Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2012/07/09 12:0 a.m.101 views

Forum Oxalis 0.1.2 <= SQL Injection Vulnerability

Forum Oxalis 0.1.2 = SQL Injection Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Forum Oxalis is a minimalis GPL PHP forum using CSS." Vendor URI: http://developer.berlios.de/projects/forumoxalis/ Risk-level: High The application is prone to a remote SQL...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/06/25 12:0 a.m.101 views

[Suspected Spam] Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities

Title: ====== Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities Date: ===== 2012-05-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=515 VL-ID: ===== 515 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ============...

8AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.101 views

NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked

Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.101 views

Wolf CMS v0.7.5 - Multiple Web Vulnerabilities

Title: ====== Wolf CMS v0.7.5 - Multiple Web Vulnerabilities Date: ===== 2012-02-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=452 VL-ID: ===== 452 Introduction: ============= Wolf CMS is a content management system and is Free Software published under the GNU...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.101 views

Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability

-------------------------------------------------------------------------------- Wordpress Kish Guest Posting Plugin 1.0 uploadify.php Unrestricted File Upload -------------------------------------------------------------------------------- author............: Egidio Romano aka EgiX...

Exploits0
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.101 views

ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerability

ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-290 October 15, 2011 - -- CVE ID: CVE-2011-2001 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Microsoft - -- Affected Products:...

9.3CVSS0.4AI score0.71802EPSS
Exploits5
securityvulns
securityvulns
added 2011/09/09 12:0 a.m.101 views

Security bypass vulnerability in MyBB

Hello 3APA3A! I want to warn you about security bypass vulnerability in MyBB, which allows to bypass protection against Brute Force and conduct Brute Force attacks. In August in my article Bypassing captchas and blocking at web sites http://websecurity.com.ua/5334/ I wrote about vulnerability in...

Exploits0
securityvulns
securityvulns
added 2011/06/02 12:0 a.m.101 views

Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar Advisory ID: cisco-sa-20110601-cnr Revision 1.0 For Public Release 2011 June 01 1600 UTC GMT +---------------------------------------------------------------------...

10CVSS0.9AI score0.03372EPSS
Exploits1
securityvulns
securityvulns
added 2011/02/17 12:0 a.m.101 views

Tembria Server Monitor Multiple Cross-site Scripting (XSS) Vulnerabilities

Tembria Server Monitor Multiple Cross-site Scripting XSS Vulnerabilities Solutionary ID: SERT-VDN-1003 Solutionary Disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-XSS.html CVE ID: Pending Product: Tembria Server Monitor Application Vendor: Tembria...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2011/02/08 12:0 a.m.101 views

[SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.3 - - Tomcat 6.0.0 to 6.0.? - - Tomcat 5.5.0 to 5.5.? - - Earlier, unsupported...

1.2CVSS5.3AI score0.01353EPSS
Exploits1
securityvulns
securityvulns
added 2010/12/12 12:0 a.m.101 views

PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 11.11.2010 - - Pub.: 10.12.2010 CERT: VU479900 CVE: CVE-2010-4409 CWE: CWE-189 Status: Fixed in PHP 5.3.4...

5CVSS7.7AI score0.18878EPSS
Exploits5
securityvulns
securityvulns
added 2010/11/30 12:0 a.m.101 views

Stored XSS (Cross Site Scripting) vulnerability in Diferior

Vulnerability ID: HTB22721 Reference: http://www.htbridge.ch/advisory/storedxsscrosssitescriptingvulnerabilityindiferior.html Product: Diferior Vendor: Povilas Musteikis http://www.diferior.com/ Vulnerable Version: 8.03 and probably prior versions Vendor Notification: Vulnerability Type: Stored X...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/09/15 12:0 a.m.101 views

Microsoft Security Bulletin MS10-068 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)

Microsoft Security Bulletin MS10-068 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege 983539 Published: September 14, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability ...

