Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2000/05/03 12:0 a.m.108 views

Security Bug in Jana HTTP Server

Hello Bugtraqers, I found a directory travelling bug again, this time in JANA HTTP Server software available as freeware from http://www.jana-server.ocm.de . Here is a copy of the mail I sended to the author. eAX -------------------------------------------- Hello Thomas, I got your proxy/perver...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2015/10/11 12:0 a.m.107 views

Buffalo LinkStation authentication bypass

Session validity is not checked on request...

3.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.107 views

novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt Vendor: ======================= community.novius-os.org Product: =============================================================== novius-os.5.0.1-elche is a PHP...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.107 views

[ MDVSA-2015:217 ] sqlite3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:217 http://www.mandriva.com/en/support/security/ Package : sqlite3 Date : April 30, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Multiple vulnerabilities has been found and...

7.5CVSS8.9AI score0.05531EPSS
Exploits0
securityvulns
securityvulns
added 2015/03/18 12:0 a.m.107 views

APPLE-SA-2015-03-17-1 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-17-1 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 are now available and address the following: WebKit Impact: Visiting a maliciously crafted website may lead to an unexpected application...

6.8CVSS0.5AI score0.03016EPSS
Exploits0
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.107 views

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability with Scope and Other URL Parameters of WebSearch Affected Software : TWiki Affected Versions: 6.0.1 and possibly below Vendor Homepage : http://www.twiki.org/ Vulnerability Type : Cross-site Scripting Severity :...

4.3CVSS0.2AI score0.01903EPSS
Exploits2
securityvulns
securityvulns
added 2014/11/10 12:0 a.m.107 views

IL and CSRF vulnerabilities in D-Link DAP-1360

Hello 3APA3A! There are Information Leakage and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model with other...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2014/10/11 12:0 a.m.107 views

[USN-2379-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2379-1 October 09, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.8CVSS1.4AI score0.06167EPSS
Exploits8
securityvulns
securityvulns
added 2014/09/15 12:0 a.m.107 views

[USN-2344-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2344-1 September 10, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS1.2AI score0.20237EPSS
Exploits1
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.107 views

Bilyoner mobile apps prone to various SSL/TLS attacks

===================================================================== Sceptive Security Advisory Synopsis: Bilyoner mobile apps prone to various SSL/TLS attacks Product: Various mobile applications Advisory URL: http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks Advisory...

5.8CVSS0.5AI score0.00566EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/15 12:0 a.m.107 views

CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211

Vulnerability title: Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211 CVE: CVE-2014-2046 Vendor: Broadcom Ltd Product: PIPA C211 Affected version: Soft Rev: SR1.1, HW Rev: PIPA C211 rev2 Fixed version: N/A Reported by: Jerzy Kramarz Details: By sending a crafted PO...

9.7CVSS0.03815EPSS
Exploits6
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.107 views

[CVE-2014-1903] FreePBX 2.9 through 12 RCE

Overview: Unauthenticated user-level Remote Code Execution RCE vulnerability in admin/config.php, the main interface to FreePBX. This bug was introduced in FreePBX 2.9, earlier versions are not affected. Score - 8.4 AV:N/AC:L/Au:N/C:P/I:P/A:C/E:H/RL:OF/RC:C/CDP:MH/TD:ND/CR:L/IR:L/AR:M Reference t...

1.1AI score0.52186EPSS
Exploits12
securityvulns
securityvulns
added 2013/10/27 12:0 a.m.107 views

Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities

Exploit Title: Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities Exploit Author: absane Blog: http://blog.noobroot.com Discovery date: September 29th 2013 Vendor notified: September 29th 2013 Vendor fixed: October 12 2013 Vendor Homepage: http://cart66.com Software Link:...

6.8CVSS6.7AI score0.04084EPSS
Exploits7
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.107 views

VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free (MS13-059)

VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free MS13-059 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of th...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2013/06/17 12:0 a.m.107 views

[SECURITY] [DSA 2705-1] pymongo security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2705-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano June 10, 2013 http://www.debian.org/security/faq -...

