Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2015/06/01 12:0 a.m.108 views

OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities

Document Title: =============== OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID VL-ID: ===================================...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2015/04/16 12:0 a.m.108 views

Microsoft Office and Sharepoint multiple security vulnerabilities

Code execution, privilege escalation...

9.3CVSS2.8AI score0.97327EPSS
Exploits4Affected Software4
securityvulns
securityvulns
added 2015/03/18 12:0 a.m.108 views

APPLE-SA-2015-03-17-1 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-17-1 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 are now available and address the following: WebKit Impact: Visiting a maliciously crafted website may lead to an unexpected application...

6.8CVSS0.5AI score0.03016EPSS
Exploits0
securityvulns
securityvulns
added 2015/03/07 12:0 a.m.108 views

[SECURITY] [DSA 3170-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3160-1 [email protected] http://www.debian.org/security/ Ben Hutchings February 23, 2015 http://www.debian.org/security/faq -...

10CVSS0.9AI score0.09828EPSS
Exploits7
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.108 views

CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in "JobScheduler"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-5391 =================== "DOM-based Cross-Site Scripting XSS" CWE-79 vulnerability in "JobScheduler" product Vendor =================== Software- & Organisations-Service GmbH Product =================== "JobScheduler is a workload automation...

4.3CVSS0.02227EPSS
Exploits0
securityvulns
securityvulns
added 2014/10/11 12:0 a.m.108 views

[USN-2379-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2379-1 October 09, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.8CVSS1.4AI score0.06167EPSS
Exploits8
securityvulns
securityvulns
added 2014/09/15 12:0 a.m.108 views

[USN-2344-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2344-1 September 10, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS1.2AI score0.20237EPSS
Exploits1
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.108 views

[USN-2315-1] serf vulnerability

========================================================================== Ubuntu Security Notice USN-2315-1 August 14, 2014 serf vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

4CVSS0.7AI score0.0315EPSS
Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.108 views

Bilyoner mobile apps prone to various SSL/TLS attacks

===================================================================== Sceptive Security Advisory Synopsis: Bilyoner mobile apps prone to various SSL/TLS attacks Product: Various mobile applications Advisory URL: http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks Advisory...

5.8CVSS0.5AI score0.00566EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.108 views

[SECURITY] CVE-2014-0097 Apache Tomcat information disclosure

CVE-2014-0097 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The code used to parse the request content length header did not check...

7.5CVSS7.3AI score0.01209EPSS
Exploits0
securityvulns
securityvulns
added 2014/03/27 12:0 a.m.108 views

[oCERT-2014-002] Xalan-Java insufficient secure processing

2014-002 Xalan-Java insufficient secure processing Description: The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing JAXP which supports a secure processing feature for interpretive and XSLCT processors. The...

7.5CVSS0.6AI score0.13809EPSS
Exploits2
securityvulns
securityvulns
added 2014/01/19 12:0 a.m.108 views

SQL Injection in Sexy Polling Joomla Extension

Advisory ID: HTB23193 Product: Sexy Polling Joomla Extension Vendor: 2GLux Vulnerable Versions: 1.0.8 and probably prior Tested Version: 1.0.8 Advisory Publication: December 26, 2013 without technical details Vendor Notification: December 26, 2013 Vendor Patch: January 8, 2014 Public Disclosure:...

7.5CVSS8.1AI score0.02289EPSS
Exploits3
securityvulns
securityvulns
added 2013/10/03 12:0 a.m.108 views

ExpressionEngine 2.6 Persistent XSS

Hi, I'd like to disclose a vulnerability I found in ExpressionEngine 2.6 and below. The issue is when you submit a new entry through Admin - Content - Publish and you are using the RTE, if you enter HTML into that editor, the next page will execute the HTML, which it shouldn’t. The RTE should...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2013/08/12 12:0 a.m.108 views

CORE-2013-0708 - Hikvision IP Cameras Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Hikvision IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Hikvision IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0708 Advisory URL:...

10CVSS10AI score0.36112EPSS
Exploits10
securityvulns
securityvulns
added 2013/06/04 12:0 a.m.108 views

socat security vulnerabilities

Buffer overflow, file descriptor leakage...