9CVSS1.3AI score0.14361EPSS
Exploits0
securityvulns
securityvulns
added 2010/08/14 12:0 a.m.101 views

Directory Traversal Vulnerability in TurboFTP Server

Vulnerability ID: HTB22514 Reference: http://www.htbridge.ch/advisory/directorytraversalvulnerabilityinturboftpserver.html Product: TurboFTP Server Vendor: TurboSoft, Inc http://turboftp.com/ Vulnerable Version: 1.20 Build 745 and Probably Prior Versions Vendor Notification: 19 July 2010...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2010/03/21 12:0 a.m.101 views

[SECURITY] [DSA-2018-1] New php5 packages fix null pointer dereference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2018-1 [email protected] http://www.debian.org/security/ Raphael Geissert March 18, 2010 http://www.debian.org/security/faq -...

5CVSS0.1AI score0.11528EPSS
Exploits2
securityvulns
securityvulns
added 2010/02/10 12:0 a.m.101 views

Microsoft Windows TCP/IP and TCP/IPv6 multiple security vulnerabilities

Multiple memory corruptions in ICMPv6, IPSec, TCP implementations...

10CVSS2.6AI score0.67717EPSS
Exploits4References1
securityvulns
securityvulns
added 2010/01/15 12:0 a.m.101 views

US-CERT Technical Cyber Security Alert TA10-012A -- Oracle Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-012A Oracle Updates for Multiple Vulnerabilities Original release date: Last revised: -- Source: US-CERT Systems Affected Oracle Database 11g, version 11.1.0.7 Oracle Database 10g Release...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2009/10/30 12:0 a.m.101 views

com_jumi / jumi 2.0.5 for joomla 1.5 backdoored

Summary: another backdoored joomla component yawn Application: Jumi, a joomla component About Jumi: Jumi is the set of custom code extensions for Joomla! 1.0.x and 1.5.x in their native modes. Since 2006 more then 200.000 downloads. With Jumi you can include php, html, javascript scripts into the...

Exploits0
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.101 views

[ONSEC-09-017] Blogolet PHP including

ONSEC-09-017 Blogolet PHP including Цель: Blogolet CMS Тип: PHP инъекция Угроза: Высокая Дата обнаружения: 21.09.2009 Дата оповещения разработчика: 21.09.2009 Дата выхода исправления: 21.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Уязвимость существует...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2009/09/09 12:0 a.m.101 views

Cisco Security Advisory: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products Advisory ID: cisco-sa-20090908-tcp24 Revision 1.0 For Public Release 2009 September 8 1700 UTC GMT...

7.8CVSS0.4AI score0.32123EPSS
Exploits3
securityvulns
securityvulns
added 2009/08/20 12:0 a.m.101 views

Kaspersky Antivirus DoS

Infinite loop on parsing URL with large number of dots...

2.8AI score
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2009/07/16 12:0 a.m.101 views

Virtualmin Multiple Vulnerabilities

Virtualmin Multiple Vulnerabilities by Filip Palian filip dot palian at pjwstk dot edu dot pl Software affected: Virtualmin 3.703 Description from the vendor site: "Virtualmin is the world's most powerful and flexible web server control panel. Manage your virtual domains, mailboxes, databases,...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2009/06/05 12:0 a.m.101 views

[SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0783: Apache Tomcat information disclosure vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 The unsupported Tomcat 3.x, 4.0.x and 5.0.x...

4.6CVSS5AI score0.00809EPSS
Exploits1
securityvulns
securityvulns
added 2009/05/14 12:0 a.m.101 views

About the security content of Security Update 2009-002 / Mac OS X v10.5.7

About the security content of Security Update 2009-002 / Mac OS X v10.5.7 Last Modified: May 12, 2009 Article: HT3549 Summary This document describes the security content of Security Update 2009-002 / Mac OS X v10.5.7, which can be downloaded and installed via Software Update preferences, or from...

10CVSS0.5AI score0.70202EPSS
Exploits52
securityvulns
securityvulns
added 2009/04/14 12:0 a.m.101 views

Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)

Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution 960803 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and two privately...

