Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/10/10 12:0 a.m.98 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Advisory ID: cisco-sa-20111005-fwsm Revision 1.0 For Public Release 2011 October 05 1600 UTC GMT +-------------------------------------------------------------------...

7.9CVSS0.8AI score0.0177EPSS
Exploits0
securityvulns
securityvulns
added 2011/08/10 12:0 a.m.98 views

Chezola Systems (display-section.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Chezola Systems display-section.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://chezolasystems.com/ Persian Gulf 4 Ever! Dork : "Powered by Chezola Systems Canada Inc"...

3AI score
Exploits0
securityvulns
securityvulns
added 2011/06/19 12:0 a.m.98 views

NSFOCUS SA2011-01 : Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability

NSFOCUS Security AdvisorySA2011-01 Microsoft Internet Explorer Link Property Processing Memory Corruption Vulnerability Release Date: 2011-06-15 CVE ID: CVE-2011-1250 http://www.nsfocus.com/en/advisories/1101.html Affected Software and System: ============================= Microsoft Internet...

9.3CVSS6.5AI score0.21586EPSS
Exploits1
securityvulns
securityvulns
added 2010/12/15 12:0 a.m.98 views

Microsoft Windows multiple security vulnerabilities

OpenType Font parsing memory corruption, task scheduler privilege escalation, usafe DLL loading, multiple kernel vulnerabilities, Consent User Interface privilege escalation, Netlogon DoS...

9.3CVSS4.1AI score0.30356EPSS
Exploits16References1Affected Software1
securityvulns
securityvulns
added 2010/11/24 12:0 a.m.98 views

[eVuln.com] sitename XSS in Hot Links Lite

New eVuln Advisory: sitename XSS in Hot Links Lite Summary: http://evuln.com/vulns/143/summary.html Details: http://evuln.com/vulns/143/description.html -----------Summary----------- eVuln ID: EV0143 Software: Hot Links Lite Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2010/10/24 12:0 a.m.98 views

The GNU C library dynamic linker expands $ORIGIN in setuid library search path

The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...

7.2CVSS10AI score0.08747EPSS
Exploits22
securityvulns
securityvulns
added 2010/04/12 12:0 a.m.98 views

AneCMS Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: AneCMS Multiple Vulnerabilities Vendor: http://anecms.com/ Vulnerable Version: 1.0 Latest version till now Exploitation: Remote with a RAW HTTP packet sender Fix: N/A - Description: AneCMS is a small and fast CMS completely modular. Written...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/03/21 12:0 a.m.98 views

Vbulletin 4.0.2 XSS Vulnerability

================================= Vbulletin 4.0.2 XSS Vulnerability ================================= + Vbulletin 4.0.2 XSS Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2009/11/26 12:0 a.m.98 views

dstat privilege escalation

share libraries are searched in the working directory...

4.4CVSS2.4AI score0.0034EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2009/11/09 12:0 a.m.98 views

Apache Tomcat for Windows backdoor account

admin account with empty password is created during installation...

7.5CVSS4.1AI score0.78995EPSS
Exploits10References1Affected Software1
securityvulns
securityvulns
added 2009/06/08 12:0 a.m.98 views

[security bulletin] HPSBMA02433 SSRT090084 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01760771 Version: 1 HPSBMA02433 SSRT090084 rev.1 - HP Discovery & Dependency Mapping Inventory DDMI Running on Windows, Remote Unauthorized Access NOTICE: The information in this Security Bulleti...

4CVSS0.3AI score0.01758EPSS
Exploits0
securityvulns
securityvulns
added 2009/04/14 12:0 a.m.98 views

Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)

Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution 960803 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and two privately...

10CVSS0.8AI score0.1415EPSS
Exploits7
securityvulns
securityvulns
added 2009/02/01 12:0 a.m.98 views

Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass

Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: Offline Authentication Bypass Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2008/12/10 12:0 a.m.98 views

Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)

Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution 959070 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves three privately reported vulnerabilities in Microsoft...

9.3CVSS0.3AI score0.27585EPSS
Exploits5
securityvulns
securityvulns
added 2008/12/04 12:0 a.m.98 views

[Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Java Web Start File Inclusion via System Properties Override Release Date:...

