Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
•added 2015/02/02 12:0 a.m.•87 views

Multiple vulnerabilities in MantisBT

Advisory ID: HTB23243 Product: MantisBT Vendor: MantisBT Team Vulnerable Versions: 1.2.17 and probably prior Tested Version: 1.2.17 Advisory Publication: December 3, 2014 without technical details Vendor Notification: December 3, 2014 Vendor Patch: January 25, 2015 Public Disclosure: January 28,...

7.5CVSS0.3AI score0.02485EPSS
Exploits4
securityvulns
securityvulns
•added 2015/01/13 12:0 a.m.•87 views

[ MDVSA-2015:002 ] pcre

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:002 http://www.mandriva.com/en/support/security/ Package : pcre Date : January 5, 2015 Affected: Business Server 1.0 Problem Description: Updated pcre packages fix security vulnerability: A flaw was found in...

5CVSS8.5AI score0.06505EPSS
Exploits0
securityvulns
securityvulns
•added 2014/11/24 12:0 a.m.•87 views

[USN-2412-1] Ruby vulnerability

========================================================================== Ubuntu Security Notice USN-2412-1 November 20, 2014 ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 vulnerability ========================================================================== A security issue affects these releases of...

5CVSS6.2AI score0.05555EPSS
Exploits1
securityvulns
securityvulns
•added 2014/11/03 12:0 a.m.•87 views

[SECURITY] [DSA 3059-1] dokuwiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3059-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 29, 2014 http://www.debian.org/security/faq -...

5CVSS1.9AI score0.02519EPSS
Exploits0
securityvulns
securityvulns
•added 2014/10/27 12:0 a.m.•87 views

OpenBSD <= 5.5 Local Kernel Panic

OpenBSD = 5.5 All architectures is prone to a local DoS condition by triggering a kernel panic through a malformed ELF executable. A patch has been released to address this issue. See "013 Reliability Fix" at: http://www.openbsd.org/errata55.html013kernexec More details and PoC code:...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2014/10/18 12:0 a.m.•87 views

APPLE-SA-2014-10-16-4 OS X Server v3.2.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-4 OS X Server v3.2.2 OS X Server v3.2.2 is now available and addresses the following: Server Available for: OS X Mavericks v10.9.5 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are kno...

4.3CVSS4.5AI score0.99999EPSS
Exploits7
securityvulns
securityvulns
•added 2014/10/16 12:0 a.m.•87 views

Lime Survey 2-05+ Multiple Vulnerabilities

Lime Survey Multiple Vulnerabilities ======================================================================= ADVISORY INFORMATION Title: Lime Survey Multiple Vulnerabilities Discovery date: 02/07/2014 Release date: 03/07/2014 Vendor Homepage: www.limesurvey.org Version: Lime Survey 2.05+ Build...

Exploits0
securityvulns
securityvulns
•added 2014/10/15 12:0 a.m.•87 views

Cross-Site Request Forgery (CSRF) in Kanboard

Advisory ID: HTB23217 Product: Kanboard Vendor: http://kanboard.net/ Vulnerable Versions: 1.0.5 and probably prior Tested Version: 1.0.5 Advisory Publication: May 28, 2014 without technical details Vendor Notification: May 28, 2014 Vendor Patch: June 30, 2014 Public Disclosure: July 2, 2014...

6.8CVSS7.1AI score0.0069EPSS
Exploits3
securityvulns
securityvulns
•added 2014/10/15 12:0 a.m.•87 views

[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]

Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2014/10/05 12:0 a.m.•87 views

[security bulletin] HPSBMU03118 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04468121 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04468121 Version: 1 HPSBMU03118 rev....

6.5CVSS0.9AI score0.03133EPSS
Exploits1
securityvulns
securityvulns
•added 2014/08/10 12:0 a.m.•87 views

[ MDVSA-2014:159 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:159 http://www.mandriva.com/en/support/security/ Package : wireshark Date : August 8, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

5CVSS7.8AI score0.03252EPSS
Exploits3
securityvulns
securityvulns
•added 2014/08/04 12:0 a.m.•87 views

[SECURITY] [DSA 2993-1] tor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2993-1 [email protected] http://www.debian.org/security/ Peter Palfrader July 31, 2014 http://www.debian.org/security/faq -...

