Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/01/03 12:0 a.m.110 views

Path disclousure in OpenCart

Vulnerability ID: HTB22762 Reference: http://www.htbridge.ch/advisory/pathdisclousureinopencart.html Product: OpenCart Vendor: OpenCart http://www.opencart.com/ Vulnerable Version: 1.4.9.1 Vendor Notification: 15 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted,...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2010/05/17 12:0 a.m.110 views

phpvidz Administrative Password Disclosure

Original Advisory:http://blog.sitewat.ch/2010/05/phpvidz-administrative-password.html Affecting: phpvidz 0.9.5 Vulnerability: Administrative Password Disclosure Vendor's Homepage: http://sourceforge.net/projects/phpvidz/ Date: May 15th 2010 Researcher: Michael Brooks phpvidz does not use a SQL...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/04/23 12:0 a.m.110 views

XSS and Content Injection in HTC Windows Mobile SMS Preview PopUp

------------------------------------------------------------------ XSS and Content Injection in HTC Windows Mobile SMS Preview PopUp Date: 22.04.2010 ------------------------------------------------------------------- - Description Windows Mobile shows message previews if configured to do so. Due...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2010/03/24 12:0 a.m.110 views

Instant CMS <= 1.1rc3 Admin (Auth Bypass) Vulnerability

======================================================= Instant CMS = 1.1rc3 Admin Auth Bypass Vulnerability ======================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 ...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2010/01/12 12:0 a.m.110 views

Multiple applications log files terminal control characters injections

ESC-sequences filtering is not performed...

5CVSS3AI score0.27008EPSS
Exploits11References1Affected Software10
securityvulns
securityvulns
added 2009/12/21 12:0 a.m.110 views

[ISecAuditors Security Advisories] PHP-Calendar <= v1.1 'configfile' Remote and Local File Inclusion vulnerability

============================================= INTERNET SECURITY AUDITORS ALERT 2009-011 - Original release date: October 13th, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3702 - Severity: 8.5/10 CVSS Base Score...

7.5CVSS1.2AI score0.02447EPSS
Exploits2
securityvulns
securityvulns
added 2009/11/05 12:0 a.m.110 views

ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability

ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-080 November 4, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPointTM IPS Customer Protection:...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2009/07/28 12:0 a.m.110 views

Squid Proxy Cache Security Update Advisory SQUID-2009:2

Squid Proxy Cache Security Update Advisory SQUID-2009:2 Advisory ID: SQUID-2009:2 Date: July 27, 2009 Summary: Multiple Remote Denial of service issues in header processing. Affected versions: Squid 3.0 - 3.0.STABLE16, Squid 3.1 - 3.1.0.11 Fixed in version: Squid 3.0.STABLE17, 3.1.0.12...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2009/07/18 12:0 a.m.110 views

[SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1836-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 16, 2009 http://www.debian.org/security/faq -...

7.5CVSS0.6AI score0.83865EPSS
Exploits10
securityvulns
securityvulns
added 2009/02/10 12:0 a.m.110 views

LFI in Drupal CMS

Author : Rasool Nasr ------------------------------------------- Discovered by : Rasool Nasr ------------------------------------------- Exploited By : Rasool Nasr ------------------------------------------- E-Mail : [email protected] ------------------------------------------- WebSite :...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2008/09/30 12:0 a.m.110 views

multiple vendor ftpd - Cross-site request forgery

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 multiple vendor ftpd - Cross-site request forgery Author: Maksymilian Arciemowicz securityreason.com Date: - - Written: 03.09.2008 - - Public: 26.09.2008 SecurityReason Research SecurityAlert Id: 56 CVE: not assigned SecurityRisk: Low Affected Softwar...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2008/09/15 12:0 a.m.110 views

Secunia Research: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow

====================================================================== Secunia Research 12/09/2008 - Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow - ====================================================================== Table of Contents Affected...

