Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2007/08/18 12:0 a.m.94 views

iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Multiple Untrusted Search Path Vulnerabilities

IBM DB2 Universal Database Multiple Untrusted Search Path Vulnerabilities iDefense Security Advisory 08.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 16, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end...

6.9CVSS1.1AI score0.00361EPSS
Exploits1
securityvulns
securityvulns
added 2007/08/14 12:0 a.m.94 views

CVE-2007-3385: Handling of \" in cookies

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3385: Handling of " in cookies Severity: Low Session Hi-jacking Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 3.3 to 3.3.2 Description: Tomcat incorrectly handles the...

4.3CVSS0.16944EPSS
Exploits4
securityvulns
securityvulns
added 2007/08/10 12:0 a.m.94 views

CA.View/view-law.asp/view-info.asp sql injection

CA.View/view-law.asp/view-info.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam all members thx 3APA3A spec.note : "Live The Life"...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/06/26 12:0 a.m.94 views

Safari Bookmarks Buffer Overflow Vulnerability

Safari 3.0.2 522.13.1 OS Windows XP SP2 At processing title field, which consists more than 1024 bytes at addition in a bookmark there is a buffer overflow. html head...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2007/05/30 12:0 a.m.94 views

Apache httpd vulenrabilities

PSNC Security Team has got the pleasure to announce that, as a result of Apache httpd server ver. 1.3.x, 2.0.x and 2.2.x source code analysis, several vulnerabilities have been found that make it possible to perfom a DoS attack against the services and the system that the application is running o...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.94 views

Joomla com_joomlaboard 1.1.x Branch (sbp) Multiple Remote File Include Vulnerabilities

Joomla comjoomlaboard 1.1.x Branch sbp Multiple Remote File Include Vulnerabilities Joomlaboard Component 1.1.x Branch sbp Multiple Remote File Include Vulnerabilities script : http://forge.joomla.org/sf/frs/do/viewRelease/projects.simpleboard/frs.joomlaboardcomponent.joomlaboard11xbranch files :...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.94 views

Net Side Content Management System

I see your future and your future is death. Sharingan ! -------------------------------------------------------------------------------------------------------------- Hi I'm sharingan and this is my vuln : script name : Net Side Content Management System 2 versions found both vulnerable | Version...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2007/03/11 12:0 a.m.94 views

Fıstıq Duyuru Scripti Remote Sql İnjection Exploit

Fstq Duyuru Scripti Remote Sql njection File : goster.asp Sql : -120union+all+select+0,kullaniciadi,sifre,3+from+admin Admin Name + Admin Pass Admin Menu: yoneticiii/default.asp Thanks : Ajann , Xoron , ApAci , ErNE , Uyuss , Eno7 , Thehacker , Enjexion .pl Exploit Code : !/usr/bin/perl Script...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/03/01 12:0 a.m.94 views

Dropbear dbclient SSH server spoofing

User is not adequately warned on server crypto key mismatch...

7.5CVSS2AI score0.02103EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2007/02/03 12:0 a.m.94 views

Microsoft Security Advisory (932114) Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution

Microsoft Security Advisory 932114 Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution Published: January 26, 2007 Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried ou...

9.3CVSS0.4AI score0.3816EPSS
Exploits0
securityvulns
securityvulns
added 2007/01/04 12:0 a.m.94 views

Adobe reader plugin PDF files universal crossite scripting

By using URIs like http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere it's possible to execute code in context of any Web site where at least one PDF is stored. 2. By using "trigger action" in PDF document it's possible to execute code in context of the web page where...

7.5CVSS0.7AI score0.55677EPSS
Exploits6References3Affected Software1
securityvulns
securityvulns
added 2006/12/20 12:0 a.m.94 views

Mozilla Foundation Security Advisory 2006-69

Mozilla Foundation Security Advisory 2006-69 Title: CSS cursor image buffer overflow Windows only Impact: Critical Announced: December 19, 2006 Reporter: Frederik Reiss Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7...