5.8CVSS0.2AI score0.02094EPSS
Exploits0
securityvulns
securityvulns
•added 2014/06/26 12:0 a.m.•87 views

[oss-security] CVE Request: iodine: authentication bypass by client

Hi oss-security, iodine 0.7.0 has just been released, which fixes an authentication bypass issue discovered by Oscar Reparaz. The fix is here: https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850 and the new release is available at the homepage:...

0.7AI score
Exploits0
securityvulns
securityvulns
•added 2014/05/05 12:0 a.m.•87 views

[USN-2105-1] MAAS vulnerabilities

========================================================================== Ubuntu Security Notice USN-2105-1 February 13, 2014 maas vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.3CVSS0.5AI score0.02379EPSS
Exploits1
securityvulns
securityvulns
•added 2014/05/02 12:0 a.m.•87 views

[security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04249113 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04249113 Version: 2 HPSBMU03009 rev....

5CVSS0.5AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
•added 2014/04/01 12:0 a.m.•87 views

PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure (CVE-2014-2560)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author Discovered by: Jason Ostrom Severity: Medium II. Vulnerability...

7.1AI score0.01684EPSS
Exploits6
securityvulns
securityvulns
•added 2014/02/11 12:0 a.m.•87 views

Security advisory, LedgerSMB 1.3.0-1.3.36

Security Advisory: LedgerSMB 1.3.36, Improper Logout on Some Browsers Severity: Low cvssv2 base score: 3.6, total 0.5 Remotely Exploitable: No Complexity of Attack: High Impact: Relatively low. Prerequisite for Attack: Physical Access to Previously Logged In Browser, so high complexity in most...

7.2AI score
Exploits0
securityvulns
securityvulns
•added 2014/01/13 12:0 a.m.•87 views

[CVE-2013-7204] CSRF in Conceptronic IP Camera (CIPCAMPTIWL)

Hello List, Here I inform you about an easily exploitable CSRF discovered in Conceptronic cameras CIPCAMPTIWL. General Details Affected Product: Conceptronic camera CIPCAMPTIWL Tested Firmware: 21.37.2.49 Tested Web UI Firmware: 0.61.4.18 Assigned CVE: CVE-2013-7204 CVSSv2 Base Score: 5.8...

6.8CVSS0.10595EPSS
Exploits5
securityvulns
securityvulns
•added 2013/10/03 12:0 a.m.•87 views

OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption

OWASP ESAPI for Java Security Advisory 1 The OWASP Foundation MAC Bypass in ESAPI Symmetric Encryption Summary ======= Category: Symmetric cryptography Module: ESAPI Encryptor interface Announced: 2013-08-23 via ESAPI-Dev mailing list...

2.6CVSS9AI score0.02426EPSS
Exploits1
securityvulns
securityvulns
•added 2013/05/06 12:0 a.m.•87 views

[ISecAuditors Security Advisories] Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9

============================================= INTERNET SECURITY AUDITORS ALERT 2013-012 - Original release date: March 19th, 2013 - Last revised: April 6th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2631...

5.4AI score0.01755EPSS
Exploits2
securityvulns
securityvulns
•added 2013/05/06 12:0 a.m.•87 views

[CVE-2013-1814] Apache Rave exposes User over API

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

4CVSS6.2AI score0.7322EPSS
Exploits10
securityvulns
securityvulns
•added 2013/05/04 12:0 a.m.•87 views

Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities

128 vulnerabilities in different application...

10CVSS2.4AI score0.58817EPSS
Exploits32References4Affected Software24
securityvulns
securityvulns
•added 2013/04/08 12:0 a.m.•87 views

QlikView integer overflow

Integer overflow on .qvw files parsing...

