Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2008/02/12 12:0 a.m.93 views

Microsoft Security Bulletin MS08-006 – Important Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)

Microsoft Security Bulletin MS08-006 – Important Vulnerability in Internet Information Services Could Allow Remote Code Execution 942830 Published: February 12, 2008 Version: 1.0 General Information Executive Summary This important update resolves a privately reported vulnerability in Internet...

10CVSS1.3AI score0.57167EPSS
Exploits1
securityvulns
securityvulns
added 2008/02/10 12:0 a.m.93 views

Mozilla Foundation Security Advisory 2008-06

Mozilla Foundation Security Advisory 2008-06 Title: Web browsing history and forward navigation stealing Impact: Critical Announced: February 7, 2008 Reporter: David Bloom Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 SeaMonkey 1.1.8 Description Mozilla contributor David...

9.3CVSS9.6AI score0.03796EPSS
Exploits1
securityvulns
securityvulns
added 2008/01/06 12:0 a.m.93 views

[SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1449-1 [email protected] http://www.debian.org/security/ Steve Kemp January 05, 2008 http://www.debian.org/security/faq -...

6.9CVSS0.3AI score0.0044EPSS
Exploits0
securityvulns
securityvulns
added 2007/11/27 12:0 a.m.93 views

Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure

sorry, i've made a mistake! only the versions = 1.0.0 are veulnerable!...

2.7AI score
Exploits0
securityvulns
securityvulns
added 2007/10/26 12:0 a.m.93 views

Multi Host Forum Pro phpbb & ipb Multiple Sql Injection

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

1AI score
Exploits0
securityvulns
securityvulns
added 2007/10/23 12:0 a.m.93 views

Mozilla Foundation Security Advisory 2007-29

Mozilla Foundation Security Advisory 2007-29 Title: Crashes with evidence of memory corruption rv:1.8.1.8 Impact: Critical Announced: October 18, 2007 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.8 Thunderbird 2.0.0.8 SeaMonkey 1.1.5...

4.3CVSS1.4AI score0.0343EPSS
Exploits1
securityvulns
securityvulns
added 2007/10/20 12:0 a.m.93 views

S21SEC-038-en: Alcatel Omnivista 4760 Cross-Site Scripting

S21Sec Advisory - Title: Alcatel Omnivista 4760 Cross-Site Scripting ID: S21SEC-038-en Severity: Medium - History: 10.Jun.2007 Vulnerability discovered 20.Jun.2007 Vendor contacted 19.Oct.2007 Advisory released Authors: Juan de la Fuente Costa [email protected] Pablo Seijo Cajaraville...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/10/13 12:0 a.m.93 views

ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability

ZDI-07-057: Firebird processpacket Remote Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-057.html October 10, 2007 -- CVE ID: CVE-2007-4992 -- Affected Vendor: Firebird -- Affected Products: Firebird SQL 2.0.2 -- TippingPointTM IPS Customer Protection: TippingPoin...

10CVSS0.8AI score0.07691EPSS
Exploits0
securityvulns
securityvulns
added 2007/10/04 12:0 a.m.93 views

DRBGuestbook Remote XSS Vulnerability

Oo Title: DRBGuestbook Remote XSS Vulnerability Download: http://www.hotscripts.com/jump.php?listingid=67702&jumptype=1 Author: Gokhan Contact: [email protected] | KAF KAF KAF SIN SIN SIN KAFSIN KAFSIN KAF Vuln Code: index.php XSS:...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2007/08/18 12:0 a.m.93 views

iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Multiple Untrusted Search Path Vulnerabilities

IBM DB2 Universal Database Multiple Untrusted Search Path Vulnerabilities iDefense Security Advisory 08.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 16, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end...

