Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2006/07/24 12:0 a.m.89 views

VBZooM <=V1.11 " reply.php" SQL Injection

=========================================== Discovered By: C.B.B.L CrAzY CrAcKeR ,Breeeeh ,BoNy-m ,LiNuXrOOt =========================================== Search:- POWERED BY: VBZooM V1.11 Example:- /reply.php?UserID=SQL njection...

2.5AI score
Exploits0
securityvulns
securityvulns
added 2006/06/03 12:0 a.m.89 views

VMSA-2006-0002 - VMware Server sensitive information lifetime issue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2006-0002 Synopsis: VMware Server sensitive information lifetime issue Advisory URL:...

4.6CVSS0.1AI score0.00338EPSS
Exploits0
securityvulns
securityvulns
added 2006/05/20 12:0 a.m.89 views

Newswriter v1.0 Remote XSS Exploit

------------------------------------------------------------------ - Newswriter v1.0 Remote XSS Exploit - -= http://colander.altervista.org/advisory/Newswriter.txt =- ------------------------------------------------------------------ -= Newswriter v1.0 =- Omnipresent May 20, 2006 Vunerabilitys:...

Exploits0
securityvulns
securityvulns
added 2006/05/03 12:0 a.m.89 views

Invision Gallery 2.0.6 ( SQL Injection )

left Invision Gallery 2.0.6 SQL Injection File :- modules/gallery/post.php Line :- 943 Bug By :- Devil-00 Welcome Back Security4arab Arabian Security WebSites www.s4a.cc www.securitygurus.net php $this-ipsclass-DB-simpleconstruct array 'select' = 'COUNT AS total', 'from' = 'galleryimages', 'where...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/03/25 12:0 a.m.89 views

[security bulletin] HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00622788 Version: 1 HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as possible...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/03/10 12:0 a.m.89 views

[Full-disclosure] Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.

--Security Report-- Advisory: Jiros Banner Experience Pro Remote Privilege Escalation. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 07/03/06 04:52 AM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Jiros http://www.jiros.net...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2006/02/03 12:0 a.m.89 views

Bug for libs in php link directory 2.0

Program: PHPLD Php link directory Homepage: http://www.phplinkdirectory.com/ Language: PHP Version: 2.0 Php link directory use lib's how adodb, smarthy, phpmailer, etc., etc. but this lib's have bug's. Bugs: ADOdb PostgreSQL SQL Injection Vulnerability http://www.securityfocus.com/bid/16364...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/12/04 12:0 a.m.89 views

eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities

Site: http://www.phpbbstyles.com/ 1. Remote File Content Disclosure http://forum/admin/xsedit.php?edit=../../../../etc/passwd 2. Full Path Disclosure http://forum/admin/xsedit.php?edit=&viewbackup=1 http://wtf.bz/...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2005/08/09 12:0 a.m.89 views

FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover,possible remote code execution

FunkBoard V0.66CF possibly prior versions cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution software: author site: http://www.pathtofunkboard.co.uk/ xss:...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2005/02/09 12:0 a.m.89 views

[VulnWatch] CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability

Core Security Technologies Advisory http://www.coresecurity.com MSN Messenger PNG Image Parsing Vulnerability Date Published: 2005-02-08 Last Update: 2005-02-08 Advisory ID: CORE-2004-0819 Bugtraq ID: None currently assigned. CVE Name: CAN-2004-0597 Title: MSN Messenger PNG Image Parsing...

10CVSS6.9AI score0.82537EPSS
Exploits1
securityvulns
securityvulns
added 2003/10/01 12:0 a.m.89 views

DCP Portal - 5.5 holes

Never use this product if you have turned off magicquotesgpc. And this product won't work anyway if you have turned off registerglobals. All the files in the product, dont check for integrity of variables. You can easily exploit this using some SQL Injection techniques. For example, if you want t...

8.6AI score
Exploits0
securityvulns
securityvulns
added 2003/05/08 12:0 a.m.89 views

Microsoft Security Bulletin MS03-017: Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)

-----BEGIN PGP SIGNED MESSAGE----- - -------------------------------------------------------------------- Title: Flaw in Windows Media Player Skins Downloading could allow Code Execution 817787 Date: 07 May 2003 Software: Microsoft Windows Media Player 7.1 Microsoft Windows Media Player for Windo...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2002/10/03 12:0 a.m.89 views

Multiple Web Security Holes

I sent this three times to webappsec but without resultats. I try so on bugtraq, although that is less appropriate. ----------------------------------------------------- Five products in PHP are vulnerable to various holes. 1 TightAuction Website : http://www.tightprices.com Tested Version : 3.0...

