Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2010/02/04 12:0 a.m.92 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.03373EPSS
Exploits0References16Affected Software7
securityvulns
securityvulns
added 2010/02/04 12:0 a.m.92 views

CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities 1. Advisory Information Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing...

4.3CVSS7.7AI score0.3703EPSS
Exploits5
securityvulns
securityvulns
added 2009/12/02 12:0 a.m.92 views

Vulnerability Note VU#261869

Vulnerability Note VU261869 Clientless SSL VPN products break web browser domain-based security models Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...

6.8CVSS6.6AI score0.05134EPSS
Exploits0
securityvulns
securityvulns
added 2009/08/20 12:0 a.m.92 views

iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability

iDefense Security Advisory 07.28.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 28, 2009 I. BACKGROUND Microsoft's Component Object Model COM was designed to allow interoperability between disjointed software components. It is a standardized interface solution to the programming...

9.3CVSS0.43389EPSS
Exploits1
securityvulns
securityvulns
added 2009/08/11 12:0 a.m.93 views

Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

Microsoft Security Bulletin MS09-039 - Critical Vulnerabilities in WINS Could Allow Remote Code Execution 969883 Published: August 11, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service...

9.3CVSS2.2AI score0.24658EPSS
Exploits2
securityvulns
securityvulns
added 2009/08/07 12:0 a.m.92 views

Mozilla Firefox, Thunderbird, SeaMonkey, NSS multiple security vulnerabilities

Certificate spoofing, buffer overflow, code execution...

9.3CVSS4.2AI score0.05741EPSS
Exploits6References6Affected Software2
securityvulns
securityvulns
added 2009/05/21 12:0 a.m.92 views

Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities.

Armorlogic Profense Web Application Firewall 2.4 multiple vulnerabilities. An advisory by EnableSecurity. Trustwave published a joint advisory named TWSL2009-001 ID: ES-20090500 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20090500-profense.txt Affected Versions: versions prior...

7.5CVSS7.3AI score0.01507EPSS
Exploits0
securityvulns
securityvulns
added 2009/04/13 12:0 a.m.92 views

[SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1770-1 [email protected] http://www.debian.org/security/ Steffen Joeris April 13, 2009 http://www.debian.org/security/faq -...

4.3CVSS1.6AI score0.01604EPSS
Exploits1
securityvulns
securityvulns
added 2009/04/03 12:0 a.m.92 views

Q2 Solutions ConnX - SQL Injection Vulnerability

aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 03-Apr-2009 Software: Q2 Solutions - ConnX http://www.q2solutions.com.au/ "ConnX is a ready built internet/intranet solution that empowers employees and management to view and update HR and Payroll...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2009/04/01 12:0 a.m.92 views

Mozilla Foundation Security Advisory 2009-13

Mozilla Foundation Security Advisory 2009-13 Title: Arbitrary code execution via XUL tree element Impact: Critical Announced: March 27, 2009 Reporter: Nils Products: Firefox Fixed in: Firefox 3.0.8 Description Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL...

9.3CVSS0.4AI score0.0649EPSS
Exploits2
securityvulns
securityvulns
added 2009/01/28 12:0 a.m.92 views

ACROS Security: HTML Injection in BEA (Oracle) WebLogic Server Console (ASPR #2009-01-27-1)

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2009-01-27-1 ------------------------------------------------------------------------- ASPR 2009-01-27-1: HTML Injection in BEA WebLogic Server Console...

Exploits0
securityvulns
securityvulns
added 2009/01/14 12:0 a.m.92 views

PHP Buffer Overflow(popen)

Apache 2.2.11/PHP 5.2.8 Buffer Overflow Exploit popen func Type: Remote and Local Requirements for exploit: popen enabled. By: e.wiZz! Enes Muљi [email protected] PHP Popen function overview: Popen function in php opens a pipe to a process executed by forking the command given by command. It was...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2008/12/18 12:0 a.m.92 views

Mozilla Foundation Security Advisory 2008-63

Mozilla Foundation Security Advisory 2008-63 Title: User tracking via XUL persist attribute Impact: Low Announced: December 16, 2008 Reporter: Hish Products: Firefox Fixed in: Firefox 3.0.5 Description Security researcher Hish reported that the persist attribute in XUL elements can be used to sto...

