Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/04/21 12:0 a.m.98 views

HTB22945: Multiple XSS in ZENphoto

Vulnerability ID: HTB22945 Reference: http://www.htbridge.ch/advisory/multiplexssinzenphoto.html Product: ZENphoto Vendor: ZENphoto http://www.zenphoto.org/ Vulnerable Version: 1.4.0.3 Vendor Notification: 07 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.98 views

SCADA Trojans: Attacking the Grid + Advantech vulnerabilities

Hi! You can download the slides of the research I was presenting at RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey into attacking the power grid. I presented: - 0days in Advantech/BroadWin WebAccess SCADA product - Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs -...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2011/02/03 12:0 a.m.98 views

HTB22810: SQL Injection in ReOS

Vulnerability ID: HTB22810 Reference: http://www.htbridge.ch/advisory/sqlinjectioninreos3.html Product: ReOS Vendor: IT ELAZOS S.L. http://reos.elazos.com/ Vulnerable Version: 2.0.5 Vendor Notification: 20 January 2011 Vulnerability Type: SQL Injection Risk level: High Credit: High-Tech Bridge SA...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2011/01/07 12:0 a.m.98 views

GNU libc/regcomp(3) Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GNU libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 01.10.2010 - - Pub.: 07.01.2011 CERT: VU912279 CVE: CVE-2010-4051 CVE-2010-4052 Affected tested: - - Ubuntu 10.10 - ...

5CVSS0.3AI score0.51298EPSS
Exploits13
securityvulns
securityvulns
added 2010/11/24 12:0 a.m.98 views

[eVuln.com] sitename XSS in Hot Links Lite

New eVuln Advisory: sitename XSS in Hot Links Lite Summary: http://evuln.com/vulns/143/summary.html Details: http://evuln.com/vulns/143/description.html -----------Summary----------- eVuln ID: EV0143 Software: Hot Links Lite Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2010/11/20 12:0 a.m.98 views

About the security content of Safari 5.0.3 and Safari 4.1.3

About the security content of Safari 5.0.3 and Safari 4.1.3 Last Modified: November 18, 2010 Article: HT4455 Email this article Print this page Summary This document describes the security content of Safari 5.0.3 and Safari 4.1.3. For the protection of our customers, Apple does not disclose,...

10CVSS0.3AI score0.09691EPSS
Exploits5
securityvulns
securityvulns
added 2010/10/23 12:0 a.m.98 views

Mozilla Foundation Security Advisory 2010-70

Mozilla Foundation Security Advisory 2010-70 Title: SSL wildcard certificate matching IP addresses Impact: Moderate Announced: October 19, 2010 Reporter: Richard Moore Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.11 Firefox 3.5.14 Thunderbird 3.1.5 Thunderbird 3.0.9 SeaMonkey...

4.3CVSS0.6AI score0.01096EPSS
Exploits0
securityvulns
securityvulns
added 2010/06/08 12:0 a.m.98 views

VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392)

About the security content of Safari 5.0 and Safari 4.1 Last Modified: June 07, 2010 Article: HT4196 Email this article Print this page Summary This document describes the security content of Safari 5.0 and Safari 4.1. For the protection of our customers, Apple does not disclose, discuss, or...

10CVSS0.2AI score0.19016EPSS
Exploits8
securityvulns
securityvulns
added 2009/11/26 12:0 a.m.98 views

dstat privilege escalation

share libraries are searched in the working directory...

4.4CVSS2.4AI score0.0034EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2009/11/09 12:0 a.m.98 views

Apache Tomcat for Windows backdoor account

admin account with empty password is created during installation...

7.5CVSS4.1AI score0.78995EPSS
Exploits10References1Affected Software1
securityvulns
securityvulns
added 2009/10/11 12:0 a.m.98 views

Subrion CMS Multiple Vulnerabilities

---------------------------------------------------------------------- PT-2009-16 Positive Technologies Security Advisory Subrion CMS Multiple Vulnerabilities ---------------------------------------------------------------------- --- Affected Software Subrion CMS Versions prior to 1.1.x Product...

