Securityvulns - Page 83 of Securityvulns Most Viewed Vulnerabilities List | Vulners.com

SecurityvulnsMost viewed

Recent Most viewed

47153 matches found

securityvulns•added 2007/10/20 12:0 a.m.•92 views

S21SEC-038-en: Alcatel Omnivista 4760 Cross-Site Scripting

S21Sec Advisory - Title: Alcatel Omnivista 4760 Cross-Site Scripting ID: S21SEC-038-en Severity: Medium - History: 10.Jun.2007 Vulnerability discovered 20.Jun.2007 Vendor contacted 19.Oct.2007 Advisory released Authors: Juan de la Fuente Costa [email protected] Pablo Seijo Cajaraville...

securityvulns•added 2007/10/04 12:0 a.m.•92 views

DRBGuestbook Remote XSS Vulnerability

Oo Title: DRBGuestbook Remote XSS Vulnerability Download: http://www.hotscripts.com/jump.php?listingid=67702&jumptype=1 Author: Gokhan Contact: [email protected] | KAF KAF KAF SIN SIN SIN KAFSIN KAFSIN KAF Vuln Code: index.php XSS:...

securityvulns•added 2007/08/18 12:0 a.m.•92 views

iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Multiple Untrusted Search Path Vulnerabilities

IBM DB2 Universal Database Multiple Untrusted Search Path Vulnerabilities iDefense Security Advisory 08.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 16, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end...

6.9CVSS1.1AI score0.00361EPSS

securityvulns•added 2007/08/14 12:0 a.m.•92 views

CVE-2007-3385: Handling of \" in cookies

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3385: Handling of " in cookies Severity: Low Session Hi-jacking Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 3.3 to 3.3.2 Description: Tomcat incorrectly handles the...

4.3CVSS0.16944EPSS

securityvulns•added 2007/08/10 12:0 a.m.•92 views

CA.View/view-law.asp/view-info.asp sql injection

CA.View/view-law.asp/view-info.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam all members thx 3APA3A spec.note : "Live The Life"...

securityvulns•added 2007/07/25 12:0 a.m.•92 views

Remote Command Exec (FireFox 2.0.0.5 et al)

By: Nate McFeters nate dot mcfeters -at- gmail Billy BK Rios billy dot rios -at- gmail Tested in FireFox 2.0.0.5 and 3.0a6, Netscape Navigator 9, and Mozilla browser. NOTE These examples were created for WinXP SP2 with no external mail programs installed outlook, notes…etc. If you have an externa...

securityvulns•added 2007/05/07 12:0 a.m.•92 views

safari's saved password at risk

I'd like to inform you that safari is prone to a vunlerability that allow a local user to steal safari's saved passwords by using some macosx componenets. More infos about this issue will be made available as soon as apple will provide a fix. I strongly recommend users remove all safari's saved...

securityvulns•added 2007/04/25 12:0 a.m.•92 views

[MajorSecurity Advisory #46]Plogger - Session fixation Issue

MajorSecurity Advisory 46Plogger - Session fixation Issue Details ======= Product: Plogger Remote-Exploit: yes Vendor-URL: http://www.plogger.org Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.de Original Advisory:...

securityvulns•added 2007/03/11 12:0 a.m.•92 views

Fıstıq Duyuru Scripti Remote Sql İnjection Exploit

Fstq Duyuru Scripti Remote Sql njection File : goster.asp Sql : -120union+all+select+0,kullaniciadi,sifre,3+from+admin Admin Name + Admin Pass Admin Menu: yoneticiii/default.asp Thanks : Ajann , Xoron , ApAci , ErNE , Uyuss , Eno7 , Thehacker , Enjexion .pl Exploit Code : !/usr/bin/perl Script...

securityvulns•added 2006/11/14 12:0 a.m.•92 views

Phpdebug 1.1.0 - Remote File Include by Firewall

====================================================================== Phpdebug 1.1.0 - Remote File Include by Firewall Application Affect: Phpdebug 1.1.0 Source Code: http://scripts.ringsworld.com/development-tools/phpdebug-v1.1.0.zip Code: includeonce"$debugClassLocation/debug.php"; ExPloit :...

securityvulns•added 2006/11/05 12:0 a.m.•92 views

[OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory OpenPKG GmbH http://openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.030 2006-11-04 Package: ruby Vulnerability: denial of service OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: E1.0-SOLI...

