Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2012/06/18 12:0 a.m.111 views

Boonex Dolphin v7.0.9 CMS & Mobile App - Multiple Web Vulnerabilities

Title: ====== Boonex Dolphin v7.0.9 CMS - Multiple Web Vulnerabilities Date: ===== 2012-05-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=565 http://www.vulnerability-lab.com/getcontent.php?id=566 ID: Changeset 16256 VL-ID: ===== 565 Common Vulnerability Scoring...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.111 views

PHP Booking Calendar 10e XSS

Exploit Title: PHP Booking Calendar 10e XSS Date: 12/16/11 Author: G13 Software Link: http://sourceforge.net/projects/bookingcalendar/ Version: 10e Category: webapps php Vulnerability The pageinfomessage varibale in the detailsview.php does not sanitize input. This is a relective XSS attack...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/04 12:0 a.m.111 views

Sql injection in SugarCRM

Vulnerability ID: HTB23051 Reference: https://www.htbridge.ch/advisory/sqlinjectioninsugarcrm.html Product: SugarCRM Vendor: SugarCRM Inc. http://www.sugarcrm.com Vulnerable Version: Community Edition 6.3.0RC1 and probably prior Tested Version: Community Edition 6.3.0RC1 Vendor Notification: 05...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/11/11 12:0 a.m.111 views

[SECURITY] [DSA 2343-1] openssl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2343-1 [email protected] http://www.debian.org/security/ Raphael Geissert November 09, 2011 http://www.debian.org/security/faq -...

2AI score
Exploits0
securityvulns
securityvulns
added 2011/08/27 12:0 a.m.111 views

Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution

Jcow CMS 4.x:4.2 = , 5.x:5.2 = | Arbitrary Code Execution 1. OVERVIEW Jcow CMS versions 4.x: 4.2 and lower, 5.x: 5.2 and lower are vulnerable to Arbitrary Code Execution. 2. BACKGROUND Jcow is a flexible Social Networking software written in PHP. It can help you to build a social network for your...

2.5AI score
Exploits0
securityvulns
securityvulns
added 2011/08/17 12:0 a.m.111 views

ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication On-Premise Advisories Updated August 11, 2011 Summary: An issue with Adaptive Authentication On-Premise was discovered which in certain circumstances...

7.5CVSS0.01289EPSS
Exploits0
securityvulns
securityvulns
added 2011/07/26 12:0 a.m.111 views

[PT-2011-08] Multiple vulnerabilities in Dlink DPH 150SE/E/F1

---------------------------------------------------------------------- PT-2011-08 Positive Technologies Security Advisory Multiple vulnerabilities in Dlink DPH 150SE/E/F1 ---------------------------------------------------------------------- --- Vulnerable platform Dlink DPH 150s IP Phone Firmwar...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.111 views

XSS in Webmin 1.540 + exploit for privilege escalation

Information -------------------- Name : XSS vulnerability in Webmin Software : All versions prior to and including 1.540 are affected. Vendor Hompeage : http://www.webmin.com Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Javier Bassi javierbassi at gmail dot com...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/04/05 12:0 a.m.111 views

Xymon monitor cross-site scripting vulnerabilities

Several cross-site scripting vulnerabilities have been identified in the Xymon systems- and network-monitoring tool available at http://sourceforge.net/projects/xymon/ All versions prior to 4.3.1 released April 3, 2011 are vulnerable. I would like to thank David Ferrest for notifying me of this...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2010/12/28 12:0 a.m.111 views

PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel Audio and Web Conferencing)

http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr10-14 PR10-14 Unauthenticated command execution within Mitel's AWC Mitel Audio and Web Conferencing Advisory publicly released: Tuesday, 21 December 2010 Vulnerability found: Wednesday, 21 July 2010 Vendor informed: Monday, 26 July...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2010/11/28 12:0 a.m.111 views

XSRF (CSRF) in Wolf CMS

Vulnerability ID: HTB22681 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinwolfcms.html Product: Wolf CMS Vendor: Wolf CMS team http://www.wolfcms.org/ Vulnerable Version: 0.6.0b and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: CSRF Cross-Site Request...

