Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2001/05/10 12:0 a.m.91 views

Advisory for A1Stats

Advisory for A1Stats A1Stats is made by Drummond Miles Site: http://www.gadnet.com/a1stats by nemesystm of the DHC http://dhcorp.cjb.net - [email protected] ADV-0114 /-|=explanation=|- A1Stats is a CGI package to track website traffic. The package has a view files bug and also gives the...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2001/04/11 12:0 a.m.92 views

CGI - nph-maillist.pl vulnerability...

Hello BuGReaders... Script: nph-maillist.plcgi Introduction: cat from source .................................................................... Created by: Matt Tourtillott URL: www.marketrends.net email [email protected] The email list generator is a web interfaced script that allows the...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2001/02/10 12:0 a.m.91 views

[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability

CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable:...

10CVSS0.1AI score0.32416EPSS
Exploits1
securityvulns
securityvulns
added 2000/12/02 12:0 a.m.91 views

[SECURITY] [DSA-001-1] ed symlink attack

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory 001-1 [email protected] http://www.debian.org/security/ Wichert Akkerman November 29, 2000 -...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2000/11/08 12:0 a.m.91 views

Explanation Authentix Input Validation Error

Hi there, Yesterday I posted an advisory concerning a bug in Authentix that would allow users to bypass authentification. When I contacted the vendor about this they were very responsive and after some emails going here and there we agreed to postpone the bugtraq-posting for two weeks and give th...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2000/09/15 12:0 a.m.91 views

Security Bulletin (MS00-067)

Microsoft Security Bulletin MS00-067 - --------------------------------------- Patch Available for "Windows 2000 Telnet Client NTLM Authentication" Vulnerability Originally posted: September 14, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2000/08/31 12:0 a.m.91 views

[EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com GoodTech's FTP Server vulnerable to a DoS RNTO ---------------------------------------------------------------------------- SUMMARY...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/08/22 12:0 a.m.91 views

Security Bulletin (MS00-059)

Microsoft Security Bulletin MS00-059 - -------------------------------------- Patch Available for "Java VM Applet" Vulnerability Originally posted: August 21, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoftr virtual machine Microsoft V...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2000/06/15 12:0 a.m.91 views

Security Bulletin (MS00-041)

Microsoft Security Bulletin MS00-041 - -------------------------------------- Patch Available for "DTS Password" Vulnerability Originally posted: June 14, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoftr SQL...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2000/06/10 12:0 a.m.91 views

Security Bulletin (MS00-040)

Patch Available for "Remote Registry Access Authentication" Vulnerability Originally posted: June 08, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Windows NT 4.0. Under certain conditions, the vulnerability could be used to cause a...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2000/05/04 12:0 a.m.91 views

4ward:It's a blue world!

/off topic: please in the list disable or add filter to your auto-reply/ from:http://www.blueworld.com/blueworld/news/05.01.00-FM5Sec urity.html .../... The precise details of how to exploit these holes is minimized to prevent compromising the integrity of all current Internet-accessible FileMake...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2000/04/21 12:0 a.m.91 views

Security Advisory: Cisco IOS Software TELNET Option Handling Vulnerability

Cisco IOS Software TELNET Option Handling Vulnerability Revision 1.0 For public release Thursday 2000/04/20 at 09:00 AM US/Eastern UTC-0400. --------------------------------------------------------------------------- Summary ======= A defect in multiple Cisco IOS software versions will cause a...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2000/03/30 12:0 a.m.91 views

<Антивирус Касперского> получает сертификат Trojan Checkmark

Пресс Релиз Антивирус Касперского получает сертификат Trojan Checkmark Первый российский антивирус гарантированно защищает пользователей от Троянских коней! "Лаборатория Касперского" www.avp.ru, российский лидер в области разработки антивирусных систем безопасности, сообщает, что ее продукты для...

0.7AI score
Exploits0
securityvulns
securityvulns
added 1999/11/07 12:0 a.m.91 views

Interscan VirusWall NT 3.23/3.3 buffer overflow

A buffer overflow exists on the VirusWall smtp gateway - by sending a long HELO command you can overflow the buffer and execute arbitrary code. Example code has been written which will spawn a command prompt on a port you specify. Before you shrug this one off, take a look: Connected to...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.90 views

TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391

Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : Cross-site Scripting Severity : Important Status :...

4.3CVSS7AI score0.00757EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.90 views

[SECURITY] [DSA 3369-1] zendframework security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3369-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini October 06, 2015 https://www.debian.org/security/faq -...

7.2CVSS2AI score0.00381EPSS
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.90 views

Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting

Enigmail: ????? ????? ????????? ?? ???? ??????????? ??? ????????? Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself. This is NOT the case, but...

