Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/02/26 12:0 a.m.104 views

Linux pertiotions handling multiple security vulnerabilities

Memory corruptions, information leaks, DoS...

4.9CVSS1.1AI score0.00534EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2010/11/28 12:0 a.m.104 views

[eVuln.com] URL XSS in Easy Banner Free

New eVuln Advisory: URL XSS in Easy Banner Free Summary: http://evuln.com/vulns/148/summary.html Details: http://evuln.com/vulns/148/description.html -----------Summary----------- eVuln ID: EV0148 Software: Easy Banner Free Vendor: PHP Web Scripts Version: 2009.05.18 Critical Level: low Type: Cro...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2010/09/20 12:0 a.m.104 views

[oCERT-2010-003] Free Simple CMS path sanitization errors

2010-003 Free Simple CMS path sanitization errors Description: Free Simple CMS, an open source content management system, suffers from remote file inclusion vulnerabilities. Insufficient path sanitization on several query string parameters leads to inclusion of arbitrary files from remote sources...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/06/08 12:0 a.m.104 views

Microsoft Security Bulletin MS10-035 - Critical Cumulative Security Update for Internet Explorer (982381)

Microsoft Security Bulletin MS10-035 - Critical Cumulative Security Update for Internet Explorer 982381 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in...

9.3CVSS1.2AI score0.3703EPSS
Exploits10
securityvulns
securityvulns
added 2009/05/19 12:0 a.m.104 views

[security bulletin] HPSBMA02417 SSRT090031 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01697543 Version: 1 HPSBMA02417 SSRT090031 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition SSE, Local Denial of Service DoS, Execution of Arbitrary Code...

7.2CVSS1AI score0.51612EPSS
Exploits8
securityvulns
securityvulns
added 2008/11/24 12:0 a.m.104 views

OpenSSH security advisory: cbc.adv

OpenSSH Security Advisory: cbc.adv Regarding the "Plaintext Recovery Attack Against SSH" reported as CPNI-9570371: The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2007/10/20 12:0 a.m.104 views

Serious holes affecting SiteBar 3.3.8

All, As a result of a short security audit of SiteBar, a number of security holes were found. The holes included code execution, a malicious redirect and multiple cases of Javascript injection. After liasing with the developers, the holes have been patched. Attached are the advisory and patch...

9CVSS0.1AI score0.02341EPSS
Exploits2
securityvulns
securityvulns
added 2007/04/12 12:0 a.m.104 views

iDefense Security Advisory 04.11.07: Apache HTTPD suEXEC Multiple Vulnerabilities

Apache HTTPD suEXEC Multiple Vulnerabilities iDefense Security Advisory 04.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 11, 2007 I. BACKGROUND The suexec binary is a helper application which is part of the Apache HTTP server package. It is designed to allow a script to run wit...

6.2CVSS0.2AI score0.00516EPSS
Exploits0
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.104 views

Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Database Buffer overflow vulnerabilities in procedure DBMSDRS.GETPROPERTY DB03 AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 9iR2 and...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/09/20 12:0 a.m.104 views

Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit

==================================================================== Pie Cart Pro = HomePath Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz http://www.doodlebabies.com/...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.104 views

Multiple xxs cPanel 10

Multiple cross site script C P A N E L 1 0 Preth00nker at gmail dot com BY PRETH00NKER http://mexhackteam.org special dedication for my friends of: http://www.elhacker.net introduction Preth00nker was discovering some news vulnerabilities in cpanel 10. Cite: cPanel allows domain owners to manage...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/07/26 12:0 a.m.104 views

LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties

LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties Produce : LinksCaffe 3.0 Website : http://gonafish.com/ Impact : manupulation of data / system access Discovered by : Simo64 - Moroccan Security Team + SQL injection 1Vulnerable code in line 223 in links.php code : $rime =...