6.8CVSS1.7AI score0.08288EPSS
Exploits0
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.94 views

NuRems 1.0 Remote XSS/SQL Injection Exploit

From:Filistin,Lubnan,IraQ,Turkey NuRems 1.0 Remote XSS/SQL Injection Exploit XSS: form name=RequestForm action="http://x/sch1.asp" method="POST" select name="stcode" size=10 option value="XSS HERE"Alabama /select td align=center INPUT TYPE="submit" VALUE="Show cities..." /form /XSS SQL:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/11/05 12:0 a.m.94 views

[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory OpenPKG GmbH http://openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.030 2006-11-04 Package: ruby Vulnerability: denial of service OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: E1.0-SOLI...

5CVSS7.5AI score0.04071EPSS
Exploits1
securityvulns
securityvulns
added 2006/10/12 12:0 a.m.94 views

[Full-disclosure] Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory: Xeobook = 0.93 Multiple SQL Injection Vulnerabilities Release Date: 10/12/2006 Last Modified: 10/12/2006 Author: Tamriel tamriel at gmx dot net Application: Xeobook = 0.93 Risk: Moderate Vendor Status: not contacted Vendor Site:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.94 views

Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability

.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | / / :. . ..: ||| / .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Kochsuite v0.9.4 Mambo/Joomla CMS Component . . : contact :...

8.4AI score
Exploits0
securityvulns
securityvulns
added 2006/07/26 12:0 a.m.94 views

[Full-disclosure] Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Professional Home Page Tools Login Script Cross Site Scripting Vulnerabilities Release Date: 2006/07/25 Last Modified: 2006/07/25 Author: Tamriel tamriel at gmx dot net Application: Professional Home Page Tools Login Script Risk: Low Vendor...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.94 views

Calendar Module <= 1.5.7 Remote File Include Vulnerabilities

--------------------------------------------------------------------------------- Calendar Module = 1.5.7 Remote File Include Vulnerabilities --------------------------------------------------------------------------------- Author : Matdhule Contact : [email protected] Application : Calendar...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/05/03 12:0 a.m.94 views

MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution.

.oOOo. MySQL COMTABLEDUMP .oOOo. Information Leakage and Arbitrary command execution ============================== - Summary: MySQL Server has an information leakage flaw, if a malicious client sends a specific forged packet. Moreover some particular input can crash the server by overwriting the...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/03/08 12:0 a.m.94 views

[SA19147] bMail GBK Charsets SQL Injection Vulnerability

TITLE: bMail GBK Charsets SQL Injection Vulnerability SECUNIA ADVISORY ID: SA19147 VERIFY ADVISORY: http://secunia.com/advisories/19147/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: bMail 9.x http://secunia.com/product/8584/ DESCRIPTION: A vulnerability...

1AI score
Exploits0
securityvulns
securityvulns
added 2006/01/11 12:0 a.m.94 views

Microsoft Embedded OpenType Font Engine "t2embed" Remote Heap Overflow

/ oh my, bad luck, eEye released the advisory few minutes ago, and I've been researching this bug since about a week, sorry, it's cancelled / NOTE: this is super initial raport, if you expect some more info mail me for the bank account number... Microsoft Embedded OpenType Font Engine "t2embed"...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/01/07 12:0 a.m.94 views

[SA18325] OnePlug CMS SQL Injection Vulnerabilities

TITLE: OnePlug CMS SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18325 VERIFY ADVISORY: http://secunia.com/advisories/18325/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: OnePlug CMS http://secunia.com/product/6753/ DESCRIPTION: Preddy has reported...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/12/02 12:0 a.m.94 views

JSE XSS vuln.

JSE XSS vuln. Vuln. dicovered by : r0t Date: 2 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/jse-xss-vuln.html Vendor:http://www.me.lv/jse/index.html affected version:0.9.34 Product Description: Java Search Engine is a server-side search engine program for web sites. Search engin...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/10/13 12:0 a.m.94 views

Microsoft Security Bulletin MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)

Microsoft Security Bulletin MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution 902400 Published: October 11, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Ratin...

