Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/02/26 12:0 a.m.105 views

Linux pertiotions handling multiple security vulnerabilities

Memory corruptions, information leaks, DoS...

4.9CVSS1.1AI score0.00534EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2011/02/08 12:0 a.m.105 views

HTB22819: XSS vulnerability in WebAsyst Shop-Script

Vulnerability ID: HTB22819 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinwebasystshopscript1.html Product: WebAsyst Shop-Script Vendor: WebAsyst, LLC http://www.shop-script.ru/ Vulnerable Version: Current version 2011.01.23 shop-script.ru/demo/ Vendor Notification: 25 January 2011...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2010/11/28 12:0 a.m.105 views

[eVuln.com] URL XSS in Easy Banner Free

New eVuln Advisory: URL XSS in Easy Banner Free Summary: http://evuln.com/vulns/148/summary.html Details: http://evuln.com/vulns/148/description.html -----------Summary----------- eVuln ID: EV0148 Software: Easy Banner Free Vendor: PHP Web Scripts Version: 2009.05.18 Critical Level: low Type: Cro...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2010/06/09 12:0 a.m.105 views

VUPEN Security Research - Microsoft Office Excel EDG Heap Overflow Vulnerability (CVE-2010-1250)

VUPEN Security Research - Microsoft Office Excel EDG Heap Overflow Vulnerability CVE-2010-1250 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share information ...

9.3CVSS7.6AI score0.23843EPSS
Exploits0
securityvulns
securityvulns
added 2010/05/11 12:0 a.m.105 views

Microsoft Security Bulletin MS10-031 - Critical Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)

Microsoft Security Bulletin MS10-031 - Critical Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution 978213 Published: May 11, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsof...

9.3CVSS0.5AI score0.22364EPSS
Exploits1
securityvulns
securityvulns
added 2010/04/06 12:0 a.m.105 views

ZDI-10-051: Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability

ZDI-10-051: Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-051 April 5, 2010 -- CVE ID: CVE-2010-0094 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime --...

7.5CVSS1.2AI score0.81593EPSS
Exploits5
securityvulns
securityvulns
added 2010/04/05 12:0 a.m.105 views

PHP-fusion dsmsf (module downloads) SQL Inj3ct0r Exploit

======================================================== PHP-fusion dsmsf module downloads SQL Inj3ct0r Exploit ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' ...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2010/01/23 12:0 a.m.105 views

IdeaCMS v1.0 (fck) Remote Arbitrary File Upload

Securitylab.ir Application Info: Name: IdeaCMS Version: 1.0 Vulnerability Info: Type: Remote Arbitrary File Upload Risk: High Vulnerability: http://site.com/admin/fckeditor/editor/filemanager/connectors/asp/connector.asp Discoverd By: Pouya Daneshmand Website: http://securitylab.ir Contacts:...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2009/10/22 12:0 a.m.105 views

Everfocus EDR1600 remote authentication bypass

Product: Everfocus EDR1600 Version affected: all Website: http://www.everfocus.com/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Vuln: remote DVR authentication bypass The EDR1600 firmware don't handle correctly users authentication and sessions...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2009/08/26 12:0 a.m.105 views

Oracle 11g (11.1.0.6) Password Policy and Compliance

Many security standards require the tracking of users' password history to prevent password re-use. In Oracle 11g 11.1.0.6, if a security administrator has enabled 11g passwords exclusively then tracking password history is broken. This can affect compliance. This was addressed by Oracle in their...

2.1CVSS0.01214EPSS
Exploits1
securityvulns
securityvulns
added 2009/05/19 12:0 a.m.105 views

[security bulletin] HPSBMA02417 SSRT090031 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01697543 Version: 1 HPSBMA02417 SSRT090031 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition SSE, Local Denial of Service DoS, Execution of Arbitrary Code...

7.2CVSS1AI score0.51612EPSS
Exploits8
securityvulns
securityvulns
added 2009/02/16 12:0 a.m.105 views

[Full-disclosure] [SECURITY] [DSA 1725-1] New websvn packages fix information leak

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1725-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 15, 2009 http://www.debian.org/security/faq -...