Exploits0
securityvulns
securityvulns
added 2006/04/19 12:0 a.m.104 views

XSS Vulnerability in Guest-book script powered by Community Architect

This document is best seen with Font: Verdana Size: 9pt Advisory Name =========== XSS Vulnerability in Guest-book script powered by Community Architect Vulnerable Systems ============== Sites providing web-hosting service powered by Community Architect. Found By ======= Susam Pal Found On =======...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2005/09/09 12:0 a.m.104 views

aMember Pro 2.3.X - Remote File Include Vulnerability

aMember Pro 2.3.X - Remote File Include Vulnerability NewAngels Advisory 2 aMember Pro 2.3.X - Remote File Include Vulnerability ============================================================================= Software: aMember Pro 2.3.4 Type: Remote PHP File Include Vulnerability Risk: High Date:...

Exploits0
securityvulns
securityvulns
added 2005/05/04 12:0 a.m.105 views

[Full-disclosure] NIC Chile CGI Script Zone Transfers

NIC Chile CGI Script Zone Transfers. Autor: Rodrigo Gutierrez rodrigo at intellicomp.cl Affected: All ".cl" domains which use NIC's Chile Secondary NS. Vendor url: http://www.nic.cl Rate: Critical Background. NIC Chile is a part of the University of Chile and is in charge of handling all the...

7AI score
Exploits0
securityvulns
securityvulns
added 2002/10/25 12:0 a.m.104 views

Подмена подписанного документа в ECDSA

Серьёзная ошибка в ECDSA. В матаппарате новейшего американского стандарта ЭЦП известного как ECDSA DSA для эллиптических кривых 1 cтр. 25-30 существует серьёзная ошибка позволяющая выбрать такое значение секретного ключа, чтобы получить одинаковые подписи для разных документов. Это позволяет...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2002/10/09 12:0 a.m.104 views

IBM SecureWay DoS

TCP packets with all flags set to 0 cause CPU exhaustion...

2AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2001/06/18 12:0 a.m.104 views

Buffer Overflow in GazTek HTTP Daemon v1.4 (ghttpd)

/ qitest1's security advisory 002 / Buffer Overflow in GazTek HTTP Daemon v1.4 ghttpd +Systems Affected Any system running GazTek HTTP Daemon v1.4 ghttpd +Program Description ghttpd is a small and easy to configure HTTP server with CGI support, tested on Linux. It can run as a standalone daemon o...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2000/12/19 12:0 a.m.104 views

hhp's Expect advisory/exploit/patch.

------------------------------------------------------------------------------- hhp adv-17 Sec-Advisory/Exploit/Patch www.hhp-programming.net ------------------------------------------------------------------------------- Topic: Expect. Versions: 5.31.8 and 5.28.1, maybe others. Date: 12/12/2000...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/12/02 12:0 a.m.104 views

All, After reading a report on security focus that deals with the sonicwall soho versions 4.0 and 5.0 being vulnerable to a buffer overflow by using a alot of characters in the username...I started testing againg our Sonicwall Pro and Pro VX in the lab. Entering this for the username -...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2000/10/26 12:0 a.m.104 views

Ntop -w remote exploit

Problem: ntop has a stack-based BOF when it's requested too long filename. 2. Tested Version ntop-1.2a1 I only tested this version. 3. Example 1. first run ntop -w 8080 2. run this script $ printf "GET /perl -e 'print "A"x240'rnrn" |nc localhost 8080 3. the ntop goes seg. fault. $ ntop -w 8080...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2000/06/07 12:0 a.m.104 views

ALERT: Bypassing Warnings For Invalid SSL Certificates In Internet Explorer

=====BEGIN-ACROS-REPORT===== ========================================================================= ACROS Security Problem Report 1999-12-15-1-PUB ------------------------------------------------------------------------- Bypassing Warnings For Invalid SSL Certificates In Internet Explorer...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.103 views

Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities

Document Title: =============== Zhone ADSL2+ 4P Bridge & Router Broadcom - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1591 Download: http://www.zhone.com/support/downloads/cpe/6218-I2/6218-I2R030220AnnexA.zip Release Date:...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.103 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.99974EPSS
Exploits50References28Affected Software20
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.103 views

Code Injection in Epicor Retail Store 3.2.03.01.008

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Title: Code Injection in Epicor Retail Store Help System CVE: CVE-2015-2210 Vendor: Epicor Product: CRS Retail Store v3.2.03.01.008 Affected version: 3.2.03.01.008 Reported by: Zeng Xianbo Joseph [email protected] Issue identified by: Zeng...

