Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2009/08/08 12:0 a.m.94 views

ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-052 August 7, 2009 -- Affected Vendors: Computer Associates -- Affected Products: Computer Associates Unicenter S

CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management Issued: August 6, 2009 CA's technical support is alerting customers to a security risk with Unicenter Asset Portfolio Management, Unicenter Desktop and Serv...

4.3CVSS7.2AI score0.75865EPSS
Exploits2
securityvulns
securityvulns
added 2009/07/16 12:0 a.m.94 views

LifeType 1.2.8 Remote File Inclusion Vulnerability

/=============================================================================================================================================== | | o LifeType 1.2.8 Remote File Inclusion Vulnerability | | Software : LifeType 1.2.8 | Vendor : http://lifetype.net/ | Author : Cru3l.b0y | Contact :...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2009/06/04 12:0 a.m.94 views

CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability 1. Advisory Information Title: Apple CUPS IPPTAGUNSUPPORTED Handling null pointer Vulnerability...

5CVSS0.1AI score0.19633EPSS
Exploits3
securityvulns
securityvulns
added 2009/05/21 12:0 a.m.94 views

(GET var 'id') BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta -->

!/usr/bin/perl ------------------------------------------------------------------------------------------ GET var 'id' BLIND SQL INJECTION EXPLOIT --Dog Pedigree Online Database v1.0.1-Beta -- ------------------------------------------------------------------------------------------ CMS...

Exploits0
securityvulns
securityvulns
added 2009/03/12 12:0 a.m.94 views

Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability Advisory ID: cisco-sa-20090311-cucmpab Revision 1.0 For Public Release 2009 March 11 1600 UTC GMT...

9CVSS1.5AI score0.03025EPSS
Exploits0
securityvulns
securityvulns
added 2009/01/16 12:0 a.m.94 views

Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2

NGSSoftware Insight Security Research Advisory Name: Trigger abuse of MDSYS.SDOTOPODROPFTBL Systems Affected: Oracle 10g R1 and R2 10.1.0.5 and 10.2.0.2 Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 23rd July 2008 Date of Public...

5.5CVSS0.3AI score0.32434EPSS
Exploits7
securityvulns
securityvulns
added 2008/07/30 12:0 a.m.94 views

HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability

HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability Ghost Hacker , R-h Team , Real Hack We Will Be Back Soon : Found by : Ghost Hacker - R-H Team - |, .-. .-. ,| My Blog : http://gh0st10.wordpress.com | o/ o | My Email : [email protected] |/ / | Name Script : HIOX Browser...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2008/06/14 12:0 a.m.94 views

[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1597-1 [email protected] http://www.debian.org/security/ Devin Carraway June 12, 2008 http://www.debian.org/security/faq -...

7.5CVSS0.8AI score0.05592EPSS
Exploits1
securityvulns
securityvulns
added 2008/06/11 12:0 a.m.94 views

TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

Dear users of TYPO3, It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library feadminlib.inc allows Cross Site Scripting XSS. === Component Type === TYPO3 Core === Affected...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2008/03/05 12:0 a.m.94 views

Arbitrary commands execution in Versant Object Database 7.0.1.3

Luigi Auriemma Application: Versant Object Database http://www.versant.com/enUS/products/objectdatabase Versions: = 7.0.1.3 Platforms: Windows, Solaris, HP-UX, AIX, Linux Bug: arbitrary commands execution Exploitation: remote Date: 04 Mar 2008 Author: Luigi Auriemma e-mail: [email protected]...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2007/12/16 12:0 a.m.94 views

Hosting Controller - Multiple Security Bugs (Extremely Critical)

Title: Multiple Security Bugs In Hosting Controller Critical: Extremely critical Impact: Full system administrator access Vendor: Hosting Controller Version: 6.1 Hot fix = 3.3 Vendor URL: www.hostingcontroller.com Solution: N/A From company - There is temporary solution in this report Exploit:...

8.5AI score
Exploits0
securityvulns
securityvulns
added 2007/11/20 12:0 a.m.94 views

rPSA-2007-0242-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl

rPath Security Advisory: 2007-0242-1 Published: 2007-11-19 Products: rPath Appliance Platform Linux Service 1 rPath Linux 1 Rating: Minor Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: php5=conary.rpath.com@rpl:1/5.2.5-1-1...