6.2CVSS2.5AI score0.02061EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.108 views

Path Traversal in AWS XMS

Advisory ID: HTB23147 Product: AWS XMS Vendor: http://www.aws-dms.com Vulnerable Versions: 2.5 and probably prior Tested Version: 2.5 Vendor Notification: March 6, 2013 Vendor Patch: March 16, 2013 Public Disclosure: March 27, 2013 Vulnerability Type: Path Traversal CWE-22 CVE Reference:...

7.9AI score0.10008EPSS
Exploits4
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.108 views

[USN-1789-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-1789-1 April 04, 2013 postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities ========================================================================== A security issue affects these...

8.5CVSS8.1AI score0.54312EPSS
Exploits4
securityvulns
securityvulns
added 2013/04/01 12:0 a.m.108 views

ESA-2013-016: EMC Smarts Network Configuration Manager

ESA-2013-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-016: EMC Smarts Network Configuration Manager Improper Authentication Vulnerability EMC Identifier: ESA-2013-016 CVE Identifier: CVE-2013-0935 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected...

9.3CVSS0.3AI score0.04147EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/13 12:0 a.m.109 views

Privoxy Proxy Authentication Credential Exposure - CVE-2013-2503

Privoxy Proxy Authentication Credential Exposure Product: Privoxy Project Homepage: privoxy.org Advisory ID: c22-2013-01 Vulnerable Versions: 3.0.20 and possibly prior Tested Version: 3.0.20-1 tested using Debian Sid Vendor Notification: March 6, 2013 Public Disclosure: March 11, 2013 Vulnerabili...

5.8CVSS7.5AI score0.04632EPSS
Exploits2
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.108 views

Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities

Title: ====== Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities Date: ===== 2013-01-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=824 ID: SWIFT-3119 URL: http://dev.kayako.com/browse/SWIFT-3119 VL-ID: ===== 824 Common Vulnerability Scoring System:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2012/11/01 12:0 a.m.108 views

[BUGTRAQ]Security Advisory - TP-LINK TL-WR841N LFI - [UPDATE]

=| Security Advisory - TP-LINK TL-WR841N LFI |= Issue: TL-WR841N 300Mbps Wireless N Router by "TP-LINK" Firmware Version: 3.13.9 Build 120201 Rel.54965n And Below versions Discovered Date: 24/10/2012 CVE-ID: CVE-2012-5687 Author: Matan Azugi [email protected] Product Vendor:...

7.8CVSS6.2AI score0.68716EPSS
Exploits4
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.108 views

Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities

Title: ====== Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities Date: ===== 2012-04-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=498 VL-ID: ===== 498 Introduction: ============= Cyberoam Unified Threat Management appliances offer comprehensive securit...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.108 views

VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092)

VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability MS11-092 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows Media Player WMP is a media player and media library...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2011/10/10 12:0 a.m.108 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Advisory ID: cisco-sa-20111005-asa Revision 1.0 For Public Release 2011 October 05 1600 UTC GM...

7.9CVSS1.6AI score0.03892EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/01 12:0 a.m.108 views

Mozilla Foundation Security Advisory 2011-39

Mozilla Foundation Security Advisory 2011-39 Title: Defense against multiple Location headers due to CRLF Injection Impact: Moderate Announced: September 27, 2011 Reporter: Ian Graham Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0 SeaMonkey 2.4...

4.3CVSS1AI score0.02018EPSS
Exploits0
securityvulns
securityvulns
added 2011/09/26 12:0 a.m.108 views

Security issue is_a function in PHP 5.3.7+

PHP 5.3.7 changed the behavior of the isa function, used to check if an object is an instance of a class, to call the autoload function. This causes a remote code execute problem when coupled with a standard library like PEAR that internally uses isa to check if a returned variable is an Error...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2011/08/05 12:0 a.m.108 views

Cross Site Scription Vulnerability in vBulletin 4.1.3, 4.1.4 and 4.1.5

Advisory Information Title: vBulletin Cross Site Scripting Vulnerability Vendors contacted: vBulletin team ---- Vulnerability Information Class: XSS flaw Vulnerable page: Admin Login Page admincp Remotely Exploitable: Yes ---- Vulnerability Description vBulletin is a community forum solution for ...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.108 views

AT-TFTP Server Remote Denial of Service Vulnerability

AT-TFTP Server v1.8 Remote Denial of Service Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1013 01/04/2011 Issue Discovered 04/04/2011 Vendor Notified No Response from the Vendor 25/04/2011 Advisory Released Class: Denial of Service Severity: High Overview:...

