Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2012/04/09 12:0 a.m.97 views

[waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0

waraxe-2012-SA082 - File Existence Disclosure in Uploadify 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-82.html Description of vulnerable software:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.97 views

Brute Force и XSS уязвимости в Webglimpse

Здравствуйте 3APA3A! После предыдущих многочисленных Cross-Site Scripting, Full path disclosure, Directory Traversal и Authorization bypass уязвимостей в Webglimpse SecurityVulns ID: 9436, 9443, 9778, 9876, сообщаю вам о найденных мною новых уязвимостях в Webglimpse. Это Brute Force и Cross-Site...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.97 views

Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability

-------------------------------------------------------------------------------- Wordpress Kish Guest Posting Plugin 1.0 uploadify.php Unrestricted File Upload -------------------------------------------------------------------------------- author............: Egidio Romano aka EgiX...

Exploits0
securityvulns
securityvulns
added 2012/02/03 12:0 a.m.97 views

Apache multiple security vulnerabilities

Information leakage, filtering bypass, privilege escalation, DoS...

5CVSS2.3AI score0.90734EPSS
Exploits23References1Affected Software1
securityvulns
securityvulns
added 2012/01/21 12:0 a.m.97 views

[security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03153338 Version: 1 HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be act...

7.8CVSS0.2AI score0.05262EPSS
Exploits0
securityvulns
securityvulns
added 2012/01/02 12:0 a.m.97 views

lighthttpd security vulnerabilities

DoS on base64 parsing...

5CVSS1.9AI score0.73327EPSS
Exploits12References2Affected Software1
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.97 views

APPLE-SA-2011-10-26-1 QuickTime 7.7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-26-1 QuickTime 7.7.1 QuickTime 7.7.1 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application...

9.3CVSS0.6AI score0.05134EPSS
Exploits7
securityvulns
securityvulns
added 2011/07/26 12:0 a.m.97 views

Funnel Web (pages.php?page) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web pages.php?page AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web"...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2011/07/04 12:0 a.m.97 views

About the security content of Mac OS X v10.6.8 and Security Update 2011-004

About the security content of Mac OS X v10.6.8 and Security Update 2011-004 Last Modified: June 23, 2011 Article: HT4723 Email this article Print this page Summary This document describes of Mac OS X v10.6.8 and Security Update 2011-004, which can be downloaded and installed via Software Update...

10CVSS0.3AI score0.32357EPSS
Exploits21
securityvulns
securityvulns
added 2011/06/19 12:0 a.m.97 views

ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability

ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-194 June 14, 2011 -- CVE ID: CVE-2011-1260 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...

9.3CVSS0.5AI score0.60849EPSS
Exploits6
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.97 views

VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/04/21 12:0 a.m.97 views

HTB22945: Multiple XSS in ZENphoto

Vulnerability ID: HTB22945 Reference: http://www.htbridge.ch/advisory/multiplexssinzenphoto.html Product: ZENphoto Vendor: ZENphoto http://www.zenphoto.org/ Vulnerable Version: 1.4.0.3 Vendor Notification: 07 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.97 views

SCADA Trojans: Attacking the Grid + Advantech vulnerabilities

Hi! You can download the slides of the research I was presenting at RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey into attacking the power grid. I presented: - 0days in Advantech/BroadWin WebAccess SCADA product - Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs -...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2010/11/20 12:0 a.m.97 views

About the security content of Safari 5.0.3 and Safari 4.1.3

About the security content of Safari 5.0.3 and Safari 4.1.3 Last Modified: November 18, 2010 Article: HT4455 Email this article Print this page Summary This document describes the security content of Safari 5.0.3 and Safari 4.1.3. For the protection of our customers, Apple does not disclose,...

10CVSS0.3AI score0.09691EPSS
Exploits5
securityvulns
securityvulns
added 2010/10/24 12:0 a.m.97 views

The GNU C library dynamic linker expands $ORIGIN in setuid library search path

The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...

7.2CVSS10AI score0.08747EPSS
Exploits22
securityvulns
securityvulns
added 2010/04/12 12:0 a.m.97 views

AneCMS Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: AneCMS Multiple Vulnerabilities Vendor: http://anecms.com/ Vulnerable Version: 1.0 Latest version till now Exploitation: Remote with a RAW HTTP packet sender Fix: N/A - Description: AneCMS is a small and fast CMS completely modular. Written...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/03/21 12:0 a.m.97 views

Vbulletin 4.0.2 XSS Vulnerability

================================= Vbulletin 4.0.2 XSS Vulnerability ================================= + Vbulletin 4.0.2 XSS Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2009/12/23 12:0 a.m.97 views

XSS Vulnerability in JpGraph 3.0.6

XSS Vulnerability in JpGraph 3.0.6 Discovered by Martin Barbella [email protected] Description of Vulnerability: ----------------------------- JpGraph is an object oriented library for PHP that can be used to create various types of graphs which also contains support for client side image...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2009/02/12 12:0 a.m.97 views

[Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code]

NULL CODE SERVICES www.nullcode.com.ar Hunting Security Bugs! +================================================================================================================================+ + Novell-QuickFinder Server //Cross-site scripting XSS Remote Java Execution Code +...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2009/02/01 12:0 a.m.97 views

Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass

Salvatore "drosophila" Fresta Application: Max.Blog http://www.mzbservices.com Version: Max.Blog = 1.0.6 Bug: Offline Authentication Bypass Exploitation: Remote Dork: intext:"Powered by Max.Blog" Date: 27 Jan 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.97 views

[waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1

waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html Description of vulnerable software...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/12/04 12:0 a.m.97 views

[Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Java Web Start File Inclusion via System Properties Override Release Date:...

9.3CVSS7.6AI score0.07319EPSS
Exploits1
securityvulns
securityvulns
added 2008/11/12 12:0 a.m.97 views

Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution 955218 Published: November 11, 2008 Version: 1.0 General Information Executive Summary This security update resolves several vulnerabilities in Microsoft XML Core...

9.3CVSS7.2AI score0.27747EPSS
Exploits8
securityvulns
securityvulns
added 2008/11/10 12:0 a.m.97 views

[USN-666-1] Dovecot vulnerability

=========================================================== Ubuntu Security Notice USN-666-1 November 07, 2008 dovecot vulnerability CVE-2008-4907 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also...

4.3CVSS1.2AI score0.06203EPSS
Exploits0
securityvulns
securityvulns
added 2008/10/14 12:0 a.m.97 views

Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN.

saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE Router Vendor: Alice Telecom Italia...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2008/09/30 12:0 a.m.97 views

MS Internet Explorer 7 Denial Of Service Exploit

!-- MS Internet Explorer 7 Denial Of Service Exploit Type : Denial Of Service Release Date : 2007-09-29 Product / Vendor : Microsoft http://www.Microsoft.com MS Internet Explorer 7 Denial Of Service Exploit : -- titleMS Internet Explorer 7 Denial Of Service Exploit/title body bgcolor="000000" br ...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2008/08/12 12:0 a.m.97 views

Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)

Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 954066 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities in Microsoft Office Excel...

9.3CVSS1.2AI score0.35649EPSS
Exploits8
securityvulns
securityvulns
added 2008/06/05 12:0 a.m.97 views

VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0009 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX,...

9.3CVSS10AI score0.10141EPSS
Exploits4
securityvulns
securityvulns
added 2007/12/05 12:0 a.m.97 views

Blind Sql-Injection in Joomla 1.5 RC3

Thanks to team of Darkc0de.com Blind Sql-Injection in Joomla 1.5 RC3 URL : http://localhost/index.php 1. Parameter = view The following changes were applied to the original request: • Set parameter 'view's value to 'somechars'20+20'article' POC URL :...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/09/26 12:0 a.m.97 views

[ MDKSA-2007:188 ] - Updated postgresql packages prevent access abuse using dblink

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:188 http://www.mandriva.com/security/ Package : postgresql Date : September 25, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Problem Description: PostgreSQL 8.1 and probably later and earlier...

10CVSS7.7AI score0.2613EPSS
Exploits3
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.97 views

Security Advisory: Login bypass in LedgerSMB 1.2.0 through 1.2.6

A security issue has been found which allows an unauthenticated user to bypass the authentication system in LedgerSMB 1.2.0 through 1.2.6. Severity: Highly Critical Versions affected: 1.2.0 through 1.2.6 Status: Vendor solution available upgrade to 1.2.7 Effect: Authentication bypass. Required...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2007/07/05 12:0 a.m.97 views

Redirection Vulnerability in wp-pass.php, WordPress 2.2.1

The vulnerability found could allow an attacker to redirect victims to an arbitrary 3rd party site. This site could be a phishing site or contain malware allowing the attacker to steal account credentials or compromise hosts. This vulnerability can be found in Wordpress 2.2, however it is likely...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/20 12:0 a.m.97 views

[waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20

waraxe-2007-SA049 - Multiple vulnerabilities in Phorum 5.1.20 ==================================================================== Author: Janek Vind "waraxe" Date: 19. April 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-49.html Target software description: Phorum 5.1.20...

Exploits0
securityvulns
securityvulns
added 2007/04/20 12:0 a.m.97 views

NeatUpload vulnerability and fix

Product: NeatUpload Synopsis: A race condition in several versions of the NeatUpload ASP.NET component could sometimes cause portions of responses to be sent to the wrong user, potentially revealing sensitive information to unauthorized users. Vulnerable versions: 1.2.11-1.2.16, 1.1.18-1.1.23, an...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2007/01/30 12:0 a.m.97 views

CascadianFAQ <= 4.1 (index.php) Remote Blind SQL Injection Vulnerability

Title : CascadianFAQ = 4.1 index.php Remote Blind SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://eclectic-designs.com $$ : Free Dork : This FAQ is powered by CascadianFAQ DorkEx :...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/09/19 12:0 a.m.97 views

Sql injection in Moodle

Hi, There is a sql injection in Moodle 1.6.1+ and maybe before versions : The "$blogEntry" parameter passed to "insertrecord" function in /blog/edit.php, is not checked properly . Version 1.6.2 has been released moodle.org. - Omid...