10CVSS0.8AI score0.1415EPSS
Exploits7
securityvulns
securityvulns
added 2009/04/03 12:0 a.m.101 views

OpenX 2.6.4 multiple vulnerabilities

OpenX multiple vulnerabilities An advisory by EnableSecurity in collaboration with Acunetix. Advisory URL: http://resources.enablesecurity.com/advisories/openx-2.6.4-multiple.txt Version: OpenX 2.6.4 and older versions Description: OpenX is an online advertising web application written in PHP tha...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2008/12/18 12:0 a.m.101 views

Mozilla Foundation Security Advisory 2008-69

Mozilla Foundation Security Advisory 2008-69 Title: XSS vulnerabilities in SessionStore Impact: Critical Announced: December 16, 2008 Reporter: mozbugra4 Products: Firefox Fixed in: Firefox 3.0.5 Firefox 2.0.0.19 Description Mozilla security researcher mozbugra4 reported vulnerabilities in the...

4.3CVSS0.8AI score0.01784EPSS
Exploits0
securityvulns
securityvulns
added 2008/09/02 12:0 a.m.101 views

VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2008-0014 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information...

10CVSS8.8AI score0.95182EPSS
Exploits26
securityvulns
securityvulns
added 2008/08/21 12:0 a.m.101 views

Null Byte Local file Inclusion in FAR - PHP Project version:1.0

. . | / | | | / / | |/ // / / / |/ / // | / | | / / / // / |/| || /| / / / / / / / / | | / / / | // est.2007 / / forum.darkc0de.com Web Application: FAR - PHP Project version:1.0 Vendor's Address :www.far-php.ro Author: Beenu Arora Address: www.beenuarora.com Python Dark Scripts:...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2008/05/29 12:0 a.m.101 views

[SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure when parsing SMB responses == can result in a buffer overrun == == CVE ID: CVE-2008-1105 == == Versions: Samba 3.0.0 - 3.0.29 inclusive == == Summary:...

7.5CVSS0.69085EPSS
Exploits2
securityvulns
securityvulns
added 2008/05/20 12:0 a.m.101 views

Wordpress Malicious File Execution Vulnerability

========================================================== Wordpress Malicious File Execution Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 18 May 2008 SITE : www.citecclub.org APPLICATION : Wordpress Blog VERSION : = 2.5.1 VENDOR :...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.101 views

BosNews 2002-2006 Remote add user admin

-------------------------------------------------------------------------------------------------------------- ----- H-T Team HouSSaMix + ToXiC350 from MoroCCo ---------------------------------------------------------...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2008/03/05 12:0 a.m.101 views

SolpotCrew Advisory #16 - Mitra Informatika Solusindo cart Remote Sql Injection Exploit

SolpotCrew Community Mitra Informatika Solusindo cart Remote Sql Injection Exploit vendor : http://www.mitrainformatika.com/ Bug Found By : homeedition2001 a.k.a bius 4-03-2008 contact: [email protected] Website : www.solpotcrew.org/adv/homeedition2001-adv-03.txt Greetz:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/03/04 12:0 a.m.101 views

PHP-Nuke Module "seminar" Local FIle Inclusion

Aria-Security Team Persian Security Network http://Aria-Security.net ----------------------------------------------- Shoutz: AurA, Null, Kinglet, imm02tal And all our staff PHP-Nuke Module "seminar" Local FIle Inclusion Original Advisory: http://forum.aria-security.net/showthread.php?p=1591...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2008/01/02 12:0 a.m.101 views

Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search

------------------------------------------------------------------------ Cross-Site Scripting XSS in phpWebSite 1.4.0 search ------------------------------------------------------------------------ Author: Audun Larsen larsen at xqus dot com Date: Dec 29, 2007 --AFFECTED...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2007/10/10 12:0 a.m.101 views

DNewsWeb Softwares Cross Site Scripting Vulrnability

HSC DNewsWeb Softwares Cross Site Scripting Vulrnability The DNews News Server is advanced news server software that makes it easy for you to provide users with fast access to Internet Usenet news groups. Installing your own l ocal news server software also gives you complete control to create yo...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/06/01 12:0 a.m.101 views

[ GLSA 200705-23 ] Sun JDK/JRE: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 200705-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

10CVSS7.2AI score0.18185EPSS
Exploits0
securityvulns
securityvulns
added 2007/05/14 12:0 a.m.101 views

[Full-disclosure] SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory 18 SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities Description: SonicBB is a user-friendly and fully customizable bulletin board package. SonicBB is compatible with any web server/operating system combo with PHP 4.x or higher installed.SonicBB is the...

