous have mode 0700 on /var/spool/cron, and thus it isn't exploitable in its...

7AI score
Exploits0
securityvulns
securityvulns
added 2015/10/19 12:0 a.m.110 views

Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)

Qualys Security Advisory LibreSSL CVE-2015-5333 and CVE-2015-5334 ======================================================================== Contents ======================================================================== Summary Memory Leak CVE-2015-5333 Buffer Overflow CVE-2015-5334...

7.5CVSS1.7AI score0.23292EPSS
Exploits3
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.110 views

[USN-2721-1] Subversion vulnerabilities

========================================================================== Ubuntu Security Notice USN-2721-1 August 20, 2015 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

7.8CVSS1.2AI score0.12841EPSS
Exploits0
securityvulns
securityvulns
added 2015/07/14 12:0 a.m.110 views

ipTIME n104r3 vulnerable to CSRF and XSS attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: iptime n104r3 vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt Blog URL:...

Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.110 views

CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4

Title: CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 Submitter: Nitin Venkatesh Product: Encrypted Contact Form Wordpress Plugin Product URL: https://wordpress.org/plugins/encrypted-contact-form/ Vulnerability Type: Cross-site...

6.8CVSS0.4AI score0.04727EPSS
Exploits5
securityvulns
securityvulns
added 2014/11/10 12:0 a.m.110 views

ZTE ZXDSL 831 Multiple Cross Site Scripting

TR-069 Client page: Stored. executes when users go to http://192.168.1.1/tr69cfg.html...

1AI score
Exploits0
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.110 views

ArcGIS for Server Vulnerability Disclosure

Product: ArcGIS for Server Vendor: ESRI Vulnerable Version: 10.1.1 Tested Version: 10.1.1 Vendor Notification: June 19, 2014 Public Disclosure: August 15, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-5121 Risk Level: Medium CVSSv2 Base Score: 4.3...

5.8CVSS2.3AI score0.02424EPSS
Exploits0
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.110 views

APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7....

10CVSS0.5AI score0.05599EPSS
Exploits6
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.110 views

[oss-security] CVE request: Proxmox VE < 3.2 user enumeration vulnerability

Hi list, We recently found a vulnerability affecting Proxmox VE 3.2 that allows an unauthenticated user to perform user enumeration. Vendor was contacted and the vulnerability fixed in Proxmox VE 3.2, released on 2014-03-10. References: Proxmox related commits:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2014/05/15 12:0 a.m.110 views

[oss-security] CVE request: various NodeJS module vulnerabilities

Hi all, This is a request for CVEs for the following vulnerabilities discovered by the Node Security Project. I left out their advisories where I could find an assigned CVE; CVE-2013-7370 CVE-2013-7371 CVE-2013-6393 CVE-2013-4660 https://nodesecurity.io/advisories printer potential command...

6.8CVSS0.8AI score0.17186EPSS
Exploits7
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.110 views

Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities

Quarterly update fixes 144 different vulnerabilities...

10CVSS2.2AI score0.59558EPSS
Exploits27References5Affected Software33
securityvulns
securityvulns
added 2014/03/24 12:0 a.m.110 views

lighttpd security vulnerabilities

SQL injection, directory traversal...

7.5CVSS2.2AI score0.61665EPSS
Exploits4References1Affected Software1
securityvulns
securityvulns
added 2014/02/28 12:0 a.m.110 views

APPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2 Safari 6.1.2 and Safari 7.0.2 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.1 Impac...

6.8CVSS0.5AI score0.02181EPSS
Exploits3
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.110 views

HP Intelligent Management Center multiple security vulnerabilities

Code execution, authentication bypass, SQL injection, unauthorized access...

10CVSS2.6AI score0.62617EPSS
Exploits12References2
securityvulns
securityvulns
added 2013/07/08 12:0 a.m.110 views

[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin

waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-105.html Description of...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.110 views

SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2)

SEC Consult Vulnerability Lab Security Advisory 20130308-1 ======================================================================= title: Multiple high risk vulnerabilities part 2 product: GroundWork Monitor Enterprise vulnerable version: 6.7.0 fixed version: none - optional technical bulletin...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.110 views

ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks

ESA-2012-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST Browser Exploit Against SSL/TLS attacks EMC Identifier: ESA-2012-032 CVE Identifier: CVE-2011-3389 Severity Rating: CVSS v2 Base Score: 4.3...

4.3CVSS0.1AI score0.73327EPSS
Exploits4
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.110 views

VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation

VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation Derek Soeder [email protected] Reported: December 5, 2011 Published: March 30, 2012 AFFECTED VENDOR --------------- VMware, Inc. AFFECTED ENVIRONMENTS --------------------- The following VMware product versions are known to be...

8.3CVSS0.6AI score0.29253EPSS
Exploits13
securityvulns
securityvulns
added 2012/01/11 12:0 a.m.110 views

DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)

Title: DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal CVE-2011-4785 Severity: High Date Discovered: 2011-10-12 Discovered By: Digital Defense, Inc. Vulnerability Research Team Credited To: sxkeebler and r@b13$ Vulnerability Description: The HP-ChaiSOE/1.0 embedded web server on certa...

7.8CVSS0.5AI score0.03698EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/25 12:0 a.m.110 views

Mozilla Foundation Security Advisory 2011-47

Mozilla Foundation Security Advisory 2011-47 Title: Potential XSS against sites using Shift-JIS Impact: High Announced: November 8, 2011 Reporter: Yosuke Hasegawa Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description Yosuke Hasegawa...

4.3CVSS0.6AI score0.01453EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/21 12:0 a.m.110 views

[SECURITY] [DSA 2346-1] proftpd-dfsg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2346-1 [email protected] http://www.debian.org/security/ Florian Weimer November 15, 2011 http://www.debian.org/security/faq -...

9CVSS1.6AI score0.16334EPSS
Exploits5
securityvulns
securityvulns
added 2011/08/30 12:0 a.m.110 views

phpWebSite (publisher) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability phpWebSite publisher AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : allinurl:"mod.php?mod=publisher" Exploite:...

3.7AI score
Exploits0
securityvulns
securityvulns
added 2011/08/17 12:0 a.m.110 views

ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication On-Premise Advisories Updated August 11, 2011 Summary: An issue with Adaptive Authentication On-Premise was discovered which in certain circumstances...

7.5CVSS0.01289EPSS
Exploits0
securityvulns
securityvulns
added 2011/08/03 12:0 a.m.110 views

ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability

ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-246 July 29, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase Adaptive Server --...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.110 views

Apple Mac OS X multiple security vulnerabilities

Multiple DoS conditions, format strings vulnerability in AppleScript, memory corruption on different file formats parsing, information leakage, privilege escalation...

10CVSS2.9AI score0.2187EPSS
Exploits36References7Affected Software1
securityvulns
securityvulns
added 2010/08/14 12:0 a.m.110 views

SQL injection vulnerability in SyntaxCMS

Vulnerability ID: HTB22540 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinsyntaxcms.html Product: SyntaxCMS Vendor: Forum One Communications http://www.syntaxcms.org/ Vulnerable Version: 1.3 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability Type: S...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2010/05/17 12:0 a.m.110 views

phpvidz Administrative Password Disclosure

Original Advisory:http://blog.sitewat.ch/2010/05/phpvidz-administrative-password.html Affecting: phpvidz 0.9.5 Vulnerability: Administrative Password Disclosure Vendor's Homepage: http://sourceforge.net/projects/phpvidz/ Date: May 15th 2010 Researcher: Michael Brooks phpvidz does not use a SQL...

0.1AI score
Exploits0
Total number of security vulnerabilities5000