Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/11/27 12:0 a.m.107 views

Blogs manager <= 1.101 SQL Injection Vulnerability

Dear all, I have found a SQL injection vulnerability in Blogs manager = 1.101 It seems to be version 1.101 as you can see in the files section of sourceforge. I reported the vulnerability to the vendor but no response as stated in the advisory. Best, muuratsalo -- ADVISORY --...

Exploits0
securityvulns
securityvulns
added 2011/09/26 12:0 a.m.107 views

Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability

Advisory: Serendipity freetag plugin 'serendipitytagview' Cross-Site Scripting vulnerability Advisory ID: SSCHADV2011-016 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 Vendor URL: http://www.s9y.org Vendor Status: fixed CVE-ID: - ==========================...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2011/08/03 12:0 a.m.107 views

Cisco Security Advisory: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability Advisory ID: cisco-sa-20110729-tp Revision 1.0 For Public Release 2011 July 29 1600 UTC GMT...

10CVSS0.3AI score0.03366EPSS
Exploits0
securityvulns
securityvulns
added 2011/01/03 12:0 a.m.107 views

Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc

!-- Chilkat Software FTP2 ActiveX Component ChilkatFtp2.DLL 2.6.1.1 Remote Code Execution poc by rgod tested against Internet Explorer 7 on Vista should also work with 8/9 ActiveX Settings: CLSID: 302124C4-30A0-484A-9C7A-B51D5BA5306B Progid: ChilkatFtp2.ChilkatFtp2.1 Binary Path:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2010/11/02 12:0 a.m.107 views

XSS vulnerability in Kandidat CMS

Vulnerability ID: HTB22650 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinkandidatcms2.html Product: Kandidat CMS Vendor: Kan-Studio http://www.kan-studio.ru/ Vulnerable Version: 1.4.2 and probably prior versions Vendor Notification: 19 October 2010 Vulnerability Type: Stored XSS...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2010/06/08 12:0 a.m.107 views

Microsoft Security Bulletin MS10-034 - Critical Cumulative Security Update of ActiveX Kill Bits (980195)

Microsoft Security Bulletin MS10-034 - Critical Cumulative Security Update of ActiveX Kill Bits 980195 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is...

9.3CVSS0.2AI score0.28762EPSS
Exploits3
securityvulns
securityvulns
added 2010/04/09 12:0 a.m.107 views

Joomla com_jashowcase Local File Inclusion Vulnerability

======================================================== Joomla comjashowcase Local File Inclusion Vulnerability ======================================================== + Joomla comjashowcase Local File Inclusion Vulnerability...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2009/08/11 12:0 a.m.107 views

Microsoft Security Bulletin MS09-043 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)

Microsoft Security Bulletin MS09-043 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution 957638 Published: August 11, 2009 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in...

9.3CVSS0.7AI score0.6202EPSS
Exploits27
securityvulns
securityvulns
added 2009/07/12 12:0 a.m.107 views

Atlantic SimpleCaddy Shopping Cart Price Manipulation

SENKED-2009-0001 - Atlantic SimpleCaddy Shopping Cart Price Manipulation senked security advisory http://www.senked.com/ Date Published: 2009-07-01 Last Update: 2009-07-01 Advisory ID: SENKED-2009-0001 Bugtraq ID: none CVE Name: none Title: Atlanticintelligence SimpleCaddy Shoopuing Cart Price...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/06/25 12:0 a.m.107 views

[USN-791-3] Smarty vulnerability

=========================================================== Ubuntu Security Notice USN-791-3 June 24, 2009 smarty vulnerability CVE-2009-1669 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies ...

10CVSS1AI score0.14117EPSS
Exploits1
securityvulns
securityvulns
added 2009/02/26 12:0 a.m.107 views

Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability

Title: Cisco Unified MeetingPlace Web Conferencing Stored Cross Site Scripting Vulnerability CVE Identifier: N/A Credit: Security Assurance Team of the National Australia Bank. The vendor was advised of this vulnerability prior to its public release. National Australia Bank adheres to the...

