Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2005/12/04 12:0 a.m.90 views

eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities

Site: http://www.phpbbstyles.com/ 1. Remote File Content Disclosure http://forum/admin/xsedit.php?edit=../../../../etc/passwd 2. Full Path Disclosure http://forum/admin/xsedit.php?edit=&viewbackup=1 http://wtf.bz/...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/08/09 12:0 a.m.90 views

Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer (896727)

Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer 896727 Issued: August 9, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

7.5CVSS0.9AI score0.48513EPSS
Exploits4
securityvulns
securityvulns
added 2005/08/09 12:0 a.m.90 views

FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover,possible remote code execution

FunkBoard V0.66CF possibly prior versions cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution software: author site: http://www.pathtofunkboard.co.uk/ xss:...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2005/02/09 12:0 a.m.90 views

[VulnWatch] CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability

Core Security Technologies Advisory http://www.coresecurity.com MSN Messenger PNG Image Parsing Vulnerability Date Published: 2005-02-08 Last Update: 2005-02-08 Advisory ID: CORE-2004-0819 Bugtraq ID: None currently assigned. CVE Name: CAN-2004-0597 Title: MSN Messenger PNG Image Parsing...

10CVSS6.9AI score0.82537EPSS
Exploits1
securityvulns
securityvulns
added 2004/09/10 12:0 a.m.90 views

Просмотр файлов в Search Engine & Directory Powered by Turbo Seek от FocalMedia.Net

Здравствуйте, 3APA3A. нашел новую узвимость. Просмотр файлов в Search Engine & Directory Powered by Turbo Seek от FocalMedia.Net Software / Application - Search Engine & Directory Powered by Turbo Seek Problem-Type - удаленная Vulnerability - возможность чтения файлов. Vendor - FocalMedia.Net...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2003/11/14 12:0 a.m.90 views

Web Wiz Forums ver. 7.01

Informations : °°°°°°°°°°°° Language : ASP Bugged Version : Web Wiz Forums ver. 7.01 and less ? Website : http://www.webwizforums.com Problems : Permanent XSS Objects : °°°°°°° - registernewuser.asp - register.asp The values variable are not filtered: strLocation = Request.Form"location" strMessa...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/10/01 12:0 a.m.90 views

DCP Portal - 5.5 holes

Never use this product if you have turned off magicquotesgpc. And this product won't work anyway if you have turned off registerglobals. All the files in the product, dont check for integrity of variables. You can easily exploit this using some SQL Injection techniques. For example, if you want t...

8.6AI score
Exploits0
securityvulns
securityvulns
added 2003/05/08 12:0 a.m.90 views

Microsoft Security Bulletin MS03-017: Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)

-----BEGIN PGP SIGNED MESSAGE----- - -------------------------------------------------------------------- Title: Flaw in Windows Media Player Skins Downloading could allow Code Execution 817787 Date: 07 May 2003 Software: Microsoft Windows Media Player 7.1 Microsoft Windows Media Player for Windo...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2002/11/21 12:0 a.m.90 views

Microsoft Security Bulletin MS02-065: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution Q329414 Date: 20 November, 2002 Software: Microsoft Data Access Components MDAC 2.1 Microsoft Data...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2002/08/20 12:0 a.m.90 views

[Mantis Advisory/2002-04] Arbitrary code execution vulnerability in Mantis

Mantis Advisory/2002-04 Arbitrary code execution vulnerability in Mantis 0. Table of Contents 1. Introduction 2. Summary / Impact analysis 3. Affected versions 4. Workaround / Solution 5. Detailed explanation 6. Credit 7. Contact details 1. Introduction Mantis is an Open Source web-based...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2002/08/08 12:0 a.m.90 views

Security Advisory: Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability Revision 1.0 For Public Release 2002 August 07 UTC 1500 Contents Summary Affected Products Details Impact Software Versions and Fixes Obtaining Fixed...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2002/01/31 12:0 a.m.90 views

Security Bulletin MS02-001

Title: Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Date: 30 January 2002 Software: Windows NT 4.0, Windows 2000 Impact: Privilege Elevation Max Risk: Moderate Bulletin: MS02-001 Microsoft encourages customers to review the Security Bulletin at:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2002/01/31 12:0 a.m.90 views

[ WWWThreads, UBBThreads ] Security Hole in upload system

WWWThreads, UBBThreads Security Hole in upload system Author: RootExtractor, CompuMe [email protected], [email protected] I. Details II. Vulnerable ver's III. Example, Xploit IV. Solution Details : ..: config.inc.php :.. ------------------------- snip ------------------------------ //...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/05/15 12:0 a.m.90 views

NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability

NSFBUGTRAQOCUS Security AdvisorySA2001-02 Topic: Microsoft IIS CGI Filename Decode Error Vulnerability Release DateЈє 2001-5-15 CVE Candidate Numbers: CAN-2001-0333 BUGTRAQ ID : 2708 Affected system: ================ - Microsoft IIS 4.0 - Microsoft IIS 5.0 Not affected system: ===================...