6.9CVSS1.1AI score0.00361EPSS
Exploits1
securityvulns
securityvulns
added 2007/08/15 12:0 a.m.93 views

EEYE: VGX.DLL Compressed Content Heap Overflow Vulnerability

VGX.DLL Compressed Content Heap Overflow Vulnerability Release Date: August 14, 2007 Date Reported: October 24, 2006 Severity: High Code Execution Systems Affected: Internet Explorer 6 SP1 - Windows 2000 SP4 Internet Explorer 6 SP1 - Windows XP SP1 Internet Explorer 6 SP2 - Windows XP SP2 Interne...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2007/08/13 12:0 a.m.93 views

Best Top List Remote File Upload Vulnerability

Best Top List Remote File Upload Vulnerability ---------------------------------------------- Script : Best Top List Version : All Version Site : http://besttoplist.sourceforge.net Closed Founder : Rizgar Contact : [email protected] and irc.gigachat.net kurdhack Thanks : KHC, PH , ColdHackers...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/07/25 12:0 a.m.93 views

Remote Command Exec (FireFox 2.0.0.5 et al)

By: Nate McFeters nate dot mcfeters -at- gmail Billy BK Rios billy dot rios -at- gmail Tested in FireFox 2.0.0.5 and 3.0a6, Netscape Navigator 9, and Mozilla browser. NOTE These examples were created for WinXP SP2 with no external mail programs installed outlook, notes…etc. If you have an externa...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2007/06/11 12:0 a.m.93 views

[USN-470-1] Linux kernel vulnerabilities

=========================================================== Ubuntu Security Notice USN-470-1 June 08, 2007 linux-source-2.6.20 vulnerabilities CVE-2007-1353, CVE-2007-2451, CVE-2007-2453 =========================================================== A security issue affects the following Ubuntu...

5CVSS7.4AI score0.02098EPSS
Exploits0
securityvulns
securityvulns
added 2007/05/30 12:0 a.m.93 views

Apache httpd vulenrabilities

PSNC Security Team has got the pleasure to announce that, as a result of Apache httpd server ver. 1.3.x, 2.0.x and 2.2.x source code analysis, several vulnerabilities have been found that make it possible to perfom a DoS attack against the services and the system that the application is running o...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/05/07 12:0 a.m.93 views

safari's saved password at risk

I'd like to inform you that safari is prone to a vunlerability that allow a local user to steal safari's saved passwords by using some macosx componenets. More infos about this issue will be made available as soon as apple will provide a fix. I strongly recommend users remove all safari's saved...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2007/05/04 12:0 a.m.93 views

rPSA-2007-0090-1 gimp

rPath Security Advisory: 2007-0090-1 Published: 2007-05-03 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: gimp=/conary.rpath.com@rpl:devel//1/2.2.8-8.3-1 References: https://vulners.com/cve/CVE-2007-2356...

6.8CVSS6.7AI score0.15674EPSS
Exploits1
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.93 views

Net Side Content Management System

I see your future and your future is death. Sharingan ! -------------------------------------------------------------------------------------------------------------- Hi I'm sharingan and this is my vuln : script name : Net Side Content Management System 2 versions found both vulnerable | Version...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/03/11 12:0 a.m.93 views

Fıstıq Duyuru Scripti Remote Sql İnjection Exploit

Fstq Duyuru Scripti Remote Sql njection File : goster.asp Sql : -120union+all+select+0,kullaniciadi,sifre,3+from+admin Admin Name + Admin Pass Admin Menu: yoneticiii/default.asp Thanks : Ajann , Xoron , ApAci , ErNE , Uyuss , Eno7 , Thehacker , Enjexion .pl Exploit Code : !/usr/bin/perl Script...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.93 views

easy-content filemanager

easy-content filemanager Email: hackerbinhphuoc atyahoo dot com website: http://www.vnsecurity.com ------------------------------------- we can hack web use easy-content filemanager very easy we search with keyword: intitle: easy-content filemanager or inurl: filemanager/Default.asp and we can...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/01/04 12:0 a.m.93 views

Adobe reader plugin PDF files universal crossite scripting

By using URIs like http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere it's possible to execute code in context of any Web site where at least one PDF is stored. 2. By using "trigger action" in PDF document it's possible to execute code in context of the web page where...

7.5CVSS0.7AI score0.55677EPSS
Exploits6References3Affected Software1
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.93 views

Phpdebug 1.1.0 - Remote File Include by Firewall

====================================================================== Phpdebug 1.1.0 - Remote File Include by Firewall Application Affect: Phpdebug 1.1.0 Source Code: http://scripts.ringsworld.com/development-tools/phpdebug-v1.1.0.zip Code: includeonce"$debugClassLocation/debug.php"; ExPloit :...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.93 views