3.1AI score
Exploits0
securityvulns
securityvulns
added 2006/07/25 12:0 a.m.97 views

MusicBox <= 2.3.4 XSS SQL injection Vulnerability

MusicBox 2.3.4 http://www.musicboxv2.com ------------ PHPinfo page ------------ /phpinfo.php -------------------------- Cross Site Scripting XSS -------------------------- http://www.target.xx/?id=scriptalert/EllipsisSecurityTest//script&page=0...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.97 views

VBZooM <=V1.11 "sub-join.php" SQL Injection

======================================= Discovered By: C.B.B.L CrAzY CrAcKeR,Breeeeh,BoNy-m,LiNuX rOOt ======================================= Search: POWERED BY VBZooM V1.11 Example:- /sub-join.php?UserID=SQL Injection...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2006/06/13 12:0 a.m.97 views

Microsoft Security Bulletin MS06-021

Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer 916281 Published: June 13, 2006 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

10CVSS0.5AI score0.48569EPSS
Exploits4
securityvulns
securityvulns
added 2006/05/06 12:0 a.m.97 views

[Full-disclosure] phpBB 2.0.20 Full Path Disclosure and SQL Errors

Source: http://securityreason.com/achievementsecurityalert/38 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.20 Full Path Disclosure and SQL Errors Author: Maksymilian Arciemowicz cXIb8O3 Date: - -Written: 1.5.2006 - -Public: 5.5.2006 from SecurityReason.Com CVE: - - CVE-2006-2219 Full...

5CVSS0.5AI score0.01464EPSS
Exploits0
securityvulns
securityvulns
added 2006/03/23 12:0 a.m.97 views

[Full-disclosure] XOR Crew :: vBulletin ImpEx <= 1.74 - Remote Command Execution Vulnerability

======================================================================================= XOR Crew :: Security Advisory 3/22/2006 ======================================================================================= vBulletin ImpEx = 1.74 - Remote Command Execution Vulnerability...

Exploits0
securityvulns
securityvulns
added 2005/12/13 12:0 a.m.97 views

PHP JackKnife XSS vuln.

PHP JackKnife XSS vuln. Vuln. dicovered by : r0t Date: 13 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/php-jackknife-xss-vuln.html vendor:http://www.phpjk.com/ affected version: 2.21 and prior Product Description: PHP JackKnife is an easily set-up, fast, feature-rich photo galle...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/11/08 12:0 a.m.97 views

[Full-disclosure] RANKBOX <= XSS vulnerability

Advisory 1 Title: "RANKBOX = XSS vulnerability" Author: spyburn Contact: [email protected] Website: elitemexico.org Date: 07/11/2005 Risk: High Vendor Url: http://chamberofgold.com Affected Software: RANKBOX Non Affected: We Are: ELITE MEXICO...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/04/13 12:0 a.m.97 views

Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)

Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service 890859 Issued: April 12, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Elevation of Privilege...

10CVSS0.8AI score0.21533EPSS
Exploits0
securityvulns
securityvulns
added 2001/10/12 12:0 a.m.97 views

Security Update: [CSSA-2001-SCO.25] OpenServer: various scoadmin/sysadm subprograms have buffer overflows

To: [email protected] [email protected] [email protected] [email protected] Do not reply to this mail. This security advisory is being sent from a nonexistent address in order to avoid spam problems. Caldera's contact address for UNIX security issue...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2001/06/19 12:0 a.m.97 views

Security Bulletin MS01-033

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Uncheck...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2000/12/06 12:0 a.m.97 views

Serv-U FTP directory traversal vunerability (all versions)

===================================================================== Securax-SA-09 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Catsoft serv-U FTP Directory Transversal Vulnerability Announced: 2000-12-03 Updated...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/06/03 12:0 a.m.97 views

ipx storm

Hello, The IPX protocol has samething called IPX ping. Sending a packet to socket 0x456 to anything supporting ipx causes a response to be sent back. If you send a packet with source and destination addresses set to the ethernet broadcast address and source and destination socket set to 0x456...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.96 views

Device Inspector v1.5 iOS - Command Inject Vulnerabilities

Document Title: =============== Device Inspector v1.5 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1558 Release Date: ============= 2015-08-07 Vulnerability Laboratory ID VL-ID: ====================================...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2015/08/02 12:0 a.m.96 views

[USN-2694-1] PCRE vulnerabilities

========================================================================== Ubuntu Security Notice USN-2694-1 July 29, 2015 pcre3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.5CVSS1.1AI score0.09157EPSS
Exploits4
Total number of security vulnerabilities5000