Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2010/04/19 12:0 a.m.110 views

[DSecRG-09-053] VMware Remoute Console - format string

Digital Security Research Group DSecRG Advisory DSECRG-09-053 Application: VMware Remoute Console Version: e.x.p build-158248 Vendor URL: http://vmware.com Bugs: Format String Vulnerabilitys Exploits: YES PoC Reported: 07.08.2009 Vendor response: 13.08.2009 Date of Public Advisory: 09.04.2010 CVE...

10CVSS0.1AI score0.162EPSS
Exploits4
securityvulns
securityvulns
added 2010/04/15 12:0 a.m.110 views

Microsoft Security Bulletin MS10-022 - Important Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)

Microsoft Security Bulletin MS10-022 - Important Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution 981169 Published: April 13, 2010 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in VBScript on Microso...

7.6CVSS0.9AI score0.86367EPSS
Exploits7
securityvulns
securityvulns
added 2010/03/24 12:0 a.m.110 views

Instant CMS <= 1.1rc3 Admin (Auth Bypass) Vulnerability

======================================================= Instant CMS = 1.1rc3 Admin Auth Bypass Vulnerability ======================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 ...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2010/01/12 12:0 a.m.110 views

Multiple applications log files terminal control characters injections

ESC-sequences filtering is not performed...

5CVSS3AI score0.27008EPSS
Exploits11References1Affected Software10
securityvulns
securityvulns
added 2009/11/05 12:0 a.m.110 views

ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability

ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-080 November 4, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPointTM IPS Customer Protection:...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2009/10/22 12:0 a.m.110 views

TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== Title: TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities Product: TwonkyMedia Server Vendor: TwonkyMedia PacketVideo Corporation, http://www.twonkymedia.com...

1AI score
Exploits0
securityvulns
securityvulns
added 2009/07/28 12:0 a.m.110 views

Squid Proxy Cache Security Update Advisory SQUID-2009:2

Squid Proxy Cache Security Update Advisory SQUID-2009:2 Advisory ID: SQUID-2009:2 Date: July 27, 2009 Summary: Multiple Remote Denial of service issues in header processing. Affected versions: Squid 3.0 - 3.0.STABLE16, Squid 3.1 - 3.1.0.11 Fixed in version: Squid 3.0.STABLE17, 3.1.0.12...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2009/07/18 12:0 a.m.110 views

[SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1836-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 16, 2009 http://www.debian.org/security/faq -...

7.5CVSS0.6AI score0.83865EPSS
Exploits10
securityvulns
securityvulns
added 2009/06/01 12:0 a.m.110 views

SQL Injection vulnerability in myPHPNuke

Здравствуйте 3APA3A! Сообщаю вам о найденной мною SQL Injection уязвимости в системе myPHPNuke. SQL Injection: POST запрос на странице http://site/admin.php " from mpnauthors where benchmark10000,md5now!=1/ В поле Nickname. Auth Bypass атака в данном случае невозможна, только Blind SQL Injection...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/02/05 12:0 a.m.110 views

Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Oracle Database Buffer Overflow in SYS.OLAPIMPLT.ODCITABLESTART January 29, 2009 Risk Level: High Affected versions: Oracle Database Server version 9iR2 Remote exploitable: Yes Authentication to Database Server is needed...

4CVSS0.4AI score0.0135EPSS
Exploits4
securityvulns
securityvulns
added 2008/07/29 12:0 a.m.110 views

Multiple DNS servers and clients DNS records spoofing

DNS poisoning attack may be used to spoof query results...

6.8CVSS3.3AI score0.95182EPSS
Exploits21References5Affected Software4
securityvulns
securityvulns
added 2008/04/14 12:0 a.m.110 views

w2b.ru multiple products SQL Injection

------------------------------------------------------- | Aria-Security Team Persian Security Network | | http://Aria-Security.com For English | | http://Aria-Security.net For Farsi | | Greetz: | | AurA, NULL, Kinglet, t3rr0r1st, Moromort | | and to all of our staff | | Discovered by The-0utl4w |...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2008/02/27 12:0 a.m.110 views

Mozilla Foundation Security Advisory 2008-07

Mozilla Foundation Security Advisory 2008-07 Title: Possible information disclosure in BMP decoder Impact: Moderate Announced: February 19, 2008 Reporter: Gynvael Coldwind // Vexillium Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0.12 SeaMonkey 1.1.8...

