Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
•added 2015/02/11 12:0 a.m.•95 views

[USN-2497-1] NTP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2497-1 February 09, 2015 ntp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Exploits0
securityvulns
securityvulns
•added 2015/01/25 12:0 a.m.•95 views

REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability

================================================================================ REWTERZ-20140101 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk SQL Injection Vulnerability Product: ServiceDesk Plus...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2015/01/19 12:0 a.m.•95 views

[SECURITY] [DSA 3120-1] mantis security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3120-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 06, 2015 http://www.debian.org/security/faq -...

7.5CVSS1.7AI score0.50561EPSS
Exploits14
securityvulns
securityvulns
•added 2014/12/21 12:0 a.m.•95 views

APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2014-12-11-1 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2 are now available and include the security content of Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1: https://support.apple.com/en-us/HT659...

0.1AI score
Exploits0
securityvulns
securityvulns
•added 2014/12/01 12:0 a.m.•95 views

[ MDVSA-2014:221 ] php-smarty

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:221 http://www.mandriva.com/en/support/security/ Package : php-smarty Date : November 21, 2014 Affected: Business Server 1.0 Problem Description: References: https://vulners.com/cve/CVE-2012-4437...

7.5CVSS6AI score0.03127EPSS
Exploits1
securityvulns
securityvulns
•added 2014/11/03 12:0 a.m.•95 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.05026EPSS
Exploits17References16Affected Software11
securityvulns
securityvulns
•added 2014/11/03 12:0 a.m.•95 views

[USN-2394-1] Linux kernel (Trusty HWE) vulnerabilities

========================================================================== Ubuntu Security Notice USN-2394-1 October 30, 2014 linux-lts-trusty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

7.8CVSS6.1AI score0.03725EPSS
Exploits1
securityvulns
securityvulns
•added 2014/10/14 12:0 a.m.•95 views

[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!

Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...

7.5CVSS0.2AI score0.80095EPSS
Exploits16
securityvulns
securityvulns
•added 2014/10/14 12:0 a.m.•95 views

WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found a serious security vulnerability in the Slideshow Gallery plugin. This bug allows an attacker to upload any php file remotely to the vulnerable website administrator by default. I have tested and verified that having the current version of the...

6.5CVSS0.3AI score0.7089EPSS
Exploits11
securityvulns
securityvulns
•added 2014/08/26 12:0 a.m.•95 views

CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request

Exploit Details ------------------ Senkas Kolibri WebServer 2.0 available at http://www.senkas.com/kolibri/download.php is vulnerable to RCE via an overly long POST request. Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within the...

7.5CVSS0.4AI score0.14301EPSS
Exploits19
securityvulns
securityvulns
•added 2014/07/28 12:0 a.m.•95 views

CUPS unauthorized files access

Unauthorized access to RSS files...

5CVSS3.7AI score0.02911EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
•added 2014/06/14 12:0 a.m.•95 views

CodeIgniter <= 2.1.4 Session Decoding Vulnerability

Class Weak encryption Remote Yes Published 6th June 2014 Credit Robin Bailey of Dionach [email protected] Vulnerable CodeIgniter = 2.1.4 Session cookies created by the CodeIgniter PHP framework contain a number of variables in a serialized PHP array. To prevent users from tampering with this cook...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2014/05/05 12:0 a.m.•95 views

Sendy 1.1.9.1 - SQL Injection Vulnerability

Sendy contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the /send-to script not properly sanitizing user-supplied input to the "c" parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2014/05/05 12:0 a.m.•95 views

CVE-2014-5795 - Database Credentials Leak in Oracle Demantra

Vulnerability title: Database Credentials Leak in Oracle Demantra CVE: CVE-2014-5795 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: Oracle Demantra version 12.2.1 has a backend function that allows anyone to retrieve the...

1.1AI score
Exploits4
securityvulns
securityvulns
•added 2014/05/04 12:0 a.m.•95 views

[slackware-security] php (SSA:2014-111-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2014-111-02 New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

5CVSS7.7AI score0.0304EPSS
Exploits1
securityvulns
securityvulns
•added 2014/05/04 12:0 a.m.•95 views

[SECURITY] [DSA 2887-1] ruby-actionmailer-3.2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2887-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 27, 2014 http://www.debian.org/security/faq -...

4.3CVSS1.4AI score0.03135EPSS
Exploits1
securityvulns
securityvulns
•added 2013/12/09 12:0 a.m.•95 views

[ MDVSA-2013:256 ] apache-mod_fcgid

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:256 http://www.mandriva.com/en/support/security/ Package : apache-modfcgid Date : October 18, 2013 Affected: Business Server 1.0 Problem Description: Updated apache-modfcgid package fixes security...