9.3CVSS7.6AI score0.07319EPSS
Exploits1
securityvulns
securityvulns
added 2008/11/12 12:0 a.m.98 views

Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution 955218 Published: November 11, 2008 Version: 1.0 General Information Executive Summary This security update resolves several vulnerabilities in Microsoft XML Core...

9.3CVSS7.2AI score0.27747EPSS
Exploits8
securityvulns
securityvulns
added 2008/11/10 12:0 a.m.98 views

[USN-666-1] Dovecot vulnerability

=========================================================== Ubuntu Security Notice USN-666-1 November 07, 2008 dovecot vulnerability CVE-2008-4907 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also...

4.3CVSS1.2AI score0.06203EPSS
Exploits0
securityvulns
securityvulns
added 2008/10/02 12:0 a.m.98 views

Remote and Local File Inclusion Vulnerability <= 1.1 Rportal

RPortal v1.1 Rportal is a management system of contents simple and powerful Web, enabling you to create your site in a few minutes, while profiting from a complete and effective administration. Remote and Local File Inclusion Vulnerability = 1.1 Found the 29th September 2008 Author: Kad mail :...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2008/09/30 12:0 a.m.98 views

MS Internet Explorer 7 Denial Of Service Exploit

!-- MS Internet Explorer 7 Denial Of Service Exploit Type : Denial Of Service Release Date : 2007-09-29 Product / Vendor : Microsoft http://www.Microsoft.com MS Internet Explorer 7 Denial Of Service Exploit : -- titleMS Internet Explorer 7 Denial Of Service Exploit/title body bgcolor="000000" br ...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/08/12 12:0 a.m.98 views

Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)

Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 954066 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities in Microsoft Office Excel...

9.3CVSS1.2AI score0.35649EPSS
Exploits8
securityvulns
securityvulns
added 2008/07/18 12:0 a.m.98 views

Mozilla Foundation Security Advisory 2008-35

Mozilla Foundation Security Advisory 2008-35 Title: Command-line URLs launch multiple tabs when Firefox not running Impact: Critical Announced: July 15, 2008 Reporter: Billy Rios, Ben Turner, Dan Veditz Products: Firefox Fixed in: Firefox 3.0.1 Firefox 2.0.0.16 Description Security researcher Bil...

2.6CVSS0.3AI score0.02753EPSS
Exploits1
securityvulns
securityvulns
added 2008/05/30 12:0 a.m.98 views

[Full-disclosure] Opera - heap based buffer overflow (CVE-2007-6521)

============================================ ||| Security Advisory AKLINK-SA-2008-006 ||| ||| CVE-2007-6521 CVE candidate ||| ============================================ Opera - heap-based buffer overflow ================================== Date released: 28.05.2007 Date reported: 05.10.2007...

10CVSS7AI score0.05018EPSS
Exploits1
securityvulns
securityvulns
added 2008/02/16 12:0 a.m.98 views

joomla com_activities sql injection

allinurl :"comactivities" index.php?option=comactivities&Itemid=51&func=detail&id=-1//union//select//0,1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,username//from//mosusers/...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2008/01/02 12:0 a.m.98 views

Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search

------------------------------------------------------------------------ Cross-Site Scripting XSS in phpWebSite 1.4.0 search ------------------------------------------------------------------------ Author: Audun Larsen larsen at xqus dot com Date: Dec 29, 2007 --AFFECTED...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2007/07/23 12:0 a.m.98 views

PHMe CMS 0.0.2 local File Include Vulnerabilitiy

Tilte: PHMe CMS 0.0.2 local File Include Vulnerabilitiy www.Aria-security.Com For English www.Aria-Security.net For Persian Author: YouYou Software: PHMe CMS Site Script: http://sourceforge.net/projects/phme proof Of Concept : www.example.com/path/resources/functionlist.php?action=Local Script00...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.98 views

Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6

A security issue has been found which allows an unauthenticated user to bypass the authentication system in LedgerSMB 1.2.0 through 1.2.6. Severity: Highly Critical Versions affected: 1.2.0 through 1.2.6 Status: Vendor solution available upgrade to 1.2.7 Effect: Authentication bypass. Required...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2007/04/20 12:0 a.m.98 views

[waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20

waraxe-2007-SA049 - Multiple vulnerabilities in Phorum 5.1.20 ==================================================================== Author: Janek Vind "waraxe" Date: 19. April 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-49.html Target software description: Phorum 5.1.20...