7.5CVSS0.56856EPSS
Exploits0
securityvulns
securityvulns
added 2005/07/29 12:0 a.m.94 views

[Full-disclosure] SPIDynamics WebInspect Cross-ApplicationScripting (XAS)

SPI Dynamics Security Bulletin SPI-0001-07282005 Issue: Potential WebInspect Cross Application Scripting XAS Vulnerability Severity: Low Potential Impact: Remote Code Execution Recommendation: All customers should run SmartUpdate to ensure they are running the latest version of WebInspect 5.5.386...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/07/25 12:0 a.m.94 views

SPIDynamics WebInspect Cross-Application Scripting (XAS)

PIDynamics WebInspect Cross-Application Scripting XAS I. BACKGROUND SPIDynamics WebInspect is powerful security assessment tool for Web application vulnerable to XAS which could lead to remote code execution. II. DESCRIPTION As many applications WebInspect uses external programs and Windows...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2005/04/21 12:0 a.m.94 views

Annuaire Netref v4.2 [ fwrite php ] vulnerability

Software: annuaire netref version : 4.2 url : http://www.netref.net Risk factor : critical Vendor has been contacted Description: ----------- Netref is a PHP/MySQL-based directory script that supports an unlimited number of categories and links. Many fonctions to manage the links : Fast search...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2005/02/08 12:0 a.m.94 views

Microsoft Security Bulletin MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

Microsoft Security Bulletin MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution 890047 Issued: February 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...

10CVSS0.7AI score0.6349EPSS
Exploits2
securityvulns
securityvulns
added 2001/07/13 12:0 a.m.94 views

Уязвимость ActiveX в Microsoft Outlook (code execution)

ActiveX компонент управляющий всей работой Outlook помечен как безопасный, что позволяет использовать его в Internet-страницах и письмах...

1.3AI score
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2001/02/28 12:0 a.m.94 views

Security Advisory: Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability Revision 1.0: INTERIM For Public Release 2001 February 27 04:00 US/Eastern UTC+0500 Summary Cisco IOS software releases based on versions 11.x and 12.0 contain a defe...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.94 views

Broker FTP unauthorized directory browsing and plain text password storing

403-SECURITY advisory Issue: Broker FTP unauthorized directory browsing and plain text password storing Author: Astral [email protected] Discovered: 07.11.2000 Published: 22.11.2000 Version: 4.7.5.0 others are probably vulnerable too Vendor: TransSoft I. Description: Broker FTP is powerful...

Exploits0
securityvulns
securityvulns
added 2000/05/04 12:0 a.m.94 views

4ward:It's a blue world!

/off topic: please in the list disable or add filter to your auto-reply/ from:http://www.blueworld.com/blueworld/news/05.01.00-FM5Sec urity.html .../... The precise details of how to exploit these holes is minimized to prevent compromising the integrity of all current Internet-accessible FileMake...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.93 views

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a...

6.8CVSS0.8AI score0.02918EPSS
Exploits0
securityvulns
securityvulns
added 2015/09/15 12:0 a.m.93 views

[security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04762372 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04762372 Version: 2 HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization...

4CVSS0.5AI score0.0184EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/21 12:0 a.m.93 views

[RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager

Advisory: SQL Injection in TYPO3 Extension Akronymmanager An SQL injection vulnerability in the TYPO3 extension "Akronymmanager" allows authenticated attackers to inject SQL statements and thereby read data from the TYPO3 database. Details ======= Product: sbakronymmanager Affected Versions: =0.5...

6CVSS7.8AI score0.03157EPSS
Exploits5
securityvulns
securityvulns
added 2015/06/21 12:0 a.m.93 views

Linux kernel security vulnerabilities

DoS, privilege escalations...

7.2CVSS3AI score0.37679EPSS
Exploits32References4
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.93 views

CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)

Dear readers, we just fixed a recently reported vulnerability in Apache Jackrabbit's WebDAV module; see - the attached CVE report - patches for all currently maintained Jackrabbit branches We just released Jackrabbit 2.10.1 see below and we'll get to the other branches shortly. Check the CVE for...

6.4CVSS0.1AI score0.51488EPSS
Exploits6
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.93 views

CVE-2015-1773 Apache Flex reflected XSS vulnerability

CVE-2015-1773 Apache Flex reflected XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: All versions of Apache Flex before 4.14.1 Description: The asdoc tool produced JavaScript code that was vulnerable to a reflected XSS attack. A request with a specially...