4.3CVSS2.3AI score0.02633EPSS
Exploits2
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.107 views

[security bulletin] HPSBPV02855 SSRT100512 rev.1 - HP ProCurve 1700-8(J9079A) and 1700-24(J9080A) Switches, Cross Site Request Forgery (CSRF)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03699981 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03699981 Version: 1 HPSBPV02855...

6.8CVSS0.1AI score0.00968EPSS
Exploits0
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.107 views

[USN-1733-1] Ruby vulnerabilities

========================================================================== Ubuntu Security Notice USN-1733-1 February 21, 2013 ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

7.5CVSS0.7AI score0.13911EPSS
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.107 views

Multiple vulnerabilities in Megapolis.Portal Manager

Hello 3APA3A! I want to warn you about multiple Cross-Site Scripting vulnerabilities in Megapolis.Portal Manager. It's commercial CMS from Softline-IT earlier Softline, which in particularly widespread among Ukrainian government sites including ministry, parliament, two special services and many...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.107 views

Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities

Title: ====== Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities Date: ===== 2012-04-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=498 VL-ID: ===== 498 Introduction: ============= Cyberoam Unified Threat Management appliances offer comprehensive securit...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.107 views

VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172)

VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution MS12-023 / CVE-2012-0172 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft...

9.3CVSS7AI score0.21897EPSS
Exploits1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.107 views

DirectAdmin v1.403 - Cross Site Scripting Vulnerability

Title: ====== DirectAdmin v1.403 - Cross Site Scripting Vulnerability Date: ===== 2012-04-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=486 VL-ID: ===== 486 Introduction: ============= DirectAdmin is a graphical web-based web hosting control panel designed to make...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.107 views

Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter)

Seeker Research Center Security Advisory By Irene Abezgauz =========== I. Overview =========== An Insecure Redirect vulnerability has been identified in the .NET Form Authentication - in the Redirect From Login mechanism. This vulnerability allows an attacker to craft links that contain redirects...

Exploits0
securityvulns
securityvulns
added 2012/01/21 12:0 a.m.107 views

ATutor 2.0.3 Multiple XSS vulnerabilities

Advisory: ATutor 2.0.3 Multiple XSS vulnerabilities Advisory ID: SSCHADV2012-002 Author: Stefan Schurtz Affected Software: Successfully tested on ATutor 2.0.3 Vendor URL: http://atutor.ca Vendor Status: informed ========================== Vulnerability Description ========================== ATuto...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.107 views

[USN-1270-1] Software Center vulnerability

========================================================================== Ubuntu Security Notice USN-1270-1 November 21, 2011 software-center vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

6.8CVSS0.9AI score0.01932EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/01 12:0 a.m.107 views

Mozilla Foundation Security Advisory 2011-39

Mozilla Foundation Security Advisory 2011-39 Title: Defense against multiple Location headers due to CRLF Injection Impact: Moderate Announced: September 27, 2011 Reporter: Ian Graham Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0 SeaMonkey 2.4...

4.3CVSS1AI score0.02018EPSS
Exploits0
securityvulns
securityvulns
added 2011/08/03 12:0 a.m.107 views

Cisco Security Advisory: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability Advisory ID: cisco-sa-20110729-tp Revision 1.0 For Public Release 2011 July 29 1600 UTC GMT...

10CVSS0.3AI score0.03366EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/13 12:0 a.m.107 views

ICMPv6 Router Announcement flooding denial of service affecting multiple systems

This security advisory is released because Microsoft doesnt want to fix the issue. Cisco did for its IOS and ASA within 3 months. Title: ICMPv6 Router Announcement flooding denial of service affecting multiple systems Date: 05 April 2011 URL:...

