Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2010/10/05 12:0 a.m.95 views

ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability

ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-190 October 1, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell iManager --...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2010/04/30 12:0 a.m.95 views

Amiro CMS<=5.4.4 PHP injection

ONSEC-09-026 Amiro CMS PHP inj CVE number requested Objective: Amiro CMS = 5.4.4 Type: PHP injection Threat: Medium Discovery date: 29.12.2009 Date of notification Developer: 29.12.2009 Released correction: 03/05/2010 Author: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Descriptio...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/04/12 12:0 a.m.95 views

VUPEN Security Research - VMware Products Movie Decoder Heap Overflow Vulnerability

VUPEN Security Research - VMware Products Movie Decoder Heap Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "VMware is a provider of virtualization software which runs on Microsoft Windows, Linux, and Mac OS X. VMware's enterprise software,...

9.3CVSS7.3AI score0.0621EPSS
Exploits1
securityvulns
securityvulns
added 2010/04/12 12:0 a.m.95 views

vBulletin 0-day Denial Of Service Exploit

========================================= vBulletin 0-day Denial Of Service Exploit ========================================= The largest Exploit Database in the world ! 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /'...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2010/01/28 12:0 a.m.95 views

[RT-SA-2010-002] Geo++(R) GNCASTER: Insecure handling of NMEA-data

Advisory: Geo++R GNCASTER: Insecure handling of NMEA-data During a penetration test, RedTeam Pentesting discovered that the GNCaster software does not handle NMEA-data correctly. An attacker that has valid login credentials can use this to crash the server software or potentially execute code on...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2009/10/19 12:0 a.m.95 views

3Com OfficeConnect Firewall/Router multiple remote Vulnerabilities

Product: 3Com OfficeConnect Firewall/Router Website: http://www.3com.com/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Vuln: remote command execution and password disclosure Admin password disclosure 1 SSH/Telnet to router using one of these hidde...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2009/10/13 12:0 a.m.95 views

Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525)

Microsoft Security Bulletin MS09-060 - Critical Vulnerabilities in Microsoft Active Template Library ATL ActiveX Controls for Microsoft Office Could Allow Remote Code Execution 973965 Published: October 13, 2009 Version: 1.0 General Information Executive Summary This security update resolves...

9.3CVSS0.5AI score0.43389EPSS
Exploits7
securityvulns
securityvulns
added 2009/08/08 12:0 a.m.95 views

ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-052 August 7, 2009 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates Unicenter S

CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management Issued: August 6, 2009 CA's technical support is alerting customers to a security risk with Unicenter Asset Portfolio Management, Unicenter Desktop and Serv...

4.3CVSS7.2AI score0.75865EPSS
Exploits2
securityvulns
securityvulns
added 2009/07/16 12:0 a.m.95 views

LifeType 1.2.8 Remote File Inclusion Vulnerability

/=============================================================================================================================================== | | o LifeType 1.2.8 Remote File Inclusion Vulnerability | | Software : LifeType 1.2.8 | Vendor : http://lifetype.net/ | Author : Cru3l.b0y | Contact :...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2009/03/10 12:0 a.m.95 views

Microsoft Security Bulletin MS09-007 - Important Vulnerability in SChannel Could Allow Spoofing (960225)

Microsoft Security Bulletin MS09-007 - Important Vulnerability in SChannel Could Allow Spoofing 960225 Published: March 10, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in the Secure Channel SChannel security package in...

7.1CVSS1.4AI score0.15193EPSS
Exploits2
securityvulns
securityvulns
added 2008/12/26 12:0 a.m.95 views

DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection --- Update for BID 32832

Title ----- DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection Severity -------- High Date Discovered --------------- October 14, 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Corey LeBleu and r@b13$ Vulnerability Description...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2008/10/26 12:0 a.m.95 views

Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability

====================================================================== Secunia Research 20/10/2008 - HP SiteScope SNMP Trap Script Insertion - ====================================================================== Table of Contents Affected...

4.3CVSS0.4AI score0.01637EPSS
Exploits1
securityvulns
securityvulns
added 2008/08/18 12:0 a.m.95 views

PHP Live Helper <= 2.0.1 Multiple Vulnerabilities

GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows the visitors of a website to intera...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2008/07/30 12:0 a.m.95 views

HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability

HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability Ghost Hacker , R-h Team , Real Hack We Will Be Back Soon : Found by : Ghost Hacker - R-H Team - |, .-. .-. ,| My Blog : http://gh0st10.wordpress.com | o/ o | My Email : [email protected] |/ / | Name Script : HIOX Browser...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2008/06/14 12:0 a.m.95 views

[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1597-1 [email protected] http://www.debian.org/security/ Devin Carraway June 12, 2008 http://www.debian.org/security/faq -...