6.3AI score0.01681EPSS
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.90 views

[USN-2720-1] Django vulnerability

========================================================================== Ubuntu Security Notice USN-2720-1 August 18, 2015 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

5CVSS0.1AI score0.05163EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.90 views

HotExBilling Manager Cross-site scripting (XSS) vulnerability

Title: ==== HotExBilling Manager – Cross-site scripting XSS vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-2781 Date: ==== 12-03-2015 dd/mm/yyyy Vendor: ====== Hotspot Express has been in the billing solution business sinc...

4.3CVSS0.2AI score0.01883EPSS
Exploits2
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.90 views

[SECURITY] [DSA 3238-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...

7.5CVSS0.5AI score0.02702EPSS
Exploits3
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.90 views

[USN-2590-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2590-1 April 30, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.9CVSS0.4AI score0.03052EPSS
Exploits1
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.90 views

[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0

Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL parameters...

4.3CVSS5.5AI score0.01221EPSS
Exploits2
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.90 views

SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower

SEC Consult Vulnerability Lab Security Advisory 20150113-1 ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.2 fixed version: =2.0.5 impact: high homepage:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.90 views

Alienvault OSSIM/USM Command Execution Vulnerability

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: =4.14.X Fixed Version: 4.15.0 Summary ======= Alienvault OSSIM is an open source SIEM solution designed to collect and correlate log data. T...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.90 views

[ MDVSA-2014:253 ] apache-mod_wsgi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:253 http://www.mandriva.com/en/support/security/ Package : apache-modwsgi Date : December 15, 2014 Affected: Business Server 1.0 Problem Description: Updated apache-modwsgi package fixes security...

6.9CVSS6.4AI score0.00403EPSS
Exploits0
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.90 views

[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser

Hi, This is the 6th part of the ManageOwnage series. For previous parts see 1. This time we have two 0 day vulns CVE-2014-6038 and 6039 that can be abused to dump information from the database and obtain the superuser credentials for Windows and AS/400 hosts which are managed by EventLog Analyzer...

8.5AI score0.72757EPSS
Exploits10
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.90 views

Lime Survey 2-05+ Multiple Vulnerabilities

Lime Survey Multiple Vulnerabilities ======================================================================= ADVISORY INFORMATION Title: Lime Survey Multiple Vulnerabilities Discovery date: 02/07/2014 Release date: 03/07/2014 Vendor Homepage: www.limesurvey.org Version: Lime Survey 2.05+ Build...

Exploits0
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.90 views

ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities

ESA-2014-079.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2014-079 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE...

8.5CVSS1AI score0.99977EPSS
Exploits15
securityvulns
securityvulns
added 2014/07/21 12:0 a.m.90 views

[USN-2289-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2289-1 July 17, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

6.9CVSS0.1AI score0.08103EPSS
Exploits12
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.90 views

Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel

Advisory ID: HTB23200 Product: Seo Panel Vendor: www.seopanel.in Vulnerable Versions: 3.4.0 and probably prior Tested Version: 3.4.0 Advisory Publication: January 29, 2014 without technical details Vendor Notification: January 29, 2014 Vendor Patch: May 15, 2014 Public Disclosure: May 16, 2014...

4.3CVSS6.3AI score0.01864EPSS
Exploits3
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.90 views

CS and XSS vulnerabilities in DZS Video Gallery for WordPress

Hello 3APA3A! There are Content Spoofing and Cross-Site Scripting vulnerabilities in plugin DZS Video Gallery for WordPress. After I announced multiple vulnerabilities in DZS Video Gallery at 08.05.2014 and informed developers, they ignored it, so the second advisory is going directly to full...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2014/02/18 12:0 a.m.90 views

Full Disclosure - Linksys EA2700, EA3500, E4200 and EA4500 - Authentication Bypass to Administrative Console

Vulnerable products : Linksys EA2700, EA3500, E4200, EA4500 Vulnerability: Due to an unknown bug, which occurs by every indication during the installation and/or upgrade process, port 8083 will often open, allowing for direct bypass of authentication to the "classic Linksys GUI" administrative...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2014/02/11 12:0 a.m.90 views

CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin

Vulnerability title: Remote Code Execution in Projoom NovaSFH Plugin CVE: CVE-2014-1214 Vendor: Projoom Product: NovaSFH Plugin Version: 3.0.3 Reported by: Yuri Kramarz Details: The PHP executable which is responsible for handling file upload functionality allows arbitrary files to be uploaded to...

0.2AI score0.04317EPSS
Exploits1
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.90 views

[ MDVSA-2014:021 ] perl-Proc-Daemon

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:021 http://www.mandriva.com/en/support/security/ Package : perl-Proc-Daemon Date : January 24, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated perl-Proc-Daemon package...

7.2CVSS6.1AI score0.00379EPSS
Exploits0
securityvulns
securityvulns
added 2014/01/19 12:0 a.m.90 views

CVE-2013-6430 Possible XSS when using Spring MVC

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart [email protected]...