6AI score
Exploits0
securityvulns
securityvulns
added 2009/02/23 12:0 a.m.107 views

E107 CMS (e107_plugins/guestbook) stored XSS

Фильтрация отсутствует в поле "Email", POST запрос: POSTDATA=name=1&email='/"scriptalert'xss'/script&url=http3A2F2F&comment=4&guestbooksubmit=SiC5B3sti Далее следует редактирование сообщения. http://Target/e107plugins/guestbook/guestbook.php?edit.номер вашего сообщения Example:...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2008/11/24 12:0 a.m.107 views

OpenSSH security advisory: cbc.adv

OpenSSH Security Advisory: cbc.adv Regarding the "Plaintext Recovery Attack Against SSH" reported as CPNI-9570371: The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2008/10/02 12:0 a.m.107 views

Remote File Inclusion Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- eFront = 3.5.1 / build 2710: Remote File Inclusion Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ Program: eFront $ File affected: studentpage.php / professorpage $ Version: 3.5.1 / build 2710 $...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2008/03/28 12:0 a.m.107 views

US-CERT Technical Cyber Security Alert TA08-087A -- Mozilla Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-087A Mozilla Updates for Multiple Vulnerabilities Original release date: March 27, 2008 Last revised: -- Source: US-CERT Systems Affected Mozilla Firefox Mozilla Thunderbird Mozilla...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2008/03/22 12:0 a.m.107 views

{securityreason.com}PHP 5 *printf() - Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.5 and prior : printf functions Integer Overflow Author: Maksymilian Arciemowicz cXIb8O3 SecurityReason.com and SecurityReason.pl Date: - - Written: 01.03.2008 - - Public: 20.03.2008 SecurityReason Research SecurityAlert Id: 52 CVE-2008-1384...

5CVSS0.02139EPSS
Exploits2
securityvulns
securityvulns
added 2008/02/10 12:0 a.m.107 views

Mozilla Foundation Security Advisory 2008-05

Mozilla Foundation Security Advisory 2008-05 Title: Directory traversal via chrome: URI Impact: High Announced: February 7, 2008 Reporter: Gerry Eisenhaur Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0.12 SeaMonkey 1.1.8 Description Gerry Eisenhaur reported...

4.3CVSS2.3AI score0.08633EPSS
Exploits0
securityvulns
securityvulns
added 2007/12/24 12:0 a.m.107 views

[EXPL] Socket Connection Timing Can Reveal Information About Network Configuration (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

5CVSS5.7AI score0.07933EPSS
Exploits1
securityvulns
securityvulns
added 2007/12/20 12:0 a.m.107 views

xeCMS 1.x.x Remote File Disclosure Vulnerability.

-------------------------------------------------------------- xeCMS 1.x.x Remote File Disclosure Vulnerability. -------------------------------------------------------------- download : http://xecms.sunsite.dk/ author : p4imi0 contact : [email protected] exploit : view.php?list=..2F..2F...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/11/27 12:0 a.m.107 views

FMDeluxe (index.php) Cross-Site Scripting Vulnerability

FMDeluxe index.php Cross-Site Scripting Vulnerability Download: http://fmdeluxe.com/ Bug found by Jose Luis Gуngora Fernбndez / JosS Contact: sys-projectathotmail.com Spanish Hackers Team www.spanish-hackers.com /server irc.freenode.net /join fullsecure d0rk: "Powered By FMDeluxe" Stop lammer...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/10/10 12:0 a.m.107 views

rPSA-2007-0212-1 util-linux

rPath Security Advisory: 2007-0212-1 Published: 2007-10-08 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: util-linux=/conary.rpath.com@rpl:devel//1/2.12r-1.5-1 rPath Issue Tracking System:...

6.9CVSS6.2AI score0.0044EPSS
Exploits0
securityvulns
securityvulns
added 2007/05/14 12:0 a.m.107 views

Webspeed OpenEdge Dos exploit

Webspeed OpenEdge Dos exploit Bug Discovered By :Eelko Neven Exploit Coded By spyMASter eklimizide koyalm : www.ulpow.net The Eliminators of the Web First you have to find the messenger execution url. For example: http://target/scripts/cgiip.exe/WService=wsbroker1...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/04/24 12:0 a.m.107 views

Big Blue Guestbook HTML Injection Vulnerabilities

Hi friends, Big Blue Guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the guestbook entry submission form. Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. This could...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/02/23 12:0 a.m.107 views

JBoss insecure defaults

Web console and management instruments are available without authentication...