7.5CVSS0.8AI score0.05592EPSS
Exploits1
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.95 views

Secunia Research: HP OpenView Network Node Manager OpenView5.exe Directory Traversal

====================================================================== Secunia Research 14/04/2008 - HP OpenView Network Node Manager OpenView5.exe Directory Traversal - ====================================================================== Table of Contents Affected...

5CVSS0.6AI score0.05088EPSS
Exploits1
securityvulns
securityvulns
added 2008/03/12 12:0 a.m.95 views

Microsoft Security Bulletin MS08-016 – Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

Microsoft Security Bulletin MS08-016 – Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution 949030 Published: March 11, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Microsoft Office that...

9.3CVSS0.7AI score0.42225EPSS
Exploits5
securityvulns
securityvulns
added 2008/02/06 12:0 a.m.95 views

[security bulletin] HPSBMA02307 SSRT071420 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01321117 Version: 1 HPSBMA02307 SSRT071420 rev.1 - HP OpenView Network Node Manager OV NNM Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as...

7.8CVSS0.4AI score0.04443EPSS
Exploits1
securityvulns
securityvulns
added 2007/12/16 12:0 a.m.95 views

Hosting Controller - Multiple Security Bugs (Extremely Critical)

Title: Multiple Security Bugs In Hosting Controller Critical: Extremely critical Impact: Full system administrator access Vendor: Hosting Controller Version: 6.1 Hot fix = 3.3 Vendor URL: www.hostingcontroller.com Solution: N/A From company - There is temporary solution in this report Exploit:...

8.5AI score
Exploits0
securityvulns
securityvulns
added 2007/08/15 12:0 a.m.95 views

EEYE: VGX.DLL Compressed Content Heap Overflow Vulnerability

VGX.DLL Compressed Content Heap Overflow Vulnerability Release Date: August 14, 2007 Date Reported: October 24, 2006 Severity: High Code Execution Systems Affected: Internet Explorer 6 SP1 - Windows 2000 SP4 Internet Explorer 6 SP1 - Windows XP SP1 Internet Explorer 6 SP2 - Windows XP SP2 Interne...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2007/06/19 12:0 a.m.95 views

iG Shop 1.4 eval Inclusion Vulnerability

!/usr/bin/perl -w use LWP::UserAgent; iG Shop 1.4 eval Inclusion Vulnerability found by IFX nyubicrew Vulnerability on page.php if !$action $action = "make"; // here the function will be called. eval "page$action;"; die "Example: perl $0 http://www.planetgolfuk.co.uk/shopn" unless @ARGV; $b =...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/06/11 12:0 a.m.95 views

[USN-470-1] Linux kernel vulnerabilities

=========================================================== Ubuntu Security Notice USN-470-1 June 08, 2007 linux-source-2.6.20 vulnerabilities CVE-2007-1353, CVE-2007-2451, CVE-2007-2453 =========================================================== A security issue affects the following Ubuntu...

5CVSS7.4AI score0.02098EPSS
Exploits0
securityvulns
securityvulns
added 2007/06/01 12:0 a.m.95 views

Mozilla Foundation Security Advisory 2007-13

Mozilla Foundation Security Advisory 2007-13 Title: Persistent Autocomplete Denial of Service Impact: Low Announced: May 30, 2007 Reporter: Marcel Products: Firefox Fixed in: Firefox 2.0.0.4 Firefox 1.5.0.12 Description Marcel reported that a malicious web page could perform a denial of service...

4.3CVSS1AI score0.01798EPSS
Exploits0
securityvulns
securityvulns
added 2007/05/04 12:0 a.m.95 views

rPSA-2007-0090-1 gimp

rPath Security Advisory: 2007-0090-1 Published: 2007-05-03 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: gimp=/conary.rpath.com@rpl:devel//1/2.2.8-8.3-1 References: https://vulners.com/cve/CVE-2007-2356...