5.8CVSS6.4AI score0.03198EPSS
Exploits1
securityvulns
securityvulns
added 2013/12/23 12:0 a.m.90 views

[USN-2061-1] OpenStack Keystone vulnerability

========================================================================== Ubuntu Security Notice USN-2061-1 December 19, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5.8CVSS0.2AI score0.02239EPSS
Exploits2
securityvulns
securityvulns
added 2013/10/02 12:0 a.m.90 views

Multiple Vulnerabilities in Gnew

Advisory ID: HTB23171 Product: Gnew Vendor: Raoul Proenca Vulnerable Versions: 2013.1 and probably prior Tested Version: 2013.1 Advisory Publication: August 28, 2013 without technical details Vendor Notification: August 28, 2013 Public Disclosure: October 2, 2013 Vulnerability Type: PHP File...

7.5CVSS0.4AI score0.07149EPSS
Exploits7
securityvulns
securityvulns
added 2013/10/02 12:0 a.m.90 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

8.5CVSS1.6AI score0.08749EPSS
Exploits47References13Affected Software10
securityvulns
securityvulns
added 2013/10/01 12:0 a.m.90 views

USN-1976-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1976-1 September 30, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.2CVSS0.5AI score0.0181EPSS
Exploits0
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.90 views

Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities

The Wordpress videowhisper-live-streaming-integration Plugin suffers from a Cross-Site Scripting vulnerability. Iranian Exploit DataBase Forum http://iedb.ir/acc http://iedb.ir Exploit Title : Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities Author : Iranian Exploit...

Exploits0
securityvulns
securityvulns
added 2013/06/17 12:0 a.m.90 views

[USN-1831-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1831-1 May 16, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

2.1CVSS0.6AI score0.00383EPSS
Exploits0
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.90 views

Re: [SE-2012-01] Details of issues fixed by Java SE 7 Update 21

Hello All, We wanted to add the following information to our yesterday post. We've learned that RedHat's Bugzilla associates CVE-2013-1537 1 with the RMI issue allowing for a remote loading and execution of arbitrary Java code on servers 2. It looks that Oracle has finally patched RMI vulnerabili...

10CVSS0.1AI score0.09691EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/24 12:0 a.m.90 views

APPLE-SA-2013-03-14-2 Safari 6.0.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-14-2 Safari 6.0.3 Safari 6.0.3 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2 Impact: Visiting a maliciously crafted website may lead to an...

7.5CVSS0.02195EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/24 12:0 a.m.90 views

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free (MS13-021 / CVE-2013-0087)

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "OnResize" Use-after-free MS13-021 / CVE-2013-0087 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and includ...

9.3CVSS6.8AI score0.18477EPSS
Exploits0
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.90 views

Foswiki Security: Alert CVE-2013-1666 - Remote Code Execution Vulnerability in MAKETEXT macro.

---+ Security Alert: Code injection vulnerability in MAKETEXT macro This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext 1, which Foswiki uses to provide translations when...

7.5CVSS9.9AI score0.61604EPSS
Exploits15
securityvulns
securityvulns
added 2013/01/28 12:0 a.m.90 views

SQL Injection Vulnerability in ImageCMS

Advisory ID: HTB23132 Product: ImageCMS Vendor: www.imagecms.net Vulnerable Versions: 4.0.0b and probably prior Tested Version: 4.0.0b Vendor Notification: December 5, 2012 Vendor Patch: January 16, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

6.5CVSS0.3AI score0.04234EPSS
Exploits7
securityvulns
securityvulns
added 2013/01/28 12:0 a.m.90 views

CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability

Product: DigiLIBE Management Console Vendor: Digitiliti Version: 3.4 - ? Tested Version: 3.4 Vendor Notified Date: October 09, 2012 Release Date: January 18, 2013 Risk: High Authentication: None required Remote: Yes Description: Execution After Redirect vulnerabilities exist in DigiLIBE Managemen...

5CVSS0.9AI score0.06325EPSS
Exploits2
securityvulns
securityvulns
added 2013/01/02 12:0 a.m.90 views

CubeCart 4.4.6 and lower | Local File Inclusion Vulnerability

OVERVIEW CubeCart 4.4.6 and lower versions are vulnerable to Local File Inclusion. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/12/02 12:0 a.m.90 views

NGS000267 Technical Advisory: Symantec Messaging Gateway SSH with backdoor user account plus privilege escalation to root due to very old Kernel

======= Summary ======= Name: Symantec Messaging Gateway - SSH with backdoor user account + privilege escalation to root due to very old Kernel Release Date: 30 November 2012 Reference: NGS00267 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems Affecte...

7.2CVSS0.2AI score0.14749EPSS
Exploits78
securityvulns
securityvulns
added 2012/10/10 12:0 a.m.90 views

Fortigate UTM WAF Appliance - Cross Site Vulnerabilities

Title: ====== Fortigate UTM WAF Appliance - Cross Site Vulnerabilities Date: ===== 2012-09-07 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=559 VL-ID: ===== 559 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= T...

6.7AI score
Exploits0
Total number of security vulnerabilities5000