3.5CVSS0.8AI score0.01599EPSS
Exploits1
securityvulns
securityvulns
added 2008/09/30 12:0 a.m.105 views

Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration

As of today 25 September 2008, I am using the latest 1.0.3.7 firmware for my region Singapore, US also use this version. 1/ Outdated Samba 3.0.2, vulnerable to numerous security holes. 2/ Default admin:admin user 3/ Default open guest user, noway to disable it 4/ It is impossible to disable SAMBA...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2008/08/19 12:0 a.m.105 views

SunShop <= 4.1.4 SQL Injection

GulfTech Security Research August 18, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : SunShop = 4.1.4 Risk : SQL Injection Description: SunShop shopping cart is a full featured ecommerce solution written in php that allows for web masters to run their own onlin...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2008/08/12 12:0 a.m.105 views

Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability

Title: Apache Tomcat Directory Traversal Vulnerability Author: Simon Ryeobar4mi at gmail.com, barami at ahnlab.com Severity: High Impact: Remote File Disclosure Vulnerable Version: prior to 6.0.18 Solution: - Best Choice: Upgrade to 6.0.18 http://tomcat.apache.org - Hot fix: Disable allowLinking ...

4.3CVSS7.5AI score0.99708EPSS
Exploits22
securityvulns
securityvulns
added 2008/08/04 12:0 a.m.105 views

UNAK-CMS Lfi

UNAK-CMS Lfi AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Script Download : www.unak.net DORK : "Powered by UNAK-CMS" Lfi...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2008/08/04 12:0 a.m.105 views

NeBoard Sql Injection Vulnerability

Discovered by : AleminKrali NeBoard Sql Injection Vulnerability Post Sql Dork :inurl:show.asp?id= ref= step= level= page= 2 html form 1.Form:It takes it:ID NAME 2.Form:Admin Password and later HTTP://SITE.COM/admin/boardedit.asp?id=IDNAME we are entering and 2.form Admin Password ile Login we are...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2008/03/26 12:0 a.m.105 views

phpBB PJIRC mod LFI

/ PJIRC mod phpBB Local File Include Discrovered by: 0in from DaRk-CodeRs Programming & Security Group! Contact: 0indotemailatgmaildotcom Description: This is a simply irc applet to phpbb. Download: http://www.hotscripts.pl/produkt-1998.html HTTP://Dark-Coders.4rh.eu Greetz to: All DaRk-CodeRs Te...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2008/03/12 12:0 a.m.105 views

Microsoft Security Bulletin MS08-017 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

Microsoft Security Bulletin MS08-017 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution 933103 Published: March 11, 2008 Version: 1.0 General Information Executive Summary This critical update resolves two privately reported vulnerabilities in Microsof...

9.3CVSS0.6AI score0.4014EPSS
Exploits6
securityvulns
securityvulns
added 2008/02/22 12:0 a.m.105 views

XOOPS Module tinyevent-print SQL Injection(id)

XOOPS Module tinyevent-print SQL Injectionid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl:"modules/tinyevent" DORK 2 : exploit working all tinyevent EXPLOIT :...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/12/24 12:0 a.m.105 views

[EXPL] Socket Connection Timing Can Reveal Information About Network Configuration (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

5CVSS5.7AI score0.07933EPSS
Exploits1
securityvulns
securityvulns
added 2007/06/03 12:0 a.m.105 views

PBSite - PHP Bulletin Site | CMS ====> RFI

.-" "-. / | TiTaNiC | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / HaCkEr / @ script:PBSite - PHP Bulletin Site | CMS ==== RFI url:http://sourceforge.net/project/showfiles.php?groupid=88114 authot:titanichacker [email protected] contact: hack-teach.com & mohandko.com...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/03/19 12:0 a.m.105 views

w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory 14 w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities Description: w-agora is a set of scripts written in PHP. This package is intended to allow users to share, exchange and publish information, files and discussions over the web. Multiple path disclosur...

5CVSS6.2AI score0.01566EPSS
Exploits1
securityvulns
securityvulns
added 2007/01/29 12:0 a.m.105 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.5AI score0.09917EPSS
Exploits9References15Affected Software18
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.105 views

[SA23913] CGI Rescue WebFORM Cross-Site Scripting and HTTP Header Injection

TITLE: CGI Rescue WebFORM Cross-Site Scripting and HTTP Header Injection SECUNIA ADVISORY ID: SA23913 VERIFY ADVISORY: http://secunia.com/advisories/23913/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: WebFORM 4.x http://secunia.com/product/10398/ DESCRIPTION:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/12/05 12:0 a.m.105 views

[Aria-Security Team] DuWare DuPaypal SQL Injection Vuln

Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory: http://www.aria-security.com/forum/showthread.php?t=62 ----------------------------------------------------------- Software: DuPaypal Method: SQL Injection Vendor:...