4.3CVSS0.4AI score0.07049EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.93 views

Instant v2.0 SQL Injection Vulnerability

========================================================================================== Instant v2.0 SQL Injection Vulnerability ==========================================================================================...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/04/13 12:0 a.m.93 views

Apple Mac OS X multiple security vulnerabilities

80 different vulnerabilities...

10CVSS2.1AI score0.98685EPSS
Exploits59References2Affected Software1
securityvulns
securityvulns
added 2015/03/07 12:0 a.m.93 views

[USN-2511-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2511-1 February 26, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.2CVSS0.6AI score0.00465EPSS
Exploits0
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.93 views

Microweber 0.95 - SQL Injection Vulnerability

Exploit Title: Microweber 0.95 - SQL Injection Vulnerability Vendor: https://microweber.com/ Download link: https://microweber.com/download https://github.com/microweber/microweber CVE ID: CVE-2014-9464 Vulnerability: SQL Injection Affected version: Version 0.95 before 12/09/2014. Fixed version:...

7.5CVSS0.1AI score0.02082EPSS
Exploits5
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.93 views

Morfy CMS v1.05 - Command Execution Vulnerability

Document Title: =============== Morfy CMS v1.05 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1367 https://github.com/Awilum/monstra-cms/issues/351 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9185 CVE-ID:...

6.5CVSS0.2AI score0.02119EPSS
Exploits4
securityvulns
securityvulns
added 2014/12/09 12:0 a.m.93 views

OpenSSL multiple security vulnerabilities

Poodle attack. Protocol version downgrade to SSL 3.0. Memory leaks in SRTP and session tickets. Insufficient no-ssl3 protection. Data leakage via padding attack...

7.1CVSS5.1AI score0.99999EPSS
Exploits7References3Affected Software1
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.93 views

CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-5392 =================== "XML eXternal Entity XXE" CWE-611 vulnerability in "JobScheduler" product Vendor =================== Software- & Organisations-Service GmbH Product =================== "JobScheduler is a workload automation tool. It i...

5.8CVSS0.7AI score0.02486EPSS
Exploits0
securityvulns
securityvulns
added 2014/09/21 12:0 a.m.93 views

Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity XXE Flaw Release Date: 2014-09-17 Application: Apple iOS...

5CVSS7.2AI score0.0219EPSS
Exploits0
securityvulns
securityvulns
added 2014/09/21 12:0 a.m.93 views

APPLE-SA-2014-09-17-5 OS X Server 3.2.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-5 OS X Server 3.2.1 OS X Server 3.2.1 is now available and addresses the following: CoreCollaboration Available for: OS X Mavericks v10.9.5 or later Impact: A remote attacker may be able to execute arbitrary SQL queries Description...

7.5CVSS0.6AI score0.06666EPSS
Exploits5
securityvulns
securityvulns
added 2014/09/15 12:0 a.m.93 views

apache tomcat cookie handling problem - characters out of 0x80 - 0xff causing internal server error

Title: Client-based DoS for Apache Tomcat on sending cookie with value out of 0x80 - 0xff scope. Author: Elar Lang @elarlang https://www.linkedin.com/in/elarlang Date: 02. January 2014 / 05. September 2014 Vendor: Apache Product: Tomcat Affected versions at least: 7.0.26 7.0.39 7.0.40 Timeline: 1...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.93 views

[RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script

Advisory: SQL Injection in webEdition CMS File Browser RedTeam Pentesting discovered an SQL injection vulnerability in the file browser component of webEdition CMS during a penetration test. Unauthenticated attackers can get read-only access on the SQL database used by webEdition and read for...

7.5CVSS7.2AI score0.0257EPSS
Exploits2
securityvulns
securityvulns
added 2014/05/30 12:0 a.m.93 views

[ MDVSA-2014:087 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:087 http://www.mandriva.com/en/support/security/ Package : php Date : May 15, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in php: PHP FPM in PHP...

7.2CVSS7.6AI score0.00505EPSS
Exploits1
Total number of security vulnerabilities5000