4.3CVSS6.5AI score0.01595EPSS
Exploits0
securityvulns
securityvulns
added 2007/03/14 12:0 a.m.101 views

CORE-2007-0219: OpenBSD's IPv6 mbufs remote kernel buffer overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ OpenBSD's IPv6 mbufs remote kernel buffer overflow Date Published: 2007-03-13 Last Update: 2007-03-13 Advisory ID: CORE-2007-0219 Bugtraq ID: None currently assigned...

10CVSS0.3AI score0.1779EPSS
Exploits1
securityvulns
securityvulns
added 2007/01/30 12:0 a.m.101 views

PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability

Title : PHPFootball 1.6 show.php Remote Database Disclosure Vulnerability Author : ajann Contact : : S.Page : http://phpfootball.sourceforge.net $$ : Free Dork : inurl:/phpfootball/ DBREAD--------------------------------------------------------- http://target/path//show.php VARIABLES Example:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/11/10 12:0 a.m.101 views

[Full-disclosure] ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability

ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-039.html November 10, 2006 -- CVE ID: CVE-2006-5487 -- Affected Vendor: Marshal -- Affected Products: MailMarshal SMTP 5.x MailMarshal SMTP 6.x MailMarshal SMTP 2006...

10CVSS7.2AI score0.0388EPSS
Exploits0
securityvulns
securityvulns
added 2006/11/03 12:0 a.m.101 views

[SA22690] Yazd Discussion Forum Two Security Bypass Issues

TITLE: Yazd Discussion Forum Two Security Bypass Issues SECUNIA ADVISORY ID: SA22690 VERIFY ADVISORY: http://secunia.com/advisories/22690/ CRITICAL: Less critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: From remote SOFTWARE: Yazd Discussion Forum Software 1.x...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/10/21 12:0 a.m.101 views

[DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues

------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-024 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Moderately critical Exploitable from: Remot...

Exploits0
securityvulns
securityvulns
added 2006/09/29 12:0 a.m.101 views

Tagmin C.C 2.1.B Remote File Include

Tagmin C.C 2.1.B Remote File Include +Advisory 3 +LMS 1.12 Sql Injection +Product :Tagmin Control Center 2.1.B +Develop: http://ds3.bbminc.net/tagit2b/ +Dork: inurl:"/tagit2b/" +Vulnerable: Remote File Include +Risk:High +Discovered:by Kernel-32 +Contact: [email protected] +Homepage:...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/06/25 12:0 a.m.101 views

SYMSA-2006-005

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-005 Advisory Title: Lanap CAPTCHA bypass exposure Author : Michael White, [email protected] and Graham Murphy, [email protected]...

5CVSS0.5AI score0.01546EPSS
Exploits0
securityvulns
securityvulns
added 2006/02/25 12:0 a.m.101 views

WinAmp player buffer overflow

Buffer overflow on oversized computer name in UNC path of .pls on .m3u file entry. Buffer overflow on oversized WMA playlist file entry. Vulnerability can be exploited for hidden trojan installation...

3.7AI score
Exploits0References7Affected Software1
securityvulns
securityvulns
added 2005/06/07 12:0 a.m.101 views

Raknet network library DoS

Endless loop with 100 CPU usage on empty UDP packet...

2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/01/13 12:0 a.m.101 views

Woltlab Burning Book addentry.php SQL Injection

Advisory Information -------------------- Advisory name : Woltlab Burning Book addentry.php SQL Injection Discovered by : drhankey / it-security23.net Vendor Name : Woltlab Vendor Homepage : http://www.woltlab.de Software : Woltlab Burning Book Lite Vulnerability Type : Cross-Site-Scripting...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2003/04/10 12:0 a.m.101 views

Microsoft Security Bulletin MS03-011:Flaw in Microsoft VM Could Enable System Compromise (816093)

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Flaw in Microsoft VM Could Enable System Compromise 816093 Date: 09 April 2003 Software: Microsoft VM Impact: Allow attacker to execute code of his or her choice Max Risk: Critical...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2001/07/29 12:0 a.m.101 views

Обход Trend Micro AppletTrap (protection bypass)

Можно обойти защиту от Javascript Используя Unicode - кодировку...

1AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities5000