Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2006/07/24 12:0 a.m.94 views

Calendar Module <= 1.5.7 Remote File Include Vulnerabilities

--------------------------------------------------------------------------------- Calendar Module = 1.5.7 Remote File Include Vulnerabilities --------------------------------------------------------------------------------- Author : Matdhule Contact : [email protected] Application : Calendar...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/05/03 12:0 a.m.94 views

MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution.

.oOOo. MySQL COMTABLEDUMP .oOOo. Information Leakage and Arbitrary command execution ============================== - Summary: MySQL Server has an information leakage flaw, if a malicious client sends a specific forged packet. Moreover some particular input can crash the server by overwriting the...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/03/08 12:0 a.m.94 views

[SA19147] bMail GBK Charsets SQL Injection Vulnerability

TITLE: bMail GBK Charsets SQL Injection Vulnerability SECUNIA ADVISORY ID: SA19147 VERIFY ADVISORY: http://secunia.com/advisories/19147/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: bMail 9.x http://secunia.com/product/8584/ DESCRIPTION: A vulnerability...

1AI score
Exploits0
securityvulns
securityvulns
added 2006/02/14 12:0 a.m.94 views

XSS vulnerability in guestbook-php-script

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------- SySS-Advisory: XSS-vulnerability in guestbook-php-script - ------------------------------------------------------------------- Problem discovered: February 3d 2006 Vendor contacted:...

7AI score
Exploits0
securityvulns
securityvulns
added 2005/12/02 12:0 a.m.94 views

JSE XSS vuln.

JSE XSS vuln. Vuln. dicovered by : r0t Date: 2 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/jse-xss-vuln.html Vendor:http://www.me.lv/jse/index.html affected version:0.9.34 Product Description: Java Search Engine is a server-side search engine program for web sites. Search engin...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/04/21 12:0 a.m.94 views

Annuaire Netref v4.2 [ fwrite php ] vulnerability

Software: annuaire netref version : 4.2 url : http://www.netref.net Risk factor : critical Vendor has been contacted Description: ----------- Netref is a PHP/MySQL-based directory script that supports an unlimited number of categories and links. Many fonctions to manage the links : Fast search...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2005/02/08 12:0 a.m.94 views

Microsoft Security Bulletin MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

Microsoft Security Bulletin MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution 890047 Issued: February 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...

10CVSS0.7AI score0.6349EPSS
Exploits2
securityvulns
securityvulns
added 2003/07/04 12:0 a.m.94 views

[Full-Disclosure] Vulnerability in CCBill script

Recently there are many hacking attempts attacking E-commerce site that use CCBILL to precess credit cards. Some of my clients sites are hacked and defaced by this vulnerability. In the Incidents List, some people already mention about it. I just take a look at the actual problem and figure out...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/06/13 12:0 a.m.94 views

[EXPL] Exploit Code Released for diagrpt Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2001/10/27 12:0 a.m.94 views

another fatal bug in NT/2000 "Command Prompt" I/O

Recent messages on the comp.lang.c and allegedly comp.os.ms-windows.programmer.win32 have documented various short programs which cause Windows NT4 and 2000 to crash and reboot by writing certain strings to stdout. The following is one example of such a program: include stdio.h int mainvoid while...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2001/09/27 12:0 a.m.94 views

Vulnerabilities in QVT/Term

-----BEGIN PGP SIGNED MESSAGE----- Vulnerabilities in QVT/Term Overview QVT/Term v5.0 is a suite of Internet tools available from http://www.qpc.com/. Two vulnerabilities exist in the FTP daemon. The first allows a remote user to list the files outside the ftp root. The second allows a remote use...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/08/22 12:0 a.m.94 views

BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability

-- iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000 Advisory -- BadBlue v1.02 beta for Windows 98, ME and 2000 .php Source Code Disclosure Vulnerability Problem discovered: 22/08/2001 -- Overview -- BadBlue http://badblue.com/ is a tiny, free download that lets you share files, search...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/08/17 12:0 a.m.94 views

Уязвимости Arkeia Backup (weak encryption)

Весь протокол обмена трафиком между клиентом и сервером не зашифрован. Используются стандартные DES-пароли...

2AI score
Exploits0References1
securityvulns
securityvulns
added 2001/07/13 12:0 a.m.94 views

Уязвимость ActiveX в Microsoft Outlook (code execution)

ActiveX компонент управляющий всей работой Outlook помечен как безопасный, что позволяет использовать его в Internet-страницах и письмах...

1.3AI score
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2000/05/12 12:0 a.m.94 views

Overflow in Outlook Express 4.* - too long filenames with graphic format extension

==== APPLICATION AFFECTED Outlook Express 4. 5. is not affected ==== DESCRIPTION All attached graphic files are automatically shown in the Outlook Express while viewing the e-mail. The problem is that long filenames with .jpg .bmp extension makes overflow if filename lenght is longer then 256...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2000/04/26 12:0 a.m.94 views

Two Problems in IMP 2

Crimelabs, Inc. www.crimelabs.com Security Advisory Crimelabs Security Advisory CLABS200003 Title: IMP/MSWordView /tmp Problems Date: 22 April, 2000 Application: IMP with MSWordView Platform: Any supported by IMP, MSWordView Severity: Moderate -- anyone can view Word document attachments processe...