2.4AI score
Exploits0
securityvulns
securityvulns
added 2006/12/01 12:0 a.m.105 views

Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability

Title : Seditio = 1.10 pollid Remote SQL Injection Vulnerability Author : ajann Contact : : Dork : "Powered by Seditio" SQL------------------------------------------------------ http://target/path/polls.php?id= Example: //...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/10/21 12:0 a.m.105 views

UltraCMS 0.9 sql injection

Tunis the 18 October 2006 bug found by fireboy product:UltraCMS 0.9 there is an sql injection problem in UltraCMS 0.9 and it can be exploited to gain admin privileges. exploit: user: 'or''=' pass: 'or''=' example : http://www.target.com/include/index.php thx...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.105 views

Multiple xxs cPanel 10

Multiple cross site script C P A N E L 1 0 Preth00nker at gmail dot com BY PRETH00NKER http://mexhackteam.org special dedication for my friends of: http://www.elhacker.net introduction Preth00nker was discovering some news vulnerabilities in cpanel 10. Cite: cPanel allows domain owners to manage...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/07/26 12:0 a.m.105 views

LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties

LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties Produce : LinksCaffe 3.0 Website : http://gonafish.com/ Impact : manupulation of data / system access Discovered by : Simo64 - Moroccan Security Team + SQL injection 1Vulnerable code in line 223 in links.php code : $rime =...

Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.105 views

[Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla]

Kurdish Security MoSpray Remote File Include Vulnerability Original Advisory : http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : MoSpray Site :...

Exploits0
securityvulns
securityvulns
added 2005/10/16 12:0 a.m.105 views

Trusted Mobility Suite PDA access protection bypass

It's possible to synchronize with device regradless of warnings...

3.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/09/09 12:0 a.m.105 views

aMember Pro 2.3.X - Remote File Include Vulnerability

aMember Pro 2.3.X - Remote File Include Vulnerability NewAngels Advisory 2 aMember Pro 2.3.X - Remote File Include Vulnerability ============================================================================= Software: aMember Pro 2.3.4 Type: Remote PHP File Include Vulnerability Risk: High Date:...

Exploits0
securityvulns
securityvulns
added 2004/11/09 12:0 a.m.105 views

[Full-Disclosure] [Advisory + Exploit] MiniShare, Minimal HTTP Server for Windows, Remote Buffer Overflow Exploit

Hi List, I found yesterday this bug in the last version of MiniShare. This is a simple buffer overflow in the address link. Vendors are contacted at http://minishare.sourceforge.net 1 hour only before the public advisorie. Actually no fix are available. The exploit is available in attachment for...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2004/05/21 12:0 a.m.105 views

[security bulletin] SSRT4696 rev. 0 HP ProCurve Routing Switches TCP Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBGN01041 REVISION: 0 SSRT4696 rev.0 HP ProCurve Routing Switches TCP Denial of Service DoS ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bulletin...

5CVSS0.4AI score0.80855EPSS
Exploits3
securityvulns
securityvulns
added 2003/10/16 12:0 a.m.105 views

Microsoft Security Bulletin MS03-043

Microsoft Security Bulletin MS03-043 Buffer Overrun in Messenger Service Could Allow Code Execution 828035 Issued: October 15, 2003 Version Number: 1.0 Summary Who Should Read This Document: Customers using Microsoft® Windows® Impact of Vulnerability: Remote Code Execution Maximum Severity Rating...

7.5CVSS0.3AI score0.63464EPSS
Exploits2
securityvulns
securityvulns
added 2003/06/24 12:0 a.m.105 views

TA-2003-06 Denial of Service Attack against Armida Databased Web Server v1.0

TA-2003-06 Denial of Service Attack against Armida Databased Web Server v1.0 contributed by: rushjo ============================================================================ Tripbit Security Advisory TA-2003-06 Denial of Service Attack against Armida Databased Web Server v1.0...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2002/10/09 12:0 a.m.105 views

IBM SecureWay DoS

TCP packets with all flags set to 0 cause CPU exhaustion...

2AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2001/06/18 12:0 a.m.105 views

Buffer Overflow in GazTek HTTP Daemon v1.4 (ghttpd)

/ qitest1's security advisory 002 / Buffer Overflow in GazTek HTTP Daemon v1.4 ghttpd +Systems Affected Any system running GazTek HTTP Daemon v1.4 ghttpd +Program Description ghttpd is a small and easy to configure HTTP server with CGI support, tested on Linux. It can run as a standalone daemon o...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2000/06/07 12:0 a.m.105 views

ICQ2000A ICQmail temparary internet link vulnearbility

============================================== Vulnerability : ICQ2000A ICQwebmail temparary internet link vulnearbility Name : Gert Fokkema. Email : [email protected] Function : SecurityManager. Organization : ISAAN. http://www.fokkema.8k.com Organization : Noorderpoortcollege...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2000/06/07 12:0 a.m.105 views

ALERT: Bypassing Warnings For Invalid SSL Certificates In Internet Explorer

=====BEGIN-ACROS-REPORT===== ========================================================================= ACROS Security Problem Report 1999-12-15-1-PUB ------------------------------------------------------------------------- Bypassing Warnings For Invalid SSL Certificates In Internet Explorer...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2000/04/13 12:0 a.m.105 views

Linux news 13.04.00

Linux Kernel 2.2.15pre18 Сегодня вышел очередной, восемнадцатый по счету, пререлиз нового стабильного ядра Linux - Linux Kernel 2.2.15. Подробнее: http://kernelnotes.org/lnxlists/linux-kernel/lk000402/ Linux Kernel 2.3.99-pre5 Сегодня выпустили очередной пререлиз нового ядра Linux - Linux Kernel...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.104 views

APPLE-SA-2015-09-30-2 Safari 9

APPLE-SA-2015-09-30-2 Safari 9 Safari 9 is now available and addresses the following: Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Visiting a malicious website may lead to user interface spoofing Description: Multiple user interface...

10CVSS7.6AI score0.02795EPSS
Exploits0
securityvulns
securityvulns
added 2015/08/17 12:0 a.m.104 views

APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 is now available and addresses the following: Safari Application Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and O...

6.8CVSS0.02754EPSS
Exploits0
securityvulns
securityvulns
added 2015/07/27 12:0 a.m.104 views

NetCracker Resource Management 8.0 - SQL Injection Vulnerability

Vulnerability type: SQL Injection Vendor: http://www.netcracker.com/ Product: NetCracker Resource Management System Affected version: = 8.0 Patched version: 8.2 Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan CVE ID: CVE-2015-3423 PROOF OF CONCEPT SQLi SQL Injection SQLi vulnerability in multip...

1.2AI score0.02378EPSS
Exploits3
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.104 views

[ MDVSA-2015:209 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:209 http://www.mandriva.com/en/support/security/ Package : php Date : April 27, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Updated php packages fix security vulnerabilities:...

7.5CVSS8.5AI score0.38434EPSS
Exploits3
securityvulns
securityvulns
added 2015/05/04 12:0 a.m.104 views

[USN-2592-1] XML::LibXML vulnerability

========================================================================== Ubuntu Security Notice USN-2592-1 May 04, 2015 libxml-libxml-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

5CVSS0.5AI score0.04013EPSS
Exploits0
securityvulns
securityvulns
added 2015/04/09 12:0 a.m.104 views

APPLE-SA-2015-04-08-4 Apple TV 7.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-04-08-4 Apple TV 7.2 Apple TV 7.2 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges...

7.5CVSS0.4AI score0.09112EPSS
Exploits3
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.104 views

APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and address the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10...

7.5CVSS0.6AI score0.02762EPSS
Exploits0
securityvulns
securityvulns
added 2014/11/24 12:0 a.m.104 views

APPLE-SA-2014-11-17-1 iOS 8.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-1 iOS 8.1.1 iOS 8.1.1 is now available and addresses the following: CFNetwork Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: Website cache may not be fully cleared after leaving...

9.3CVSS0.2AI score0.03404EPSS
Exploits0
Total number of security vulnerabilities5000