6.8CVSS6.7AI score0.15674EPSS
Exploits1
securityvulns
securityvulns
added 2007/04/06 12:0 a.m.95 views

ACLS ineffective in SQL-Ledger and LedgerSMB

Hi all; I have decided to finally send to this list a serious security flaw in the design of SQL-Ledger all versions. LedgerSMB all versions is also affected but the problem with a workaround has been mentioned in our documentation since the fork. Ordinarily I would not make a big deal out of thi...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/02/13 12:0 a.m.95 views

Aruba Mobility Controller multiple security vulnerabilities

Unauthorized access to management interface thorugh wireless network. Buffer overflow...

7.5CVSS4AI score0.06015EPSS
Exploits1References2Affected Software2
securityvulns
securityvulns
added 2007/02/05 12:0 a.m.95 views

[SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Potential Denial of Service bug in smbd == CVE ID: CVE-2007-0452 == == Versions: Samba 3.0.6 - 3.0.23d inclusive == == Summary: A logic error in the deferred open code == can le...

6.8CVSS7.2AI score0.0459EPSS
Exploits1
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.95 views

easy-content filemanager

easy-content filemanager Email: hackerbinhphuoc atyahoo dot com website: http://www.vnsecurity.com ------------------------------------- we can hack web use easy-content filemanager very easy we search with keyword: intitle: easy-content filemanager or inurl: filemanager/Default.asp and we can...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/01/10 12:0 a.m.95 views

iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability

Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability iDefense Security Advisory 01.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 09, 2007 I. BACKGROUND The X Window System is a graphical windowing system based on a client/server model. Mor...

10CVSS0.3AI score0.0339EPSS
Exploits0
securityvulns
securityvulns
added 2006/12/20 12:0 a.m.95 views

Valdersoft Shopping Cart v3.0 (E-Commerce Software)*****[ commonIncludePath ] Remote File Include

Valdersoft Shopping Cart v3.0 E-Commerce Software commonIncludePath Remote File Include +class : Remote File Include Vulnerability +Author : mdx +Files : +/commoninclude/common.php , /include/common.php, /admin/include/common.php +code : + + include $commonIncludePath."common.php" ; + + Exploit :...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2006/08/02 12:0 a.m.95 views

[Full-disclosure] Secunia Research: Jetbox Multiple Vulnerabilities

====================================================================== Secunia Research 02/08/2006 - Jetbox Multiple Vulnerabilities - ====================================================================== Table of Contents Affected Software....................................................1...

7.5CVSS0.2AI score0.01717EPSS
Exploits0
securityvulns
securityvulns
added 2006/02/20 12:0 a.m.95 views

Coppermine Photo Gallery <=1.4.3 remote code execution

Coppermine Photo Gallery = 1.4.3 arbitrary local/remote inclusion: --------- - 18/02/2006 5.09.55 ----------------------------------------------------------- -------------------------------------------------------------------------------- software: site: http://coppermine-gallery.net/index.php...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2005/12/20 12:0 a.m.95 views

PHPGedView <= 3.3.7 remote code execution

--- PHPGedView = 3.3.7 Arbitrary local/remote code execution & php injection --- software: site: http://www.phpgedview.net/ description: "PhpGedView is a revolutionary genealogy program which allows you to view and edit your genealogy on your website." - vulnerabilties:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/11/08 12:0 a.m.95 views

[UNIX] MagpieRSS Remote Command Execution

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

2.4AI score
Exploits0
securityvulns
securityvulns
added 2005/08/09 12:0 a.m.95 views

Microsoft Security Bulletin MS05-042 Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)

Microsoft Security Bulletin MS05-042 Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing 899587 Issued: August 9, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Denial of Service,...

3.6CVSS1.4AI score0.06521EPSS
Exploits0
securityvulns
securityvulns
added 2005/06/30 12:0 a.m.95 views

[EXPL] phpBB Remote PHP Code Execution (viewtopic.php 2)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Exploits0
securityvulns
securityvulns
added 2005/03/07 12:0 a.m.95 views

wfsections 1.07 advisory

Program: wfsections Verion: 1.07 Bug Type: SQL Injection Bug Discription: ================================= In file class/wfsfiles.php, we can see this function: //START function getAllbyArticle$articleid $db =& Database::getInstance; $table = $db-prefix"wfsfiles"; $ret = array; $sql = "SELECT FR...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2004/10/22 12:0 a.m.95 views

Denial of service in LANDesk 8

When connected to a remote machine with LANDesk version 8, and someone connects with, or even telnets to the port of, Remote Desktop 3389, the machine bluescreens, dumps memory, and reboots immediately. I've tested with: Windows 2000 Server, Advanced server SP4 and up Windows 2003 Server Windows ...