10CVSS0.8AI score0.06673EPSS
Exploits5
securityvulns
securityvulns
added 2008/04/14 12:0 a.m.110 views

w2b.ru multiple products SQL Injection

------------------------------------------------------- | Aria-Security Team Persian Security Network | | http://Aria-Security.com For English | | http://Aria-Security.net For Farsi | | Greetz: | | AurA, NULL, Kinglet, t3rr0r1st, Moromort | | and to all of our staff | | Discovered by The-0utl4w |...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2008/02/05 12:0 a.m.110 views

[DSECRG-08-011] Astrosoft HelpDesk Multiple XSS

Digital Security Research Group DSecRG Advisory DSECRG-08-011 Application: Astrosoft HelpDesk Versions Affected: Vendor URL: http://astrosoft.ru/ Bugs: Multiple XSS Injections Exploits: YES Reported: 29.01.2008 Vendor response: NONE Date of Public Advisory: 04.02.2008 Authors: Alexandr Polyakov,...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/01/08 12:0 a.m.110 views

[HSC] Snitz Forums Multiple Vulnerabilities

HSC Snitz Forums Multiple Vulnerabilities Snitz Forums Default Database installation allows remote users to download the database which contains critical information. As a result, an attacker exploiting this vulnerability will be able to obtain detailed information. An attacker may leverage xss...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/08/23 12:0 a.m.110 views

myphotographer image shop script /events/index.asp sql injection

myphotographer image shop script /events/index.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam,Liz0ziM,eno7,3APA3A Sourge site : http://www.myphotographer.com/support/ 1-...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/07/13 12:0 a.m.110 views

[Full-disclosure] ActiveWeb Contentserver CMS SQL Injection Management Interface

Advisory: ActiveWeb Contentserver CMS SQL Injection Management Interface RedTeam Pentesting discovered an SQL Injection in the picturerealedit.asp script of the activeWeb contentserver CMS during a penetration test. An editor with the permission to edit pictures can exploit this by injecting...

6.5CVSS7AI score0.02899EPSS
Exploits2
securityvulns
securityvulns
added 2007/03/28 12:0 a.m.110 views

HP JetDirect and HP printers buffer overflow

Buffer overflow in LIST, NLIST and RETR command of built-in FTP server...

7.8CVSS3.3AI score0.0331EPSS
Exploits1References3
securityvulns
securityvulns
added 2007/03/27 12:0 a.m.110 views

Multiple XSS in IronMail

=============================== - Advisory - =============================== Tнtulo: Multipls XSS in Cypherstrust Ironmail 6.1.1 Risk: Medium Date: 20.Feb.2007 Author: Javier Olascoaga jolascoaga at 514.es WEB: http://www.514.es/ .: INTRO :. IronMail protects enterprise email systems from inbound...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/02/23 12:0 a.m.110 views

FlashGameScript v1.5.4 Remote File Inclusion Vulnerability

-------------------------------------------------------- Author : JuMp-Er Date : feb, 21th 2007 Level : Dangerous contact: : aH-crewathotmaildotcom -------------------------------------------------------- Software description -------------------------------------------------------- App...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.110 views

ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability

Title : ASP EDGE = V1.2b user.asp Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://aspedge.cjb.net || http://www.planetsourcecode.com/vb/scripts/ShowCode.asp?txtCodeId=7530&lngWId=4 $$ : Free SQL---------------------------------------------------------...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/09/28 12:0 a.m.110 views

OpenSSH 4.4 is available

OpenSSH 4.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100 complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2006/09/20 12:0 a.m.110 views

PNphpBB2 <= 1.2g (phpbb_root_path) Remote File Include Vulnerability

Yeah, another ZeroDay Smile Vendor: http://www.pnphpbb.com/ Vulnerable File: includes/functionsadmin.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . 'includes/functions.' . $phpEx ; Method To Use:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/08/02 12:0 a.m.110 views

PHP ip2long() function circumvention

--- PHP ip2long function circumvention -------------------------------------- tested on php 5.0.2 " 4.3.3 -------------------------------------------------------------------------------- after some test on miniBB application http://www.minibb.net/ I obtained that the php ip2long function can be...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/02/13 12:0 a.m.111 views

[Full-disclosure] [thunkers.net] D-Link Fragmented UDP DoS Vulnerability

At the time of discovery the issue affected the latest D-Link firmwares. As D-Link has since released a new firmware, this is no longer the case, so... cheers... --- Aaron Portnoy ------------------------------------------------------------------------------------ D-Link Fragmented UDP Denial of...