5.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/03/24 12:0 a.m.•87 views

APPLE-SA-2013-03-14-2 Safari 6.0.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-14-2 Safari 6.0.3 Safari 6.0.3 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2 Impact: Visiting a maliciously crafted website may lead to an...

7.5CVSS0.02195EPSS
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•87 views

Alt-N MDaemon Email Body HTML/JS Injection Vulnerability

============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: HTML/JS Injection Remot...

1.4AI score
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•87 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.65724EPSS
Exploits35References12Affected Software7
securityvulns
securityvulns
•added 2013/02/14 12:0 a.m.•87 views

[USN-1720-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1720-1 February 12, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.9CVSS0.00407EPSS
Exploits1
securityvulns
securityvulns
•added 2013/02/11 12:0 a.m.•87 views

Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin

Advisory ID: HTB23138 Product: CommentLuv WordPress plugin Vendor: Andy Bailey Vulnerable Versions: 2.92.3 and probably prior Tested Version: 2.92.3 Vendor Notification: January 16, 2013 Vendor Patch: January 17, 2013 Public Disclosure: February 6, 2013 Vulnerability Type: Cross-Site Scripting...

4.3CVSS6.2AI score0.04546EPSS
Exploits3
securityvulns
securityvulns
•added 2013/01/10 12:0 a.m.•87 views

Chrome for Android - Cookie theft from Chrome by malicious Android app

CVE Number: CVE-2012-4909 Title: Chrome for Android - Cookie theft from Chrome by malicious Android app Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Symbolic links can be...

4.3CVSS0.1AI score0.02147EPSS
Exploits1
securityvulns
securityvulns
•added 2012/11/18 12:0 a.m.•87 views

[USN-1632-1] Django vulnerability

========================================================================== Ubuntu Security Notice USN-1632-1 November 15, 2012 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

6.4CVSS0.4AI score0.03635EPSS
Exploits1
securityvulns
securityvulns
•added 2012/11/02 12:0 a.m.•87 views

Nth Dimension Security Advisory (NDSA20121010)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20121010 Date: 10th October 2012 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: Konqueror 4.7.3 http://konqueror.kde.org/ Vendor: KDE...

9.3CVSS8.8AI score0.12599EPSS
Exploits10
securityvulns
securityvulns
•added 2012/10/29 12:0 a.m.•87 views

Layton Helpbox 4.4.0 Multiple Security Issues

Layton Helpbox 4.4.0 Multiple Security Issues: Layton Helpbox 4.4.0 Multiple SQL Injection Points CVE-2012-4971 http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html Layton Helpbox 4.4.0 Authorisation Bypass Vulnerability CVE-2012-4975...

7.5CVSS6.9AI score0.01193EPSS
Exploits7
securityvulns
securityvulns
•added 2012/10/22 12:0 a.m.•87 views

SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass

SEC Consult Vulnerability Lab Security Advisory 20121017-0 ======================================================================= title: ModSecurity multipart/invalid part ruleset bypass product: ModSecurity vulnerable version: = 2.6.8 fixed version: 2.7.0 CVE number: - impact: Depends what you...

7AI score
Exploits0
securityvulns
securityvulns
•added 2012/09/03 12:0 a.m.•88 views

Dr. Web Control Center Admin UI Remote Script Code Injection

Dr. Web Control Center Admin UI Remote Script Code Injection ============================================================= Affected Products/Versions -------------------------- Product Name: Dr. Web Enterprise Server Version Number: 6.00.3.201111300 Product/Company Information...

0.1AI score
Exploits0
securityvulns
securityvulns
•added 2012/09/03 12:0 a.m.•87 views

Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities

Title: ====== Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities Date: ===== 2012-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=659 VL-ID: ===== 659 Common Vulnerability Scoring System: ==================================== 8.3 Introduction:...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2012/07/23 12:0 a.m.•87 views

Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability

Title: ====== Blackboard Mobile Learn v3.0 - Persistent Web Vulnerability Date: ===== 2012-05-29 References: =========== http://www.blackboard.com/Platforms/Learn/Overview.aspx VL-ID: ===== 580 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2012/06/17 12:0 a.m.•87 views

ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-093 : Pwn2Own Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-093 June 12, 2012 - -- CVE ID: CVE-2012-1876 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --...