8.4AI score
Exploits0
securityvulns
securityvulns
added 2009/06/29 12:0 a.m.98 views

[Full-disclosure] [ GLSA 200906-02 ] Ruby: Denial of Service

Gentoo Linux Security Advisory GLSA 200906-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

5CVSS9AI score0.08375EPSS
Exploits2
securityvulns
securityvulns
added 2009/06/29 12:0 a.m.98 views

osTicket v1.6 RC4 Admin Login Blind SQLi

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-007 osTicket Admin Login Blind SQL Injection Application: osTicket v1.6 RC4 Vendor: osTicket Vendor website: http://www.osticket.com Author: Adam Baldwin [email protected] I. BACKGROUND "osTicket is a widely-us...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2009/02/12 12:0 a.m.98 views

[Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code]

NULL CODE SERVICES www.nullcode.com.ar Hunting Security Bugs! +================================================================================================================================+ + Novell-QuickFinder Server //Cross-site scripting XSS Remote Java Execution Code +...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.98 views

[waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1

waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html Description of vulnerable software...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2008/12/10 12:0 a.m.98 views

Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)

Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution 959070 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves three privately reported vulnerabilities in Microsoft...

9.3CVSS0.3AI score0.27585EPSS
Exploits5
securityvulns
securityvulns
added 2008/12/04 12:0 a.m.98 views

[Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Java Web Start File Inclusion via System Properties Override Release Date:...

9.3CVSS7.6AI score0.07319EPSS
Exploits1
securityvulns
securityvulns
added 2008/11/12 12:0 a.m.98 views

Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)

Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution 955218 Published: November 11, 2008 Version: 1.0 General Information Executive Summary This security update resolves several vulnerabilities in Microsoft XML Core...

9.3CVSS7.2AI score0.27747EPSS
Exploits8
securityvulns
securityvulns
added 2008/11/10 12:0 a.m.98 views

[USN-666-1] Dovecot vulnerability

=========================================================== Ubuntu Security Notice USN-666-1 November 07, 2008 dovecot vulnerability CVE-2008-4907 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also...

4.3CVSS1.2AI score0.06203EPSS
Exploits0
securityvulns
securityvulns
added 2008/10/14 12:0 a.m.98 views

Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN.

saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE Router Vendor: Alice Telecom Italia...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2008/09/13 12:0 a.m.98 views

[SECURITY] [DSA 1636-1] New Linux 2.6.24 packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1636-1 [email protected] http://www.debian.org/security/ dann frazier Sep 11, 2008 http://www.debian.org/security/faq -...

9.3CVSS1.5AI score0.04353EPSS
Exploits12
securityvulns
securityvulns
added 2008/07/18 12:0 a.m.98 views

Mozilla Foundation Security Advisory 2008-35

Mozilla Foundation Security Advisory 2008-35 Title: Command-line URLs launch multiple tabs when Firefox not running Impact: Critical Announced: July 15, 2008 Reporter: Billy Rios, Ben Turner, Dan Veditz Products: Firefox Fixed in: Firefox 3.0.1 Firefox 2.0.0.16 Description Security researcher Bil...

2.6CVSS0.3AI score0.02753EPSS
Exploits1
securityvulns
securityvulns
added 2008/06/05 12:0 a.m.98 views

VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0009 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX,...

9.3CVSS10AI score0.10141EPSS
Exploits4
securityvulns
securityvulns
added 2008/05/15 12:0 a.m.98 views

Linux distributives OpenSSH / OpenSSL weak random generator

Weak random generation in Debian-based distributives Debian, Ubuntu...