7.5CVSS6.2AI score0.9077EPSS
Exploits8
securityvulns
securityvulns
added 2001/05/12 12:0 a.m.90 views

Vulnerabilty in TYPsoft FTP server

Vulnerabilty in TYPsoft FTP server v0.95 Overview: TYPsoft FTP Server is a freeware ftp server available from http://typsoft.n3.net . Affected systems: FTP server v0.95 - 0.93 and probably prior versions for Windows 95/98/NT/2000/ME Description: An attacker with anonymous access to the ftp server...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2001/04/18 12:0 a.m.90 views

[SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service

FSC Internet Corp. / SecureXpert Labs Advisory SX-20010320-2b This is a follow-up to: SX-20010320-2 Denial of Service in Microsoft ISA server v1.0 Several individuals have pointed out an easier exploit scenario for this vulnerability, which additionally does NOT require the Web Publishing feature...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2001/02/10 12:0 a.m.90 views

[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability

CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable:...

10CVSS0.1AI score0.32416EPSS
Exploits1
securityvulns
securityvulns
added 2000/09/14 12:0 a.m.90 views

Win2k Telnet.exe malicious server vulnerability

Microsoft was informed of this problem with exploit over a month ago. I received some token responses right after emailing them, but have heard nothing since. If they have released an advisory of their own yet, I have not seen it. I informed them up-front that I would release a full-disclosure...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/06/10 12:0 a.m.90 views

Security Bulletin (MS00-040)

Patch Available for "Remote Registry Access Authentication" Vulnerability Originally posted: June 08, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Windows NT 4.0. Under certain conditions, the vulnerability could be used to cause a...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.89 views

Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin

Vulnerability title: Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7669 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details:...

7.5CVSS1.2AI score0.07055EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.89 views

Openfire 3.10.2 CSRF Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt Vendor: ================================ www.igniterealtime.org/projects/openfire www.igniterealtime.org/downloads/index.jsp Product: ================================...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.89 views

[SECURITY] [DSA 3369-1] zendframework security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3369-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini October 06, 2015 https://www.debian.org/security/faq -...

7.2CVSS2AI score0.00381EPSS
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.89 views

Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting

Enigmail: ????? ????? ????????? ?? ???? ??????????? ??? ????????? Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself. This is NOT the case, but...

6.3AI score0.01681EPSS
Exploits0
securityvulns
securityvulns
added 2015/10/19 12:0 a.m.89 views

[USN-2772-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2772-1 October 16, 2015 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities ========================================================================== A security issue affects these...

6.4CVSS8.1AI score0.05045EPSS
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.89 views

[USN-2720-1] Django vulnerability

========================================================================== Ubuntu Security Notice USN-2720-1 August 18, 2015 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

5CVSS0.1AI score0.05163EPSS
Exploits0
securityvulns
securityvulns
added 2015/07/26 12:0 a.m.89 views

[SECURITY] [DSA 3313-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2015 https://www.debian.org/security/faq -...

7.8CVSS1.7AI score0.06267EPSS
Exploits4
securityvulns
securityvulns
added 2015/07/13 12:0 a.m.89 views

[USN-2668-1] HAProxy vulnerability

========================================================================== Ubuntu Security Notice USN-2668-1 July 07, 2015 haproxy vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

5CVSS0.3AI score0.04274EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.89 views

[SECURITY] [DSA 3278-1] libapache-mod-jk security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3278-1 [email protected] http://www.debian.org/security/ Markus Koschany June 03, 2015 http://www.debian.org/security/faq -...

5CVSS1.8AI score0.07109EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.89 views

Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1

Affected software: GoAhead Web Server Affected versions: 3.0.0 - 3.4.1 3.x.x series before 3.4.2 CVE ID: CVE-2014-9707 Description: The server incorrectly normalizes HTTP request URIs that contain path segments that start with a "." but are not entirely equal to "." or ".." eg. ".x". By sending a...

7.5CVSS7.2AI score0.28417EPSS
Exploits4
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.89 views

Pligg CMS 2.0.2 - Stored XSS

Hi Team, Affected Vendor: http://pligg.com/ Date: 23/04/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Persistent XSS Tested on: Windows 8.1 Product: Pligg CMS Version: 2.0.2 Tested Link: http://localhost/pligg/admin/adminpage.php Description: Pligg CMS is a content management...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.89 views

[SECURITY] [DSA 3249-1] jqueryui security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3249-1 [email protected] http://www.debian.org/security/ Sebastien Delafond May 03, 2015 http://www.debian.org/security/faq -...

4.3CVSS1.4AI score0.18351EPSS
Exploits1
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.89 views

[USN-2539-1] Django vulnerabilities

========================================================================== Ubuntu Security Notice USN-2539-1 March 23, 2015 python-django vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivative...