9.3CVSS0.8AI score0.02224EPSS
Exploits1
securityvulns
securityvulns
added 2008/02/05 12:0 a.m.110 views

[DSECRG-08-011] Astrosoft HelpDesk Multiple XSS

Digital Security Research Group DSecRG Advisory DSECRG-08-011 Application: Astrosoft HelpDesk Versions Affected: Vendor URL: http://astrosoft.ru/ Bugs: Multiple XSS Injections Exploits: YES Reported: 29.01.2008 Vendor response: NONE Date of Public Advisory: 04.02.2008 Authors: Alexandr Polyakov,...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/01/08 12:0 a.m.110 views

[HSC] Snitz Forums Multiple Vulnerabilities

HSC Snitz Forums Multiple Vulnerabilities Snitz Forums Default Database installation allows remote users to download the database which contains critical information. As a result, an attacker exploiting this vulnerability will be able to obtain detailed information. An attacker may leverage xss...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/08/23 12:0 a.m.110 views

myphotographer image shop script /events/index.asp sql injection

myphotographer image shop script /events/index.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam,Liz0ziM,eno7,3APA3A Sourge site : http://www.myphotographer.com/support/ 1-...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.110 views

US-CERT Technical Cyber Security Alert TA07-199A -- Mozilla Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-199A Mozilla Updates for Multiple Vulnerabilities Original release date: July 18, 2007 Last revised: -- Source: US-CERT Systems Affected Mozilla Firefox Mozilla Thunderbird Other products...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/07/13 12:0 a.m.110 views

[Full-disclosure] ActiveWeb Contentserver CMS SQL Injection Management Interface

Advisory: ActiveWeb Contentserver CMS SQL Injection Management Interface RedTeam Pentesting discovered an SQL Injection in the picturerealedit.asp script of the activeWeb contentserver CMS during a penetration test. An editor with the permission to edit pictures can exploit this by injecting...

6.5CVSS7AI score0.02899EPSS
Exploits2
securityvulns
securityvulns
added 2007/06/28 12:0 a.m.110 views

SAP Web Dynpro Java (BC-WD-JAV) Vulnerability

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: NetWeaver, Web Dynpro Java BC-WD-JAV Vendor: SAP Subject: Multiple XSS, HTML Injection Risk: Medium Effect: Remotely exploitable Author: Cyrill Brunschwiler [email protected] Date: June, 17th 2007 Introduction: ------------- Compass...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2007/05/25 12:0 a.m.110 views

GMTT Music Distro 1.2 XSS Exploit

-=--------------------ADVISORY-------------------=- GMTT Music Distro Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: GMTT Music Distro -=+ Version: 1.2 -=+ Vendor's URL: http://www.gmtt.co.uk/catalog/webstores -=+ Platform: WindowsLinuxUnix...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/04/27 12:0 a.m.110 views

Linux and BSD based Unix system IPv6 traffic amplification

IPv6 routing header allows to set route in a way to trasmit packet for multiple times over the same link...

7.8CVSS1.9AI score0.05035EPSS
Exploits0References1Affected Software3
securityvulns
securityvulns
added 2007/03/27 12:0 a.m.110 views

Multiple XSS in IronMail

=============================== - Advisory - =============================== Tнtulo: Multipls XSS in Cypherstrust Ironmail 6.1.1 Risk: Medium Date: 20.Feb.2007 Author: Javier Olascoaga jolascoaga at 514.es WEB: http://www.514.es/ .: INTRO :. IronMail protects enterprise email systems from inbound...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.110 views

Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln

Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: Mambo Component - Display MOSBot Manager Attack method: Remote File Inclusion Source: includeonce "".$mosConfigabsolutepath."/administrator/components/"...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.110 views