6.9CVSS9.2AI score0.03628EPSS
Exploits1
securityvulns
securityvulns
added 2007/09/11 12:0 a.m.94 views

NuclearBB Alpha 2 Remote File Inclusion

Vuln Product: NuclearBB Alpha 2 Vendor: http://www.nuclearbb.com/ Vulnerability Type: Remote File Inclusion Autor: Infection Team: Rootshell Security Team Vulnerable file: /NuclearBB/tasks/sendqueuedemails.php Exploit URL:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/08/14 12:0 a.m.94 views

eXV2.de Browser Cookie is not properly sanitised

Details ======= Product: eXV2.de CMS = 2.0.5. Severity: moderated Remote-Exploit: yes Vendor-URL: http://www.exv2.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: Vision aka n-tier http://www.i-s-o.org Original Advisory: ============...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/08/10 12:0 a.m.94 views

CA.View/view-law.asp/view-info.asp sql injection

CA.View/view-law.asp/view-info.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam all members thx 3APA3A spec.note : "Live The Life"...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/06/19 12:0 a.m.94 views

iG Shop 1.4 eval Inclusion Vulnerability

!/usr/bin/perl -w use LWP::UserAgent; iG Shop 1.4 eval Inclusion Vulnerability found by IFX nyubicrew Vulnerability on page.php if !$action $action = "make"; // here the function will be called. eval "page$action;"; die "Example: perl $0 http://www.planetgolfuk.co.uk/shopn" unless @ARGV; $b =...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/06/01 12:0 a.m.94 views

Mozilla Foundation Security Advisory 2007-13

Mozilla Foundation Security Advisory 2007-13 Title: Persistent Autocomplete Denial of Service Impact: Low Announced: May 30, 2007 Reporter: Marcel Products: Firefox Fixed in: Firefox 2.0.0.4 Firefox 1.5.0.12 Description Marcel reported that a malicious web page could perform a denial of service...

4.3CVSS1AI score0.01798EPSS
Exploits0
securityvulns
securityvulns
added 2007/04/06 12:0 a.m.94 views

ACLS ineffective in SQL-Ledger and LedgerSMB

Hi all; I have decided to finally send to this list a serious security flaw in the design of SQL-Ledger all versions. LedgerSMB all versions is also affected but the problem with a workaround has been mentioned in our documentation since the fork. Ordinarily I would not make a big deal out of thi...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.94 views

Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabilities

Joomla comjoomlaboard 1.1.x Branch sbp Multiple Remote File Include Vulnerabilities Joomlaboard Component 1.1.x Branch sbp Multiple Remote File Include Vulnerabilities script : http://forge.joomla.org/sf/frs/do/viewRelease/projects.simpleboard/frs.joomlaboardcomponent.joomlaboard11xbranch files :...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/03/01 12:0 a.m.94 views

Dropbear dbclient SSH server spoofing

User is not adequately warned on server crypto key mismatch...

7.5CVSS2AI score0.02103EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2007/02/15 12:0 a.m.94 views

XSS in [deskpro.com v1.1.0 ]

hey guys .. check out this new xss i just found ;P Vulnerable : deskpro.com v1.1.0 web : http://www.deskpro.com, http://customers.qwk.net Version : v1.1.0 XSS : http://127.0.0.1/dp/faq.php?article="scriptalert'bl4ck'/script Discovered By BLacK ZeRo K.S.A [email protected] Best regards ,,...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/02/05 12:0 a.m.94 views

[SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Potential Denial of Service bug in smbd == CVE ID: CVE-2007-0452 == == Versions: Samba 3.0.6 - 3.0.23d inclusive == == Summary: A logic error in the deferred open code == can le...

6.8CVSS7.2AI score0.0459EPSS
Exploits1
securityvulns
securityvulns
added 2007/01/10 12:0 a.m.94 views

iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability

Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability iDefense Security Advisory 01.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 09, 2007 I. BACKGROUND The X Window System is a graphical windowing system based on a client/server model. Mor...

10CVSS0.3AI score0.0339EPSS
Exploits0
securityvulns
securityvulns
added 2006/12/20 12:0 a.m.94 views

Valdersoft Shopping Cart v3.0 (E-Commerce Software)*****[ commonIncludePath ] Remote File Include

Valdersoft Shopping Cart v3.0 E-Commerce Software commonIncludePath Remote File Include +class : Remote File Include Vulnerability +Author : mdx +Files : +/commoninclude/common.php , /include/common.php, /admin/include/common.php +code : + + include $commonIncludePath."common.php" ; + + Exploit :...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2006/12/20 12:0 a.m.94 views

Mozilla Foundation Security Advisory 2006-69

Mozilla Foundation Security Advisory 2006-69 Title: CSS cursor image buffer overflow Windows only Impact: Critical Announced: December 19, 2006 Reporter: Frederik Reiss Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7...

