Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2009/04/13 12:0 a.m.92 views

[SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1770-1 [email protected] http://www.debian.org/security/ Steffen Joeris April 13, 2009 http://www.debian.org/security/faq -...

4.3CVSS1.6AI score0.01604EPSS
Exploits1
securityvulns
securityvulns
added 2009/04/03 12:0 a.m.92 views

Q2 Solutions ConnX - SQL Injection Vulnerability

aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 03-Apr-2009 Software: Q2 Solutions - ConnX http://www.q2solutions.com.au/ "ConnX is a ready built internet/intranet solution that empowers employees and management to view and update HR and Payroll...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2009/04/01 12:0 a.m.92 views

Mozilla Foundation Security Advisory 2009-13

Mozilla Foundation Security Advisory 2009-13 Title: Arbitrary code execution via XUL tree element Impact: Critical Announced: March 27, 2009 Reporter: Nils Products: Firefox Fixed in: Firefox 3.0.8 Description Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL...

9.3CVSS0.4AI score0.0649EPSS
Exploits2
securityvulns
securityvulns
added 2009/03/24 12:0 a.m.92 views

PostgreSQL DoS

Stack overflow on error message conversion...

4CVSS4.5AI score0.10242EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2009/01/28 12:0 a.m.92 views

ACROS Security: HTML Injection in BEA (Oracle) WebLogic Server Console (ASPR #2009-01-27-1)

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2009-01-27-1 ------------------------------------------------------------------------- ASPR 2009-01-27-1: HTML Injection in BEA WebLogic Server Console...

Exploits0
securityvulns
securityvulns
added 2009/01/14 12:0 a.m.92 views

PHP Buffer Overflow(popen)

Apache 2.2.11/PHP 5.2.8 Buffer Overflow Exploit popen func Type: Remote and Local Requirements for exploit: popen enabled. By: e.wiZz! Enes Muљi [email protected] PHP Popen function overview: Popen function in php opens a pipe to a process executed by forking the command given by command. It was...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2008/12/18 12:0 a.m.92 views

Mozilla Foundation Security Advisory 2008-63

Mozilla Foundation Security Advisory 2008-63 Title: User tracking via XUL persist attribute Impact: Low Announced: December 16, 2008 Reporter: Hish Products: Firefox Fixed in: Firefox 3.0.5 Description Security researcher Hish reported that the persist attribute in XUL elements can be used to sto...

5CVSS0.2AI score0.02295EPSS
Exploits0
securityvulns
securityvulns
added 2008/12/10 12:0 a.m.92 views

Microsoft Security Bulletin MS08-072 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)

Microsoft Security Bulletin MS08-072 - Critical Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution 957173 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves eight privately reported vulnerabilities in Microsoft Offi...

9.3CVSS0.2AI score0.38057EPSS
Exploits0
securityvulns
securityvulns
added 2008/08/26 12:0 a.m.92 views

Multiple Vulnerabilities in AWStats Totals

Emory University UTS Security Advisory EMORY-2008-01 Topic: Multiple Vulnerabilities in AWStats Totals Original release date: August 26, 2008 SUMMARY ======= Telartis's AWStats Totals program is vulnerable to command execution and cross site scripting attacks. A remote attacker could exploit thes...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2008/07/10 12:0 a.m.92 views

iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability

iDefense Security Advisory 07.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 08, 2008 I. BACKGROUND SQL Server is Microsoft's database server product. It supports the restoration and inspection of backups via SQL statements. For more information see the vendor's website found at...

9CVSS0.5AI score0.34539EPSS
Exploits1
securityvulns
securityvulns
added 2008/06/26 12:0 a.m.92 views

Multiple vulnerabilities in TietoEnator's Procapita school administration system, at least version "842 Procapita 840SP1"

Product: Procapita school administration system Vendor: TietoEnator Abp Vulnerable versions: unknown Impact: high Found: months ago The login screens of the school administration database system, "login.asp" and "inloggning.asp", as used in an unnammed school district in Finland, contain SQL...

