Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2006/08/25 12:0 a.m.688 views

phpCOIN 1.2.3 (_CCFG[_PKG_PATH_INCL]) Remote Include Vulnerability

phpCOIN 1.2.3 CCFGPKGPATHINCL Remote Include Vulnerability Discovered by: Timq http://www.securitydb.org Email: timqathackernetworkdotcom http://www.securitydb.org Vulnerable: requireonce include $CCFG'PKGPATHINCL'.'redirect.php'; Exploit PoC:...

1AI score
Exploits0
securityvulns
securityvulns
added 2009/04/03 12:0 a.m.682 views

Autodesk IDrop ActiveX Control Heap Corruption Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Who: Autodesk http://www.autodesk.com What: Autodesk IDrop ActiveX Control http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=2753219& linkID=9240618 IDrop.ocx version 17.1.51.160 21E0CB95-1198-4945-A3D2-4BF804295F78 How: The Src, Background,...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.675 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.13405EPSS
Exploits44References29Affected Software18
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.670 views

OTRS <= 2.0.x XSS/XSRF

--------------------------------------------------------------------------------- | . | | / /||/ | | | Y / | | / / | | / | || | /| | | | // | | / |||| || |/ // | | / / | | Security without illusions | | www.virtuax.be | | |...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.670 views

Mambo Component zOOm Media Gallery <= 2.5 Beta 2 RFI Vulnerabilities

iskorpitx@metlak from TURKEY comzoom file include / // Create the Makernote Parser and Interpreter Function Array $GLOBALS'MakernoteFunctionArray' = array "ReadMakernoteTag" = array , "getMakernoteTextValue" = array , "InterpretMakernotetoHTML" = array ; // Include the Main TIFF and EXIF Tags arr...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2010/02/09 12:0 a.m.666 views

JDownloader download manager code execution

TCP/9666 port HTTP interface used for application management is vulnerable to form redirection attacks...

1.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2007/04/12 12:0 a.m.665 views

Critical phpwiki c99shell exploit

Via the Phpwiki 1.3.x UpLoad feature some hackers from russia uploaded a php3 or php4 file, install a backdoor at port 8081 and have access to your whole disc and overtake the server. A url in the file is http://ccteam.ru/releases/c99shell The uploaded file has a php, php3 or php4 extension and...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2011/09/26 12:0 a.m.656 views

PunBB 1.3.6 bug

Islamic Republic Of Iran Security Team Www.IrIsT.Ir PunBB == 1.3.6 Cross-Site Scripting Vulnerabilities Download......: http://punbb.informer.com/downloads.php1.3.6 Bug Found.....: IrIsT™...

Exploits0
securityvulns
securityvulns
added 2000/04/24 12:0 a.m.656 views

unsafe fgets() in sendmail's mail.local

Topic: unsafe fgets in sendmail's mail.local Description: There are 4 problems: 1. Possibility to insert LMTP commands into e-mail message 2. Possibility of deadlock between sendmail and mail.local 3. Possibility to corrupt user's mailbox 4. Possibility to change e-mail headers of the message in...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2015/01/14 12:0 a.m.651 views

Kodi / XBMC crossite scripting

Crossite scripting in web interface...

1.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/04/21 12:0 a.m.648 views

Microsoft Security Bulletin (MS00-026)

Microsoft Security Bulletin MS00-026 ====================================== Patch Available for "Mixed Object Access" Vulnerability Originally Posted: April 20, 2000 Summary - ------- Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Windowsr 2000 that could,...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2006/07/25 12:0 a.m.642 views

SQuery v.x (devi.php) (armygame.php) Remote File Inclusion

================================================================= SQuery = 4.5libpath Remote File Inclusion Exploit ================================================================= Worked On : ALL VERSIONS | | Critical Level : Dangerous | | Gug Found In : gore.php |...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.636 views

[security bulletin] HPSBMU03024 rev.1 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04267749 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04267749 Version: 1 HPSBMU03024 rev....