5CVSS0.2AI score0.02295EPSS
Exploits0
securityvulns
securityvulns
added 2008/10/02 12:0 a.m.92 views

[MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues

MajorSecurity Advisory 56moziloWiki - Directory Traversal, XSS and SessionFixation Issues Details ======= Product: moziloWiki Security-Risk: High Remote-Exploit: yes Vendor-URL: http://www.mozilo.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2008/07/10 12:0 a.m.92 views

iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability

iDefense Security Advisory 07.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 08, 2008 I. BACKGROUND SQL Server is Microsoft's database server product. It supports the restoration and inspection of backups via SQL statements. For more information see the vendor's website found at...

9CVSS0.5AI score0.34539EPSS
Exploits1
securityvulns
securityvulns
added 2008/06/14 12:0 a.m.92 views

Exploit for vBulletin "obscure" XSS (3.7.1 & 3.6.10)

====================================================================== Advisory : Exploit for vBulletin "obscure" XSS Release Date : June 13th 2008 Application : vBulletin Version : vBulletin 3.7.1 and lower, vBulletin 3.6.10 and lower Platform : PHP Vendor URL : http://www.vbulletin.com/ Authors...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2008/03/20 12:0 a.m.92 views

IBM Rational ClearQuest Web Multiple XSS Vulnerabilities

IBM Rational ClearQuest Web Multiple XSS CVE-2007-4592 Discovered on 07-24-07 by sasquatch of SecureState - www.securestate.com Multiple cross site scripting vulnerabilities exist within IBM's Rational ClearQuest Web interface. VULNERABLE VARIABLES: ===================== contextid query string...

4.3CVSS0.3AI score0.04495EPSS
Exploits2
securityvulns
securityvulns
added 2008/02/12 12:0 a.m.92 views

Microsoft Security Bulletin MS08-005 – Important Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)

Microsoft Security Bulletin MS08-005 – Important Vulnerability in Internet Information Services Could Allow Elevation of Privilege 942831 Published: February 12, 2008 Version: 1.0 General Information Executive Summary This important update resolves a privately reported vulnerability in Internet...

7.2CVSS1.1AI score0.05405EPSS
Exploits1
securityvulns
securityvulns
added 2008/01/21 12:0 a.m.92 views

BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include

Name : BLOG:CMS 4.2.1.c DIRPLUGINS Multiple Remote File Include Download From : http://dfn.dl.sourceforge.net/sourceforge/blogcms/blogcms.4.2.1.c.7z Or Here http://blogcms.com Found By : RoMaNcYxHaCkEr We Are H-T TeaM Houssamix - ToXiC Home Page : Not Yet : Tryag.cc/cc No-Hack.net V99x.com/vb...

Exploits0
securityvulns
securityvulns
added 2008/01/02 12:0 a.m.92 views

LiveCart Multiple Cross-Site Scripting Vulnerabilities

HSC LiveCart Multiple Cross-Site Scripting Vulnerabilities LiveCart is a new PHP/MySQL powered shopping cart software developed by Integry Systems. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2007/12/05 12:0 a.m.92 views

PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection

PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2007/10/29 12:0 a.m.92 views

[Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Alert Oracle Database Buffer overflow vulnerability in function MDSYS.SDOCS.TRANSFORM October 29, 2007 Risk Level: High Affected versions: Oracle Database Server versions 8iR3, 9iR1, 9iR2 9.2.0.6 and previous patchsets and 10gR1...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/09/19 12:0 a.m.92 views

b1gmail Cross Site Scripting

b1gmail Cross Site Scripting ============================ Version: 6.3.1 site: http://www.b1gmail.de Profile: Cross Site Scripting Method: POST location:hilfe.php strings: "+onmouseover=alert1898233298+ http://site.com/hilfe.php?chapter="+onmouseover=alert1898233298+ credits: malibu.r...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2007/08/10 12:0 a.m.92 views