7.6CVSS2.5AI score0.81832EPSS
Exploits5References1
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.107 views

Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Database Buffer overflow vulnerabilities in procedure DBMSDRS.GETPROPERTY DB03 AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 9iR2 and...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.107 views

Ixprim CMS 1.2 Remote File Include Vulnerability

Aplication : Ixprim CMS 1.2 URL :http://optusnet.dl.sourceforge.net/sourceforge/ixprim/ixprim-1.2-200603171800.zip variable ixpts.class.php includeonce IXPROOTPATH.'/kernel/class/files.class.php' ; Exploit : http://www.vuln.com/kernel/class/ixpts.class.php?IXPROOTPATH=http://evilsite vitux...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2006/09/14 12:0 a.m.107 views

TualBLOG v 1.0 multiple sql injection

BiyoSecurity.Org script name : TualBLOG v 1.0 Risk : High Regards : Dj ReMix Thanks : Korsan , Liz0zim Vulnerable file : icerik.asp exp : http://site.com/path/icerik.asp?icerikno=-120union+select+mail,sifre,uyeadi+from+tbluye+where+uyeno=1 uyeno = 1 or 2 Admin ID Bye :=...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/09/04 12:0 a.m.107 views

yappa-ng <= v2.3.1 (admin_modules) Remote File Inclusion Exploit

============================================================================================== yappa-ng = v2.3.1 adminmodules Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2006/06/14 12:0 a.m.107 views

Windows ICMP DoS (potential code execution)

Buffer overflow on ICMP packets with Loose Source and Record Route IP options. Short message translation: There are DoS conditions in Windows 2000 built-in NAT server. Tested configuration: Windows 2000 English Standard/Advanced Service Pack 4 + Update Rollup 1 for Service Pack 4 with NAT server...

1.7AI score
Exploits0References3
securityvulns
securityvulns
added 2005/05/04 12:0 a.m.108 views

[Full-disclosure] NIC Chile CGI Script Zone Transfers

NIC Chile CGI Script Zone Transfers. Autor: Rodrigo Gutierrez rodrigo at intellicomp.cl Affected: All ".cl" domains which use NIC's Chile Secondary NS. Vendor url: http://www.nic.cl Rate: Critical Background. NIC Chile is a part of the University of Chile and is in charge of handling all the...

7AI score
Exploits0
securityvulns
securityvulns
added 2005/02/08 12:0 a.m.107 views

Foxmail Server Remote Buffer Overflow Vulnerability

DATE: 02/04/2005 AUTHOR: Fortinet, inc xouyangxouyangatfortinet.com [email protected] PRODUCTS: Foxmail Server- A MAil server for both Windows and linux. AFFECTED VERSION: Foxmail server for windows version 2.0Newest.I just test windows server ,maybe linux version have vulnerability too...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2004/10/27 12:0 a.m.107 views

MailCarrier 2.51 SMTP server Buffer Overflow [PoC included]

ABOUT : MailCarrier is a full-featured mail server with the latest security and anti-spam functions. It supports SSL communication and SMTP/POP3 authentication methods based on SASL and NTLM that do not transmit message and/or password in clear text. Many spam mails can be blocked through inquiry...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/12/17 12:0 a.m.107 views

J2EE 1.4 reference implementation: database component allows remote code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Illegalaccess.org security advisory i/12-2003 www.illegalaccess.org J2EE 1.4 reference implementation: database component allows remote code execution Brief ===== Product : J2EE reference implementation java.sun.com/j2ee/download.html Component :...

8.9AI score
Exploits0
securityvulns
securityvulns
added 2003/07/18 12:0 a.m.107 views

[EXPL] Hummingbird's Exceed X Emulator Fonts Directive Mishandling

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Beyond Security in Canada Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada. We welcome ISPs, system...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2001/03/01 12:0 a.m.107 views

Vulnerability in TYPSoft FTP Server

----- Begin Hush Signed Message from [email protected] ----- Vulnerability in TYPSoft FTP Server Overview TYPSoft FTP Server v0.85 is an ftp server available from http://www.webmasterfree.com and http://typsoft.n3.net. A vulnerability exists which allows a remote attacker to break out of the...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2000/10/19 12:0 a.m.107 views

SuSE Security Announcement: ypbind/ypclient (SuSE-SA:2000:042)

-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: ypbind/ypclient Announcement-ID: SuSE-SA:2000:042 Date: Wednesday, October 18th, 2000 19:15 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0 Vulnerability Type: possible remote root compromise Severity 1-10: 8 SuSE...