Joomla RFİ ( ERNE )

ERNE ---- ERNEALZM ---- BU ASK BiTMEZ---- Mambo jim Component - Remote File Include Vulnerabilities Credits : ERNE Risk : High Class: Remote Thanks : EntRika, Liz0zim, Rmx, Dengesiz, DiLejyoner AND irc.gigachat.net kurdhack contact: erneaternealizmdotcom Vulnerable :...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/08/02 12:0 a.m.110 views

PHP ip2long() function circumvention

--- PHP ip2long function circumvention -------------------------------------- tested on php 5.0.2 " 4.3.3 -------------------------------------------------------------------------------- after some test on miniBB application http://www.minibb.net/ I obtained that the php ip2long function can be...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/01/31 12:0 a.m.110 views

NetDSL-1000 DSL router telnet server DoS

Request flood causes telnet service to hang...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2005/05/17 12:0 a.m.110 views

Woltlab Burning Board SQL Injection Vulnerability

GulfTech Security Research May 16th, 2005 Vendor : Woltlab GmbH URL : http://www.woltlab.de/ Version : Burning Board 2. And Earlier Risk : SQL Injection Vulnerabilities Description: Burning Board is a popular, multi purpose forum / community software offered by WoltLab GmbH. There is an SQL...

8.4AI score
Exploits0
securityvulns
securityvulns
added 2004/10/13 12:0 a.m.110 views

Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707)

Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer 834707 Issued: October 12, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

10CVSS0.4AI score0.56607EPSS
Exploits3
securityvulns
securityvulns
added 2002/10/31 12:0 a.m.110 views

Microsoft Security Bulletin MS02-062: Cumulative Patch for Internet Information Service (Q327696)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Cumulative Patch for Internet Information Service Q327696 Date: 30 October 2002 Software: Internet Information Service Impact: Four vulnerabilities, the most serious of which could...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2002/04/25 12:0 a.m.110 views

IRIX hpsnmpd vulnerability

-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: IRIX hpsnmpd vulnerability Number: 20020404-01-P Date: April 24, 2002 Reference: CERT CA-2002-03 Reference: CVE CAN-2002-0012 Reference: CVE CAN-2002-0013 - ----------------------- - --- Issue Specifics --- - ----------------------- ...

10CVSS6.6AI score0.50845EPSS
Exploits0
securityvulns
securityvulns
added 2000/12/05 12:0 a.m.110 views

PostACI Webmail Vulnerability

The PostACI webmail system contains a rather trival vulnerability. One can obtain the hostname, username and password variables for the MySQL server in addition to other setup information if PostACI is setup as described running out of the box by simplying going to the url:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/10/31 12:0 a.m.110 views

Unify eWave ServletExec DoS

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory Unify eWave ServletExec DoS ---------------------------------------------------------------------- FS Advisory ID: FS-103000-15-SRVX Release Date: October 30, 2000 Product: Unify eWave ServletExec 3.0C Vendo...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2000/08/25 12:0 a.m.110 views

Security Update: ld.so unsetenv problem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Caldera Systems, Inc. Security Advisory Subject: ld.so unsetenv problem Advisory number: CSSA-2000-028.0 Issue date: 2000 August, 24 Cross reference: 1. Problem Description A bug has been discovered in ld.so that could allow local users to obtain supe...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/06/03 12:0 a.m.110 views

Security Bulletin (MS00-032)

Microsoft Security Bulletin MS00-032 - -------------------------------------- Patch and Tool Available for "Protected Store Key Length" Vulnerability Originally Posted: June 01, 2000 Summary ======= Microsoft has released a patch and a tool that eliminate a security vulnerability in Microsoftr...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.109 views

CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 Pending CVSS: 3.5 Low; AV:N/AC:M/Au:S/C:P/I:N/A:N CWE: CWE-89 Description ================ Two blind SQL injection vulnerabilities in Pie Register 2.0.18 allow...