1AI score
Exploits0
securityvulns
securityvulns
added 2011/04/13 12:0 a.m.108 views

ICMPv6 Router Announcement flooding denial of service affecting multiple systems

This security advisory is released because Microsoft doesnt want to fix the issue. Cisco did for its IOS and ASA within 3 months. Title: ICMPv6 Router Announcement flooding denial of service affecting multiple systems Date: 05 April 2011 URL:...

7.8CVSS0.2911EPSS
Exploits3
securityvulns
securityvulns
added 2011/04/05 12:0 a.m.108 views

HTB22911: XSS in Eleanor CMS

Vulnerability ID: HTB22911 Reference: http://www.htbridge.ch/advisory/xssineleanorcms.html Product: Eleanor CMS Vendor: Eleanor CMS http://eleanor-cms.ru/ Vulnerable Version: rc5 Vendor Notification: 22 March 2011 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by Vendor Risk level:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/02/08 12:0 a.m.108 views

HTB22813: XSS vulnerability in UMI.CMS

Vulnerability ID: HTB22813 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinumicms1.html Product: UMI.CMS Vendor: umisoft http://www.umi-cms.ru/ Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: Stored XSS Cross Site Scripting Risk level: Medium...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2010/12/28 12:0 a.m.108 views

Django admin list filter data extraction / leakage

ADVISORY INFORMATION: Advisory ID: NGENUITY-2010-009 Date discovered: 8.28.2010 Date published: 12.22.2010 SOFTWARE AFFECTED: “Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.” 1 The admin interface of the Django web framework can be abuse...

Exploits0
securityvulns
securityvulns
added 2010/12/12 12:0 a.m.108 views

www.eVuln.com : Non-persistent XSS in BizDir

www.eVuln.com advisory: Non-persistent XSS in BizDir Summary: http://evuln.com/vulns/158/summary.html Details: http://evuln.com/vulns/158/description.html -----------Summary----------- eVuln ID: EV0158 Software: BizDir Vendor: LEXIPIXEL Version: v.05.10 Critical Level: low Type: Cross Site...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2010/11/10 12:0 a.m.108 views

iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability

iDefense Security Advisory 11.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 09, 2010 I. BACKGROUND Microsoft Word is a word processing application from Microsoft Office. For more information about Microsoft Word, see the following website:...

9.3CVSS0.2AI score0.89497EPSS
Exploits14
securityvulns
securityvulns
added 2010/09/08 12:0 a.m.108 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20100908-wlc Revision 1.0 For Public Release 2010 September 08 1600 UTC GMT +--------------------------------------------------------------------...

9CVSS0.7AI score0.01482EPSS
Exploits0
securityvulns
securityvulns
added 2010/08/19 12:0 a.m.108 views

About the security content of iTunes 9.1

About the security content of iTunes 9.1 Last Modified: August 12, 2010 Article: HT4105 Email this article Print this page Summary This document describes the security content of iTunes 9.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a...

9.3CVSS0.4AI score0.07996EPSS
Exploits1
securityvulns
securityvulns
added 2010/08/11 12:0 a.m.108 views

Microsoft Security Bulletin MS10-052 - Critical Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)

Microsoft Security Bulletin MS10-052 - Critical Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution 2115168 Published: August 10, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft MPEG...

9.3CVSS1AI score0.23415EPSS
Exploits0
securityvulns
securityvulns
added 2010/06/25 12:0 a.m.108 views

Mozilla Foundation Security Advisory 2010-27

Mozilla Foundation Security Advisory 2010-27 Title: Use-after-free error in nsCycleCollector::MarkRoots Impact: Critical Announced: June 22, 2010 Reporter: wushi Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.10 SeaMonkey 2.0.5 Description Security researcher wushi of team509 reported that th...

