Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2005/11/08 12:0 a.m.95 views

[UNIX] MagpieRSS Remote Command Execution

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

2.4AI score
Exploits0
securityvulns
securityvulns
added 2005/06/30 12:0 a.m.95 views

[EXPL] phpBB Remote PHP Code Execution (viewtopic.php 2)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Exploits0
securityvulns
securityvulns
added 2005/03/07 12:0 a.m.95 views

wfsections 1.07 advisory

Program: wfsections Verion: 1.07 Bug Type: SQL Injection Bug Discription: ================================= In file class/wfsfiles.php, we can see this function: //START function getAllbyArticle$articleid $db =& Database::getInstance; $table = $db-prefix"wfsfiles"; $ret = array; $sql = "SELECT FR...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2004/10/22 12:0 a.m.95 views

Denial of service in LANDesk 8

When connected to a remote machine with LANDesk version 8, and someone connects with, or even telnets to the port of, Remote Desktop 3389, the machine bluescreens, dumps memory, and reboots immediately. I've tested with: Windows 2000 Server, Advanced server SP4 and up Windows 2003 Server Windows ...

3.4AI score
Exploits0
securityvulns
securityvulns
added 2004/09/27 12:0 a.m.95 views

[VulnWatch] OpenBSD radius authentication vulnerability

Title: OpenBSD radius authentication vulnerability Summary: Authentication can be bypassed when radius-authentication is used on OpenBSD. Impact: Unauthorized access to the system Software: OpenBSD 3.2 and OpenBSD 3.5 confirmed vulnerable. Workarounds: 1 Place the Radius server on an isolated lan...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2004/08/13 12:0 a.m.95 views

advisory

.:: Security Advisory ::. by unl0ck team http://web-hack.ru/unl0ck | | | |/ | | || |/| || | | | || | | | | | | | | Advisory: 2 by unl0ck team Bug: format string and buffer overflow sybase Product: vpopmail = 5.4.2 sybase vulnerability Author: Werro [email protected] Realease Date : 12/08/04 Risk: Low...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2004/04/30 12:0 a.m.95 views

Sambar security quest

This issue is old originally discovered in January, 2003 published by iDefense1 and fixed by Vendor2 in September, 2003 but still interesting if you tired of endless crossite scriptings, buffer overflows and SQL injections and would like to play security game. Intro: Probably you heard about...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2003/07/04 12:0 a.m.95 views

[Full-Disclosure] Vulnerability in CCBill script

Recently there are many hacking attempts attacking E-commerce site that use CCBILL to precess credit cards. Some of my clients sites are hacked and defaced by this vulnerability. In the Incidents List, some people already mention about it. I just take a look at the actual problem and figure out...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/06/13 12:0 a.m.95 views

[EXPL] Exploit Code Released for diagrpt Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2003/04/25 12:0 a.m.95 views

An Implementation of a Birthday Attack in a DNS Spoofing

An Implementation of a Birthday Attack in a DNS Spoofing. By Ramon Izaguirre. 0.- Introduction, In november 2002 Vagner Sacramento discovered that a dns server would reply with n responses to n queries made from different ip addresses for the same domain...

Exploits0
securityvulns
securityvulns
added 2002/06/28 12:0 a.m.95 views

Cluestick Advisory #001

Cluestick Advisory 001 June 27, the year of our Lord 2002 Surreal "Unauthenticated remote hyper-annoying denial of service with a side of server reboot, using IManage. Netware 6.0 and NW6 SP1." OK, I may possibly ramble a bit, but is that any reason to SHUN a body? It's been 30 to 45 days, and I'...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/03/01 12:0 a.m.95 views

nCipher Security Advisory #2: SNMP vulnerabilities

SUMMARY ======= SNMP agents supplied by nCipher, as well as those required to run other nCipher SNMP aupport software, could be vulnerable to buffer overflow attacks including denial of service and privilege elevation. BACKGROUND ========== nCipher supplies a range of Hardware Security Modules HS...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2001/10/27 12:0 a.m.95 views

another fatal bug in NT/2000 "Command Prompt" I/O

Recent messages on the comp.lang.c and allegedly comp.os.ms-windows.programmer.win32 have documented various short programs which cause Windows NT4 and 2000 to crash and reboot by writing certain strings to stdout. The following is one example of such a program: include stdio.h int mainvoid while...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2001/09/27 12:0 a.m.95 views

Vulnerabilities in QVT/Term

-----BEGIN PGP SIGNED MESSAGE----- Vulnerabilities in QVT/Term Overview QVT/Term v5.0 is a suite of Internet tools available from http://www.qpc.com/. Two vulnerabilities exist in the FTP daemon. The first allows a remote user to list the files outside the ftp root. The second allows a remote use...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/08/22 12:0 a.m.95 views

BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

-- iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000 Advisory -- BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability Problem discovered: 22/08/2001 -- Overview -- BadBlue http://badblue.com/ is a tiny, free download that lets you share files, search...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/03/31 12:0 a.m.95 views

Advisory CA-2001-05

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2001-05 Exploitation of snmpXdmid Original release date: March 30, 2001 Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Any machine running Solaris 2.6, 7, or 8 with snmpXdmid installed and...