5CVSS0.2AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2007/08/10 12:0 a.m.629 views

Shoutbox 1.0 Remote Command Execution Vulnerability

Shoutbox 1.0 Remote Command Execution Vulnerability ----------------------------------------------------------------------- Script : Shoutbox 1.0 Version : 1.0 Site : http://www.mapos-scripts.de Founder : Rizgar Contact : [email protected] and irc.gigachat.net kurdhack Thanks : Kurdish Hackers...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2007/03/16 12:0 a.m.627 views

WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include

|-------------------------------------------------------------------------------| | | | WebCalendar v0.9.45 13 Dec 2004 login.php Remote File include | | | | Script : WebCalendar | | Version : v0.9.45 13 Dec 2004 | | Authord : Drackanz | | Contact : Drackanz at gmail com | | Vendor :...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2007/06/28 12:0 a.m.624 views

Conti FTP Server v1.0 DoS

Conti FTP Server v1.0 Denial of Service author: 35c666 contact: : Download: http://www.procesualitatea.ro/bestplay/ContiFtpServerSetup.exe Bug: Conti Ftp Server crashes when a large //A: string is sent, denying legitimate users access to their accounts. greetz to all RST members at...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2002/08/03 12:0 a.m.622 views

Sun AnswerBook2 format string and other vulnerabilities

------------------------------------------------------------------------ DynaWeb httpd Format String and AnswerBook 2 Unauthenticated Admin Script Execution Vulnerabilities Release Date: August 1, 2002 Application: Solaris ab2 1.4.2 / dwhttpd 4.1a6 with patch 110011-02 and before Severity: Remote...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2000/03/30 12:0 a.m.621 views

Security Bulletin (MS00-019)

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- Microsoft Security Bulletin MS00-019 - -------------------------------------- Patch...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2012/05/21 12:0 a.m.619 views

OpenOffice multiple security vulnerabilities

Multiple memory corruptions...

7.5CVSS2.1AI score0.13734EPSS
Exploits4References4Affected Software2
securityvulns
securityvulns
added 2010/11/10 12:0 a.m.616 views

Microsoft Security Bulletin MS10-087 - Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)

Microsoft Security Bulletin MS10-087 - Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution 2423930 Published: November 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and four privately...

9.3CVSS0.5AI score0.89497EPSS
Exploits21
securityvulns
securityvulns
added 2007/07/22 12:0 a.m.611 views

UseBB 1.0.x Cross Site Scripting (XSS)

Script...............: UseBB version: 1.0.7 Script Site..........: http://www.usebb.net Vulnerability........: Cross Site Scripting XSS Acces................: Remote level................: Dangerous Author...............: S4mi Contact..............: s4miatLinuxMail.org The affected Files :...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2001/03/14 12:0 a.m.611 views

Solaris 5.8 snmpd Vulnerability

Description The /opt/SUNWssp/snmpd command SNMP proxy agent is suid root and contains a buffer overflow, the problem occurs when it copy his own name argv0 to an internal variable without checking out its lenght and this causes the overflow. Vulnerable Version Sun Solaris 5.8 Technical Descriptio...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.607 views

Tiki Wiki CMS Groupware Stored Cross-Site-Scripting

Advisory: Tiki Wiki CMS Groupware Stored Cross-Site-Scripting Advisory ID: INFOSERVE-ADV2011-07 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Tiki 8.1 & 6.4 LTS affects all current releases Vendor URL: http://info.tiki.org/ Vendor Status: fixed...

4.3CVSS5.3AI score0.01642EPSS
Exploits1
securityvulns
securityvulns
added 2001/03/28 12:0 a.m.602 views

advisory

---=== UkR security team - Advisory no. 11 ===--- Anaconda Clipper - 'arbitrary file retreival' vulnerability Date: 27.03.2001 Problem: input validation error. Vulnerable products: Anaconda Clipper ver. 3.3 probably others, but not tested Product vendor: Anaconda / http://www.anaconda.net Comment...