7.8CVSS2.7AI score0.70721EPSS
Exploits7References3
securityvulns
securityvulns
added 2008/02/16 12:0 a.m.98 views

joomla com_activities sql injection

allinurl :"comactivities" index.php?option=comactivities&Itemid=51&func=detail&id=-1//union//select//0,1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,username//from//mosusers/...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2007/10/24 12:0 a.m.98 views

Bosdev Multiple vulnerabilities

BosMarket Business Directory System http://www.bosdev.com BosMarket Multiple XSS vulnerabilities BosMarket is a craigslist like application that attempts to let users refer other small businesses. The problem is that when you post listings, its a a no holds barred kind of deal. Firstly, One can...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2007/09/13 12:0 a.m.98 views

Apache2 Undefined Charset UTF-7 XSS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache2 Undefined Charset UTF-7 XSS Vulnerability Author: SecurityReason Maksymilian Arciemowicz cXIb8O3 Date: - - Written: 08.08.2007 - - Public: 11.09.2007 SecurityReason Research SecurityAlert Id: 46 CVE: CVE-2007-4465 SecurityRisk: Low Affected...

4.3CVSS7.5AI score0.26188EPSS
Exploits0
securityvulns
securityvulns
added 2007/02/02 12:0 a.m.98 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.04826EPSS
Exploits6References4Affected Software10
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.98 views

[SA23626] FirePass URL Restriction Bypass

TITLE: FirePass URL Restriction Bypass SECUNIA ADVISORY ID: SA23626 VERIFY ADVISORY: http://secunia.com/advisories/23626/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote OPERATING SYSTEM: FirePass 6.x http://secunia.com/product/13146/ FirePass 5.x...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/04/11 12:0 a.m.98 views

Microsoft Windows system services privilege escalation

There are several local services SSDP Discovery service, Universal Plug and Play Host service allow any authenticated user to configure service. It makes it possible to specify executable file and elevate privilege to Local System. Also vulnerable: HP Software: "Pml Driver HPZ12" HP Printer...

3AI score
Exploits0References4
securityvulns
securityvulns
added 2006/03/23 12:0 a.m.98 views

[Full-disclosure] XOR Crew :: vBulletin ImpEx <= 1.74 - Remote Command Execution Vulnerability

======================================================================================= XOR Crew :: Security Advisory 3/22/2006 ======================================================================================= vBulletin ImpEx = 1.74 - Remote Command Execution Vulnerability...

Exploits0
securityvulns
securityvulns
added 2005/11/08 12:0 a.m.98 views

[Full-disclosure] RANKBOX <= XSS vulnerability

Advisory 1 Title: "RANKBOX = XSS vulnerability" Author: spyburn Contact: [email protected] Website: elitemexico.org Date: 07/11/2005 Risk: High Vendor Url: http://chamberofgold.com Affected Software: RANKBOX Non Affected: We Are: ELITE MEXICO...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/08/09 12:0 a.m.98 views

indows Plug and Play Remote Compromise

nternet Security Systems Protection Advisory August 9, 2005 Windows Plug and Play Remote Compromise Summary: X-force has discovered a vulnerability in the Windows Plug and Play service. This vulnerability is remotely exploitable in the default configuration of Windows 2000, and is present in all...

10CVSS0.3AI score0.93405EPSS
Exploits9
securityvulns
securityvulns
added 2005/04/13 12:0 a.m.98 views

Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)

Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service 890859 Issued: April 12, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Elevation of Privilege...

10CVSS0.8AI score0.21533EPSS
Exploits0
securityvulns
securityvulns
added 2005/04/11 12:0 a.m.98 views

[UNIX] Kmail HTML Support Allows Spoofing of Emails' Content

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

7.2CVSS0.0298EPSS
Exploits4
securityvulns
securityvulns
added 2004/10/14 12:0 a.m.98 views

ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer

Below please find our public report for the HTTPS cache poisoning issue in Internet Explorer. It includes workarounds for server operators, allowing them to protect their web services without having to rely on users to patch their browsers. Regards, ACROS Security http://www.acrossecurity.com...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2001/11/15 12:0 a.m.98 views

Security Advisory: Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Revision 1.0 For Public Release 2001 November 14 08:00 UTC -0800 Summary Six vulnerabilities involving Access Control List ACL has been...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2001/06/19 12:0 a.m.98 views

