Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2012/06/24 12:0 a.m.104 views

ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-100 June 21, 2012 - -- CVE ID: CVE-2012-0127 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

10CVSS0.7AI score0.23279EPSS
Exploits2
securityvulns
securityvulns
added 2012/03/10 12:0 a.m.104 views

LSE-2012-03-01: PyPAM -- Python bindings for PAM - Double Free Corruption

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts - Security Advisory 2012-03-01 === PyPAM -- Python bindings for PAM - Double Free Corruption - --------------------------------------------------------- Affected Versions ================= PyPAM = 0.4.2 Red Hat PyPAM =...

7.5CVSS6.3AI score0.14294EPSS
Exploits6
securityvulns
securityvulns
added 2012/02/22 12:0 a.m.104 views

CMS wizard Cross Site Scripting

================================================================= -=CMS wizard Cross Site Scripting ================================================================= Author: XaDaL Date: 14-02-2012 vendor: http://www.cmswizard.co.uk/ tested on: windows mobile dork : powered by CMS wizard This...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2011/06/29 12:0 a.m.104 views

XSS и BF уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Brute Force уязвимостях в Drupal. XSS WASC-08: На страницах с формами например на странице комментария http://site/comment/reply/1, как формах добавления, так и редактирования данных, которые защищены токеном от CSRF, возмож...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.104 views

[USN-1126-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-1126-1 April 29, 2011 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.5CVSS1.4AI score0.17881EPSS
Exploits36
securityvulns
securityvulns
added 2010/11/10 12:0 a.m.104 views

Microsoft Security Bulletin MS10-089 - Important Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

Microsoft Security Bulletin MS10-089 - Important Vulnerabilities in Forefront Unified Access Gateway UAG Could Allow Elevation of Privilege 2316074 Published: November 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities...

5.8CVSS0.4AI score0.19111EPSS
Exploits0
securityvulns
securityvulns
added 2010/06/08 12:0 a.m.104 views

Microsoft Security Bulletin MS10-035 - Critical Cumulative Security Update for Internet Explorer (982381)

Microsoft Security Bulletin MS10-035 - Critical Cumulative Security Update for Internet Explorer 982381 Published: June 08, 2010 Version: 1.0 General Information Executive Summary This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in...

9.3CVSS1.2AI score0.3703EPSS
Exploits10
securityvulns
securityvulns
added 2010/03/15 12:0 a.m.104 views

Zigurrat CMS SQL Injection Vulnerability

================= IUT-CERT ================= Title: Zigurrat CMS SQL Injection Vulnerability Vendor: www.farsi-cms.com Dork: Design by Tagfa Co Type: Input.Validation.Vulnerability SQL Injection Fix: N/A ================== nsec.ir ================= Description: ------------------ Zigurrat CMS is ...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2010/03/15 12:0 a.m.104 views

Ananta Gazelle SQL Injection Vulnerability

www.BugReport.ir AmnPardaz Security Research Team Title: Ananta Gazelle SQL Injection Vulnerability Vendor: http://www.anantasoft.com/ Vulnerable Version: 1.0 Latest version till now Exploitation: Remote with browser Fix: N/A - Description: Ananta Gazelle is a rich JavaScript enabled CMS with...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/02/10 12:0 a.m.104 views

Microsoft Windows TCP/IP and TCP/IPv6 multiple security vulnerabilities

Multiple memory corruptions in ICMPv6, IPSec, TCP implementations...

10CVSS2.6AI score0.67717EPSS
Exploits4References1
securityvulns
securityvulns
added 2010/01/26 12:0 a.m.104 views

Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack

Microsoft Windows NT GP Trap Handler Allows Users to Switch Kernel Stack ------------------------------------------------------------------------- CVE-2010-0232 In order to support BIOS service routines in legacy 16bit applications, the Windows NT Kernel supports the concept of BIOS calls in the...

7.2CVSS0.8AI score0.29253EPSS
Exploits13
securityvulns
securityvulns
added 2009/12/04 12:0 a.m.104 views

FreeBSD privilege escalation

It's possible to bypass environment variables filtering on suid program execution...