1AI score
Exploits0
securityvulns
securityvulns
added 2001/03/21 12:0 a.m.601 views

DGUX lpsched buffer overflow

Hi there! There's a vulnerability in DG's UNIX implementation DGUX, version R4.20MU06 and MU02 ia32 arch. The problem is when a very long, non-existant, printer name is passed to the program lpsched. It tries to format an error message and then the buffer overflow occurs... Data General was told...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2004/04/13 12:0 a.m.600 views

Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ]

Vendor : TikiWiki Project URL : http://www.tikiwiki.org Version : TikiWiki 1.8.1 && Earlier Risk : Multiple Vulnerabilities Description: Tiki CMS/Groupware aka TikiWiki is a powerful open-source Content Management System CMS and Groupware that can be used to create all sorts of Web applications,...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.599 views

OSQA CMS v3b - Multiple Persistent Vulnerabilities

Title: ====== OSQA CMS v3b - Multiple Persistent Vulnerabilities Date: ===== 2012-02-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=461 VL-ID: ===== 461 Introduction: ============= OSQA is the Open Source Q&A System. It is free software licensed under the GPL, and y...

1AI score
Exploits0
securityvulns
securityvulns
added 2010/12/12 12:0 a.m.598 views

www.eVuln.com : Non-persistent XSS in WWWThreads (perl version)

www.eVuln.com advisory: Non-persistent XSS in WWWThreads perl version Summary: http://evuln.com/vulns/157/summary.html Details: http://evuln.com/vulns/157/description.html -----------Summary----------- eVuln ID: EV0157 Software: n/a Vendor: WWWThreads Version: v5.0.8 Pro perl version Critical...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2005/05/13 12:0 a.m.598 views

Ultimate PHP Board (UPB) Security Advisory

Ultimate PHP Board UPB Security Advisory By : Morinex e-mail : morinexatmarocmafia com date : 13-05-2k5 shoutz : w00pie.nl - Woopie Target : Ultimate PHP Board UPB Vulnerable Versions: v. 1.8 until v 1.9.6 URL : http://www.myupb.com - http://www.myupb.com/forum/ Tested Localhost , Myupb.com. UPB ...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2007/07/05 12:0 a.m.595 views

Multiple SAP Internet Graphics Service security vulnerabilities

File removal, insecure undocumented features, buffer overflow, crossite scripting...

2.5AI score
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2015/07/14 12:0 a.m.593 views

127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt Blog URL:...

7.5CVSS0.1AI score0.84292EPSS
Exploits6
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.593 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.07755EPSS
Exploits45References34Affected Software25
securityvulns
securityvulns
added 2008/02/18 12:0 a.m.592 views

joomla SQL Injection (cat)(com_downloads)

joomla SQL Injection catcomdownloads AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl:"selectcat"comdownloads EXPLOIT :...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2001/03/16 12:0 a.m.591 views

Multiple vendors FTP denial of service

Proftpd built-in 'ls' command has a globbing bug that allows remote denial-of-service. Here's a simple exploit, tested on the Proftpd site : $ ftp ftp.proftpd.org ... Name ftp.proftpd.org:j: ftp ... 230 Anonymous access granted, restrictions apply. Remote system type is UNIX. Using binary mode to...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2003/01/23 12:0 a.m.589 views

YabbSE Remote Code Execution Vulnerability

YabbSE Remote Code Execution Vulnerability By Mindwarper :: [email protected] :: ------- ------- ---------------------- Vendor Information: ---------------------- Homepage : http://www.yabbse.org Vendor : informed Mailed advisory: 21/01/02 Vender Response : None ---------------------- Affected...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2012/09/02 12:0 a.m.588 views

Java environment limitations bypass

There are few ways to bypass limitations and execute privileged code from the applet...