7.8CVSS0.2911EPSS
Exploits3
securityvulns
securityvulns
added 2011/04/05 12:0 a.m.107 views

HTB22911: XSS in Eleanor CMS

Vulnerability ID: HTB22911 Reference: http://www.htbridge.ch/advisory/xssineleanorcms.html Product: Eleanor CMS Vendor: Eleanor CMS http://eleanor-cms.ru/ Vulnerable Version: rc5 Vendor Notification: 22 March 2011 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by Vendor Risk level:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/01/03 12:0 a.m.107 views

Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc

!-- Chilkat Software FTP2 ActiveX Component ChilkatFtp2.DLL 2.6.1.1 Remote Code Execution poc by rgod tested against Internet Explorer 7 on Vista should also work with 8/9 ActiveX Settings: CLSID: 302124C4-30A0-484A-9C7A-B51D5BA5306B Progid: ChilkatFtp2.ChilkatFtp2.1 Binary Path:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2010/11/04 12:0 a.m.107 views

XSS in Textpattern CMS

Vulnerability ID: HTB22672 Reference: http://www.htbridge.ch/advisory/xssintextpatterncms.html Product: Textpattern CMS Vendor: Team Textpattern http://textpattern.com/ Vulnerable Version: 4.2.0 Vendor Notification: 21 October 2010 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2010/09/08 12:0 a.m.107 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20100908-wlc Revision 1.0 For Public Release 2010 September 08 1600 UTC GMT +--------------------------------------------------------------------...

9CVSS0.7AI score0.01482EPSS
Exploits0
securityvulns
securityvulns
added 2010/08/19 12:0 a.m.107 views

About the security content of iTunes 9.1

About the security content of iTunes 9.1 Last Modified: August 12, 2010 Article: HT4105 Email this article Print this page Summary This document describes the security content of iTunes 9.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a...

9.3CVSS0.4AI score0.07996EPSS
Exploits1
securityvulns
securityvulns
added 2010/06/08 12:0 a.m.107 views

Microsoft Security Bulletin MS10-034 - Critical Cumulative Security Update of ActiveX Kill Bits (980195)

Microsoft Security Bulletin MS10-034 - Critical Cumulative Security Update of ActiveX Kill Bits 980195 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is...

9.3CVSS0.2AI score0.28762EPSS
Exploits3
securityvulns
securityvulns
added 2010/06/07 12:0 a.m.107 views

SQL injection vulnerability in CuteSITE CMS

Vulnerability ID: HTB22396 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityincutesitecms.html Product: CuteSITE CMS Vendor: AMT Company Vulnerable Version: 1.5.0 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed,...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2009/11/30 12:0 a.m.107 views

TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)

Dear List, I updated the whitepaper with a lot of new information, some leveraging the vulnerability in other ways that certainly increase the effectiveness and impact of this vulnerability. A brief warning to those that think they are safe because they don't accept client-side renegotiations...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2009/07/12 12:0 a.m.107 views

Atlantic SimpleCaddy Shopping Cart Price Manipulation

SENKED-2009-0001 - Atlantic SimpleCaddy Shopping Cart Price Manipulation senked security advisory http://www.senked.com/ Date Published: 2009-07-01 Last Update: 2009-07-01 Advisory ID: SENKED-2009-0001 Bugtraq ID: none CVE Name: none Title: Atlanticintelligence SimpleCaddy Shoopuing Cart Price...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/06/01 12:0 a.m.107 views

SQL Injection vulnerability in myPHPNuke

Здравствуйте 3APA3A! Сообщаю вам о найденной мною SQL Injection уязвимости в системе myPHPNuke. SQL Injection: POST запрос на странице http://site/admin.php " from mpnauthors where benchmark10000,md5now!=1/ В поле Nickname. Auth Bypass атака в данном случае невозможна, только Blind SQL Injection...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/05/25 12:0 a.m.107 views

LxBlog

Securitylab.ir Application Info: Name: LxBlog Website: http://www.lxblog.net Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql/Xss Risk: Medium =========================================================...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/04/10 12:0 a.m.107 views

Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability

As the vendor stated, see: http://www.geeklog.net/article.php/geeklog-1.5.2sr2 geeklog is also vulnerable to this: http://www.securityfocus.com/bid/34361/info actually this should be renamed in glFusion 'SESSupdateSessionTime' SQL Injection Vulnerability...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2009/02/26 12:0 a.m.107 views

Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability

Title: Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability CVE Identifier: N/A Credit: Security Assurance Team of the National Australia Bank. The vendor was advised of this vulnerability prior to its public release. National Australia Bank adheres to the...