Exploits0
securityvulns
securityvulns
added 2005/04/19 12:0 a.m.110 views

WheresJames Webcam Publisher Bof + POC [Haxorcitos]

Haxorcitos advisory ----------------------- Application : WheresJames Webcam Publisher Version : Beta 2.0.0014 Url : www.wheresjames.com Type : Remote / Local Bof Author : Miguel Tarasco Acuna - Tarako AT gmail.com - Tarako AT Haxorcitos.com Exploit/Poc : Attached...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2004/10/13 12:0 a.m.110 views

Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707)

Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer 834707 Issued: October 12, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

10CVSS0.4AI score0.56607EPSS
Exploits3
securityvulns
securityvulns
added 2002/04/25 12:0 a.m.110 views

IRIX hpsnmpd vulnerability

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: IRIX hpsnmpd vulnerability Number: 20020404-01-P Date: April 24, 2002 Reference: CERT CA-2002-03 Reference: CVE CAN-2002-0012 Reference: CVE CAN-2002-0013 - ----------------------- - --- Issue Specifics --- - ----------------------- ...

10CVSS6.6AI score0.50845EPSS
Exploits0
securityvulns
securityvulns
added 2000/12/05 12:0 a.m.110 views

PostACI Webmail Vulnerability

The PostACI webmail system contains a rather trival vulnerability. One can obtain the hostname, username and password variables for the MySQL server in addition to other setup information if PostACI is setup as described running out of the box by simplying going to the url:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/08/25 12:0 a.m.110 views

Security Update: ld.so unsetenv problem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Caldera Systems, Inc. Security Advisory Subject: ld.so unsetenv problem Advisory number: CSSA-2000-028.0 Issue date: 2000 August, 24 Cross reference: 1. Problem Description A bug has been discovered in ld.so that could allow local users to obtain supe...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/05/11 12:0 a.m.110 views

Security Bulletin (MS00-031)

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- Microsoft Security Bulletin MS00-031 - -------------------------------------- Patch...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/04/15 12:0 a.m.110 views

SecurityFocus.com Newsletter 37

Premier sponsor: PentaSafe STOP NOW AND MAKE SURE THAT YOUR SYSTEMS ARE SECURE. Download PentaSafe's 10-Point Security Checkup ReportTM for Windows NT, UNIX, Linux, or IBM AS/400. In minutes, this FREE program will scan your systems, checking for the top ten most critical, yet often overlooked,...

8.2AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.109 views

CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 Pending CVSS: 3.5 Low; AV:N/AC:M/Au:S/C:P/I:N/A:N CWE: CWE-89 Description ================ Two blind SQL injection vulnerabilities in Pie Register 2.0.18 allow...

6.5CVSS1AI score0.01383EPSS
Exploits3
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.109 views

[USN-2780-2] MiniUPnP vulnerability

========================================================================== Ubuntu Security Notice USN-2780-2 October 23, 2015 miniupnpc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS0.4AI score0.04783EPSS
Exploits1
securityvulns
securityvulns
added 2015/06/29 12:0 a.m.109 views

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities

About Encripto AS ================= Encripto is a Norwegian company which provides specialized services within IT-security. Our core expertise is security testing, network security monitoring and training. Encripto is committed to information security. We do research to discover trends, new...

8.4AI score
Exploits0
securityvulns
securityvulns
added 2015/03/21 12:0 a.m.109 views

PHP multiple security vulnerabilities

Resources exhaustion, memory corruptions...