Exploits0
securityvulns
securityvulns
added 2000/06/28 12:0 a.m.95 views

Дырки в WinProxy

При неполный GET-запрос приводит к отказу в обслуживании. Имеются переполнения буфера, позволяющие выполнение кода...

0.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/05/12 12:0 a.m.95 views

Overflow in Outlook Express 4.* - too long filenames with graphic format extension

==== APPLICATION AFFECTED Outlook Express 4. 5. is not affected ==== DESCRIPTION All attached graphic files are automatically shown in the Outlook Express while viewing the e-mail. The problem is that long filenames with .jpg .bmp extension makes overflow if filename lenght is longer then 256...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2000/04/26 12:0 a.m.95 views

Two Problems in IMP 2

Crimelabs, Inc. www.crimelabs.com Security Advisory Crimelabs Security Advisory CLABS200003 Title: IMP/MSWordView /tmp Problems Date: 22 April, 2000 Application: IMP with MSWordView Platform: Any supported by IMP, MSWordView Severity: Moderate -- anyone can view Word document attachments processe...

7AI score
Exploits0
securityvulns
securityvulns
added 2000/03/01 12:0 a.m.95 views

SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application

Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, I am not liable for any damages caused by direct or indirect use of the information or functionality provided by this advisory. I bear NO responsibility for...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.94 views

Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected ema...

7.5CVSS4.3AI score0.03371EPSS
Exploits1
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.94 views

Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin

Vulnerability title: Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin CVE: CVE-2015-7666 Vendor: WordPress DWBooster Product: Payment Form for PayPal Pro Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Iberia Medeiros Vulnerability Details:...

4.3CVSS0.6AI score0.01776EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.94 views

CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin

Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 Pending CVSS: 6.3 Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N CWE: CWE-22 Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read...

4CVSS0.6AI score0.05003EPSS
Exploits3
securityvulns
securityvulns
added 2015/05/10 12:0 a.m.94 views

APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 are now available and address the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite...

6.8CVSS0.6AI score0.10946EPSS
Exploits2
securityvulns
securityvulns
added 2015/04/13 12:0 a.m.94 views

Apple Mac OS X multiple security vulnerabilities

80 different vulnerabilities...

10CVSS2.1AI score0.98685EPSS
Exploits59References2Affected Software1
securityvulns
securityvulns
added 2015/03/18 12:0 a.m.94 views

[USN-2536-1] libXfont vulnerabilities

========================================================================== Ubuntu Security Notice USN-2536-1 March 18, 2015 libxfont vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

8.5CVSS0.4AI score0.04923EPSS
Exploits0
securityvulns
securityvulns
added 2015/03/15 12:0 a.m.94 views

[USN-2530-1] Linux kernel vulnerability

========================================================================== Ubuntu Security Notice USN-2530-1 March 12, 2015 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

6.9CVSS0.8AI score0.00441EPSS
Exploits0
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.94 views

APPLE-SA-2015-01-27-1 Apple TV 7.0.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-1 Apple TV 7.0.3 Apple TV 7.0.3 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem...

10CVSS0.2AI score0.19725EPSS
Exploits1
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.94 views

Microweber 0.95 - SQL Injection Vulnerability

Exploit Title: Microweber 0.95 - SQL Injection Vulnerability Vendor: https://microweber.com/ Download link: https://microweber.com/download https://github.com/microweber/microweber CVE ID: CVE-2014-9464 Vulnerability: SQL Injection Affected version: Version 0.95 before 12/09/2014. Fixed version:...

7.5CVSS0.1AI score0.02082EPSS
Exploits5
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.94 views

[ MDVSA-2014:233 ] wordpress

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:233 http://www.mandriva.com/en/support/security/ Package : wordpress Date : November 27, 2014 Affected: Business Server 1.0 Problem Description: Updated wordpress package fixes security vulnerabilities: XSS ...

6.8CVSS6AI score0.83162EPSS
Exploits8
securityvulns
securityvulns
added 2014/11/03 12:0 a.m.94 views

Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities

Document Title: =============== Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1341 Release Date: ============= 2014-10-14 Vulnerability Laboratory ID VL-ID: ====================================...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.94 views

XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress

Hello 3APA3A! These are Cross-Site Scripting, Full path disclosure and OS Commanding vulnerabilities in plugin DZS Video Gallery for WordPress. Earlier I've disclosed Content Spoofing and Cross-Site Scripting vulnerabilities in this plugin http://securityvulns.ru/docs30871.html...

Exploits0
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.94 views

[SECURITY] [DSA 3007-1] cacti security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3007-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 20, 2014 http://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.10773EPSS
Exploits3
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.94 views

APPLE-SA-2014-06-30-3 iOS 7.1.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: Update to the certificate trust policy...