7AI score
Exploits0
securityvulns
securityvulns
added 2010/08/12 12:0 a.m.111 views

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Advisory ID: cisco-sa-20100811-ace Revision 1.0 For Public Release 2010 August 11 1600 UTC GMT...

7.8CVSS0.6AI score0.01763EPSS
Exploits0
securityvulns
securityvulns
added 2010/05/17 12:0 a.m.111 views

phpvidz Administrative Password Disclosure

Original Advisory:http://blog.sitewat.ch/2010/05/phpvidz-administrative-password.html Affecting: phpvidz 0.9.5 Vulnerability: Administrative Password Disclosure Vendor's Homepage: http://sourceforge.net/projects/phpvidz/ Date: May 15th 2010 Researcher: Michael Brooks phpvidz does not use a SQL...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/04/17 12:0 a.m.111 views

Hackproofing Oracle Financials 11i & R12

Hi all, Yesterday a friend of mine told me that I "forget" to share with the general public one small detail about a presentation 1 I given at the conference RootedCon 2010 2. In the presentation there is a currently working 0day against Oracle Financials R12. The 0day is too obvious and pretty...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2010/02/04 12:0 a.m.111 views

[CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Cisco Secure Desktop XSS/JavaScript Injection 1. Advisory Information Title: Cisco Secure Desktop XSS/JavaScript Injection Advisory Id: CORE-2010-0106 Advisory URL:...

4.3CVSS0.04364EPSS
Exploits2
securityvulns
securityvulns
added 2009/12/21 12:0 a.m.111 views

[ISecAuditors Security Advisories] PHP-Calendar <= v1.1 'configfile' Remote and Local File Inclusion vulnerability

============================================= INTERNET SECURITY AUDITORS ALERT 2009-011 - Original release date: October 13th, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3702 - Severity: 8.5/10 CVSS Base Score...

7.5CVSS1.2AI score0.02447EPSS
Exploits2
securityvulns
securityvulns
added 2009/06/16 12:0 a.m.111 views

Netgear DG632 Router Remote DoS Vulnerability

Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: [email protected] [email protected] Original URL: http://www.tomneaves.co.uk/NetgearDG632RemoteDoS.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG632 router h...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2009/06/09 12:0 a.m.111 views

[SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-5515: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.27 Tomcat 6.0.0 to 6.0.18 The unsupported Tomcat 3.x, 4.0.x and...

5CVSS4.7AI score0.18685EPSS
Exploits1
securityvulns
securityvulns
added 2009/04/24 12:0 a.m.111 views

Formshield Captcha - Older Version vulnerable to replay attacks

Replay attack on CAPTCHA Libraries Summary A CAPTCHA implementation that we tested were found to be vulnerable to replay attacks. The attack is explained in detail for Formshield – A popular DOT NET CAPTCHA implementation. NOTE: We discovered this during a Black Box engagement with one of our...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/09/15 12:0 a.m.111 views

Secunia Research: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow

====================================================================== Secunia Research 12/09/2008 - Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow - ====================================================================== Table of Contents Affected...

10CVSS0.8AI score0.06673EPSS
Exploits5
securityvulns
securityvulns
added 2008/03/10 12:0 a.m.111 views

[SECURITY] [DSA 1514-1] New moin packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1514-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 9, 2008 http://www.debian.org/security/faq -...

5.8CVSS0.14787EPSS
Exploits2
securityvulns
securityvulns
added 2007/05/21 12:0 a.m.111 views

Gnats XSS vuln

GNATS XSS vuln Vuln. discovered by : r0t Date: 19 May 2007 vendor:http://www.gnu.org/software/gnats/ affected versions: tested on Gnatsweb v4.00, Gnats v4.1.99 orginal advisory:http://pridels-team.blogspot.com/2007/05/blog-post.html Gnats contains a flaw that allows a remote Cross-Site Scripting...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/05/02 12:0 a.m.111 views

E-Annu (home.php) Remote SQL Injection Vulnerability

-------------------------------------------------AYYILDIZ.ORG PreSents... Script: E-Annu Script D.: http://www.alic.ch/sources/annu.rar Script Demo: http://www.autocash.ch/annu/ Contact: ilker Kandemir ilkerkandemiratmynet.com info: / Siz Yokken AYYILDIZ Vardi. /...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.111 views