7.5CVSS2.1AI score0.42593EPSS
Exploits18References2Affected Software1
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.109 views

[USN-2501-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2501-1 February 17, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS1.7AI score0.53166EPSS
Exploits14
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.109 views

Elasticsearch restrictions bypass

Sandbox restrictions bypass...

7.5CVSS2.2AI score0.99906EPSS
Exploits19References1Affected Software1
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.109 views

APPLE-SA-2015-01-27-2 iOS 8.1.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-2 iOS 8.1.3 iOS 8.1.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted afc command may allow acce...

10CVSS0.5AI score0.19725EPSS
Exploits2
securityvulns
securityvulns
added 2014/12/21 12:0 a.m.109 views

[USN-2441-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2441-1 December 12, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.8CVSS0.7AI score0.08579EPSS
Exploits5
securityvulns
securityvulns
added 2014/09/21 12:0 a.m.109 views

FreeBSD tcp DoS

It's possible to tear down connection without knowing sequence number...

5CVSS2AI score0.80855EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns
added 2014/08/11 12:0 a.m.109 views

(CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities

Hi, We have recently discovered a severe Cross-Application Scripting XAS vulnerability in Apache Cordova for Android. This vulnerability enables theft of sensitive information from Crodova-based apps both locally by malware and also remotely by using drive-by exploitation techniques. In addition,...

6.4CVSS0.9AI score0.04964EPSS
Exploits1
securityvulns
securityvulns
added 2014/03/27 12:0 a.m.109 views

Synology DiskStation Manager code execution

Code execution via web interface...

10CVSS4.2AI score0.84571EPSS
Exploits9References1Affected Software1
securityvulns
securityvulns
added 2014/02/28 12:0 a.m.109 views

[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4590 Information disclosure via XXE when running untrusted web applications Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5 - - Apache Tomcat 7.0.0 to 7.0.47 - - Apache Tomcat...

4.3CVSS0.6AI score0.09487EPSS
Exploits1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.109 views

[PT-2013-63] Hash Length Extension in HTMLPurifier

----------------------------------------------------------- PT-2013-63 Positive Technologies Security Advisory Hash Length Extension in HTMLPurifier ----------------------------------------------------------- --- Vulnerable software HTMLPurifier Version: 4.5.0 and earlier Link:...

1AI score
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.109 views

[USN-2029-1] Apache Commons FileUpload vulnerability

========================================================================== Ubuntu Security Notice USN-2029-1 November 13, 2013 libcommons-fileupload-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and...

7.5CVSS0.4AI score0.12768EPSS
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.109 views

MojoPortal XSS

Class Stored Cross-Site Scripting Remote Yes Credit Michael Savage of Dionach [email protected] Vulnerable MojoPortal 2.3.9.7 MojoPortal is prone to a stored cross-site scripting vulnerability because it does not escape the titles of forum threads when inserting into the page title element. An...

1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.109 views

[SECURITY] CVE-2013-2067 Session fixation with FORM authenticator

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2067 Session fixation with FORM authenticator Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.32 - - Tomcat 6.0.21 to 6.0.36 Description: FORM authentication associates the most recent...

6.8CVSS5.8AI score0.07147EPSS
Exploits2
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.109 views

Varnish 2.1.5, 3.0.3 DoS in http_GetHdr() while parsing Vary header

httpGetHdr | l == strlenhdr + 1 Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.0.3, 2.1.5 Summary: It's possible to crash Varnish via assertion if the single header within the Vary header is longer then 127 bytes. The 'l' cachehttp.c2...

1AI score
Exploits0
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.109 views

FreeBSD 9.1 ftpd Remote Denial of Service

FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 01.02.2013 URL: http://cxsecurity.com/issue/WLB-2013020003 Affected servers: - ftp.uk.freebsd.org, - ftp.ua.freebsd.org, - ftp5.freebsd.org, - ftp5.us.freebsd.org, -...

7.8CVSS6.7AI score0.51298EPSS
Exploits21
Total number of security vulnerabilities5000