Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/12/26 12:0 a.m.108 views

VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092)

VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability MS11-092 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows Media Player WMP is a media player and media library...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.108 views

Microsoft Windows multiple applications DLL hijacking

If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory...

9.3CVSS2.1AI score0.12123EPSS
Exploits1References44Affected Software3
securityvulns
securityvulns
added 2011/10/01 12:0 a.m.108 views

Mozilla Foundation Security Advisory 2011-39

Mozilla Foundation Security Advisory 2011-39 Title: Defense against multiple Location headers due to CRLF Injection Impact: Moderate Announced: September 27, 2011 Reporter: Ian Graham Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0 SeaMonkey 2.4...

4.3CVSS1AI score0.02018EPSS
Exploits0
securityvulns
securityvulns
added 2011/09/26 12:0 a.m.108 views

Security issue is_a function in PHP 5.3.7+

PHP 5.3.7 changed the behavior of the isa function, used to check if an object is an instance of a class, to call the autoload function. This causes a remote code execute problem when coupled with a standard library like PEAR that internally uses isa to check if a returned variable is an Error...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2011/08/05 12:0 a.m.108 views

Cross Site Scription Vulnerability in vBulletin 4.1.3, 4.1.4 and 4.1.5

Advisory Information Title: vBulletin Cross Site Scripting Vulnerability Vendors contacted: vBulletin team ---- Vulnerability Information Class: XSS flaw Vulnerable page: Admin Login Page admincp Remotely Exploitable: Yes ---- Vulnerability Description vBulletin is a community forum solution for ...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2011/06/15 12:0 a.m.108 views

phion netfence / Barracuda NG Firewall: Remote Command Execution with root Privileges

Security Advisory --------------------------------------- Vulnerable Software: Barracuda NG Firewall / phion netfence Homepage: http://www.barracudanetworks.com/ Found by: Wolfgang Neudorfer, Lukas Nothdurfter Impact: Remote Command Execution with root Privileges Severity: Critical Product...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2011/04/13 12:0 a.m.108 views

ICMPv6 Router Announcement flooding denial of service affecting multiple systems

This security advisory is released because Microsoft doesnt want to fix the issue. Cisco did for its IOS and ASA within 3 months. Title: ICMPv6 Router Announcement flooding denial of service affecting multiple systems Date: 05 April 2011 URL:...

7.8CVSS0.2911EPSS
Exploits3
securityvulns
securityvulns
added 2011/02/08 12:0 a.m.108 views

HTB22813: XSS vulnerability in UMI.CMS

Vulnerability ID: HTB22813 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinumicms1.html Product: UMI.CMS Vendor: umisoft http://www.umi-cms.ru/ Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: Stored XSS Cross Site Scripting Risk level: Medium...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2010/12/12 12:0 a.m.108 views

www.eVuln.com : Non-persistent XSS in BizDir

www.eVuln.com advisory: Non-persistent XSS in BizDir Summary: http://evuln.com/vulns/158/summary.html Details: http://evuln.com/vulns/158/description.html -----------Summary----------- eVuln ID: EV0158 Software: BizDir Vendor: LEXIPIXEL Version: v.05.10 Critical Level: low Type: Cross Site...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2010/11/10 12:0 a.m.108 views

iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability

iDefense Security Advisory 11.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 09, 2010 I. BACKGROUND Microsoft Word is a word processing application from Microsoft Office. For more information about Microsoft Word, see the following website:...

9.3CVSS0.2AI score0.89497EPSS
Exploits14
securityvulns
securityvulns
added 2010/09/08 12:0 a.m.108 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20100908-wlc Revision 1.0 For Public Release 2010 September 08 1600 UTC GMT +--------------------------------------------------------------------...

9CVSS0.7AI score0.01482EPSS
Exploits0
securityvulns
securityvulns
added 2010/08/19 12:0 a.m.108 views

About the security content of iTunes 9.1

About the security content of iTunes 9.1 Last Modified: August 12, 2010 Article: HT4105 Email this article Print this page Summary This document describes the security content of iTunes 9.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a...

9.3CVSS0.4AI score0.07996EPSS
Exploits1
securityvulns
securityvulns
added 2010/06/25 12:0 a.m.108 views

Mozilla Foundation Security Advisory 2010-27

Mozilla Foundation Security Advisory 2010-27 Title: Use-after-free error in nsCycleCollector::MarkRoots Impact: Critical Announced: June 22, 2010 Reporter: wushi Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.10 SeaMonkey 2.0.5 Description Security researcher wushi of team509 reported that th...