NuRems 1.0 Remote XSS/SQL Injection Exploit

From:Filistin,Lubnan,IraQ,Turkey NuRems 1.0 Remote XSS/SQL Injection Exploit XSS: form name=RequestForm action="http://x/sch1.asp" method="POST" select name="stcode" size=10 option value="XSS HERE"Alabama /select td align=center INPUT TYPE="submit" VALUE="Show cities..." /form /XSS SQL:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/10/13 12:0 a.m.93 views

phpBB Ajax Shoutbox <= 0.0.5 Remote File Include Vulnerability

Title: phpBB Ajax Shoutbox = 0.0.5 phpbbrootpath Remote File Inclusion Author/Discovery: boecke Vulnerability Type: Remote File Inclusion Risk: High Risk Software Affected: phpBB Ajax Shoutbox = 0.0.5 Release Source: http://usuarios.lycos.es/kinfule/download.php?id=16 Release Page @ phpBB.com :...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/10/12 12:0 a.m.93 views

[Full-disclosure] Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory: Xeobook = 0.93 Multiple SQL Injection Vulnerabilities Release Date: 10/12/2006 Last Modified: 10/12/2006 Author: Tamriel tamriel at gmx dot net Application: Xeobook = 0.93 Risk: Moderate Vendor Status: not contacted Vendor Site:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.93 views

Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability

.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | / / :. . ..: ||| / .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Kochsuite v0.9.4 Mambo/Joomla CMS Component . . : contact :...

8.4AI score
Exploits0
securityvulns
securityvulns
added 2006/07/26 12:0 a.m.93 views

[Full-disclosure] Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities Release Date: 2006/07/25 Last Modified: 2006/07/25 Author: Tamriel tamriel at gmx dot net Application: Professional Home Page Tools Login Script Risk: Low Vendor...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/02/21 12:0 a.m.93 views

[TZO-062006] Safe'nVulnerable

Safe'nSec - Insecure File execution and Auto-startup Ref : TZO-062006-SafenSec Author : Thierry Zoller WWW : http://secdev.zoller.lu Article : http://secdev.zoller.lu/research/safensec.htm I. Background "Safe'n'Sec is complex data and user applications protection against threats and vulnerabiliti...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/01/11 12:0 a.m.93 views

Microsoft Embedded OpenType Font Engine "t2embed" Remote Heap Overflow

/ oh my, bad luck, eEye released the advisory few minutes ago, and I've been researching this bug since about a week, sorry, it's cancelled / NOTE: this is super initial raport, if you expect some more info mail me for the bank account number... Microsoft Embedded OpenType Font Engine "t2embed"...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/01/07 12:0 a.m.93 views

[SA18325] OnePlug CMS SQL Injection Vulnerabilities

TITLE: OnePlug CMS SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18325 VERIFY ADVISORY: http://secunia.com/advisories/18325/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: OnePlug CMS http://secunia.com/product/6753/ DESCRIPTION: Preddy has reported...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/10/13 12:0 a.m.93 views

Microsoft Security Bulletin MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)

Microsoft Security Bulletin MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution 902400 Published: October 11, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Ratin...

7.5CVSS0.56856EPSS
Exploits0
securityvulns
securityvulns
added 2002/01/10 12:0 a.m.93 views

CDE bug in Unixware 7.1

Hi, I'm jGgM. Unixware 7.1 dtlogin make bug reporting to /var/dt/Xerrors. but, permision of /var/dt is 777. make symlink /var/dt/Xerrors to any file. for example ln -sf /etc/.rhosts /var/dt/Xerrors and, Login from another system to Unixware machine. If another system does not have hostname,...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/03/05 12:0 a.m.93 views

Option to VERITAS Cluster Server (VCS) lltstat command will panic system.

I had a hell of a time getting through to Veritas, but after I did they reacted VERY quickly. I apologize that I didn't get this info out to the general community sooner, but Veritas didn't tell me that they released the fix. In the name of full disclosure: synopsis: "When using VERITAS Cluster...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.93 views

Broker FTP unauthorized directory browsing and plain text password storing

403-SECURITY advisory Issue: Broker FTP unauthorized directory browsing and plain text password storing Author: Astral [email protected] Discovered: 07.11.2000 Published: 22.11.2000 Version: 4.7.5.0 others are probably vulnerable too Vendor: TransSoft I. Description: Broker FTP is powerful...

Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.92 views

CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine

Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...