Exploits0
securityvulns
securityvulns
added 2006/11/10 12:0 a.m.98 views

[Full-disclosure] ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability

ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-039.html November 10, 2006 -- CVE ID: CVE-2006-5487 -- Affected Vendor: Marshal -- Affected Products: MailMarshal SMTP 5.x MailMarshal SMTP 6.x MailMarshal SMTP 2006...

10CVSS7.2AI score0.0388EPSS
Exploits0
securityvulns
securityvulns
added 2006/11/10 12:0 a.m.98 views

[Full-disclosure] [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation

Gentoo Linux Security Advisory GLSA 200611-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

4.6CVSS6.2AI score0.00368EPSS
Exploits0
securityvulns
securityvulns
added 2006/09/19 12:0 a.m.98 views

Sql injection in Moodle

Hi, There is a sql injection in Moodle 1.6.1+ and maybe before versions : The "$blogEntry" parameter passed to "insertrecord" function in /blog/edit.php, is not checked properly . Version 1.6.2 has been released moodle.org. - Omid...

3.1AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.98 views

VBZooM <=V1.11 "sub-join.php" SQL Injection

======================================= Discovered By: C.B.B.L CrAzY CrAcKeR,Breeeeh,BoNy-m,LiNuX rOOt ======================================= Search: POWERED BY VBZooM V1.11 Example:- /sub-join.php?UserID=SQL Injection...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2006/05/06 12:0 a.m.98 views

[Full-disclosure] phpBB 2.0.20 Full Path Disclosure and SQL Errors

Source: http://securityreason.com/achievementsecurityalert/38 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.20 Full Path Disclosure and SQL Errors Author: Maksymilian Arciemowicz cXIb8O3 Date: - -Written: 1.5.2006 - -Public: 5.5.2006 from SecurityReason.Com CVE: - - CVE-2006-2219 Full...

5CVSS0.5AI score0.01464EPSS
Exploits0
securityvulns
securityvulns
added 2006/04/11 12:0 a.m.98 views

Microsoft Windows system services privilege escalation

There are several local services SSDP Discovery service, Universal Plug and Play Host service allow any authenticated user to configure service. It makes it possible to specify executable file and elevate privilege to Local System. Also vulnerable: HP Software: "Pml Driver HPZ12" HP Printer...

3AI score
Exploits0References4
securityvulns
securityvulns
added 2006/03/23 12:0 a.m.98 views

[Full-disclosure] XOR Crew :: vBulletin ImpEx <= 1.74 - Remote Command Execution Vulnerability

======================================================================================= XOR Crew :: Security Advisory 3/22/2006 ======================================================================================= vBulletin ImpEx = 1.74 - Remote Command Execution Vulnerability...

Exploits0
securityvulns
securityvulns
added 2005/12/13 12:0 a.m.98 views

PHP JackKnife XSS vuln.

PHP JackKnife XSS vuln. Vuln. dicovered by : r0t Date: 13 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/php-jackknife-xss-vuln.html vendor:http://www.phpjk.com/ affected version: 2.21 and prior Product Description: PHP JackKnife is an easily set-up, fast, feature-rich photo galle...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/11/08 12:0 a.m.98 views

[Full-disclosure] RANKBOX <= XSS vulnerability

Advisory 1 Title: "RANKBOX = XSS vulnerability" Author: spyburn Contact: [email protected] Website: elitemexico.org Date: 07/11/2005 Risk: High Vendor Url: http://chamberofgold.com Affected Software: RANKBOX Non Affected: We Are: ELITE MEXICO...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/08/09 12:0 a.m.98 views

indows Plug and Play Remote Compromise

nternet Security Systems Protection Advisory August 9, 2005 Windows Plug and Play Remote Compromise Summary: X-force has discovered a vulnerability in the Windows Plug and Play service. This vulnerability is remotely exploitable in the default configuration of Windows 2000, and is present in all...