9.3CVSS9.3AI score0.03952EPSS
Exploits0
securityvulns
securityvulns
added 2010/06/07 12:0 a.m.108 views

SQL injection vulnerability in CuteSITE CMS

Vulnerability ID: HTB22396 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityincutesitecms.html Product: CuteSITE CMS Vendor: AMT Company Vulnerable Version: 1.5.0 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed,...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2010/04/07 12:0 a.m.108 views

[SECURITY] [DSA 2030-1] New mahara packages fix sql injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2030-1 [email protected] http://www.debian.org/security/ Nico Golde April 6th, 2010 http://www.debian.org/security/faq -...

7.5CVSS6.1AI score0.01717EPSS
Exploits0
securityvulns
securityvulns
added 2009/11/30 12:0 a.m.108 views

TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)

Dear List, I updated the whitepaper with a lot of new information, some leveraging the vulnerability in other ways that certainly increase the effectiveness and impact of this vulnerability. A brief warning to those that think they are safe because they don't accept client-side renegotiations...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.108 views

[SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1897-1 [email protected] http://www.debian.org/security/ Nico Golde September 28th, 2009 http://www.debian.org/security/faq -...

4.3CVSS0.8AI score0.02305EPSS
Exploits0
securityvulns
securityvulns
added 2009/07/12 12:0 a.m.108 views

Atlantic SimpleCaddy Shopping Cart Price Manipulation

SENKED-2009-0001 - Atlantic SimpleCaddy Shopping Cart Price Manipulation senked security advisory http://www.senked.com/ Date Published: 2009-07-01 Last Update: 2009-07-01 Advisory ID: SENKED-2009-0001 Bugtraq ID: none CVE Name: none Title: Atlanticintelligence SimpleCaddy Shoopuing Cart Price...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/05/25 12:0 a.m.108 views

LxBlog

Securitylab.ir Application Info: Name: LxBlog Website: http://www.lxblog.net Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql/Xss Risk: Medium =========================================================...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/04/15 12:0 a.m.108 views

Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer (963027)

Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer 963027 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in...

9.3CVSS0.6AI score0.41396EPSS
Exploits6
securityvulns
securityvulns
added 2009/04/14 12:0 a.m.108 views

Re: PHP-Revista Multiple vulnerabilities

Discovered by Sirdarckcat from elhacker.net ------------------------------------------------------------------------ ------------ Revista 1.1.2 http://php-revista.sourceforge.org ------------------------------------------------------------------------ ------------ Revista is a simple spanish PHP...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2008/03/28 12:0 a.m.108 views

US-CERT Technical Cyber Security Alert TA08-087A -- Mozilla Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-087A Mozilla Updates for Multiple Vulnerabilities Original release date: March 27, 2008 Last revised: -- Source: US-CERT Systems Affected Mozilla Firefox Mozilla Thunderbird Mozilla...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2008/02/16 12:0 a.m.108 views

UniversalFtp Server 1.0.44 Multiple Remote Denial of service

UniversalFtp Server 1.0.44 Multiple Remote Denial of service @nolife : This bug has been found with a brain , ten fingers, a keyboard , and a laptop , one of my best Tool i ever tryed. Stay tuned for more tools hint . Reponse: 226 Completed... Statut: Liste du repertoire completee Commande : LIST...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2008/01/03 12:0 a.m.108 views

phpBB2 2.0.22 Cross Site Scripting Vulnerability

Opencosmo Security http://www.opencosmo.com Author: Alfredo Panzera, Opencosmo Security Vendor: phpBB.com Version: 2.0.22 Exploit: Go to http://website/forum/admin/admingroups.php and into 'Group description:' insert your XSS...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/12/07 12:0 a.m.108 views

ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows

ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows http://www.zerodayinitiative.com/advisories/ZDI-07-071.html December 6, 2007 -- CVE ID: CVE-2007-6204 -- Affected Vendor: Hewlett-Packard -- Affected Products: OpenView Network Node Manager 7.51 and below -- TippingPointTM...