7AI score
Exploits0
securityvulns
securityvulns
added 2000/03/01 12:0 a.m.94 views

SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application

Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, I am not liable for any damages caused by direct or indirect use of the information or functionality provided by this advisory. I bear NO responsibility for...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.93 views

CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin

Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 Pending CVSS: 6.3 Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N CWE: CWE-22 Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read...

4CVSS0.6AI score0.05003EPSS
Exploits3
securityvulns
securityvulns
added 2015/06/21 12:0 a.m.93 views

[RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager

Advisory: SQL Injection in TYPO3 Extension Akronymmanager An SQL injection vulnerability in the TYPO3 extension "Akronymmanager" allows authenticated attackers to inject SQL statements and thereby read data from the TYPO3 database. Details ======= Product: sbakronymmanager Affected Versions: =0.5...

6CVSS7.8AI score0.03157EPSS
Exploits5
securityvulns
securityvulns
added 2015/06/21 12:0 a.m.93 views

Linux kernel security vulnerabilities

DoS, privilege escalations...

7.2CVSS3AI score0.37679EPSS
Exploits32References4
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.93 views

Instant v2.0 SQL Injection Vulnerability

========================================================================================== Instant v2.0 SQL Injection Vulnerability ==========================================================================================...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/04/13 12:0 a.m.93 views

Apple Mac OS X multiple security vulnerabilities

80 different vulnerabilities...

10CVSS2.1AI score0.98685EPSS
Exploits59References2Affected Software1
securityvulns
securityvulns
added 2015/03/07 12:0 a.m.93 views

[USN-2511-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2511-1 February 26, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.2CVSS0.6AI score0.00465EPSS
Exploits0
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.93 views

Microweber 0.95 - SQL Injection Vulnerability

Exploit Title: Microweber 0.95 - SQL Injection Vulnerability Vendor: https://microweber.com/ Download link: https://microweber.com/download https://github.com/microweber/microweber CVE ID: CVE-2014-9464 Vulnerability: SQL Injection Affected version: Version 0.95 before 12/09/2014. Fixed version:...

7.5CVSS0.1AI score0.02082EPSS
Exploits5
securityvulns
securityvulns
added 2014/10/05 12:0 a.m.93 views

Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities

Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities Release Date: 02-Oct-2014 Software: Ultra Electronics - Series A...

Exploits0
securityvulns
securityvulns
added 2014/09/21 12:0 a.m.93 views

APPLE-SA-2014-09-17-5 OS X Server 3.2.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-5 OS X Server 3.2.1 OS X Server 3.2.1 is now available and addresses the following: CoreCollaboration Available for: OS X Mavericks v10.9.5 or later Impact: A remote attacker may be able to execute arbitrary SQL queries Description...

7.5CVSS0.6AI score0.06666EPSS
Exploits5
securityvulns
securityvulns
added 2014/09/21 12:0 a.m.93 views

Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity XXE Flaw Release Date: 2014-09-17 Application: Apple iOS...

5CVSS7.2AI score0.0219EPSS
Exploits0
securityvulns
securityvulns
added 2014/09/15 12:0 a.m.93 views

apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error

Title: Client-based DoS for Apache Tomcat on sending cookie with value out of 0x80 - 0xff scope. Author: Elar Lang @elarlang https://www.linkedin.com/in/elarlang Date: 02. January 2014 / 05. September 2014 Vendor: Apache Product: Tomcat Affected versions at least: 7.0.26 7.0.39 7.0.40 Timeline: 1...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.93 views

[USN-2316-1] Subversion vulnerabilities

========================================================================== Ubuntu Security Notice USN-2316-1 August 14, 2014 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

4.3CVSS1.2AI score0.11052EPSS
Exploits0
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.93 views

APPLE-SA-2014-06-30-3 iOS 7.1.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: Update to the certificate trust policy...

10CVSS0.2AI score0.04317EPSS
Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.93 views

[RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script

Advisory: SQL Injection in webEdition CMS File Browser RedTeam Pentesting discovered an SQL injection vulnerability in the file browser component of webEdition CMS during a penetration test. Unauthenticated attackers can get read-only access on the SQL database used by webEdition and read for...

7.5CVSS7.2AI score0.0257EPSS
Exploits2
securityvulns
securityvulns
added 2014/05/30 12:0 a.m.93 views

[ MDVSA-2014:087 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:087 http://www.mandriva.com/en/support/security/ Package : php Date : May 15, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in php: PHP FPM in PHP...

7.2CVSS7.6AI score0.00505EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/07 12:0 a.m.93 views

[USN-2206-1] OpenStack Horizon vulnerability

========================================================================== Ubuntu Security Notice USN-2206-1 May 06, 2014 horizon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

4.3CVSS0.5AI score0.01206EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.93 views

Multiple Vulnerabilities in SeedDMS < = 4.3.3

Product description: ============ SeedDMS is the continuation of LetoDMS because it has lost its main developer. SeedDMS is an easy to use but powerful Open Source Document Management System. http://www.seeddms.org/index.php?id=2 ============ SeedDMS Unprivileged User Remote Code Execution...