5CVSS7.5AI score0.04071EPSS

securityvulns•added 2006/10/23 12:0 a.m.•92 views

JaxUltraBB <= 2.0 (delete.php) Defaced Exploit

!/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

securityvulns•added 2006/10/13 12:0 a.m.•92 views

phpBB Ajax Shoutbox <= 0.0.5 Remote File Include Vulnerability

Title: phpBB Ajax Shoutbox = 0.0.5 phpbbrootpath Remote File Inclusion Author/Discovery: boecke Vulnerability Type: Remote File Inclusion Risk: High Risk Software Affected: phpBB Ajax Shoutbox = 0.0.5 Release Source: http://usuarios.lycos.es/kinfule/download.php?id=16 Release Page @ phpBB.com :...

securityvulns•added 2006/10/12 12:0 a.m.•92 views

Download-Engine Remote File Include

====================================================================================== Download-Engine Remote File Include ====================================================================================== Info:- Scripts: Download-Engine Download:...

securityvulns•added 2006/10/04 12:0 a.m.•92 views

HP Ignite-UX Server unauthorized access

No description provided...

Exploits0References1Affected Software1

securityvulns•added 2006/08/21 12:0 a.m.•92 views

Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability

.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | / / :. . ..: ||| / .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Kochsuite v0.9.4 Mambo/Joomla CMS Component . . : contact :...

securityvulns•added 2006/07/24 12:0 a.m.•92 views

Calendar Module <= 1.5.7 Remote File Include Vulnerabilities

--------------------------------------------------------------------------------- Calendar Module = 1.5.7 Remote File Include Vulnerabilities --------------------------------------------------------------------------------- Author : Matdhule Contact : [email protected] Application : Calendar...

securityvulns•added 2006/03/08 12:0 a.m.•92 views

[SA19147] bMail GBK Charsets SQL Injection Vulnerability

TITLE: bMail GBK Charsets SQL Injection Vulnerability SECUNIA ADVISORY ID: SA19147 VERIFY ADVISORY: http://secunia.com/advisories/19147/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: bMail 9.x http://secunia.com/product/8584/ DESCRIPTION: A vulnerability...

securityvulns•added 2006/02/21 12:0 a.m.•92 views

[TZO-062006] Safe'nVulnerable

Safe'nSec - Insecure File execution and Auto-startup Ref : TZO-062006-SafenSec Author : Thierry Zoller WWW : http://secdev.zoller.lu Article : http://secdev.zoller.lu/research/safensec.htm I. Background "Safe'n'Sec is complex data and user applications protection against threats and vulnerabiliti...

securityvulns•added 2006/01/07 12:0 a.m.•92 views

[SA18325] OnePlug CMS SQL Injection Vulnerabilities

TITLE: OnePlug CMS SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18325 VERIFY ADVISORY: http://secunia.com/advisories/18325/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: OnePlug CMS http://secunia.com/product/6753/ DESCRIPTION: Preddy has reported...

securityvulns•added 2005/10/12 12:0 a.m.•92 views

iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller Packet Relay DoS Vulnerability

Microsoft Distributed Transaction Controller Packet Relay DoS Vulnerability iDEFENSE Security Advisory 10.11.05 www.idefense.com/application/poi/display?id=319&type=vulnerabilities October 11, 2005 I. BACKGROUND The Distributed Transaction Controller provides a method for disparate processes to...

5CVSS0.5AI score0.47338EPSS

securityvulns•added 2005/08/16 12:0 a.m.•92 views

Vulnerability found in CPAINT Ajax Toolkit

I am the original author of the CPAINT Ajax Toolkit http://cpaint.sourceforge.net/. Last night we found a vulnerability affecting all versions of CPAINT prior to v1.3-SP which is the patched version of the software that can allow a user with malicious intent to execute server or ASP/PHP commands...

securityvulns•added 2005/07/29 12:0 a.m.•92 views

[Full-disclosure] SPIDynamics WebInspect Cross-ApplicationScripting (XAS)

SPI Dynamics Security Bulletin SPI-0001-07282005 Issue: Potential WebInspect Cross Application Scripting XAS Vulnerability Severity: Low Potential Impact: Remote Code Execution Recommendation: All customers should run SmartUpdate to ensure they are running the latest version of WebInspect 5.5.386...

securityvulns•added 2005/07/25 12:0 a.m.•92 views

SPIDynamics WebInspect Cross-Application Scripting (XAS)