[ECHO_ADV_83$2007] PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability

ECHOADV83$2007 ----------------------------------------------------------------------------------------- ECHOADV83$2007 PhpHostBot = 1.06 svrrootscript Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2007/08/01 12:0 a.m.92 views

Mozilla Foundation Security Advisory 2007-27

Mozilla Foundation Security Advisory 2007-27 Title: Unescaped URIs passed to external programs Impact: Critical Announced: July 30, 2007 Reporter: Jesper Johansson Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.6 Thunderbird 2.0.0.6 Thunderbird 1.5.0.13 SeaMonkey 1.1.4...

9.3CVSS0.6AI score0.05699EPSS
Exploits0
securityvulns
securityvulns
added 2007/06/26 12:0 a.m.92 views

Ingres stack overflow in uuid_from_char function

======= Summary ======= Name: Stack overflow in uuidfromchar function Release Date: 25 June 2007 Reference: NGS00388 Discover: Chris Anley [email protected] Vendor: Ingres Vendor Reference: Ingres bug 115911, CVE-2007-3338, CAID 35452 Systems Affected: Ingres 2006 9.0.4 and prior Risk: High...

10CVSS0.1AI score0.06673EPSS
Exploits8
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.92 views

Microsoft Security Bulletin MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)

Microsoft Security Bulletin MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 934233 Published: May 8, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Excel Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...

9.3CVSS0.31546EPSS
Exploits4
securityvulns
securityvulns
added 2007/05/02 12:0 a.m.92 views

GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability

By Cr@zyKing [email protected] Biyosecurity.Net & Expw0rm.Com Thanks : Liz0 & DarkXBoyZ & Eno7 & ApAci & Uyuss & CrackersChild & Th343k1R & Xoron & Ajannn Portal : GHH Wersion : 1.1 GHH Portal 1.1 passwd.txt Remote Password Disclosure Vulnerability Demo : http://ghh.sourceforge.net/demo Vuln :...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2007/04/25 12:0 a.m.92 views

[MajorSecurity Advisory #46]Plogger - Session fixation Issue

MajorSecurity Advisory 46Plogger - Session fixation Issue Details ======= Product: Plogger Remote-Exploit: yes Vendor-URL: http://www.plogger.org Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.de Original Advisory:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/04/19 12:0 a.m.92 views

RicarGBooK 1.2.1 (header.php lang) Local File Inclusion Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- RicarGBooK 1.2.1 -=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- Author : Dj7xpl / Dj7xplatYahoodotcom Type : Local File Inclusion Vulnerabilitiy By Cookie...

Exploits0
securityvulns
securityvulns
added 2007/02/02 12:0 a.m.92 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.04826EPSS
Exploits6References4Affected Software10
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.92 views

Aigaion Web Interface remote file inclusion

Software:Web based bibliography management system Download link: http://sourceforge.net/projects/aigaion/ script:basicfunctions.php author: navairum...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/11/10 12:0 a.m.92 views

[SA22803] ProFTPD Unspecified Vulnerability

TITLE: ProFTPD Unspecified Vulnerability SECUNIA ADVISORY ID: SA22803 VERIFY ADVISORY: http://secunia.com/advisories/22803/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: ProFTPD 1.3.x http://secunia.com/product/5430/ DESCRIPTION: Evgeny Legerov has reported a...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/10/23 12:0 a.m.92 views

Lou Portail 1.4.1 Remote|Local File Include Vulnerability

Lou Portail 1.4.1 Class: Remote|Local File Include Vulnerability Patch: Unavailable Published 2006/10/18 Remote: Yes Local: No Type: High Site: http://louportail.free.fr/ Author: MP Contact: [email protected] Vuln Code admin/adminmodule.php: ?... include "$gadminrep/adminutils.$gext"; ...? Vuln 1...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/10/23 12:0 a.m.92 views

JaxUltraBB <= 2.0 (delete.php) Defaced Exploit

!/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2006/10/12 12:0 a.m.92 views

Download-Engine Remote File Include

====================================================================================== Download-Engine Remote File Include ====================================================================================== Info:- Scripts: Download-Engine Download:...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2006/10/05 12:0 a.m.92 views

phpBB Static Topics <= 1.0 [phpbb_root_path] Remote File Include Vulnerability

--------------------------------------------------------------------------- phpBB Static Topics = 1.0 phpbbrootpath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team : hTTp://RST-CREW.net :...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/10/04 12:0 a.m.92 views

HP Ignite-UX Server unauthorized access

No description provided...