9.3CVSS9.3AI score0.03952EPSS
Exploits0
securityvulns
securityvulns
added 2009/11/30 12:0 a.m.108 views

TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)

Dear List, I updated the whitepaper with a lot of new information, some leveraging the vulnerability in other ways that certainly increase the effectiveness and impact of this vulnerability. A brief warning to those that think they are safe because they don't accept client-side renegotiations...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.108 views

[SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1897-1 [email protected] http://www.debian.org/security/ Nico Golde September 28th, 2009 http://www.debian.org/security/faq -...

4.3CVSS0.8AI score0.02305EPSS
Exploits0
securityvulns
securityvulns
added 2009/05/25 12:0 a.m.108 views

LxBlog

Securitylab.ir Application Info: Name: LxBlog Website: http://www.lxblog.net Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql/Xss Risk: Medium =========================================================...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/04/15 12:0 a.m.108 views

Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer (963027)

Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer 963027 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in...

9.3CVSS0.6AI score0.41396EPSS
Exploits6
securityvulns
securityvulns
added 2009/04/14 12:0 a.m.108 views

Re: PHP-Revista Multiple vulnerabilities

Discovered by Sirdarckcat from elhacker.net ------------------------------------------------------------------------ ------------ Revista 1.1.2 http://php-revista.sourceforge.org ------------------------------------------------------------------------ ------------ Revista is a simple spanish PHP...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2008/12/14 12:0 a.m.108 views

facto Database Disclosure

facto Database Disclosure AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : http://facto.sourceforge.net DORK : : Bug...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2008/01/03 12:0 a.m.108 views

phpBB2 2.0.22 Cross Site Scripting Vulnerability

Opencosmo Security http://www.opencosmo.com Author: Alfredo Panzera, Opencosmo Security Vendor: phpBB.com Version: 2.0.22 Exploit: Go to http://website/forum/admin/admingroups.php and into 'Group description:' insert your XSS...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/12/07 12:0 a.m.108 views

ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows

ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows http://www.zerodayinitiative.com/advisories/ZDI-07-071.html December 6, 2007 -- CVE ID: CVE-2007-6204 -- Affected Vendor: Hewlett-Packard -- Affected Products: OpenView Network Node Manager 7.51 and below -- TippingPointTM...

10CVSS0.8AI score0.69613EPSS
Exploits9
securityvulns
securityvulns
added 2007/09/21 12:0 a.m.108 views

PHP-Nuke add admin ALL Versions

Paste this code into an HTML page then link it to victim victim must be admin iframe name="aiuto" frameborder="0" height="0" width="0"/iframe FORM name="Faiuto" ACTION="http://VICTIMURL/nuke/admin.php" target="aiuto" METHOD=POST input type=hidden NAME="addname" value="ATTACKER" input type=hidden...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/09/21 12:0 a.m.108 views

WebBatch Applications Cross Site Scripting Vulrnability

HSC WebBatch Applications Cross Site Scripting Vulrnability This issue is due to a failure in the application to properly sanitize user-supplied input. Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2007/04/19 12:0 a.m.108 views

audioCMS arash 0.1.4(arashlib_dir)Remote File Inclusion Vulnerabilities

audioCMS arash 0.1.4arashlibdirRemote File Inclusion Vulnerabilities D.Script: http://sourceforge.net/projects/arash/ Discovered by: GolDM = Mahmoodali Homepage: http://Www.Tryag.Com/cc Exploit:Path/arashlib/include/edit.inc.php?arashlibdir=Shell...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/02/23 12:0 a.m.108 views

Hasadya Raed

Remote Incluude File : By Hasadya Raed Contact : [email protected] Author : Hasadya Raed Script : arabhost Download : http://delmaa.com/upfile/users/arabHost.zip B.File : function.php V.Code : include$adminfloder"; Expl : http://www.victim.com/path/function.php?adminfolder=Shell-Attack...

0.5AI score
Exploits0
Total number of security vulnerabilities5000