6.4CVSS6.7AI score0.05205EPSS
Exploits4
securityvulns
securityvulns
added 2013/12/23 12:0 a.m.93 views

[USN-2059-1] GnuPG vulnerability

========================================================================== Ubuntu Security Notice USN-2059-1 December 18, 2013 gnupg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

2.1CVSS0.2AI score0.00451EPSS
Exploits0
securityvulns
securityvulns
added 2013/11/26 12:0 a.m.93 views

ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities

ESA-2013-077.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities EMC Identifier: ESA-2013-077 CVE Identifier: CVE-2013-3288, CVE-2009-3555 Severity Rating: See below for individual scores and refer to vendor advisories for...

5.8CVSS0.8AI score0.87264EPSS
Exploits14
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.93 views

[ MDVSA-2013:246 ] openjpa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:246 http://www.mandriva.com/en/support/security/ Package : openjpa Date : October 7, 2013 Affected: Business Server 1.0 Problem Description: Updated openjpa packages fix security vulnerability: The...

7.5CVSS8.8AI score0.09511EPSS
Exploits0
securityvulns
securityvulns
added 2013/10/01 12:0 a.m.93 views

APPLE-SA-2013-09-26-1 iOS 7.0.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-26-1 iOS 7.0.2 iOS 7.0.2 is now available and addresses the following: Passcode Lock Available for: iPhone 4 and later Impact: A person with physical access to the device may be able to make calls to any number Description: A NULL...

4.4CVSS0.2AI score0.00342EPSS
Exploits2
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.93 views

[PSA-2013-0903-1] Apple Safari Heap Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0903-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Apple...

5.1CVSS0.4AI score0.14415EPSS
Exploits3
securityvulns
securityvulns
added 2013/08/28 12:0 a.m.93 views

CVE-2013-4124 samba nttrans dos private exploit

Hi Forks! It's my samba private exploit and article of it. the security bug occurs while nttrans reply in samba daemon source code tree. the remote dos exploit that i copied from another nttrans exploit in 2003. and can't test it yet, check it out! CVE-2013-4124 samba dos private exploit: -...

5CVSS0.5AI score0.69008EPSS
Exploits7
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.93 views

[security bulletin] HPSBMU02870 SSRT101012 rev.2 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03747342 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03747342 Version: 2 HPSBMU02870...

7.5CVSS0.9AI score0.03672EPSS
Exploits0
securityvulns
securityvulns
added 2013/06/17 12:0 a.m.93 views

[USN-1878-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1878-1 June 14, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

4.9CVSS6.2AI score0.00732EPSS
Exploits7
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.93 views

DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities

Title ----- DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities Severity -------- High Date Discovered --------------- March 19, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Dennis Lavrinenko, Bobby Lockett, and r@b13$ 1. Actuate...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.93 views

Multiple buffer overflows on Huawei SNMPv3 service

Multiple buffer overflows on Huawei SNMPv3 service ================================================== ADVISORY INFORMATION Title: Multiple buffer overflows on Huawei SNMPv3 service Discovery date: 11/02/2013 Release date: 06/05/2013 Credits: Roberto Paleari [email protected], @rpaleari...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.93 views

SEC Consult SA-20130417-1 :: Java ActiveX Control Memory Corruption

SEC Consult Vulnerability Lab Security Advisory 20130417-1 ======================================================================= title: Java ActiveX Control Memory Corruption product: JavaTM Web Start Launcher vulnerable version: Sun Java Version 7 Update 17 and before Sun Java Version 6 Update...

5CVSS0.1AI score0.22753EPSS
Exploits5
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.93 views

[slackware-security] curl (SSA:2013-038-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security curl SSA:2013-038-01 New curl packages are available for Slackware 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...

7.5CVSS8.3AI score0.22913EPSS
Exploits6
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.93 views

Aastra IP Telephone encrypted .tuz configuration file leakage

Aastra IP telephone encrypted .tuz configuration file leakage ------------------------------------------------------------- Affected products ================= Aastra 6753i IP Telephone Firmware Version 3.2.2.56 Firmware Release Code SIP Boot Version 2.5.2.1010 Background ========== "The 6753i fr...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2012/12/10 12:0 a.m.93 views

NGS000241 Technical Advisory: SysAid Helpdesk Pro Blind SQL Injection

======= Summary ======= Name: SysAid Helpdesk Pro - Blind SQL Injection Release Date: 30 November 2012 Reference: NGS00241 Discoverer: Daniel Compton [email protected] Vendor: SysAid Vendor Reference: Systems Affected: SysAid Helpdesk 8.5 Pro Risk: High Status: Published ========...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2012/12/02 12:0 a.m.93 views

Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities

Over 90 vulnerabilities in different applications are fixed by quarterly update...

10CVSS2.4AI score0.59413EPSS
Exploits17References17Affected Software20
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.93 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.10456EPSS
Exploits9References15Affected Software12
Total number of security vulnerabilities5000