6.8CVSS1.7AI score0.08288EPSS
Exploits0
securityvulns
securityvulns
added 2006/08/02 12:0 a.m.94 views

[Full-disclosure] Secunia Research: Jetbox Multiple Vulnerabilities

====================================================================== Secunia Research 02/08/2006 - Jetbox Multiple Vulnerabilities - ====================================================================== Table of Contents Affected Software....................................................1...

7.5CVSS0.2AI score0.01717EPSS
Exploits0
securityvulns
securityvulns
added 2006/07/28 12:0 a.m.94 views

NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability

NSFOCUS Security Advisory SA2006-07 ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability Release Date: 2006-07-27 CVE ID: CVE-2006-3840 http://www.nsfocus.com/english/homepage/research/0607.htm Affected systems & software =================== RealSecure Network Sensor...

5CVSS0.4AI score0.0234EPSS
Exploits0
securityvulns
securityvulns
added 2006/03/08 12:0 a.m.94 views

[SA19147] bMail GBK Charsets SQL Injection Vulnerability

TITLE: bMail GBK Charsets SQL Injection Vulnerability SECUNIA ADVISORY ID: SA19147 VERIFY ADVISORY: http://secunia.com/advisories/19147/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: bMail 9.x http://secunia.com/product/8584/ DESCRIPTION: A vulnerability...

1AI score
Exploits0
securityvulns
securityvulns
added 2006/02/20 12:0 a.m.94 views

Coppermine Photo Gallery <=1.4.3 remote code execution

Coppermine Photo Gallery = 1.4.3 arbitrary local/remote inclusion: --------- - 18/02/2006 5.09.55 ----------------------------------------------------------- -------------------------------------------------------------------------------- software: site: http://coppermine-gallery.net/index.php...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/02/14 12:0 a.m.94 views

XSS vulnerability in guestbook-php-script

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------- SySS-Advisory: XSS-vulnerability in guestbook-php-script - ------------------------------------------------------------------- Problem discovered: February 3d 2006 Vendor contacted:...

7AI score
Exploits0
securityvulns
securityvulns
added 2005/12/20 12:0 a.m.94 views

PHPGedView <= 3.3.7 remote code execution

--- PHPGedView = 3.3.7 Arbitrary local/remote code execution & php injection --- software: site: http://www.phpgedview.net/ description: "PhpGedView is a revolutionary genealogy program which allows you to view and edit your genealogy on your website." - vulnerabilties:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/12/02 12:0 a.m.94 views

JSE XSS vuln.

JSE XSS vuln. Vuln. dicovered by : r0t Date: 2 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/jse-xss-vuln.html Vendor:http://www.me.lv/jse/index.html affected version:0.9.34 Product Description: Java Search Engine is a server-side search engine program for web sites. Search engin...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/04/21 12:0 a.m.94 views

Annuaire Netref v4.2 [ fwrite php ] vulnerability

Software: annuaire netref version : 4.2 url : http://www.netref.net Risk factor : critical Vendor has been contacted Description: ----------- Netref is a PHP/MySQL-based directory script that supports an unlimited number of categories and links. Many fonctions to manage the links : Fast search...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2005/03/07 12:0 a.m.94 views

wfsections 1.07 advisory

Program: wfsections Verion: 1.07 Bug Type: SQL Injection Bug Discription: ================================= In file class/wfsfiles.php, we can see this function: //START function getAllbyArticle$articleid $db =& Database::getInstance; $table = $db-prefix"wfsfiles"; $ret = array; $sql = "SELECT FR...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2005/02/08 12:0 a.m.94 views

Microsoft Security Bulletin MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

Microsoft Security Bulletin MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution 890047 Issued: February 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...

10CVSS0.7AI score0.6349EPSS
Exploits2
securityvulns
securityvulns
added 2004/10/22 12:0 a.m.94 views

Denial of service in LANDesk 8

When connected to a remote machine with LANDesk version 8, and someone connects with, or even telnets to the port of, Remote Desktop 3389, the machine bluescreens, dumps memory, and reboots immediately. I've tested with: Windows 2000 Server, Advanced server SP4 and up Windows 2003 Server Windows ...