10CVSS0.8AI score0.69613EPSS
Exploits9
securityvulns
securityvulns
added 2007/09/21 12:0 a.m.108 views

PHP-Nuke add admin ALL Versions

Paste this code into an HTML page then link it to victim victim must be admin iframe name="aiuto" frameborder="0" height="0" width="0"/iframe FORM name="Faiuto" ACTION="http://VICTIMURL/nuke/admin.php" target="aiuto" METHOD=POST input type=hidden NAME="addname" value="ATTACKER" input type=hidden...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/09/21 12:0 a.m.108 views

WebBatch Applications Cross Site Scripting Vulrnability

HSC WebBatch Applications Cross Site Scripting Vulrnability This issue is due to a failure in the application to properly sanitize user-supplied input. Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2007/04/19 12:0 a.m.108 views

audioCMS arash 0.1.4(arashlib_dir)Remote File Inclusion Vulnerabilities

audioCMS arash 0.1.4arashlibdirRemote File Inclusion Vulnerabilities D.Script: http://sourceforge.net/projects/arash/ Discovered by: GolDM = Mahmoodali Homepage: http://Www.Tryag.Com/cc Exploit:Path/arashlib/include/edit.inc.php?arashlibdir=Shell...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/02/23 12:0 a.m.108 views

JBoss insecure defaults

Web console and management instruments are available without authentication...

7.6CVSS2.5AI score0.81832EPSS
Exploits5References1
securityvulns
securityvulns
added 2007/02/23 12:0 a.m.108 views

Hasadya Raed

Remote Incluude File : By Hasadya Raed Contact : [email protected] Author : Hasadya Raed Script : arabhost Download : http://delmaa.com/upfile/users/arabHost.zip B.File : function.php V.Code : include$adminfloder"; Expl : http://www.victim.com/path/function.php?adminfolder=Shell-Attack...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/09/14 12:0 a.m.108 views

TualBLOG v 1.0 multiple sql injection

BiyoSecurity.Org script name : TualBLOG v 1.0 Risk : High Regards : Dj ReMix Thanks : Korsan , Liz0zim Vulnerable file : icerik.asp exp : http://site.com/path/icerik.asp?icerikno=-120union+select+mail,sifre,uyeadi+from+tbluye+where+uyeno=1 uyeno = 1 or 2 Admin ID Bye :=...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/09/13 12:0 a.m.108 views

WTools v0.0.1-ALPH - Remote File Include Vulnerabilities

ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ---- WTools v0.0.1-ALPH - Remote File Include Vulnerabilities site : http://www.comscripts.com/jump.php?action=script&id=1880 Script : WTools v0.0.1-ALPH Credits : ERNE Contact : [email protected] and irc.gigachat.net kurdhack Thanks : BLaCKWHITE, Blackened,...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/08/10 12:0 a.m.108 views

[Full-disclosure] Latinchat Denial Of Service

Denial Of Service on Chat Magma Latinchat http://www.latinchat.com Researcher: Vicente Perez 1.-Overview Latinchat is one of the most known chat server, and used basically by latin american people. 2.-Description This system has a vulnerabily as DoS, taking system offline by a while. The fail...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/07/08 12:0 a.m.108 views

[Bday release] Comersus shopping cart has multiple Sql injection and Cross Site Scripting vulnerabilities

Dcrab 's Security Advisory http://www.dbtech.org Deadbolt Computer Technologies SPECIAL BIRTHDAY RELEASE, 18TH BIRTHDAY RELEASE FOR DIABOLIC CRAB, YOU CAN SEND EMAILS TO [email protected] Get Dcrab's Services to audit your Web servers, scripts, networks, etc or even code them. Learn more at...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2004/06/17 12:0 a.m.108 views

phpMyChat 0.14.5

Informations : °°°°°°°°°°°° Language : PHP Bugged Version : phpMyChat ver. 0.14.5 and less ? Patched version : none Website : http://www.phpheaven.net/ Problems : Permanent XSS, authorization bypass, SQL-injection, include read files. Objects : °°°°°°° - lib/login.lib.php3 - admin/adminBody.php3...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2003/07/18 12:0 a.m.108 views

[EXPL] Hummingbird's Exceed X Emulator Fonts Directive Mishandling

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Beyond Security in Canada Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada. We welcome ISPs, system...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2003/05/29 12:0 a.m.108 views

[SECURITY] [ANNOUNCE] Apache 2.0.46 released

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache 2.0.46 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the ninth public release of the Apache 2.0 HTTP Server. This Announcement notes the significant changes in 2.0.46 as compared to 2.0.45...