PHP121 Instant Messenger 2.2 Local File Inclusion Vulnerability

+========================I=R=A=N============================+ PHP121 Version 2.2 =========================I=R=A=N============================= +========================I=R=A=N============================+ Author : Dj7xpl / Dj7xplatYahoodotcom...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.111 views

witshare 0.9 Local File Include Vulnerabilitiy

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/04/05 12:0 a.m.111 views

MapLab MS4W 2.2.1 Remote File Inclusion Vulnerability

Bug Found By ka0x D.O.M TEAM we are: anonyph;arp;ka0x;xarnuz Contact: [email protected] FROM SPAIN --- Script: MapLab Version: 2.2.1 Official Site: http://www.maptools.org Download: http://www.maptools.org/dl/ms4w/maplabms4w-2.2.1.zip -- Bug File: params.php Path: /htdocs/gmapfactory/params.php Bu...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.111 views

ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability

Title : ASP EDGE = V1.2b user.asp Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://aspedge.cjb.net || http://www.planetsourcecode.com/vb/scripts/ShowCode.asp?txtCodeId=7530&lngWId=4 $$ : Free SQL---------------------------------------------------------...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/12/25 12:0 a.m.111 views

myPHPNuke Gallery Module (basepath) Remote File Include

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- myPHPNuke Gallery Module basepath Remote File Include =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Found: Cyber-Security.Org...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.111 views

UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability

Title : UltraSite 1.0 update.asp Remote SQL Injection Vulnerability Author : ajann Admin Panel= http://target/path//update.asp?id=SQL Example: //update.asp?id=-120union20select200,0,0,username,password,0,0,0,0,0,0,0,0,020from20members20where20id20like207 """"""""""""""""""""" ajann,Turkey ... Im...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2006/09/20 12:0 a.m.111 views

PNphpBB2 <= 1.2g (phpbb_root_path) Remote File Include Vulnerability

Yeah, another ZeroDay Smile Vendor: http://www.pnphpbb.com/ Vulnerable File: includes/functionsadmin.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . 'includes/functions.' . $phpEx ; Method To Use:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/05/09 12:0 a.m.111 views

tseekdir.cgi<--Local File Include

---------------------------------- foud by: BoNy-m Site: http://www.alshmokh.com E-mail: [email protected] ---------------------------------- Search: allinurl:tseekdir.cgi example: /tseekdir.cgi?location=/etc/passwd00 /tseekdir.cgi?id=1055&location=/etc/passwd00...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2006/02/13 12:0 a.m.112 views

[Full-disclosure] [thunkers.net] D-Link Fragmented UDP DoS Vulnerability

At the time of discovery the issue affected the latest D-Link firmwares. As D-Link has since released a new firmware, this is no longer the case, so... cheers... --- Aaron Portnoy ------------------------------------------------------------------------------------ D-Link Fragmented UDP Denial of...

Exploits0
securityvulns
securityvulns
added 2005/04/19 12:0 a.m.111 views

WheresJames Webcam Publisher Bof + POC [Haxorcitos]

Haxorcitos advisory ----------------------- Application : WheresJames Webcam Publisher Version : Beta 2.0.0014 Url : www.wheresjames.com Type : Remote / Local Bof Author : Miguel Tarasco Acuna - Tarako AT gmail.com - Tarako AT Haxorcitos.com Exploit/Poc : Attached...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2003/09/03 12:0 a.m.111 views

PtHProductions Gastenboek - XSS

------------------------------------------------------------------ - EXPL-A-2003-022 exploitlabs.com Advisory 022 ------------------------------------------------------------------ -= PtHProductions Gastenboek =- Donnie Werner Aug, 29 2003 Vunerabilitys: ---------------- 1. Persistant XSS injecti...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2002/12/17 12:0 a.m.111 views

Security Patchs for PHP Products

PHPSecure made some patchs for security holes in PHP products. Here is the list : - ALP - Banner Ad 2.0 : http://www.phpsecure.org/index.php?id=1&zone=pDl More details : http://online.securityfocus.com/search?category=22&query=ALP - Tight Auction 3.0 :...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/11/17 12:0 a.m.111 views

vixie cron...