8.2AI score
Exploits0
securityvulns
securityvulns
added 2008/06/14 12:0 a.m.92 views

Exploit for vBulletin "obscure" XSS (3.7.1 & 3.6.10)

====================================================================== Advisory : Exploit for vBulletin "obscure" XSS Release Date : June 13th 2008 Application : vBulletin Version : vBulletin 3.7.1 and lower, vBulletin 3.6.10 and lower Platform : PHP Vendor URL : http://www.vbulletin.com/ Authors...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2008/05/02 12:0 a.m.92 views

[SECURITY] [DSA 1565-1] New Linux 2.6.18 packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1565-1 [email protected] http://www.debian.org/security/ dann frazier May 1, 2008 http://www.debian.org/security/faq -...

7.8CVSS0.1AI score0.02589EPSS
Exploits4
securityvulns
securityvulns
added 2008/04/03 12:0 a.m.92 views

Webwasher Denial of Service Vulnerability

Credit: The disclosure of this issue has been credited to National Australia Bank Security Assurance. Vulnerable: Secure Computing Webwasher 6.6.3 build 3102 and older versions running on CGLinux 4/5, RHEL 4, Debian 4, SLES10 Not vulnerable: Secure Computing Webwasher Builds 3150 and newer all...

1AI score
Exploits0
securityvulns
securityvulns
added 2008/03/20 12:0 a.m.92 views

IBM Rational ClearQuest Web Multiple XSS Vulnerabilities

IBM Rational ClearQuest Web Multiple XSS CVE-2007-4592 Discovered on 07-24-07 by sasquatch of SecureState - www.securestate.com Multiple cross site scripting vulnerabilities exist within IBM's Rational ClearQuest Web interface. VULNERABLE VARIABLES: ===================== contextid query string...

4.3CVSS0.3AI score0.04495EPSS
Exploits2
securityvulns
securityvulns
added 2008/02/12 12:0 a.m.92 views

Microsoft Security Bulletin MS08-005 – Important Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)

Microsoft Security Bulletin MS08-005 – Important Vulnerability in Internet Information Services Could Allow Elevation of Privilege 942831 Published: February 12, 2008 Version: 1.0 General Information Executive Summary This important update resolves a privately reported vulnerability in Internet...

7.2CVSS1.1AI score0.05405EPSS
Exploits1
securityvulns
securityvulns
added 2008/01/21 12:0 a.m.92 views

BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include

Name : BLOG:CMS 4.2.1.c DIRPLUGINS Multiple Remote File Include Download From : http://dfn.dl.sourceforge.net/sourceforge/blogcms/blogcms.4.2.1.c.7z Or Here http://blogcms.com Found By : RoMaNcYxHaCkEr We Are H-T TeaM Houssamix - ToXiC Home Page : Not Yet : Tryag.cc/cc No-Hack.net V99x.com/vb...

Exploits0
securityvulns
securityvulns
added 2008/01/02 12:0 a.m.92 views

LiveCart Multiple Cross-Site Scripting Vulnerabilities

HSC LiveCart Multiple Cross-Site Scripting Vulnerabilities LiveCart is a new PHP/MySQL powered shopping cart software developed by Integry Systems. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2007/12/05 12:0 a.m.92 views

PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection

PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2007/10/04 12:0 a.m.92 views

Cart32 Arbitrary File Download Vulnerability

======================================================================== = Cart32 Arbitrary File Download Vulnerability = = Vendor Website: = http://www.cart32.com = = Affected Version: = -- All releases prior to and including v6.3 = = Public disclosure on Thursday 4th October 2007 =...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/08/10 12:0 a.m.92 views

[ECHO_ADV_83$2007] PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability

ECHOADV83$2007 ----------------------------------------------------------------------------------------- ECHOADV83$2007 PhpHostBot = 1.06 svrrootscript Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2007/07/27 12:0 a.m.92 views

Multiple Encase vulnerabilities

Memory corruptions on processing of corrupted files and filesystems...

2AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2007/07/27 12:0 a.m.92 views

IBM AIX utilities multiple security vulnerabilities

Multiple suid root ftp client buffer overflow, dynamic library loading via -R command line argument in pioout, buffer overflow with terminal control sequences in capture...