5CVSS8.7AI score0.13141EPSS
Exploits0
securityvulns
securityvulns
•added 2013/12/09 12:0 a.m.•95 views

Vulnerability in Pydio/AjaXplorer <= 5.0.3

Vulnerability in Pydio/AjaXplorer = 5.0.3 ============ Background: Pydio allows you to instantly turn any server into a powerful file sharing platform. Formerly known as AjaXplorer ============ Description of vulnerability There is an unrestricted upload capability, in one of the plugins that is...

8.5CVSS0.6AI score0.07962EPSS
Exploits7
securityvulns
securityvulns
•added 2013/12/09 12:0 a.m.•95 views

[USN-2049-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2049-1 December 07, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.9CVSS0.1AI score0.04144EPSS
Exploits7
securityvulns
securityvulns
•added 2013/08/14 12:0 a.m.•95 views

PuTTY / WinSCP security vulnerabilities

SSH handshake heap buffer overflow, protection bypass, information leakage...

6.8CVSS2AI score0.03447EPSS
Exploits4References2Affected Software2
securityvulns
securityvulns
•added 2013/08/12 12:0 a.m.•95 views

[security bulletin] HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and Switches, OSPF Remote Information Disclosure and Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03880910 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03880910 Version: 1 HPSBHF02912 rev....

7CVSS0.1AI score0.01916EPSS
Exploits0
securityvulns
securityvulns
•added 2013/07/15 12:0 a.m.•95 views

Multiple Vulnerabilities in Kasseler CMS

Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS0.3AI score0.02976EPSS
Exploits7
securityvulns
securityvulns
•added 2013/07/15 12:0 a.m.•95 views

[ MDVSA-2013:194 ] kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:194 http://www.mandriva.com/en/support/security/ Package : kernel Date : July 11, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...

7.9CVSS8.7AI score0.07313EPSS
Exploits8
securityvulns
securityvulns
•added 2013/05/06 12:0 a.m.•95 views

[KIS-2013-04] Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability

------------------------------------------------------------------ Joomla! = 3.0.3 remember.php PHP Object Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://www.joomla.org/ - Affected Versions: Version 3.0.3 and earlier 3.0.x...

5.5CVSS0.1AI score0.04848EPSS
Exploits6
securityvulns
securityvulns
•added 2013/05/04 12:0 a.m.•95 views

CORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0303 Advisory URL:...

0.7AI score0.40353EPSS
Exploits10
securityvulns
securityvulns
•added 2013/03/24 12:0 a.m.•95 views

Apple Mac OS X multiple security vulnerabilities

Crossite scripting, authentication bypass, buffer overflows and memory corruptions in graphics libraries, information leakage, protection bypass, PDF parsing memory corruptions, different packages security vulnerabilities...

9.3CVSS4.5AI score0.99449EPSS
Exploits39References1Affected Software1
securityvulns
securityvulns
•added 2013/02/11 12:0 a.m.•95 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.6645EPSS
Exploits25References9Affected Software10
securityvulns
securityvulns
•added 2013/01/14 12:0 a.m.•95 views

CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows

CVE-2012-5641 Information disclosure via unescaped backslashes in URLs on Windows Affected Versions: All Windows-based releases of Apache CouchDB, up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable. Description: A specially crafted request could be used to access content directly that wou...

5CVSS0.2AI score0.08945EPSS
Exploits1
securityvulns
securityvulns
•added 2013/01/10 12:0 a.m.•95 views

TomatoCart 1.x | Unrestricted File Creation

OVERVIEW TomatoCart 1.x versions are vulnerable to Unrestricted File Creation. 2. BACKGROUND TomatoCart is an innovative Open Source shopping cart solution developed by Wuxi Elootec Technology Co., Ltd. It is forked from osCommerce 3 as a separate project and is released under the GNU General...

Exploits0
securityvulns
securityvulns
•added 2012/12/18 12:0 a.m.•95 views

Foswiki Security Alert CVE-2012-6329, CVE-2012-6330 Remote code execution and other vulnerabilities in MAKETEXT macro

---+ Security Alert: Code injection vulnerability in MAKETEXT macro, Denial of Service vulnerability in MAKETEXT macro. This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext, whic...

7.5CVSS10AI score0.61604EPSS
Exploits15
securityvulns
securityvulns
•added 2012/12/03 12:0 a.m.•95 views

[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision

2012-001 multiple implementations denial-of-service via MurmurHash algorithm collision Description: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting...

5CVSS5AI score0.02249EPSS
Exploits0
securityvulns
securityvulns
•added 2012/08/27 12:0 a.m.•95 views

ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-147 August 22, 2012 - -- CVE ID: CVE-2011-3897 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affecte...

6.8CVSS0.6AI score0.01541EPSS
Exploits0
securityvulns
securityvulns
•added 2012/06/25 12:0 a.m.•95 views

VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876)

VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow MS12-037 / CVE-2012-1876 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by...