6.5CVSS1AI score0.01383EPSS
Exploits3
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.109 views

[USN-2780-2] MiniUPnP vulnerability

========================================================================== Ubuntu Security Notice USN-2780-2 October 23, 2015 miniupnpc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS0.4AI score0.04783EPSS
Exploits1
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.109 views

sysadmin privilege in EMC Documentum Content Server

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed In 2011 Yuri Simone discovered a security flaw in EMC Documentum Content Server, which allows users with sysadmin privileges to elevate their privileges to superuser see CVE-2011-4144. On...

9CVSS6.4AI score0.02557EPSS
Exploits2
securityvulns
securityvulns
added 2015/03/21 12:0 a.m.109 views

PHP multiple security vulnerabilities

Resources exhaustion, memory corruptions...

7.5CVSS2.1AI score0.42593EPSS
Exploits18References2Affected Software1
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.109 views

Elasticsearch restrictions bypass

Sandbox restrictions bypass...

7.5CVSS2.2AI score0.99906EPSS
Exploits19References1Affected Software1
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.109 views

Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability

Document Title: =============== Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1362 Release Date: ============= 2014-12-04 Vulnerability Laboratory ID VL-ID: ==================================== 1362...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2014/12/21 12:0 a.m.109 views

[USN-2441-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2441-1 December 12, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.8CVSS0.7AI score0.08579EPSS
Exploits5
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.109 views

[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert

Hi, You can read the usernames and MD5 hashed passwords of all the users in the Device Expert application by sending an unauthenticated request. I am releasing this as a 0 day as ManageEngine have responded that they do not consider this a priority and won't fix it in the near future unless a...

5CVSS0.9AI score0.57475EPSS
Exploits8
securityvulns
securityvulns
added 2014/09/21 12:0 a.m.109 views

FreeBSD tcp DoS

It's possible to tear down connection without knowing sequence number...

5CVSS2AI score0.80855EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns
added 2014/08/11 12:0 a.m.109 views

(CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities

Hi, We have recently discovered a severe Cross-Application Scripting XAS vulnerability in Apache Cordova for Android. This vulnerability enables theft of sensitive information from Crodova-based apps both locally by malware and also remotely by using drive-by exploitation techniques. In addition,...

6.4CVSS0.9AI score0.04964EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/15 12:0 a.m.109 views

CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211

Vulnerability title: Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211 CVE: CVE-2014-2046 Vendor: Broadcom Ltd Product: PIPA C211 Affected version: Soft Rev: SR1.1, HW Rev: PIPA C211 rev2 Fixed version: N/A Reported by: Jerzy Kramarz Details: By sending a crafted PO...

9.7CVSS0.03815EPSS
Exploits6
securityvulns
securityvulns
added 2014/02/28 12:0 a.m.109 views

[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4590 Information disclosure via XXE when running untrusted web applications Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5 - - Apache Tomcat 7.0.0 to 7.0.47 - - Apache Tomcat...

4.3CVSS0.6AI score0.09487EPSS
Exploits1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.109 views

[USN-2029-1] Apache Commons FileUpload vulnerability

========================================================================== Ubuntu Security Notice USN-2029-1 November 13, 2013 libcommons-fileupload-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and...

7.5CVSS0.4AI score0.12768EPSS
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.109 views

[PT-2013-63] Hash Length Extension in HTMLPurifier

----------------------------------------------------------- PT-2013-63 Positive Technologies Security Advisory Hash Length Extension in HTMLPurifier ----------------------------------------------------------- --- Vulnerable software HTMLPurifier Version: 4.5.0 and earlier Link:...

1AI score
Exploits0
securityvulns
securityvulns
added 2013/06/17 12:0 a.m.109 views

[USN-1875-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1875-1 June 14, 2013 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5.5CVSS0.3AI score0.03128EPSS
Exploits0
securityvulns
securityvulns
added 2013/06/04 12:0 a.m.109 views

socat security vulnerabilities

Buffer overflow, file descriptor leakage...

6.2CVSS2.5AI score0.02061EPSS
Exploits0References1
Total number of security vulnerabilities5000