7.2CVSS0.2AI score0.00632EPSS
Exploits1
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.103 views

Incorrect handling of self signed certificates in OpenFire XMPP Server

Incorrect handling of self signed certificates in OpenFire XMPP Server Affected software: OpenFire XMPP server Affected versions: 3.9.3 and earlier Vulnerabilities addressed: CVE-2014-3451, CVE-2015-2080 Openfire is a real time collaboration RTC server licensed under the Open Source Apache Licens...

5CVSS0.74881EPSS
Exploits16
securityvulns
securityvulns
added 2015/04/16 12:0 a.m.103 views

Microsoft Exchange crossite scripting

Multiple crossite scripting possibilities...

4.3CVSS1.3AI score0.11786EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2015/04/09 12:0 a.m.103 views

APPLE-SA-2015-04-08-4 Apple TV 7.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-04-08-4 Apple TV 7.2 Apple TV 7.2 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges...

7.5CVSS0.4AI score0.09112EPSS
Exploits3
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.103 views

APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and address the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10...

7.5CVSS0.6AI score0.02762EPSS
Exploits0
securityvulns
securityvulns
added 2014/11/03 12:0 a.m.103 views

Multiple vulnerabilities in EspoCRM

Advisory ID: HTB23238 Product: EspoCRM Vendor: http://www.espocrm.com Vulnerable Versions: 2.5.2 and probably prior Tested Version: 2.5.2 Advisory Publication: October 8, 2014 without technical details Vendor Notification: October 8, 2014 Vendor Patch: October 10, 2014 Public Disclosure: October...

10CVSS0.1AI score0.05026EPSS
Exploits5
securityvulns
securityvulns
added 2014/08/11 12:0 a.m.103 views

ESA-2014-055: EMC Network Configuration Manager (NCM) Report Advisor Session Fixation Vulnerability

ESA-2014-055.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-055: EMC Network Configuration Manager NCM Report Advisor Session Fixation Vulnerability EMC Identifier: ESA-2014-055 CVE Identifier: CVE-2014-2509 Severity Rating: CVSS v2 Base Score: 6.9 AV:A/AC:M/Au:N/C:C/I:P/A:P Affected...

5.4CVSS0.6AI score0.0158EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.103 views

Cross-Site Scripting (XSS) in CMSimple

Advisory ID: HTB23205 Product: CMSimple Vendor: Preben Bjorn Biermann Madsen Vulnerable Versions: 3.54 and probably prior Tested Version: 3.54 Advisory Publication: February 26, 2014 without technical details Vendor Notification: February 26, 2014 Vendor Patch: February 26, 2014 Public Disclosure...

4.3CVSS6.5AI score0.01193EPSS
Exploits3
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.103 views

APPLE-SA-2014-04-22-3 Apple TV 6.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple TV 6.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker in a privileged network position can obtain web site credentials Descriptio...

10CVSS0.2AI score0.34782EPSS
Exploits14
securityvulns
securityvulns
added 2014/04/07 12:0 a.m.103 views

HP Integrated Lights-Out unauthorized access

Information leakage of password...

7.8CVSS2.5AI score0.81802EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2014/04/07 12:0 a.m.103 views

ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities

ESA-2012-029.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2012-029 CVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131 Severity Rating: See below for scores for individual issues Affected Products: For the...

7.5CVSS0.5AI score0.73327EPSS
Exploits12
securityvulns
securityvulns
added 2014/03/27 12:0 a.m.103 views

Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)

Hi, We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data such as cookies and cached information which reside in...

6.4CVSS0.02344EPSS
Exploits3
securityvulns
securityvulns
added 2014/02/10 12:0 a.m.103 views

Information on recently-fixed Oracle VM VirtualBox vulnerabilities

Hi there, Recently I found a few vulnerabilities in Oracle VM VirtualBox, the open-source virtualization product. These have already been reported to the project, fixed and disclosed in the form of the recent January 2014 Oracle Critical Patch Update at...