10CVSS0.2AI score0.04317EPSS
Exploits0
securityvulns
securityvulns
added 2014/07/21 12:0 a.m.94 views

[SECURITY] [DSA 2979-1] fail2ban security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2979-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 17, 2014 http://www.debian.org/security/faq -...

5CVSS2.1AI score0.03235EPSS
Exploits2
securityvulns
securityvulns
added 2014/07/21 12:0 a.m.94 views

SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-2 ======================================================================= title: Multiple vulnerabilities product: Citrix NetScaler Application Delivery Controller Citrix NetScaler Gateway...

5CVSS6.2AI score0.01722EPSS
Exploits2
securityvulns
securityvulns
added 2014/06/19 12:0 a.m.94 views

[oss-security] CVE request for vulnerability in OpenStack Neutron

A vulnerability was discovered in OpenStack see below. In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Neutron L3-agent DoS through IPv6 subnet Reporter:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/06/19 12:0 a.m.94 views

[USN-2247-1] OpenStack Nova vulnerabilities

========================================================================== Ubuntu Security Notice USN-2247-1 June 17, 2014 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

7.1CVSS1AI score0.02159EPSS
Exploits2
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.94 views

python-PGP code execution

Shell injections...

7.5CVSS2.1AI score0.02851EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns
added 2014/05/07 12:0 a.m.94 views

[USN-2206-1] OpenStack Horizon vulnerability

========================================================================== Ubuntu Security Notice USN-2206-1 May 06, 2014 horizon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

4.3CVSS0.5AI score0.01216EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.94 views

Multiple Vulnerabilities in SeedDMS < = 4.3.3

Product description: ============ SeedDMS is the continuation of LetoDMS because it has lost its main developer. SeedDMS is an easy to use but powerful Open Source Document Management System. http://www.seeddms.org/index.php?id=2 ============ SeedDMS Unprivileged User Remote Code Execution...

6.4CVSS6.7AI score0.05205EPSS
Exploits4
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.94 views

[ MDVSA-2014:062 ] webmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:062 http://www.mandriva.com/en/support/security/ Package : webmin Date : March 17, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities was discovered and...

6.8CVSS7.4AI score0.61925EPSS
Exploits13
securityvulns
securityvulns
added 2014/02/01 12:0 a.m.94 views

[SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service

Hello All, Those concerned about security of Java PaaS Platform as a Service or cloud services in general might find the following information interesting. Security Explorations discovered multiple security vulnerabilities in the environment of Oracle 1 Java Cloud Service 2. Among a total of 28...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2014/01/29 12:0 a.m.94 views

APPLE-SA-2014-01-22-1 iTunes 11.1.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-01-22-1 iTunes 11.1.4 iTunes 11.1.4 is now available and addresses the following: iTunes Available for: Mac OS X v10.6.8 or later, Windows 8, Windows 7, Vista, XP SP2 or later Impact: An attacker with a privileged network position may...

7.5CVSS0.4AI score0.11999EPSS
Exploits1
securityvulns
securityvulns
added 2014/01/09 12:0 a.m.94 views

SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection

SEC Consult Vulnerability Lab Security Advisory 20131227-0 ======================================================================= title: XPath Injection product: IBM Web Content Manager WCM vulnerable version: 6.x, 7.x, 8.x fixed version: - impact: high homepage: http://www.ibm.com/ found:...

5CVSS6.5AI score0.03599EPSS
Exploits2
securityvulns
securityvulns
added 2013/12/23 12:0 a.m.94 views

[USN-2059-1] GnuPG vulnerability

========================================================================== Ubuntu Security Notice USN-2059-1 December 18, 2013 gnupg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

2.1CVSS0.2AI score0.00451EPSS
Exploits0
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.94 views

[SECURITY] [DSA 2811-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2811-1 [email protected] http://www.debian.org/security/ Michael Gilbert December 07, 2013 http://www.debian.org/security/faq -...

7.5CVSS0.4AI score0.01949EPSS
Exploits0
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.94 views

[ MDVSA-2013:246 ] openjpa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:246 http://www.mandriva.com/en/support/security/ Package : openjpa Date : October 7, 2013 Affected: Business Server 1.0 Problem Description: Updated openjpa packages fix security vulnerability: The...

7.5CVSS8.8AI score0.09511EPSS
Exploits0
securityvulns
securityvulns
added 2013/10/01 12:0 a.m.94 views

APPLE-SA-2013-09-26-1 iOS 7.0.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-26-1 iOS 7.0.2 iOS 7.0.2 is now available and addresses the following: Passcode Lock Available for: iPhone 4 and later Impact: A person with physical access to the device may be able to make calls to any number Description: A NULL...

4.4CVSS0.2AI score0.00342EPSS
Exploits2
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.94 views

[PSA-2013-0903-1] Apple Safari Heap Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0903-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Apple...

5.1CVSS0.4AI score0.14415EPSS
Exploits3
Total number of security vulnerabilities5000