Attached shell-script exploits fopen + preserved umask vulnerability in Paul Vixie's cron code. It will work on systems where /var/spool/cron is user-readable eg. 0755 - AFAIR Debian does so. RedHat at least 6.1 and previous have mode 0700 on /var/spool/cron, and thus it isn't exploitable in its...

7AI score
Exploits0
securityvulns
securityvulns
added 2000/05/11 12:0 a.m.111 views

Security Bulletin (MS00-031)

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- Microsoft Security Bulletin MS00-031 - -------------------------------------- Patch...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/04/15 12:0 a.m.111 views

SecurityFocus.com Newsletter 37

Premier sponsor: PentaSafe STOP NOW AND MAKE SURE THAT YOUR SYSTEMS ARE SECURE. Download PentaSafe's 10-Point Security Checkup ReportTM for Windows NT, UNIX, Linux, or IBM AS/400. In minutes, this FREE program will scan your systems, checking for the top ten most critical, yet often overlooked,...

8.2AI score
Exploits0
securityvulns
securityvulns
added 2015/06/29 12:0 a.m.110 views

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities

About Encripto AS ================= Encripto is a Norwegian company which provides specialized services within IT-security. Our core expertise is security testing, network security monitoring and training. Encripto is committed to information security. We do research to discover trends, new...

8.4AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.110 views

CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4

Title: CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 Submitter: Nitin Venkatesh Product: Encrypted Contact Form Wordpress Plugin Product URL: https://wordpress.org/plugins/encrypted-contact-form/ Vulnerability Type: Cross-site...

6.8CVSS0.4AI score0.04727EPSS
Exploits5
securityvulns
securityvulns
added 2015/04/17 12:0 a.m.110 views

APPLE-SA-2015-04-08-3 iOS 8.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-3 iOS 8.3 iOS 8.3 is now available and addresses the following: AppleKeyStore Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A malicious application may be able to guess the user's...

7.5CVSS0.6AI score0.09964EPSS
Exploits5
securityvulns
securityvulns
added 2015/04/16 12:0 a.m.110 views

Microsoft Exchange crossite scripting

Multiple crossite scripting possibilities...

4.3CVSS1.3AI score0.11786EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.110 views

Elasticsearch restrictions bypass

Sandbox restrictions bypass...

7.5CVSS2.2AI score0.99906EPSS
Exploits19References1Affected Software1
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.110 views

[USN-2501-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2501-1 February 17, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS1.7AI score0.53166EPSS
Exploits14
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.110 views

APPLE-SA-2015-01-27-2 iOS 8.1.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-2 iOS 8.1.3 iOS 8.1.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted afc command may allow acce...

10CVSS0.5AI score0.19725EPSS
Exploits2
securityvulns
securityvulns
added 2014/11/10 12:0 a.m.110 views

ZTE ZXDSL 831 Multiple Cross Site Scripting

TR-069 Client page: Stored. executes when users go to http://192.168.1.1/tr69cfg.html...

1AI score
Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.110 views

[oss-security] CVE request: Proxmox VE < 3.2 user enumeration vulnerability

Hi list, We recently found a vulnerability affecting Proxmox VE 3.2 that allows an unauthenticated user to perform user enumeration. Vendor was contacted and the vulnerability fixed in Proxmox VE 3.2, released on 2014-03-10. References: Proxmox related commits:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2014/03/24 12:0 a.m.110 views

lighttpd security vulnerabilities

SQL injection, directory traversal...

7.5CVSS2.2AI score0.61665EPSS
Exploits4References1Affected Software1
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.110 views

[SECURITY] CVE-2013-2067 Session fixation with FORM authenticator

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2067 Session fixation with FORM authenticator Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.32 - - Tomcat 6.0.21 to 6.0.36 Description: FORM authentication associates the most recent...

6.8CVSS5.8AI score0.07147EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.110 views

XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress

Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very...

4.3CVSS5.6AI score0.06316EPSS
Exploits4
Total number of security vulnerabilities5000