9.3CVSS0.1AI score0.64962EPSS
Exploits27
securityvulns
securityvulns
•added 2012/06/18 12:0 a.m.•95 views

[Suspected Spam] eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities

Title: ====== eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=575 VL-ID: ===== 575 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: =============...

Exploits0
securityvulns
securityvulns
•added 2012/03/18 12:0 a.m.•95 views

VMSA-2012-0004 VMware View privilege escalation and cross-site scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0004 Synopsis: VMware View privilege escalation and cross-site scripting Issue date: 2012-03-15 Updated on: 2012-03-15 initial...

7.2CVSS9.3AI score0.02015EPSS
Exploits0
securityvulns
securityvulns
•added 2011/10/16 12:0 a.m.•95 views

ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams)

Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2011/07/22 12:0 a.m.•95 views

[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2279-1 [email protected] http://www.debian.org/security/ Steffen Joeris July 19, 2011 http://www.debian.org/security/faq -...

7.5CVSS1.8AI score0.05659EPSS
Exploits0
securityvulns
securityvulns
•added 2011/06/19 12:0 a.m.•95 views

ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability

ZDI-11-197: Microsoft Internet Explorer vgx.dll imagedata Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-197 June 14, 2011 -- CVE ID: CVE-2011-1266 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft Interne...

9.3CVSS0.6AI score0.17977EPSS
Exploits1
securityvulns
securityvulns
•added 2011/05/25 12:0 a.m.•95 views

[ MDVSA-2011:096 ] python

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:096 http://www.mandriva.com/security/ Package : python Date : May 22, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities have been identified an...

6.4CVSS8.4AI score0.04266EPSS
Exploits1
securityvulns
securityvulns
•added 2011/04/19 12:0 a.m.•95 views

ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability

ZDI-11-104: Pwn2Own Webkit CSS Text Element Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-104 April 14, 2011 -- CVE ID: CVE-2011-1290 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit --...

10CVSS1.1AI score0.09754EPSS
Exploits0
securityvulns
securityvulns
•added 2011/01/31 12:0 a.m.•95 views

Symantec Antivirus Corporate Edition Alert Management Service code execution

It's possible to execute commands without authentication via TCP/38292 service...

9.3CVSS5AI score0.34516EPSS
Exploits14References4Affected Software2
securityvulns
securityvulns
•added 2010/11/01 12:0 a.m.•95 views

CVE-2010-3700: Spring Security bypass of security constraints

CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...

5CVSS6.1AI score0.01673EPSS
Exploits1
securityvulns
securityvulns
•added 2010/10/05 12:0 a.m.•95 views

ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability

ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-190 October 1, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell iManager --...

0.8AI score
Exploits0
securityvulns
securityvulns
•added 2010/04/12 12:0 a.m.•95 views

vBulletin 0-day Denial Of Service Exploit

========================================= vBulletin 0-day Denial Of Service Exploit ========================================= The largest Exploit Database in the world ! 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /'...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2009/06/04 12:0 a.m.•95 views

CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability 1. Advisory Information Title: Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability...

5CVSS0.1AI score0.19633EPSS
Exploits3
securityvulns
securityvulns
•added 2008/10/26 12:0 a.m.•95 views

Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability

====================================================================== Secunia Research 20/10/2008 - HP SiteScope SNMP Trap Script Insertion - ====================================================================== Table of Contents Affected...

4.3CVSS0.4AI score0.01637EPSS
Exploits1
securityvulns
securityvulns
•added 2008/07/30 12:0 a.m.•95 views

HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability

HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability Ghost Hacker , R-h Team , Real Hack We Will Be Back Soon : Found by : Ghost Hacker - R-H Team - |, .-. .-. ,| My Blog : http://gh0st10.wordpress.com | o/ o | My Email : [email protected] |/ / | Name Script : HIOX Browser...

1.8AI score
Exploits0
securityvulns
securityvulns
•added 2008/06/14 12:0 a.m.•95 views

[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1597-1 [email protected] http://www.debian.org/security/ Devin Carraway June 12, 2008 http://www.debian.org/security/faq -...

7.5CVSS0.8AI score0.05592EPSS
Exploits1
securityvulns
securityvulns
•added 2008/06/11 12:0 a.m.•95 views

TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

Dear users of TYPO3, It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library feadminlib.inc allows Cross Site Scripting XSS. === Component Type === TYPO3 Core === Affected...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2008/05/15 12:0 a.m.•95 views

Linux distributives OpenSSH / OpenSSL weak random generator

Weak random generation in Debian-based distributives Debian, Ubuntu...

7.8CVSS2.7AI score0.70721EPSS
Exploits7References3
Total number of security vulnerabilities5000