PIDynamics WebInspect Cross-Application Scripting XAS I. BACKGROUND SPIDynamics WebInspect is powerful security assessment tool for Web application vulnerable to XAS which could lead to remote code execution. II. DESCRIPTION As many applications WebInspect uses external programs and Windows...

securityvulns•added 2004/11/04 12:0 a.m.•92 views

[SA13074] FsPHPGallery Denial of Service and Disclosure of System Information Vulnerabilities

---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l...

securityvulns•added 2002/12/03 12:0 a.m.•92 views

ShopFactory shopping cart price manipulation

Trust Factory Security Advisory TF20021004 Discovery Date: October 4, 2002 Release Date: December 2, 2002 ID: TF20021004 Title: ShopFactory shopping cart price manipulation Impact: Customers can modify the price of items at will Affected Technology: Online shopping carts created with ShopFactory...

securityvulns•added 2002/02/27 12:0 a.m.•92 views

Buffer overflow in mshtml.dll

Stack overflow on long filename or extension in EMBED tag...

Exploits0References5Affected Software2

securityvulns•added 2002/01/10 12:0 a.m.•92 views

CDE bug in Unixware 7.1

Hi, I'm jGgM. Unixware 7.1 dtlogin make bug reporting to /var/dt/Xerrors. but, permision of /var/dt is 777. make symlink /var/dt/Xerrors to any file. for example ln -sf /etc/.rhosts /var/dt/Xerrors and, Login from another system to Unixware machine. If another system does not have hostname,...

securityvulns•added 2001/02/17 12:0 a.m.•92 views

WEBactive HTTP Server 1.0 Directory Traversal

Introduction: ITAfrica's WEBactive HTTP Server 1.00 is an HTTP/1.00-compliant World Wide Web server daemon for Windows 95 or Windows NT, specifically designed for the SOHO Small Office/Home environment. It will operate on any TCP/IP connection to the Internet, whether via temporary dial- up or...

securityvulns•added 2000/08/26 12:0 a.m.•92 views

Security Bulletin (MS00-060)

Microsoft Security Bulletin MS00-060 - -------------------------------------- Patch Available for "IIS Cross-Site Scripting" Vulnerabilities Originally posted: August 25, 2000 Summary ======= Microsoft has released a patch that eliminates security vulnerabilities in Microsoftr Internet Informatio...

securityvulns•added 2000/07/28 12:0 a.m.•92 views

[COVERT-2000-09] Windows NetBIOS Name Conflicts

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Network Associates, Inc. COVERT Labs Security Advisory July 27, 2000 Windows NetBIOS Name Conflicts COVERT-2000-09 o Synopsis The Microsoft Windows implementation of NetBIOS allows an unsolicited UDP datagram to remotely deny access to services offere...

securityvulns•added 2015/10/26 12:0 a.m.•91 views

Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin

Vulnerability title: Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin CVE: CVE-2015-7667 Vendor: WordPress web-mv Product: ResAds Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Iberia Medeiros Vulnerability Details: ===================== It was discovered that no...

4.3CVSS1.3AI score0.01504EPSS

securityvulns•added 2015/10/25 12:0 a.m.•91 views

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a...

6.8CVSS0.8AI score0.02918EPSS

securityvulns•added 2015/10/25 12:0 a.m.•91 views

Apple Safari / Webkit multiple security vulnerabilities

Information spoofing, information disclosure, restriction bypass, race conditions, memory corruptions...

10CVSS1.6AI score0.02795EPSS

Exploits0References3Affected Software1

securityvulns•added 2015/08/17 12:0 a.m.•91 views

APPLE-SA-2015-08-13-4 OS X Server v4.1.5

APPLE-SA-2015-08-13-4 OS X Server v4.1.5 OS X Server v4.1.5 is now available and addresses the following: BIND Available for: OS X Yosemite v10.10.5 or later Impact: A remote attacker may be able to cause a denial of service Description: An assertion issue existed in the handling of TKEY packets...

7.8CVSS7.1AI score0.91284EPSS

securityvulns•added 2015/07/27 12:0 a.m.•91 views

SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20150716-0 ======================================================================= title: Permanent Cross-Site Scripting product: Oracle Application Express vulnerable version: All versions prior to...

5.5CVSS0.1AI score0.01716EPSS

securityvulns•added 2015/07/20 12:0 a.m.•91 views

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

Quarterly CPU fixed over 170 different vulnerabilities...