8AI score
Exploits0
securityvulns
securityvulns
added 2000/10/19 12:0 a.m.107 views

Security Bulletin (MS00-079)

Microsoft Security Bulletin MS00-079 - - -------------------------------------- Patch Available for "HyperTerminal Buffer Overflow" Vulnerability Originally posted: October 18, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the HyperTerminal...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.106 views

TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390

Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed...

7.5CVSS10AI score0.01589EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.106 views

APPLE-SA-2015-09-30-2 Safari 9

APPLE-SA-2015-09-30-2 Safari 9 Safari 9 is now available and addresses the following: Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Visiting a malicious website may lead to user interface spoofing Description: Multiple user interface...

10CVSS7.6AI score0.02795EPSS
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.106 views

UDID+ v2.5 iOS - Mail Command Inject Vulnerability

Document Title: =============== UDID+ v2.5 iOS - Mail Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1542 Release Date: ============= 2015-07-06 Vulnerability Laboratory ID VL-ID: ==================================== 1542...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.106 views

[SECURITY] [DSA 3330-1] activemq security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3330-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 07, 2015 https://www.debian.org/security/faq -...

7.5CVSS2.3AI score0.12794EPSS
Exploits1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.106 views

Freebox OS Web interface 3.0.2 XSS, CSRF

Hello list, Here are two CVEs I reported to Freebox, a french ISP: - CVE-2014-9382 - CSRF in VPN user account creation - CVE-2014-9405 - XSS Vulnerable product: Freebox OS Web interface 3.0.2. CVE-2014-9382 - CSRF in Freebox OS Web interface 3.0.2 allowing VPN user account creation...

5.6AI score0.01505EPSS
Exploits3
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.106 views

WSO2 Identity Server multiple vulnerabilities

Hi, WSO2 Identity Server http://wso2.com/products/identity-server/ version 4.5.0/4.6.0/5.0.0 is prone to multiple vulnerabilities, including authentication bypass. Timeline: 09.10.2014 - Vendor notified 22.11.2014 - Vendor confirmed 04.12.2014 - Patches released 25.03.2015 - Bugtraq disclosure...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/10/18 12:0 a.m.106 views

APPLE-SA-2014-10-16-3 OS X Server v4.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-3 OS X Server v4.0 OS X Server v4.0 is now available and addresses the following: BIND Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in BIND, the most serious of which may lead to a denial of service...

7.8CVSS0.3AI score0.99999EPSS
Exploits17
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.106 views

APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5 Safari 6.1.5 and Safari 7.0.5 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact...

6.8CVSS0.5AI score0.02661EPSS
Exploits0
securityvulns
securityvulns
added 2014/06/09 12:0 a.m.106 views

[oss-security] Linux kernel futex local privilege escalation (CVE-2014-3153)

Hi, This was handled via linux-distros, hence the mandatory oss-security posting. The issue was made public earlier today, and is included in this Debian advisory: https://lists.debian.org/debian-security-announce/2014/msg00130.html --- CVE-2014-3153 Pinkie Pie discovered an issue in the futex...

7.2CVSS1AI score0.37233EPSS
Exploits15
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.106 views

APPLE-SA-2014-04-22-1 Security Update 2014-002

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-1 Security Update 2014-002 Security Update 2014-002 is now available and addresses the following: CFNetwork HTTPProtocol Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2...

10CVSS0.4AI score0.34968EPSS
Exploits4
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.106 views

APPLE-SA-2014-04-22-3 Apple TV 6.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple TV 6.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker in a privileged network position can obtain web site credentials Descriptio...

10CVSS0.2AI score0.34782EPSS
Exploits14
securityvulns
securityvulns
added 2014/03/31 12:0 a.m.106 views

[USN-2132-1] ImageMagick vulnerabilities

========================================================================== Ubuntu Security Notice USN-2132-1 March 06, 2014 imagemagick vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

5CVSS1.1AI score0.11055EPSS
Exploits0
securityvulns
securityvulns
added 2014/03/31 12:0 a.m.106 views

EMC VPLEX multiple security vulnerabilities

Directory traversal, protection bypass...

9CVSS3.3AI score0.73327EPSS
Exploits8References1Affected Software1
Total number of security vulnerabilities5000