5CVSS0.6AI score0.05026EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/04 12:0 a.m.89 views

Grindr 2.1.1 iOS Bug Bounty #2 - Denial of Service Software Vulnerability

Document Title: =============== Grindr 2.1.1 iOS Bug Bounty 2 - Denial of Service Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1418 Release Date: ============= 2015-05-02 Vulnerability Laboratory ID VL-ID:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2015/03/21 12:0 a.m.89 views

GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server

GDS LABS ALERT: CVE-2015-2080 JetLeak Vulnerability Remote Leakage Of Shared Buffers In Jetty Web Server SYNOPSIS ======== Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data...

5CVSS8.5AI score0.74881EPSS
Exploits16
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.89 views

[USN-2476-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2476-1 January 26, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

7.5CVSS1.9AI score0.04339EPSS
Exploits0
securityvulns
securityvulns
added 2015/01/25 12:0 a.m.89 views

REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability

================================================================================ REWTERZ-20140102 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Enumeration Vulnerability Product: ServiceDesk...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.89 views

[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0

Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL parameters...

4.3CVSS5.5AI score0.01221EPSS
Exploits2
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.89 views

SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower

SEC Consult Vulnerability Lab Security Advisory 20150113-1 ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.2 fixed version: =2.0.5 impact: high homepage:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.89 views

Alienvault OSSIM/USM Command Execution Vulnerability

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: =4.14.X Fixed Version: 4.15.0 Summary ======= Alienvault OSSIM is an open source SIEM solution designed to collect and correlate log data. T...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2014/12/23 12:0 a.m.89 views

PHP security vulnerabilities

Use-after-free in unserialize...

10CVSS2.5AI score0.53166EPSS
Exploits8References1Affected Software1
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.89 views

[SECURITY] [DSA 3100-1] mediawiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3100-1 [email protected] http://www.debian.org/security/ Sebastien Delafond December 12, 2014 http://www.debian.org/security/faq -...

7.5CVSS0.7AI score0.01965EPSS
Exploits1
securityvulns
securityvulns
added 2014/12/11 12:0 a.m.89 views

[SECURITY] [DSA 3093-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3093-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 08, 2014 http://www.debian.org/security/faq -...

6.1CVSS0.9AI score0.0523EPSS
Exploits2
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.89 views

CVE-2014-4331 OctavoCMS reflected XSS vulnerability

This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter. Current release on their demo site is vulnerable, same as other few sites I could find. PoC:...

0.5AI score0.01854EPSS
Exploits2
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.89 views

[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-033: SAP Business Warehouse Missing Authorization Check 1. Impact on Business ===================== By exploiting this vulnerability an authenticated attacker will be able to abuse of functionality that should be...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.89 views

Reflected Cross-Site Scripting (XSS) in BlackCat CMS

Advisory ID: HTB23228 Product: BlackCat CMS Vendor: Black Cat Development Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: August 13, 2014 without technical details Vendor Notification: August 13, 2014 Vendor Patch: August 13, 2014 Public Disclosure:...

4.3CVSS6.4AI score0.02041EPSS
Exploits3
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.89 views

Barracuda Networks Firewall / Web Firewall / Spam&Virus Firewall security vulnerabilities

XSS, restrictions bypass...

2.1AI score0.16868EPSS
Exploits2References8Affected Software3
securityvulns
securityvulns
added 2014/08/24 12:0 a.m.89 views

CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3524 OpenOffice Calc Command Injection Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 4.1.0 and older on Windows. OpenOffice.org versions may also be affected. Description: The...

9.3CVSS1.3AI score0.14596EPSS
Exploits0
securityvulns
securityvulns
added 2014/07/22 12:0 a.m.89 views

CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure

Product: Nessus Vendor: Tenable Network Security? Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 potentially lower Vendor Notified Date: June 24, 2014 Vendor Resolved Date: June 25, 2014 Release Date: July 18, 2014 Risk: Medium Authentication: Not Required Remote: Yes Description: A parameter tamperi...

5CVSS0.4AI score0.017EPSS
Exploits2
securityvulns
securityvulns
added 2014/06/17 12:0 a.m.89 views

[oss-security] CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities()

Hi, We found an infoleak vulnerability in the ioctl mediaenumentities that allows to disclose 200 bytes the kernel process' stack. The vulnerability is exploitable on versions up to linux-3.15-rc3 by local users with read access to /dev/media0. Linux distributions ship with chmod 600 /dev/media0...

1.7CVSS0.8AI score0.01121EPSS
Exploits2
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.89 views

CS and XSS vulnerabilities in DZS Video Gallery for WordPress

Hello 3APA3A! There are Content Spoofing and Cross-Site Scripting vulnerabilities in plugin DZS Video Gallery for WordPress. After I announced multiple vulnerabilities in DZS Video Gallery at 08.05.2014 and informed developers, they ignored it, so the second advisory is going directly to full...

0.4AI score
Exploits0
Total number of security vulnerabilities5000