3.5CVSS0.1AI score0.00311EPSS
Exploits0
securityvulns
securityvulns
added 2013/11/26 12:0 a.m.103 views

[ MDVSA-2013:276 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:276 http://www.mandriva.com/en/support/security/ Package : curl Date : November 21, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated curl packages fix security...

4.3CVSS6.5AI score0.03076EPSS
Exploits0
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.103 views

HP System Management Homepage multiple security vulnerabilities

Code execution, unauthorized access, DoS...

7.5CVSS2AI score0.73327EPSS
Exploits27References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.103 views

[waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1

waraxe-2013-SA098 - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 =============================================================================== Author: Janek Vind "waraxe" Date: 19. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-98.html Description of vulnerabl...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.103 views

[SECURITY] [DSA 2653-1] icinga security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2653-1 [email protected] http://www.debian.org/security/ Florian Weimer March 26, 2013 http://www.debian.org/security/faq -...

7.5CVSS2.4AI score0.6645EPSS
Exploits15
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.103 views

Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities

Title: ====== Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities Date: ===== 2013-01-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=824 ID: SWIFT-3119 URL: http://dev.kayako.com/browse/SWIFT-3119 VL-ID: ===== 824 Common Vulnerability Scoring System:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.103 views

[SE-2012-01] Regarding Oracle's Critical Patch Update for Java SE

Dear All, Yesterday, Oracle released its Critical Patch Update for Java SE software 1, which incorporates fixes for 3 of more than 20+ security issues that were reported to the company in Apr 2012 2. We would like to inform, that while some of the Proof of Concept codes we developed for the...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2012/03/10 12:0 a.m.103 views

LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts - Security Advisory 2012-03-01 === PyPAM -- Python bindings for PAM - Double Free Corruption - --------------------------------------------------------- Affected Versions ================= PyPAM = 0.4.2 Red Hat PyPAM =...

7.5CVSS6.3AI score0.14294EPSS
Exploits6
securityvulns
securityvulns
added 2012/02/22 12:0 a.m.103 views

CMS wizard Cross Site Scripting

================================================================= -=CMS wizard Cross Site Scripting ================================================================= Author: XaDaL Date: 14-02-2012 vendor: http://www.cmswizard.co.uk/ tested on: windows mobile dork : powered by CMS wizard This...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2011/09/26 12:0 a.m.103 views

Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability

Advisory: Serendipity freetag plugin 'serendipitytagview' Cross-Site Scripting vulnerability Advisory ID: SSCHADV2011-016 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 Vendor URL: http://www.s9y.org Vendor Status: fixed CVE-ID: - ==========================...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.103 views

[USN-1126-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-1126-1 April 29, 2011 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.5CVSS1.4AI score0.17881EPSS
Exploits36
securityvulns
securityvulns
added 2010/11/10 12:0 a.m.103 views

Microsoft Security Bulletin MS10-089 - Important Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

Microsoft Security Bulletin MS10-089 - Important Vulnerabilities in Forefront Unified Access Gateway UAG Could Allow Elevation of Privilege 2316074 Published: November 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities...

5.8CVSS0.4AI score0.19111EPSS
Exploits0
securityvulns
securityvulns
added 2010/11/04 12:0 a.m.103 views

Path disclosure in eoCMS

Vulnerability ID: HTB22674 Reference: http://www.htbridge.ch/advisory/pathdisclosureineocms.html Product: eoCMS Vendor: eocms.com http://eocms.com Vulnerable Version: 0.9.04 Vendor Notification: 21 October 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted, Awaiting Vendor...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2010/07/17 12:0 a.m.103 views

[ MDVSA-2010:132 ] python

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:132 http://www.mandriva.com/security/ Package : python Date : July 14, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilitie...

7.5CVSS7.5AI score0.14643EPSS
Exploits3
Total number of security vulnerabilities5000