6.9CVSS3.7AI score0.03496EPSS
Exploits4References3Affected Software1
securityvulns
securityvulns
added 2007/06/26 12:0 a.m.92 views

Ingres stack overflow in uuid_from_char function

======= Summary ======= Name: Stack overflow in uuidfromchar function Release Date: 25 June 2007 Reference: NGS00388 Discover: Chris Anley [email protected] Vendor: Ingres Vendor Reference: Ingres bug 115911, CVE-2007-3338, CAID 35452 Systems Affected: Ingres 2006 9.0.4 and prior Risk: High...

10CVSS0.1AI score0.06673EPSS
Exploits8
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.92 views

Microsoft Security Bulletin MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)

Microsoft Security Bulletin MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 934233 Published: May 8, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Excel Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...

9.3CVSS0.31546EPSS
Exploits4
securityvulns
securityvulns
added 2007/05/02 12:0 a.m.92 views

GHH Portal 1.1 (passwd.txt) Remote Password Disclosure Vulnerability

By Cr@zyKing [email protected] Biyosecurity.Net & Expw0rm.Com Thanks : Liz0 & DarkXBoyZ & Eno7 & ApAci & Uyuss & CrackersChild & Th343k1R & Xoron & Ajannn Portal : GHH Wersion : 1.1 GHH Portal 1.1 passwd.txt Remote Password Disclosure Vulnerability Demo : http://ghh.sourceforge.net/demo Vuln :...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2007/04/25 12:0 a.m.92 views

[MajorSecurity Advisory #46]Plogger - Session fixation Issue

MajorSecurity Advisory 46Plogger - Session fixation Issue Details ======= Product: Plogger Remote-Exploit: yes Vendor-URL: http://www.plogger.org Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.de Original Advisory:...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/04/19 12:0 a.m.92 views

RicarGBooK 1.2.1 (header.php lang) Local File Inclusion Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- RicarGBooK 1.2.1 -=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- Author : Dj7xpl / Dj7xplatYahoodotcom Type : Local File Inclusion Vulnerabilitiy By Cookie...

Exploits0
securityvulns
securityvulns
added 2006/12/25 12:0 a.m.92 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.5AI score0.01621EPSS
Exploits1References18Affected Software26
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.92 views

Aigaion Web Interface remote file inclusion

Software:Web based bibliography management system Download link: http://sourceforge.net/projects/aigaion/ script:basicfunctions.php author: navairum...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/10/12 12:0 a.m.92 views

Download-Engine Remote File Include

====================================================================================== Download-Engine Remote File Include ====================================================================================== Info:- Scripts: Download-Engine Download:...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2006/10/05 12:0 a.m.92 views

phpBB Static Topics <= 1.0 [phpbb_root_path] Remote File Include Vulnerability

--------------------------------------------------------------------------- phpBB Static Topics = 1.0 phpbbrootpath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team : hTTp://RST-CREW.net :...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2006/09/29 12:0 a.m.92 views

phpsecurepages (cfgProgDir) Remote File Include Vulnerability

============================================================================================== phpsecurepages cfgProgDir Remote File Include Vulnerability =============================================================================================== Critical Level : Dangerous Download from :...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2006/08/18 12:0 a.m.92 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2006/07/28 12:0 a.m.92 views

[Full-disclosure] [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released

Apache HTTP Server 2.2.3 Released The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 2.2.3 of the Apache HTTP Server "Apache". This version of Apache is principally a bug and security fix release. The following potential security flaws...

7.6CVSS0.1AI score0.96436EPSS
Exploits20
securityvulns
securityvulns
added 2005/08/16 12:0 a.m.92 views

Vulnerability found in CPAINT Ajax Toolkit

I am the original author of the CPAINT Ajax Toolkit http://cpaint.sourceforge.net/. Last night we found a vulnerability affecting all versions of CPAINT prior to v1.3-SP which is the patched version of the software that can allow a user with malicious intent to execute server or ASP/PHP commands...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2005/03/20 12:0 a.m.92 views

[NT] Magic Winmail Server's Multiple Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Exploits0
securityvulns
securityvulns
added 2003/11/14 12:0 a.m.92 views

Web Wiz Forums ver. 7.01

Informations : °°°°°°°°°°°° Language : ASP Bugged Version : Web Wiz Forums ver. 7.01 and less ? Website : http://www.webwizforums.com Problems : Permanent XSS Objects : °°°°°°° - registernewuser.asp - register.asp The values variable are not filtered: strLocation = Request.Form"location" strMessa...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/04/10 12:0 a.m.92 views

Admin access in GuestBook r4

Product: GuestBook Version: release 4 OffSite: http://www.lasource.r2.ru/ Problem: Admin access -------------------------------------- You may use admin panel. Get the password there: http://target/cgi-bin/guestbook/passwd The password don't crypt : Contacts: www.overg.com www.dwcgr0up.com...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2002/11/09 12:0 a.m.92 views

Simple Web Server protected files access

URL http://server.com///secret/file allows protected file access...