10CVSS0.3AI score0.93405EPSS
Exploits9
securityvulns
securityvulns
added 2005/04/11 12:0 a.m.98 views

[UNIX] Kmail HTML Support Allows Spoofing of Emails' Content

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

7.2CVSS0.0298EPSS
Exploits4
securityvulns
securityvulns
added 2004/12/18 12:0 a.m.98 views

Gadu-Gadu, another two bugs

Product: Gadu-Gadu, build 155 and older Vendor: SMS-EXPRESS.COM http://www.gadu-gadu.pl Impact: Script execution in local zone, Remote DoS Severity: High Authors: Blazej Miga [email protected], Jaroslaw Sajko [email protected] Date: 17/12/04 ISSUE Gadu-Gadu is the first Polish instant messenger...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2004/11/16 12:0 a.m.98 views

Skype buffer overflow

callto: URL buffer overflow...

3.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2004/10/14 12:0 a.m.98 views

ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer

Below please find our public report for the HTTPS cache poisoning issue in Internet Explorer. It includes workarounds for server operators, allowing them to protect their web services without having to rely on users to patch their browsers. Regards, ACROS Security http://www.acrossecurity.com...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2002/11/13 12:0 a.m.98 views

EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities

Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Release Date: November 12, 2002 Severity: High Remote SYSTEM level code execution Systems Affected: Macromedia Coldfusion 6.0 and prior IIS ISAPI Macromedia JRun 4.0 and prior IIS ISAPI Description: Macromedia JRun and...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2002/01/10 12:0 a.m.98 views

Уязвимости в Cisco SN 5420

Различные уязвимости позволяют чтение конфигурации и DoS...

0.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/07/24 12:0 a.m.98 views

Security Advisory 2001-009: Race condition between sugid-exec and ptrace(2)

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2001-009 ================================= Topic: Race condition between sugid-exec and ptrace2 Version: All official releases up to and including 1.5 Severity: Local user may gain superuser privileges Fixed: NetBSD-current: June 15, 200...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2001/06/19 12:0 a.m.98 views

Security Bulletin MS01-033

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Uncheck...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2001/03/28 12:0 a.m.98 views

Security Bulletin MS01-018

---------------------------------------------------------------------- Title: Visual Studio VB-TSQL Object Contains Unchecked Buffer Date: 27 March 2001 Software: Visual Studio 6.0 Enterprise Edition Impact: Run code of attacker's choice Bulletin: MS01-018 Microsoft encourages customers to review...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/02/13 12:0 a.m.98 views

HIS Auktion 1.62: "show files" vulnerability and remote command execute.

-----------UkR security team advisory 8------------ HIS Auktion 1.62: "show files" vulnerability and remote command execute. -------------------------------------------------- Name: HIS Auktion 1.62: "show files" vulnurability. Date: 11.02.2001 Author: UkR-XblP About: script "HIS Auktion 1.62" is...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2000/10/30 12:0 a.m.98 views

Brute Forcing FTP Servers with enabled anti-hammering (anti brute-force) modus

Brute Forcing FTP Servers with enabled anti-hammering ant brute-force modus ----------------------------------------------------------------------------- While playing around with Serv-U FTP Server, I found out that it is possible to bypass it's hammering protection which should protect accounts...

7AI score
Exploits0
securityvulns
securityvulns
added 2000/09/18 12:0 a.m.98 views

Cisco CDP attacks

Folks, when playing around with CDP, I discovered several interesting things. Due the leak of Cisco hardware around here, I ask you for your expiriences. Details as follows: Program: http://www.phenoelit.de/irpas/cdp.c Known effekts: -IOS 11.11: when flooding the cisco with random deviceID update...

Exploits0
securityvulns
securityvulns
added 2000/07/28 12:0 a.m.98 views

Microsoft Security Bulletin MS00-051 - -------------------------------------- Patch Available for "Excel REGISTER.ID Function" Vulnerability Originally posted: July 26, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Microsoft Excel 97 an...

7AI score
Exploits0
Total number of security vulnerabilities5000