5CVSS7.5AI score0.63456EPSS
Exploits0
securityvulns
securityvulns
added 2002/09/18 12:0 a.m.108 views

NetBSD Security Advisory 2002-018: Multiple security isses with kfd daemon

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-018 ================================= Topic: Multiple security isses with kfd daemon Version: NetBSD-current: source prior to September 10, 2002 NetBSD 1.6: affected NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affect...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2002/05/28 12:0 a.m.108 views

Re: VP-ASP shopping cart software.

Hi, A small thing the original advisory author has not mentioned is that SQL injection is also possible allowing you to enter the administrative page with actually knowing the used administrator username and password, example: Username: 'or''=' i.e. enter just: 'or''=' Password: 'or''=' i.e. ente...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2001/04/13 12:0 a.m.108 views

CFINGERD remote vulnerability

Hi Following the recent habits, I break the advisory into 4 parts: OVERVIEW: --------- There is a critical bug in cfingerd daemon = 1.4.3, a classic format bug that makes possible to acquire full control over the remote machine if it runs the cfingerd program, the configurable and secure finger...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2000/07/14 12:0 a.m.108 views

Infosec.20000712.worldclient.2.1

Infosec Security Vulnerability Report No: Infosec.20000712.worldclient.2.1 =============================== Vulnerability Summary --------------------- Problem: The web server for remote access to e-mail in WorldClient 2.1 is vulnerable for root dot dot. It is possible to read and in some cases...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.107 views

EMC Secure Remote Services Virtual Edition multiple security vulnerabilities

Code execution, SQL injection, buffer overflow...

10CVSS4.2AI score0.94859EPSS
Exploits34References6Affected Software2
securityvulns
securityvulns
added 2015/08/11 12:0 a.m.107 views

Microsoft Office multiple security vulnerabilities

Memory corruptions, code execution...

9.3CVSS2.9AI score0.53213EPSS
Exploits0Affected Software4
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.107 views

[ MDVSA-2015:217 ] sqlite3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:217 http://www.mandriva.com/en/support/security/ Package : sqlite3 Date : April 30, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Multiple vulnerabilities has been found and...

7.5CVSS8.9AI score0.05531EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.107 views

Incorrect handling of self signed certificates in OpenFire XMPP Server

Incorrect handling of self signed certificates in OpenFire XMPP Server Affected software: OpenFire XMPP server Affected versions: 3.9.3 and earlier Vulnerabilities addressed: CVE-2014-3451, CVE-2015-2080 Openfire is a real time collaboration RTC server licensed under the Open Source Apache Licens...

5CVSS0.74881EPSS
Exploits16
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.107 views

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367

Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability with Scope and Other URL Parameters of WebSearch Affected Software : TWiki Affected Versions: 6.0.1 and possibly below Vendor Homepage : http://www.twiki.org/ Vulnerability Type : Cross-site Scripting Severity :...

4.3CVSS0.2AI score0.01903EPSS
Exploits2
securityvulns
securityvulns
added 2014/11/10 12:0 a.m.107 views

IL and CSRF vulnerabilities in D-Link DAP-1360

Hello 3APA3A! There are Information Leakage and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model with other...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2014/11/10 12:0 a.m.107 views

CVE-2014-6616 Softing FG-100 Webui XSS

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Softing FG-100 PB Vendor: Softing AG www.softing.com CVD ID: CVE-2014-6616 Subject: XSS Risk: High Effect: Remotely exploitable Author: Johannes Klick Daniel Marzin Ingmar Rosenhagen Date: 05.11.2014 Introduction:...

4.3CVSS6.4AI score0.01867EPSS
Exploits2
securityvulns
securityvulns
added 2014/10/18 12:0 a.m.107 views

Apple OS X / OS X Server multiple security vulnerabilities

62 vulnerabilities in different system components...

10CVSS2.3AI score0.99999EPSS
Exploits171References5Affected Software2
securityvulns
securityvulns
added 2014/05/14 12:0 a.m.107 views

Microsoft Office multiple security vulnerabilities

Memory corruptions, buffer overflows, protection bypass...

9.3CVSS3.5AI score0.77734EPSS
Exploits10Affected Software4
Total number of security vulnerabilities5000