2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/08/15 12:0 a.m.92 views

mantisbt security flaw

Hi, Mantis is php/MySQL/web based bug tracking system, available at http://mantisbt.sourceforge.net/. It currently suffers from a classical PHP bad coding practice altough i would bet on distraction for this particular situation , that may result on remote command execution via a include file...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2002/02/27 12:0 a.m.92 views

Multiple PHP Vulnerabilities - Remote Compromise Exploit in Circulation

Internet Security Systems Security Alert February 27, 2002 Multiple PHP Vulnerabilities: Remote Compromise Exploit in Circulation Synopsis: ISS X-Force has learned of multiple buffer overflow vulnerabilities present in the PHP Hypertext Preprocessor scripting language. PHP is a popular server-sid...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/01/31 12:0 a.m.92 views

Security Bulletin MS02-001

Title: Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Date: 30 January 2002 Software: Windows NT 4.0, Windows 2000 Impact: Privilege Elevation Max Risk: Moderate Bulletin: MS02-001 Microsoft encourages customers to review the Security Bulletin at:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/11/13 12:0 a.m.92 views

An Analysis of the RADIUS Authentication Protocol

An Analysis of the RADIUS Authentication Protocol by Joshua Hill, InfoGard Laboratories www.infogard.com Last Modified Mon Nov 12 16:12:53 PST 2001 A current HTML version of this paper can be found at: http://www.untruth.org/josh/security/radius Please send comments to [email protected] 1...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2001/09/07 12:0 a.m.92 views

NetBSD Security Advisory 2001-015: Insufficient checking of lengths passed to kernel

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2001-015 ================================= Topic: Insufficient checking of lengths passed from userland to kernel Version: NetBSD-current: source prior to August 5, 2001 NetBSD-1.5.1: affected NetBSD-1.5: affected NetBSD-1.4.: affected...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2001/04/11 12:0 a.m.93 views

CGI - nph-maillist.pl vulnerability...

Hello BuGReaders... Script: nph-maillist.plcgi Introduction: cat from source .................................................................... Created by: Matt Tourtillott URL: www.marketrends.net email [email protected] The email list generator is a web interfaced script that allows the...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2001/02/17 12:0 a.m.92 views

WEBactive HTTP Server 1.0 Directory Traversal

Introduction: ITAfrica's WEBactive HTTP Server 1.00 is an HTTP/1.00-compliant World Wide Web server daemon for Windows 95 or Windows NT, specifically designed for the SOHO Small Office/Home environment. It will operate on any TCP/IP connection to the Internet, whether via temporary dial- up or...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2000/11/08 12:0 a.m.92 views

Explanation Authentix Input Validation Error

Hi there, Yesterday I posted an advisory concerning a bug in Authentix that would allow users to bypass authentification. When I contacted the vendor about this they were very responsive and after some emails going here and there we agreed to postpone the bugtraq-posting for two weeks and give th...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2000/08/22 12:0 a.m.92 views

Security Bulletin (MS00-059)

Microsoft Security Bulletin MS00-059 - -------------------------------------- Patch Available for "Java VM Applet" Vulnerability Originally posted: August 21, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoftr virtual machine Microsoft V...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2000/07/28 12:0 a.m.92 views

[COVERT-2000-09] Windows NetBIOS Name Conflicts

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Network Associates, Inc. COVERT Labs Security Advisory July 27, 2000 Windows NetBIOS Name Conflicts COVERT-2000-09 o Synopsis The Microsoft Windows implementation of NetBIOS allows an unsolicited UDP datagram to remotely deny access to services offere...

0.7AI score
Exploits0
Total number of security vulnerabilities5000