2.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/10/02 12:0 a.m.92 views

[Full-disclosure] Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]

Title: Microsoft Internet Information Services UTF-7 XSS Vulnerability http://www.geocities.jp/ptrssec/advisory09e.html + Date: 1 October 2006 + Author: Eiji James Yoshida [email protected] + Risk: Medium + Vulnerable: Internet Information Services + Overview: Using UTF-7 encoded URLs, IIS...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/09/29 12:0 a.m.92 views

phpsecurepages (cfgProgDir) Remote File Include Vulnerability

============================================================================================== phpsecurepages cfgProgDir Remote File Include Vulnerability =============================================================================================== Critical Level : Dangerous Download from :...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2006/09/28 12:0 a.m.92 views

[SA22122] PhotoStore Cross-Site Scripting Vulnerabilities

TITLE: PhotoStore Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA22122 VERIFY ADVISORY: http://secunia.com/advisories/22122/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: PhotoStore 2.x http://secunia.com/product/12118/ DESCRIPTION: meto5757 has...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/09/14 12:0 a.m.92 views

Mailman 2.1.8 Multiple Security Issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0013 - Public Advisory +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Mailman 2.1.8 Multiple Security Issues +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Sep 13, 2006 PUBLISHED AT...

6.8CVSS0.06425EPSS
Exploits1
securityvulns
securityvulns
added 2006/09/06 12:0 a.m.92 views

ACGV News <= v0.9.1 (PathNews) Remote File Inclusion Exploit

============================================================================================== ACGV News = v0.9.1 PathNews Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2006/08/18 12:0 a.m.92 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2006/07/28 12:0 a.m.92 views

[Full-disclosure] [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released

Apache HTTP Server 2.2.3 Released The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 2.2.3 of the Apache HTTP Server "Apache". This version of Apache is principally a bug and security fix release. The following potential security flaws...

7.6CVSS0.1AI score0.96436EPSS
Exploits20
securityvulns
securityvulns
added 2006/02/13 12:0 a.m.92 views

[Full-disclosure] URL filter bypass in Fortinet

URL filter bypass in Fortinet Severity: Low Impact: Bypass Fortinet web filter Vulnerabilty type: Design error Affected products: FortiGate v2.8 CVE reference: CAN-2005-3058 Vulnerability Description: ------------------------- It is possible to bypass Fortinet URL blocker by making special HTTP...

7.5CVSS0.03101EPSS
Exploits1
securityvulns
securityvulns
added 2005/08/29 12:0 a.m.92 views

Multiple BFCommand & Control Server Manager game servers management utility vulnerabilities

Authentication bypass, privilege escalation, DoS...

3.9AI score
Exploits0References1
securityvulns
securityvulns
added 2005/08/17 12:0 a.m.92 views

[Full-disclosure] Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access Revision 1.0 For Public Release 2005 August 17 1600 UTC GMT +------------------------------------------------------------------------------ Contents ======== Summary Affected...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2005/08/16 12:0 a.m.92 views

Vulnerability found in CPAINT Ajax Toolkit

I am the original author of the CPAINT Ajax Toolkit http://cpaint.sourceforge.net/. Last night we found a vulnerability affecting all versions of CPAINT prior to v1.3-SP which is the patched version of the software that can allow a user with malicious intent to execute server or ASP/PHP commands...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2005/03/20 12:0 a.m.92 views

[NT] Magic Winmail Server's Multiple Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Exploits0
Total number of security vulnerabilities5000