7.2CVSS4.6AI score0.03903EPSS
Exploits5References2Affected Software1
securityvulns
securityvulns
added 2009/08/26 12:0 a.m.104 views

Bypassing DBMS_ASSERT in certain situations

DBMSASSERT can be used to prevent PL/SQL injection. In certain cases it can be bypassed. This is documented in a paper I wrote in July 2008 but am only publishing now: http://www.databasesecurity.com/oracle/Bypassing-DBMSASSERT.pdf Cheers, David Litchfield NGSSoftware Ltd...

Exploits0
securityvulns
securityvulns
added 2009/02/25 12:0 a.m.104 views

[ MDVSA-2009:050-1 ] python-pycrypto

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:050-1 http://www.mandriva.com/security/ Package : python-pycrypto Date : February 23, 2009 Affected: 2009.0 Problem Description: A vulnerability have been discovered and corrected in PyCrypto ARC2 module...

10CVSS7.3AI score0.11523EPSS
Exploits2
securityvulns
securityvulns
added 2008/10/24 12:0 a.m.104 views

DoS vulnerabilities in Mozilla, Internet Explorer, Google Chrome and Opera

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Denial of Service уязвимостях в браузерах Mozilla Firefox, Opera та Google Chrome. Данные уязвимости похожи на DoS в Firefox, Opera и Chrome http://websecurity.com.ua/2456/, которые я опубликовал в проекте День багов в браузерах. Данную атаку я...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2008/03/26 12:0 a.m.104 views

Mozilla Foundation Security Advisory 2008-16

Mozilla Foundation Security Advisory 2008-16 Title: HTTP Referrer spoofing with malformed URLs Impact: Moderate Announced: March 25, 2008 Reporter: Gregory Fleischer, RSnake Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.13 SeaMonkey 1.1.9 Description Security researcher Gregory Fleischer...

5CVSS0.1AI score0.02443EPSS
Exploits2
securityvulns
securityvulns
added 2007/10/02 12:0 a.m.104 views

eGov Content Manager Cross Site Scripting Vulrnability

HSC eGov Content Manager Cross Site Scripting Vulrnability The eGov Manager was designed to simplify the efforts of government staffers who are responsible for posting public documents, news updates, events, managing staff directories and online services. This issue is due to a failure in the...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/04/12 12:0 a.m.104 views

iDefense Security Advisory 04.11.07: Apache HTTPD suEXEC Multiple Vulnerabilities

Apache HTTPD suEXEC Multiple Vulnerabilities iDefense Security Advisory 04.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 11, 2007 I. BACKGROUND The suexec binary is a helper application which is part of the Apache HTTP server package. It is designed to allow a script to run wit...

6.2CVSS0.2AI score0.00516EPSS
Exploits0
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.104 views

Ezboxx multiple vulnerabilities.

Ezboxx multiple vulnerabilities. Vulnerable version: Ezboxx Portal System Beta v 0.7.6 and below. The Ezboxx Portal System Beta v 0.7.6 and below versions are vulnerable to Cross-site scripting, Path disclosure and SQL Injection attacks. Cross-site scripting: ---------------------- Description:...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/11/27 12:0 a.m.104 views

TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode)

TFTP Server 3CTftpSvc Buffer Overflow Vulnerability Long transporting mode ------------------------------------------------------------------ SUMMARY: 3CTftpSvc TFTP Server is a Freeware TFTP server for Windows 9x/NT/XP. http://support.3com.com/software/utilitiesforwindows32bit.htm or...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.104 views

PHPOLL => 0.96 Cross Site Scripting

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM PHPOLL =...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.104 views

UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability

Title : UStore 1.0 detail.asp Remote SQL Injection Vulnerability Author : ajann http://target/path//detail.asp?ID=SQL Example: //detail.asp?ID=-120union20select200,username,password,0,0,0,0,0,0,020from20tblusers20where20id20like201 """"""""""""""""""""" ajann,Turkey ... Im not Hacker!...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2006/09/20 12:0 a.m.104 views

Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit

==================================================================== Pie Cart Pro = HomePath Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By Saudi Hackrz http://www.doodlebabies.com/...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2006/04/19 12:0 a.m.104 views

XSS Vulnerability in Guest-book script powered by Community Architect

This document is best seen with Font: Verdana Size: 9pt Advisory Name =========== XSS Vulnerability in Guest-book script powered by Community Architect Vulnerable Systems ============== Sites providing web-hosting service powered by Community Architect. Found By ======= Susam Pal Found On =======...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2006/03/15 12:0 a.m.104 views

Fortinet Security Advisory: FSA-2006-08

Fortinet Security Advisory: FSA-2006-08 Microsoft Excel Column Index Improper Memory Access Advisory Date : March 14, 2006 Reported Date : January 24, 2006 Vendor : Microsoft Affected Products : Microsoft Excel 2003 Chinese Version Windows XP Home Edition Chinese Version and possible all versions...

5.1CVSS6.8AI score0.14633EPSS
Exploits0
securityvulns
securityvulns
added 2006/02/25 12:0 a.m.104 views

WinAmp player buffer overflow

Buffer overflow on oversized computer name in UNC path of .pls on .m3u file entry. Buffer overflow on oversized WMA playlist file entry. Vulnerability can be exploited for hidden trojan installation...

3.7AI score
Exploits0References7Affected Software1
securityvulns
securityvulns
added 2005/08/18 12:0 a.m.104 views

[SA16462] CPAINT Ajax Toolkit Unspecified Command Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2002/10/25 12:0 a.m.104 views

Подмена подписанного документа в ECDSA

Серьёзная ошибка в ECDSA. В матаппарате новейшего американского стандарта ЭЦП известного как ECDSA DSA для эллиптических кривых 1 cтр. 25-30 существует серьёзная ошибка позволяющая выбрать такое значение секретного ключа, чтобы получить одинаковые подписи для разных документов. Это позволяет...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2002/06/12 12:0 a.m.104 views

Security holes in LokwaBB and W-Agora

Somebody advised me to post also on bugtraq not only on vuln-dev, I thus do it : I just hope that doesn't give more work to the webmasters. Product 1 : W-Agora 4.1.3 http://www.w-agora.net Problem : - Including file Exploits : - With a file http://www.attacker.com/dbaccess.txt :...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2002/01/10 12:0 a.m.104 views

Уязвимости в Cisco SN 5420

Различные уязвимости позволяют чтение конфигурации и DoS...

0.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/01/04 12:0 a.m.104 views

Buffer overflow in awhttpd (Re: Format string bug in awhttpd (Re: [AP] awhttpd v2.2 local DoS))

Hello 3APA3A, OK, format string issue exists only in proposed patch... What about this issue: There are at least 2 buffer overflows with heap corruption, tpbuf can be up to 210 characters while getreqsi is malloc100. Of cause, target file should exist... tpbuf is base dir concatenated with 100...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2001/07/29 12:0 a.m.104 views

Обход Trend Micro AppletTrap (protection bypass)

Можно обойти защиту от Javascript Используя Unicode - кодировку...

1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/09/14 12:0 a.m.103 views

[USN-2735-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2735-1 September 08, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

7.5CVSS0.9AI score0.02568EPSS
Exploits2
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.103 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.99974EPSS
Exploits50References28Affected Software20
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.103 views

Code Injection in Epicor Retail Store 3.2.03.01.008

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Title: Code Injection in Epicor Retail Store Help System CVE: CVE-2015-2210 Vendor: Epicor Product: CRS Retail Store v3.2.03.01.008 Affected version: 3.2.03.01.008 Reported by: Zeng Xianbo Joseph [email protected] Issue identified by: Zeng...

7.2CVSS0.2AI score0.00632EPSS
Exploits1
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.103 views

OS Command Injection Infoblox Network Automation

Product: Network Automation, licensed as: • NetMRI • Switch Port Manager • Automation Change Manager • Security Device Controller Vendor: Infoblox Vulnerable Versions: 6.4.X.X-6.8.4.X Tested Version: 6.8.2.11 Vendor Notification: May 12th, 2014 Vendor Patch Availability to Customers: May 16th, 20...