3.4AI score
Exploits0
securityvulns
securityvulns
added 2004/09/27 12:0 a.m.94 views

[VulnWatch] OpenBSD radius authentication vulnerability

Title: OpenBSD radius authentication vulnerability Summary: Authentication can be bypassed when radius-authentication is used on OpenBSD. Impact: Unauthorized access to the system Software: OpenBSD 3.2 and OpenBSD 3.5 confirmed vulnerable. Workarounds: 1 Place the Radius server on an isolated lan...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2004/08/13 12:0 a.m.94 views

advisory

.:: Security Advisory ::. by unl0ck team http://web-hack.ru/unl0ck | | | |/ | | || |/| || | | | || | | | | | | | | Advisory: 2 by unl0ck team Bug: format string and buffer overflow sybase Product: vpopmail = 5.4.2 sybase vulnerability Author: Werro [email protected] Realease Date : 12/08/04 Risk: Low...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2004/04/30 12:0 a.m.94 views

Sambar security quest

This issue is old originally discovered in January, 2003 published by iDefense1 and fixed by Vendor2 in September, 2003 but still interesting if you tired of endless crossite scriptings, buffer overflows and SQL injections and would like to play security game. Intro: Probably you heard about...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2004/03/24 12:0 a.m.94 views

phpBB profile.php Cross Site Scripting Vulnerability

Advisory Name : phpBB profile.php Cross Site Scripting Vulnerability Release Date : Mar 21,2004 Application : phpBB Version : phpBB 2.0.6d or others? Platform : PHP Vendor URL : http://www.phpbb.com/ Author : Cheng Peng Suapplesoupatmsn.com Proof of Conecpt: This vuln is in profile.php,when you...

Exploits0
securityvulns
securityvulns
added 2004/01/16 12:0 a.m.94 views

XSS end execution commands in Destinyd 1.4

has found: x64rst email: [email protected] XSS end execution commands in Destinyd 1.4 // Destinyd-Book v1.4, Guestbook by Martijn // http://www.destinyd.com // The Destiny group script write.php does not filter array,as a result possible form code which contains php, java script...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2003/07/04 12:0 a.m.94 views

[Full-Disclosure] Vulnerability in CCBill script

Recently there are many hacking attempts attacking E-commerce site that use CCBILL to precess credit cards. Some of my clients sites are hacked and defaced by this vulnerability. In the Incidents List, some people already mention about it. I just take a look at the actual problem and figure out...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/06/13 12:0 a.m.94 views

[EXPL] Exploit Code Released for diagrpt Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2003/04/25 12:0 a.m.94 views

An Implementation of a Birthday Attack in a DNS Spoofing

An Implementation of a Birthday Attack in a DNS Spoofing. By Ramon Izaguirre. 0.- Introduction, In november 2002 Vagner Sacramento discovered that a dns server would reply with n responses to n queries made from different ip addresses for the same domain...

Exploits0
securityvulns
securityvulns
added 2003/01/09 12:0 a.m.94 views

IMP 2.x SQL injection vulnerabilities

IMP is a popular webmail package written in PHP. It ships with some UNIX systems and is also used on Windows servers. The version 2 of the program contains some SQL injection flaws which allow any remote user to access the webmail system's database. Valid user authentication is not required in...

Exploits0
securityvulns
securityvulns
added 2002/06/28 12:0 a.m.94 views

Cluestick Advisory #001

Cluestick Advisory 001 June 27, the year of our Lord 2002 Surreal "Unauthenticated remote hyper-annoying denial of service with a side of server reboot, using IManage. Netware 6.0 and NW6 SP1." OK, I may possibly ramble a bit, but is that any reason to SHUN a body? It's been 30 to 45 days, and I'...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/10/27 12:0 a.m.94 views

another fatal bug in NT/2000 "Command Prompt" I/O

Recent messages on the comp.lang.c and allegedly comp.os.ms-windows.programmer.win32 have documented various short programs which cause Windows NT4 and 2000 to crash and reboot by writing certain strings to stdout. The following is one example of such a program: include stdio.h int mainvoid while...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2001/08/22 12:0 a.m.94 views

BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

-- iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000 Advisory -- BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability Problem discovered: 22/08/2001 -- Overview -- BadBlue http://badblue.com/ is a tiny, free download that lets you share files, search...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/08/17 12:0 a.m.94 views

Уязвимости Arkeia Backup (weak encryption)

Весь протокол обмена трафиком между клиентом и сервером не зашифрован. Используются стандартные DES-пароли...

2AI score
Exploits0References1
securityvulns
securityvulns
added 2001/07/13 12:0 a.m.94 views

Уязвимость ActiveX в Microsoft Outlook (code execution)

ActiveX компонент управляющий всей работой Outlook помечен как безопасный, что позволяет использовать его в Internet-страницах и письмах...

1.3AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities5000