6.8CVSS0.1AI score0.02756EPSS
Exploits4
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.92 views

Checkmarx CxQL Sandbox bypass (CVE-2014-8778)

Checkmarx CxQL Sandbox bypass CVE-2014-8778 Vendor: Checkmarx - www.checkmarx.com Product: CxSuite Version affected: 7.1.5 and prior Credit: Huy-Ngoc DAU @ngocdh of Deloitte Conseil, France ================================ Introduction ================================ Checkmarx is a static source...

9CVSS6.9AI score0.03317EPSS
Exploits3
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.92 views

Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin

Vulnerability title: Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin CVE: CVE-2015-7667 Vendor: WordPress web-mv Product: ResAds Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...

4.3CVSS1.3AI score0.01504EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.92 views

owncloud multiple security vulnerabilities

Code execution, authentication bypass, information disclosure, crossite scripting, DoS...

10CVSS2.1AI score0.2482EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.92 views

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a...

6.8CVSS0.8AI score0.02918EPSS
Exploits0
securityvulns
securityvulns
added 2015/08/17 12:0 a.m.92 views

APPLE-SA-2015-08-13-4 OS X Server v4.1.5

APPLE-SA-2015-08-13-4 OS X Server v4.1.5 OS X Server v4.1.5 is now available and addresses the following: BIND Available for: OS X Yosemite v10.10.5 or later Impact: A remote attacker may be able to cause a denial of service Description: An assertion issue existed in the handling of TKEY packets...

7.8CVSS7.1AI score0.91284EPSS
Exploits12
securityvulns
securityvulns
added 2015/07/27 12:0 a.m.92 views

SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20150716-0 ======================================================================= title: Permanent Cross-Site Scripting product: Oracle Application Express vulnerable version: All versions prior to...

5.5CVSS0.1AI score0.01716EPSS
Exploits2
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.92 views

CVE-2015-1773 Apache Flex reflected XSS vulnerability

CVE-2015-1773 Apache Flex reflected XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: All versions of Apache Flex before 4.14.1 Description: The asdoc tool produced JavaScript code that was vulnerable to a reflected XSS attack. A request with a specially...

4.3CVSS0.4AI score0.07049EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.92 views

[ MDVSA-2015:200 ] mediawiki

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:200 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : April 10, 2015 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix security vulnerabilities: In...

7.1CVSS5.7AI score0.0271EPSS
Exploits1
securityvulns
securityvulns
added 2015/03/18 12:0 a.m.92 views

[USN-2536-1] libXfont vulnerabilities

========================================================================== Ubuntu Security Notice USN-2536-1 March 18, 2015 libxfont vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

8.5CVSS0.4AI score0.04923EPSS
Exploits0
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.92 views

Morfy CMS v1.05 - Command Execution Vulnerability

Document Title: =============== Morfy CMS v1.05 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1367 https://github.com/Awilum/monstra-cms/issues/351 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9185 CVE-ID:...

6.5CVSS0.2AI score0.02119EPSS
Exploits4
securityvulns
securityvulns
added 2014/12/09 12:0 a.m.92 views

OpenSSL multiple security vulnerabilities

Poodle attack. Protocol version downgrade to SSL 3.0. Memory leaks in SRTP and session tickets. Insufficient no-ssl3 protection. Data leakage via padding attack...

7.1CVSS5.1AI score0.99999EPSS
Exploits7References3Affected Software1
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.92 views

[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire

Advisory: Information Disclosure in TYPO3 Extension kequestionnaire The TYPO3 extension kequestionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Details ======= Product: kequestionnaire Affected Versions: 2.5.2...

5CVSS5.7AI score0.0148EPSS
Exploits3
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.92 views

CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-5392 =================== "XML eXternal Entity XXE" CWE-611 vulnerability in "JobScheduler" product Vendor =================== Software- & Organisations-Service GmbH Product =================== "JobScheduler is a workload automation tool. It i...

5.8CVSS0.7AI score0.02486EPSS
Exploits0
securityvulns
securityvulns
added 2014/10/11 12:0 a.m.92 views

[security bulletin] HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04472866 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04472866 Version: 1 HPSBMU03127 rev....

10CVSS0.8AI score0.08859EPSS
Exploits0
securityvulns
securityvulns
added 2014/09/29 12:0 a.m.92 views

[USN-2359-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2359-1 September 23, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5.4CVSS0.3AI score0.05794EPSS
Exploits3
Total number of security vulnerabilities5000