3.4AI score
Exploits0
securityvulns
securityvulns
added 2004/09/27 12:0 a.m.95 views

[VulnWatch] OpenBSD radius authentication vulnerability

Title: OpenBSD radius authentication vulnerability Summary: Authentication can be bypassed when radius-authentication is used on OpenBSD. Impact: Unauthorized access to the system Software: OpenBSD 3.2 and OpenBSD 3.5 confirmed vulnerable. Workarounds: 1 Place the Radius server on an isolated lan...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2004/08/13 12:0 a.m.95 views

advisory

.:: Security Advisory ::. by unl0ck team http://web-hack.ru/unl0ck | | | |/ | | || |/| || | | | || | | | | | | | | Advisory: 2 by unl0ck team Bug: format string and buffer overflow sybase Product: vpopmail = 5.4.2 sybase vulnerability Author: Werro [email protected] Realease Date : 12/08/04 Risk: Low...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2004/04/30 12:0 a.m.95 views

Sambar security quest

This issue is old originally discovered in January, 2003 published by iDefense1 and fixed by Vendor2 in September, 2003 but still interesting if you tired of endless crossite scriptings, buffer overflows and SQL injections and would like to play security game. Intro: Probably you heard about...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2003/07/04 12:0 a.m.95 views

[Full-Disclosure] Vulnerability in CCBill script

Recently there are many hacking attempts attacking E-commerce site that use CCBILL to precess credit cards. Some of my clients sites are hacked and defaced by this vulnerability. In the Incidents List, some people already mention about it. I just take a look at the actual problem and figure out...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/06/13 12:0 a.m.95 views

[EXPL] Exploit Code Released for diagrpt Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2003/04/25 12:0 a.m.95 views

An Implementation of a Birthday Attack in a DNS Spoofing

An Implementation of a Birthday Attack in a DNS Spoofing. By Ramon Izaguirre. 0.- Introduction, In november 2002 Vagner Sacramento discovered that a dns server would reply with n responses to n queries made from different ip addresses for the same domain...

Exploits0
securityvulns
securityvulns
added 2002/06/28 12:0 a.m.95 views

Cluestick Advisory #001

Cluestick Advisory 001 June 27, the year of our Lord 2002 Surreal "Unauthenticated remote hyper-annoying denial of service with a side of server reboot, using IManage. Netware 6.0 and NW6 SP1." OK, I may possibly ramble a bit, but is that any reason to SHUN a body? It's been 30 to 45 days, and I'...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/03/01 12:0 a.m.95 views

nCipher Security Advisory #2: SNMP vulnerabilities

SUMMARY ======= SNMP agents supplied by nCipher, as well as those required to run other nCipher SNMP aupport software, could be vulnerable to buffer overflow attacks including denial of service and privilege elevation. BACKGROUND ========== nCipher supplies a range of Hardware Security Modules HS...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2001/10/27 12:0 a.m.95 views

another fatal bug in NT/2000 "Command Prompt" I/O

Recent messages on the comp.lang.c and allegedly comp.os.ms-windows.programmer.win32 have documented various short programs which cause Windows NT4 and 2000 to crash and reboot by writing certain strings to stdout. The following is one example of such a program: include stdio.h int mainvoid while...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2001/09/27 12:0 a.m.95 views

Vulnerabilities in QVT/Term

-----BEGIN PGP SIGNED MESSAGE----- Vulnerabilities in QVT/Term Overview QVT/Term v5.0 is a suite of Internet tools available from http://www.qpc.com/. Two vulnerabilities exist in the FTP daemon. The first allows a remote user to list the files outside the ftp root. The second allows a remote use...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/08/22 12:0 a.m.95 views

BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

-- iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000 Advisory -- BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability Problem discovered: 22/08/2001 -- Overview -- BadBlue http://badblue.com/ is a tiny, free download that lets you share files, search...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/03/31 12:0 a.m.95 views

Advisory CA-2001-05

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2001-05 Exploitation of snmpXdmid Original release date: March 30, 2001 Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Any machine running Solaris 2.6, 7, or 8 with snmpXdmid installed and...

Exploits0
Total number of security vulnerabilities5000