Security Bulletin MS01-033

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Uncheck...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2001/06/07 12:0 a.m.98 views

Security Bulletin MS01-030

Title: Incorrect Attachment Handling in Exchange 2000 OWA Can Execute Script Date: 06 June 2001 Software: Microsoft Exchange 2000 Server Outlook Web Access Impact: Run code of attacker's choice Bulletin: MS01-030 Microsoft encourages customers to review the Security Bulletin at:...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2001/02/13 12:0 a.m.98 views

HIS Auktion 1.62: "show files" vulnerability and remote command execute.

-----------UkR security team advisory 8------------ HIS Auktion 1.62: "show files" vulnerability and remote command execute. -------------------------------------------------- Name: HIS Auktion 1.62: "show files" vulnurability. Date: 11.02.2001 Author: UkR-XblP About: script "HIS Auktion 1.62" is...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2000/07/01 12:0 a.m.98 views

Multiple vulnerabilities in Sybergen Secure Desktop

Infosec Security Vulnerability Report No: Infosec.20000625.sybergen.a =============================== Vulnerability Summary --------------------- Problem 1: Sybergen Secure Desktop does not protect against false router advertisements. Problem 2: Sybergen Secure Desktop dies when a user clears the...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/06/03 12:0 a.m.98 views

ipx storm

Hello, The IPX protocol has samething called IPX ping. Sending a packet to socket 0x456 to anything supporting ipx causes a response to be sent back. If you send a packet with source and destination addresses set to the ethernet broadcast address and source and destination socket set to 0x456...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/05/18 12:0 a.m.98 views

Security Bulletin (MS00-033)

Microsoft Security Bulletin MS00-033 - -------------------------------------- Patch Available for "Frame Domain Verification", "Unauthorized Cookie Access", and "Malformed Component Attribute" Vulnerabilities Originally Posted: May 17, 2000 Summary ======= Microsoft has released a comprehensive...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2000/05/12 12:0 a.m.98 views

Cold Fusion Server 4.5.1 DoS Vulnerability.

Exploit Announcement Title: Cold Fusion Server 4.5.1 Denial-of-Service Attack using CFCACHE. OS: Windows NT 4.0 Affected Product Versions: Cold Fusion Server 4.5.x, Professional & Enterprise. - Acknowledgements Thanks are due to Patrick Keating, for his help diagnosing and discovering this issue...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2015/09/14 12:0 a.m.97 views

[security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04774021 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04774021 Version: 1 HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK...

7.5CVSS0.4AI score0.98685EPSS
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.97 views

Device Inspector v1.5 iOS - Command Inject Vulnerabilities

Document Title: =============== Device Inspector v1.5 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1558 Release Date: ============= 2015-08-07 Vulnerability Laboratory ID VL-ID: ====================================...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.97 views

Sqlbuddy Directory Traversal Read Arbitrary Files Vulnerability

Sqlbuddy Directory Traversal Read Arbitrary Files Vulnerability. Vendor: http://www.sqlbuddy.com Release Date: ============= 05-08-2015 Source: ==================================== http://hyp3rlinx.altervista.org/advisories/AS-SQLBUDDY0508.txt Product: =============================== sqlbuddy...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/12/25 12:0 a.m.97 views

FreeBSD Security Advisory FreeBSD-SA-14:31.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:31.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in NTP suite Category: contrib Module: ntp Announced: 2014-12-23 Affects: All...

7.5CVSS8.6AI score0.7809EPSS
Exploits4
securityvulns
securityvulns
added 2014/10/18 12:0 a.m.97 views

Apple OS X / OS X Server multiple security vulnerabilities

62 vulnerabilities in different system components...

10CVSS2.3AI score0.99999EPSS
Exploits171References5Affected Software2
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.97 views

[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-027: SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to attack other users of...

6.4AI score
Exploits0
Total number of security vulnerabilities5000