10CVSS1.9AI score0.99999EPSS

Exploits67References3Affected Software55

securityvulns•added 2015/05/25 12:0 a.m.•91 views

APPLE-SA-2015-05-19-1 Watch OS 1.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-05-19-1 Watch OS 1.0.1 Watch OS 1.0.1 is now available and addresses the following: Certificate Trust Policy Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Update to the certificate trust policy Descriptio...

7.5CVSS0.4AI score0.19633EPSS

securityvulns•added 2015/05/12 12:0 a.m.•91 views

[ MDVSA-2015:200 ] mediawiki

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:200 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : April 10, 2015 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix security vulnerabilities: In...

7.1CVSS5.7AI score0.0271EPSS

securityvulns•added 2015/05/11 12:0 a.m.•91 views

Instant v2.0 SQL Injection Vulnerability

========================================================================================== Instant v2.0 SQL Injection Vulnerability ==========================================================================================...

securityvulns•added 2015/03/16 12:0 a.m.•91 views

ESA-2015-014: RSA® Digital Certificate Solution Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-014: RSA® Digital Certificate Solution Multiple Vulnerabilities EMC Identifier: ESA-2015-014 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: View details below for individual CVSS Score for each CVE. Affecte...

7.8CVSS0.9AI score0.43809EPSS

securityvulns•added 2015/02/11 12:0 a.m.•91 views

MITKRB5-SA-2015-001 Vulnerabilities in kadmind, libgssrpc, gss_process_context_token

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2015-001 MIT krb5 Security Advisory 2015-001 Original release: 2015-02-03 Last update: 2015-02-03 Topic: Vulnerabilities in kadmind, libgssrpc, gssprocesscontexttoken VU540092 CVE-2014-5352: gssprocesscontexttoken incorrectly frees context...

9CVSS8.5AI score0.06213EPSS

securityvulns•added 2014/12/22 12:0 a.m.•91 views

[SECURITY] [DSA 3104-1] bsd-mailx security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3104-1 [email protected] http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq -...

7.5CVSS1AI score0.06858EPSS

securityvulns•added 2014/12/22 12:0 a.m.•91 views

Morfy CMS v1.05 - Command Execution Vulnerability

Document Title: =============== Morfy CMS v1.05 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1367 https://github.com/Awilum/monstra-cms/issues/351 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9185 CVE-ID:...

6.5CVSS0.2AI score0.02119EPSS

securityvulns•added 2014/12/01 12:0 a.m.•91 views

[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire

Advisory: Information Disclosure in TYPO3 Extension kequestionnaire The TYPO3 extension kequestionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Details ======= Product: kequestionnaire Affected Versions: 2.5.2...

5CVSS5.7AI score0.0148EPSS

securityvulns•added 2014/11/24 12:0 a.m.•91 views

[ MDVSA-2014:215 ] gnutls

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:215 http://www.mandriva.com/en/support/security/ Package : gnutls Date : November 19, 2014 Affected: Business Server 1.0 Problem Description: Updated gnutls package fix security vulnerability: An out-of-boun...

5CVSS5.9AI score0.03281EPSS

securityvulns•added 2014/10/18 12:0 a.m.•91 views

APPLE-SA-2014-10-16-6 iTunes 12.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-6 iTunes 12.0.1 iTunes 12.0.1 is now available and addresses the following: iTunes Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead t...

10CVSS0.3AI score0.34782EPSS

securityvulns•added 2014/09/29 12:0 a.m.•91 views

[USN-2359-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2359-1 September 23, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5.4CVSS0.3AI score0.05794EPSS

securityvulns•added 2014/09/15 12:0 a.m.•91 views

[security bulletin] HPSBMU03075 rev.1 - HP Network Node Manager I (NNMi) for Windows and Linux, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04378450 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04378450 Version: 1 HPSBMU03075 rev....

10CVSS1.1AI score0.65435EPSS

securityvulns•added 2014/08/26 12:0 a.m.•91 views

Apache Cordova 3.5.1: CVE-2014-3502 update

The following text is amended from the original that was sent on August 4th. More background information on this amendment can be found at http://cordova.apache.org/announcements/2014/08/06/android-351-update.html Android Platform Release: 04 Aug 2014 CVE-2014-3502: Cordova apps can potentially...

4.3CVSS0.1AI score0.04964EPSS

Total number of security vulnerabilities5000