10CVSS3.7AI score0.98536EPSS
Exploits10References3Affected Software2
securityvulns
securityvulns
added 2003/02/14 12:0 a.m.585 views

Abyss WebServer Brute Force Vulnerability

Abyss WebServer Brute Force Vulnerability Package: Abyss WebServer Vendor Web Site: http://www.aprelium.com Versions: All versions = v1.1.2 Platforms: Linux, Windows Local: No Remote: Yes Fix Available: Nofix in progress Vendor Contacted: Sunday, February 09, 2003 6:12 PM Advisory Author: thomas...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/10/03 12:0 a.m.584 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.5CVSS1.6AI score0.02732EPSS
Exploits11References12Affected Software12
securityvulns
securityvulns
added 2014/05/01 12:0 a.m.581 views

[security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04260353 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04260353 Version: 1 HPSBMU03019 rev....

5CVSS0.9AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2014/03/31 12:0 a.m.579 views

FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability

Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2014/04/20 12:0 a.m.576 views

HP Autonomy WorkSite Server v9.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04239374 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04239374 Version: 1 HPSBMU02999 rev....

5CVSS0.5AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2007/06/14 12:0 a.m.575 views

[Full-disclosure] [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-2449: Apache Tomcat XSS vulnerabilities in the JSP examples Severity: low cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.2...

4.3CVSS7.8AI score0.77376EPSS
Exploits1
securityvulns
securityvulns
added 2005/05/14 12:0 a.m.575 views

PHPHeaven PHPMyChat Cross-site Scripting Vulnerablitiy

www.phpheaven.net/ Vulnerable versions: PHPMyChat 0.14.5 Proof of concept: http://www.example.com/chat/config/start-page.css.php3?Charset=iso-8859-1&medium=10&FontName=scriptvar20test=1;alerttest;/script...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2015/07/20 12:0 a.m.574 views

Elasticsearch CVE-2015-5377

Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253. Deployments are vulnerable even when Groovy dynamic scripting is disabled. We have...

7.5CVSS2.7AI score0.44303EPSS
Exploits5
securityvulns
securityvulns
added 2010/07/07 12:0 a.m.572 views

IIS5.1 Directory Authentication Bypass by using “:$I30:$Index_Allocation”

Description: Although IIS5 is very old, finding one is not impossible! Therefore, I want to introduce a technique to bypass the IIS authentication methods on a directory. This vulnerability is because of using Alternate Data Stream to open a protected folder. All of IIS authentication methods can...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/07/11 12:0 a.m.569 views

EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference

Microsoft Publisher 2007 Arbitrary Pointer Dereference Release Date: July 10, 2007 Date Reported: February 16, 2007 Severity: High Remote Code Execution Vendor: Microsoft Vendor Software Affected: Microsoft Office 2007 Small Business Microsoft Office 2007 Professional Microsoft Office 2007 Ultima...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.565 views

[SA21578] phpCodeGenie "BEAUT_PATH" File Inclusion Vulnerability

TITLE: phpCodeGenie "BEAUTPATH" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA21578 VERIFY ADVISORY: http://secunia.com/advisories/21578/ CRITICAL: Less critical IMPACT: System access WHERE: From remote SOFTWARE: phpCodeGenie 3.x http://secunia.com/product/4141/ DESCRIPTION: Kacper has...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2013/11/18 12:0 a.m.562 views

Dahua DVR authentication bypass

Some commands may be executed without authentication via TCP/37777 protocol...

10CVSS5.3AI score0.70713EPSS
Exploits6References1
securityvulns
securityvulns
added 2006/07/14 12:0 a.m.562 views

perForms <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion

--------------------------------------------------------------------------- perForms = 1.0 mosConfigabsolutepath Remote File Inclusion --------------------------------------------------------------------------- Remote : Yes Critical Level : High Vuln founded in a log file: lazy 0day!!! :D...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/11/02 12:0 a.m.558 views

apport security vulnerabilities

Symbolic links and hadlinks vulnerability in log files, privilege escalation...

7.2CVSS1.6AI score0.0091EPSS
Exploits2References2Affected Software1
Total number of security vulnerabilities5000