9.3CVSS0.3AI score0.64962EPSS
Exploits27
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•87 views

OpenSSL memory corruption

Memory corruption in asn1d2ireadbio/SMIMEreadPKCS7/SMIMEreadCMS...

7.5CVSS1.8AI score0.48298EPSS
Exploits8References2Affected Software1
securityvulns
securityvulns
•added 2012/04/09 12:0 a.m.•87 views

[DCA-2011-0016] - Tufin SecureTrack Cross Site Script

Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software - Tufin SecureTrack Vendor Product Description - Features powerful tools to track changes, analyze device configurations, optimize rule bases, and more on leading vendor firewalls, routers, switches...

7.2AI score
Exploits0
securityvulns
securityvulns
•added 2012/03/19 12:0 a.m.•87 views

[SECURITY] [DSA 2414-1] fex security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2413-1 [email protected] http://www.debian.org/security/ Nico Golde February 21, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.04852EPSS
Exploits0
securityvulns
securityvulns
•added 2012/02/12 12:0 a.m.•87 views

[SECURITY] [DSA 2407-1] cvs security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2407-1 [email protected] http://www.debian.org/security/ Florian Weimer February 09, 2012 http://www.debian.org/security/faq -...

10CVSS3.5AI score0.08396EPSS
Exploits0
securityvulns
securityvulns
•added 2012/01/11 12:0 a.m.•87 views

Apache mod_proxy unauthorized internal network access

Invalid processing for URI with preceeding @ sign...

5CVSS3.6AI score0.90734EPSS
Exploits14References1Affected Software1
securityvulns
securityvulns
•added 2012/01/09 12:0 a.m.•87 views

ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-002 : HP OpenView NNM ov.dll OVBuildPath Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-002 January 5, 2012 - -- CVE ID: CVE-2011-3167 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

10CVSS0.5AI score0.66402EPSS
Exploits8
securityvulns
securityvulns
•added 2011/12/19 12:0 a.m.•87 views

Microsoft Windows multiple applications DLL hijacking

If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory...

9.3CVSS2.1AI score0.12123EPSS
Exploits1References44Affected Software3
securityvulns
securityvulns
•added 2011/11/27 12:0 a.m.•87 views

AdaptCMS 2.x SQL Injection Vulnerability

========================================================================= AdaptCMS 2.x SQL Injection Vulnerability =========================================================================...

8.1AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•87 views

[ GLSA 201111-04 ] phpDocumentor: Function call injection

Gentoo Linux Security Advisory GLSA 201111-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

7.5CVSS0.4AI score0.01954EPSS
Exploits0
securityvulns
securityvulns
•added 2011/10/16 12:0 a.m.•87 views

APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-2 Apple TV Software Update 4.4 Apple TV Software Update 4.4 is now available and addresses the following: Apple TV Available for: Apple TV 4.0 through 4.3 Impact: An attacker with a privileged network position may intercept user...

9.3CVSS0.4AI score0.73327EPSS
Exploits7
securityvulns
securityvulns
•added 2011/10/02 12:0 a.m.•87 views

Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20110928-nat Revision 1.0 For Public Release 2011 Sep 28 1600 UTC GMT +--------------------------------------------------------------------...

7.8CVSS0.3AI score0.02556EPSS
Exploits0
securityvulns
securityvulns
•added 2011/09/13 12:0 a.m.•87 views

Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron

Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in multiple plugins for different engines it's combinations of my three publications which I've made earlier at my site. In plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS,...

6.2AI score
Exploits0
securityvulns
securityvulns
•added 2011/08/01 12:0 a.m.•87 views

WOC Consulting (search_result.php?cid) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability WOC Consulting searchresult.php?cid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.woc-consulting.com/ Persian Gulf 4 Ever! Dork : "Powered by WOC Consulting Canada"...

3.3AI score
Exploits0
Total number of security vulnerabilities5000