7AI score
Exploits0
securityvulns
securityvulns
added 2002/08/20 12:0 a.m.89 views

[Mantis Advisory/2002-04] Arbitrary code execution vulnerability in Mantis

Mantis Advisory/2002-04 Arbitrary code execution vulnerability in Mantis 0. Table of Contents 1. Introduction 2. Summary / Impact analysis 3. Affected versions 4. Workaround / Solution 5. Detailed explanation 6. Credit 7. Contact details 1. Introduction Mantis is an Open Source web-based...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2002/01/31 12:0 a.m.89 views

[ WWWThreads, UBBThreads ] Security Hole in upload system

WWWThreads, UBBThreads Security Hole in upload system Author: RootExtractor, CompuMe [email protected], [email protected] I. Details II. Vulnerable ver's III. Example, Xploit IV. Solution Details : ..: config.inc.php :.. ------------------------- snip ------------------------------ //...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/05/15 12:0 a.m.89 views

NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability

NSFBUGTRAQOCUS Security AdvisorySA2001-02 Topic: Microsoft IIS CGI Filename Decode Error Vulnerability Release DateЈє 2001-5-15 CVE Candidate Numbers: CAN-2001-0333 BUGTRAQ ID : 2708 Affected system: ================ - Microsoft IIS 4.0 - Microsoft IIS 5.0 Not affected system: ===================...

7.5CVSS6.2AI score0.9077EPSS
Exploits8
securityvulns
securityvulns
added 2001/04/18 12:0 a.m.89 views

[SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service

FSC Internet Corp. / SecureXpert Labs Advisory SX-20010320-2b This is a follow-up to: SX-20010320-2 Denial of Service in Microsoft ISA server v1.0 Several individuals have pointed out an easier exploit scenario for this vulnerability, which additionally does NOT require the Web Publishing feature...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2001/02/10 12:0 a.m.89 views

[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability

CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable:...

10CVSS0.1AI score0.32416EPSS
Exploits1
securityvulns
securityvulns
added 2000/12/02 12:0 a.m.89 views

Security Bulletin MS00-092

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------ Issue: Buffer overrun...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/04/21 12:0 a.m.89 views

Security Advisory: Cisco IOS Software TELNET Option Handling Vulnerability

Cisco IOS Software TELNET Option Handling Vulnerability Revision 1.0 For public release Thursday 2000/04/20 at 09:00 AM US/Eastern UTC-0400. --------------------------------------------------------------------------- Summary ======= A defect in multiple Cisco IOS software versions will cause a...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.88 views

Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin

Vulnerability title: Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7669 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details:...

7.5CVSS1.2AI score0.07055EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.88 views

CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin

Vulnerability title: SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7319 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Ibйria Medeiros Vulnerability Details: ===================== It...

7.5CVSS1.9AI score0.02433EPSS
Exploits1
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.88 views

TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391

Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : Cross-site Scripting Severity : Important Status :...

4.3CVSS7AI score0.00757EPSS
Exploits2
securityvulns
securityvulns
added 2015/10/19 12:0 a.m.88 views

[USN-2772-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2772-1 October 16, 2015 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities ========================================================================== A security issue affects these...

6.4CVSS8.1AI score0.05045EPSS
Exploits0
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.88 views

[USN-2720-1] Django vulnerability

========================================================================== Ubuntu Security Notice USN-2720-1 August 18, 2015 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

5CVSS0.1AI score0.05163EPSS
Exploits0
securityvulns
securityvulns
added 2015/07/26 12:0 a.m.88 views

[SECURITY] [DSA 3313-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2015 https://www.debian.org/security/faq -...

7.8CVSS1.7AI score0.06267EPSS
Exploits4
securityvulns
securityvulns
added 2015/07/13 12:0 a.m.88 views

[USN-2668-1] HAProxy vulnerability

========================================================================== Ubuntu Security Notice USN-2668-1 July 07, 2015 haproxy vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

5CVSS0.3AI score0.04274EPSS
Exploits0
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.88 views

Path Traversal in BlackCat CMS

Advisory ID: HTB23263 Product: BlackCat CMS Vendor: Black Cat Development Vulnerable Versions: 1.1.1 and probably prior Tested Version: 1.1.1 Advisory Publication: June 10, 2015 without technical details Vendor Notification: June 10, 2015 Vendor Patch: June 24, 2015 Public Disclosure: July 1, 201...

5CVSS7.7AI score0.1765EPSS
Exploits2
securityvulns
securityvulns
added 2015/06/13 12:0 a.m.88 views

PHP multiple security vulnerabilities

NULL character injection, DoS, integer overflow, memory corruption...

7.5CVSS2.9AI score0.50129EPSS
Exploits4References2Affected Software1
securityvulns
securityvulns
added 2015/06/01 12:0 a.m.88 views

[security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04594015 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04594015 Version: 1 HPSBGN03286 rev....