6AI score
Exploits0
securityvulns
securityvulns
added 2008/12/14 12:0 a.m.107 views

facto Database Disclosure

facto Database Disclosure AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : http://facto.sourceforge.net DORK : : Bug...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2008/06/29 12:0 a.m.107 views

WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy

Virangar Security Team Tilte: WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy Author..................: theEdit0r Homepage ...............: Www.Virangar.netwww.virangar.ir Location ...............: Iran Software ...............: WellyBlog Open Source Blog Portal Site Script...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2008/01/03 12:0 a.m.107 views

phpBB2 2.0.22 Cross Site Scripting Vulnerability

Opencosmo Security http://www.opencosmo.com Author: Alfredo Panzera, Opencosmo Security Vendor: phpBB.com Version: 2.0.22 Exploit: Go to http://website/forum/admin/admingroups.php and into 'Group description:' insert your XSS...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/11/27 12:0 a.m.107 views

FMDeluxe (index.php) Cross-Site Scripting Vulnerability

FMDeluxe index.php Cross-Site Scripting Vulnerability Download: http://fmdeluxe.com/ Bug found by Jose Luis Gуngora Fernбndez / JosS Contact: sys-projectathotmail.com Spanish Hackers Team www.spanish-hackers.com /server irc.freenode.net /join fullsecure d0rk: "Powered By FMDeluxe" Stop lammer...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/09/21 12:0 a.m.107 views

PHP-Nuke add admin ALL Versions

Paste this code into an HTML page then link it to victim victim must be admin iframe name="aiuto" frameborder="0" height="0" width="0"/iframe FORM name="Faiuto" ACTION="http://VICTIMURL/nuke/admin.php" target="aiuto" METHOD=POST input type=hidden NAME="addname" value="ATTACKER" input type=hidden...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/08/07 12:0 a.m.107 views

TS-2007-002-0: BlueCat Networks Adonis root Privilege Access

Template Security Security Advisory ----------------------------------- BlueCat Networks Adonis root Privilege Access Date: 2007-08-06 Advisory ID: TS-2007-002-0 Vendor: BlueCat Networks, http://www.bluecatnetworks.com/ Revision: 0 Contents -------- Summary Software Version Details Impact Exploit...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/06/14 12:0 a.m.107 views

[Full-disclosure] [ MDKSA-2007:122 ] - Updated gd packages fix vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:122 http://www.mandriva.com/security/ Package : gd Date : June 13, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Problem Description: A flaw in libgd2 was found by Xavier Roche where it would n...

4.3CVSS6.5AI score0.04267EPSS
Exploits0
securityvulns
securityvulns
added 2007/05/14 12:0 a.m.107 views

Webspeed OpenEdge Dos exploit

Webspeed OpenEdge Dos exploit Bug Discovered By :Eelko Neven Exploit Coded By spyMASter eklimizide koyalm : www.ulpow.net The Eliminators of the Web First you have to find the messenger execution url. For example: http://target/scripts/cgiip.exe/WService=wsbroker1...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.107 views

Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Database Buffer overflow vulnerabilities in procedure DBMSDRS.GETPROPERTY DB03 AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 9iR2 and...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/12/23 12:0 a.m.107 views

Multiple Oracle application server vulnerabilities

SQL injections, DoS, data modification, crossite scripting, privilege escalation, audit setings modification. Password is passed from JDeveloper to SQLPlus in cleartext. JDeveloper password is stored in cleartext in different XML configuration files. Cleartext FormBuilder password is stored in...

7.5CVSS0.6AI score0.41051EPSS
Exploits4References81Affected Software3
Total number of security vulnerabilities5000