10CVSS0.7AI score0.07171EPSS
Exploits6
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.103 views

[CORE-2014-0005] - Advantech WebAccess Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech WebAccess Vulnerabilities 1. Advisory Information Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date...

7.5CVSS0.9AI score0.02672EPSS
Exploits5
securityvulns
securityvulns
added 2014/08/11 12:0 a.m.103 views

ESA-2014-055: EMC Network Configuration Manager (NCM) Report Advisor Session Fixation Vulnerability

ESA-2014-055.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-055: EMC Network Configuration Manager NCM Report Advisor Session Fixation Vulnerability EMC Identifier: ESA-2014-055 CVE Identifier: CVE-2014-2509 Severity Rating: CVSS v2 Base Score: 6.9 AV:A/AC:M/Au:N/C:C/I:P/A:P Affected...

5.4CVSS0.6AI score0.0158EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.103 views

[USN-2228-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2228-1 May 27, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

10CVSS1.1AI score0.10385EPSS
Exploits16
securityvulns
securityvulns
added 2014/03/27 12:0 a.m.103 views

[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04135307 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04135307 Version: 1 HPSBGN02970 rev....

10CVSS0.5AI score0.07533EPSS
Exploits15
securityvulns
securityvulns
added 2014/03/02 12:0 a.m.103 views

SEC Consult SA-20140228-0 :: Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch

SEC Consult Vulnerability Lab Security Advisory 20140228-0 ======================================================================= title: Privilege escalation vulnerability product: MICROSENS Profi Line Modular Industrial Switch Web Manager MS652119PM vulnerable version: Firmware version 10.3.1...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2014/01/09 12:0 a.m.103 views

[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2013-001 ------------------------------------------------------------------------ Advisory ID: REVIVE-SA-2013-001 CVE ID: CVE-2013-7149 Date: 2013-12-20 Security risk: Critical...

7.5CVSS7.1AI score0.02011EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.103 views

HP System Management Homepage multiple security vulnerabilities

Code execution, unauthorized access, DoS...

7.5CVSS2AI score0.73327EPSS
Exploits27References1Affected Software1
securityvulns
securityvulns
added 2013/06/05 12:0 a.m.103 views

[SECURITY] [DSA 2695-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2695-1 [email protected] http://www.debian.org/security/ Michael Gilbert May 29, 2013 http://www.debian.org/security/faq -...

7.5CVSS4.5AI score0.11999EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.103 views

[waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1

waraxe-2013-SA098 - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 =============================================================================== Author: Janek Vind "waraxe" Date: 19. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-98.html Description of vulnerabl...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/02 12:0 a.m.103 views

Unauthenticated remote access to D-Link DIR-645 devices

Unauthenticated remote access to D-Link DIR-645 devices ======================================================= ADVISORY INFORMATION Title: Unauthenticated remote access to D-Link DIR-645 devices Discovery date: 20/02/2013 Release date: 27/02/2013 Credits: Roberto Paleari [email protected],...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.103 views

0day full - Free Monthly Websites v2.0 - Multiple Web Vulnerabilities

Title: ====== Free Monthly Websites v2.0 - Multiple Web Vulnerabilities Date: ===== 2013-02-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=851 VL-ID: ===== 851 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.103 views

DefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up

A few weeks ago, we have announced remote preauth root access exploit for Cisco Linksys http://www.youtube.com/watch?v=cv-MbL7KFKE. Vulnerability details were disclosed here: http://www.defensecode.com/public/DefenseCodeBroadcomSecurityAdvisory.pdf During further research, we have discovered that...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.103 views

Adobe Flash Player memory corruption

Memory corruption on SWF parsing...

10CVSS3.7AI score0.08158EPSS
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2012/10/01 12:0 a.m.103 views

[ MDVSA-2012:154 ] apache

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:154 http://www.mandriva.com/security/ Package : apache Date : September 28, 2012 Affected: Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in apache ASF HTTPD...

6.9CVSS8.4AI score0.22515EPSS
Exploits5
Total number of security vulnerabilities5000