10CVSS0.3AI score0.10867EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.88 views

Reflected Cross-Site Scripting vulnerability in asdoc generated documentation

------------------------------------------------------------------------ Reflected Cross-Site Scripting vulnerability in asdoc generated documentation ------------------------------------------------------------------------ Radjnies Bhansingh, March 2014...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.88 views

Pligg CMS 2.0.2 - Stored XSS

Hi Team, Affected Vendor: http://pligg.com/ Date: 23/04/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Persistent XSS Tested on: Windows 8.1 Product: Pligg CMS Version: 2.0.2 Tested Link: http://localhost/pligg/admin/adminpage.php Description: Pligg CMS is a content management...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2015/05/04 12:0 a.m.88 views

Grindr 2.1.1 iOS Bug Bounty #2 - Denial of Service Software Vulnerability

Document Title: =============== Grindr 2.1.1 iOS Bug Bounty 2 - Denial of Service Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1418 Release Date: ============= 2015-05-02 Vulnerability Laboratory ID VL-ID:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2015/03/21 12:0 a.m.88 views

GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server

GDS LABS ALERT: CVE-2015-2080 JetLeak Vulnerability Remote Leakage Of Shared Buffers In Jetty Web Server SYNOPSIS ======== Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data...

5CVSS8.5AI score0.74881EPSS
Exploits16
securityvulns
securityvulns
added 2015/02/02 12:0 a.m.88 views

[USN-2476-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2476-1 January 26, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

7.5CVSS1.9AI score0.04339EPSS
Exploits0
securityvulns
securityvulns
added 2015/01/25 12:0 a.m.88 views

REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability

================================================================================ REWTERZ-20140102 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Enumeration Vulnerability Product: ServiceDesk...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.88 views

[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0

Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL parameters...

4.3CVSS5.5AI score0.01221EPSS
Exploits2
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.88 views

Alienvault OSSIM/USM Command Execution Vulnerability

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: =4.14.X Fixed Version: 4.15.0 Summary ======= Alienvault OSSIM is an open source SIEM solution designed to collect and correlate log data. T...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2015/01/13 12:0 a.m.88 views

[ MDVSA-2015:020 ] libssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:020 http://www.mandriva.com/en/support/security/ Package : libssh Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated libssh packages fix security vulnerability: Double free...

5CVSS6.1AI score0.05145EPSS
Exploits0
securityvulns
securityvulns
added 2015/01/02 12:0 a.m.88 views

[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability

------------------------------------------------------------------- Osclass = 3.4.2 Search::setJsonAlert SQL Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://osclass.org/ - Affected Versions: Version 3.4.2 and probably prior...

7.5CVSS0.1AI score0.02356EPSS
Exploits2
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.88 views

Cross-Site Scripting (XSS) in Revive Adserver

Advisory ID: HTB23242 Product: Revive Adserver Vendor: http://www.revive-adserver.com/ Vulnerable Versions: 3.0.5 and probably prior Tested Version: 3.0.5 Advisory Publication: November 12, 2014 without technical details Vendor Notification: November 12, 2014 Vendor Patch: December 17, 2014 Publi...

4.3CVSS0.1AI score0.02309EPSS
Exploits3
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.88 views

[SECURITY] [DSA 3100-1] mediawiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3100-1 [email protected] http://www.debian.org/security/ Sebastien Delafond December 12, 2014 http://www.debian.org/security/faq -...

7.5CVSS0.7AI score0.01965EPSS
Exploits1
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.88 views

[ MDVSA-2014:253 ] apache-mod_wsgi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:253 http://www.mandriva.com/en/support/security/ Package : apache-modwsgi Date : December 15, 2014 Affected: Business Server 1.0 Problem Description: Updated apache-modwsgi package fixes security...

6.9CVSS6.4AI score0.00403EPSS
Exploits0
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.88 views

[Appcheck-NG] Unpatched Vulnerabilities in Magento E-Commerce Platform

On April 8th 2014, AppCheck reported several Cross Site Scripting Vulnerabilities in the Magento e-commerce platform via the eBay bug bounty program. eBay responded to inform us that the vulnerabilities had already been reported. However, since more than 6 months have passed and no fix is yet...

Exploits0
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.88 views

CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid [email protected] Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go...

7.5CVSS7.1AI score0.34274EPSS
Exploits5
securityvulns
securityvulns
added 2014/11/03 12:0 a.m.88 views

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

Quarterly update covers 138 different vulnerabilities...

10CVSS3.1AI score0.95821EPSS
Exploits25References3Affected Software34
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.88 views

CVE-2014-4331 OctavoCMS reflected XSS vulnerability

This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter. Current release on their demo site is vulnerable, same as other few sites I could find. PoC:...

0.5AI score0.01854EPSS
Exploits2
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.88 views

[ MDVSA-2014:145 ] php-ZendFramework

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:145 http://www.mandriva.com/en/support/security/ Package : php-ZendFramework Date : July 31, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in...

7.5CVSS9.8AI score0.02313EPSS
Exploits0
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.88 views

[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-033: SAP Business Warehouse Missing Authorization Check 1. Impact on Business ===================== By exploiting this vulnerability an authenticated attacker will be able to abuse of functionality that should be...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.88 views

Reflected Cross-Site Scripting (XSS) in BlackCat CMS

Advisory ID: HTB23228 Product: BlackCat CMS Vendor: Black Cat Development Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: August 13, 2014 without technical details Vendor Notification: August 13, 2014 Vendor Patch: August 13, 2014 Public Disclosure:...

4.3CVSS6.4AI score0.02041EPSS
Exploits3
Total number of security vulnerabilities5000