Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2014/10/15 12:0 a.m.87 views

Cross-Site Request Forgery (CSRF) in Kanboard

Advisory ID: HTB23217 Product: Kanboard Vendor: http://kanboard.net/ Vulnerable Versions: 1.0.5 and probably prior Tested Version: 1.0.5 Advisory Publication: May 28, 2014 without technical details Vendor Notification: May 28, 2014 Vendor Patch: June 30, 2014 Public Disclosure: July 2, 2014...

6.8CVSS7.1AI score0.0069EPSS
Exploits3
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.87 views

[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]

Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2014/08/10 12:0 a.m.87 views

[ MDVSA-2014:159 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:159 http://www.mandriva.com/en/support/security/ Package : wireshark Date : August 8, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

5CVSS7.8AI score0.03252EPSS
Exploits3
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.87 views

[SECURITY] [DSA 2993-1] tor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2993-1 [email protected] http://www.debian.org/security/ Peter Palfrader July 31, 2014 http://www.debian.org/security/faq -...

5.8CVSS0.2AI score0.02094EPSS
Exploits0
securityvulns
securityvulns
added 2014/06/26 12:0 a.m.87 views

[oss-security] CVE Request: iodine: authentication bypass by client

Hi oss-security, iodine 0.7.0 has just been released, which fixes an authentication bypass issue discovered by Oscar Reparaz. The fix is here: https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850 and the new release is available at the homepage:...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.87 views

[USN-2105-1] MAAS vulnerabilities

========================================================================== Ubuntu Security Notice USN-2105-1 February 13, 2014 maas vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.3CVSS0.5AI score0.02379EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.87 views

[SECURITY] [DSA 2913-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2913-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 25, 2014 http://www.debian.org/security/faq -...

4.3CVSS0.6AI score0.01555EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/02 12:0 a.m.87 views

[security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04249113 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04249113 Version: 2 HPSBMU03009 rev....

5CVSS0.5AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2014/01/13 12:0 a.m.87 views

[CVE-2013-7204] CSRF in Conceptronic IP Camera (CIPCAMPTIWL)

Hello List, Here I inform you about an easily exploitable CSRF discovered in Conceptronic cameras CIPCAMPTIWL. General Details Affected Product: Conceptronic camera CIPCAMPTIWL Tested Firmware: 21.37.2.49 Tested Web UI Firmware: 0.61.4.18 Assigned CVE: CVE-2013-7204 CVSSv2 Base Score: 5.8...

6.8CVSS0.10595EPSS
Exploits5
securityvulns
securityvulns
added 2013/10/03 12:0 a.m.87 views

OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption

OWASP ESAPI for Java Security Advisory 1 The OWASP Foundation MAC Bypass in ESAPI Symmetric Encryption Summary ======= Category: Symmetric cryptography Module: ESAPI Encryptor interface Announced: 2013-08-23 via ESAPI-Dev mailing list...

2.6CVSS9AI score0.02426EPSS
Exploits1
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.87 views

Voice Logger astTECS - bypass login & arbitrary file download

Author: Michal Blaszczak Website: http://blaszczakm.blogspot.com Project: hack voip - http://blaszczakm.blogspot.com/search/label/hack20voip Date: 16.07.2013 Voice Logger - VoIP software for Call Center 1 bypass login login: admin' or 1='1 password: admin line: 168 file: managerlogin.server.php 2...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/05/09 12:0 a.m.87 views

[ MDVSA-2013:163 ] glibc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:163 http://www.mandriva.com/en/support/security/ Package : glibc Date : May 7, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in glibc:...

5CVSS8.3AI score0.04113EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.87 views

[ISecAuditors Security Advisories] Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9

============================================= INTERNET SECURITY AUDITORS ALERT 2013-012 - Original release date: March 19th, 2013 - Last revised: April 6th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2631...

5.4AI score0.01755EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.87 views

[CVE-2013-1814] Apache Rave exposes User over API

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

4CVSS6.2AI score0.7322EPSS
Exploits10
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.87 views

Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities

128 vulnerabilities in different application...

10CVSS2.4AI score0.58817EPSS
Exploits32References4Affected Software24
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.87 views

QlikView integer overflow

Integer overflow on .qvw files parsing...

5.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/02/14 12:0 a.m.87 views

[USN-1720-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1720-1 February 12, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.9CVSS0.00407EPSS
Exploits1
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.87 views

Layton Helpbox 4.4.0 Multiple Security Issues

Layton Helpbox 4.4.0 Multiple Security Issues: Layton Helpbox 4.4.0 Multiple SQL Injection Points CVE-2012-4971 http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html Layton Helpbox 4.4.0 Authorisation Bypass Vulnerability CVE-2012-4975...

7.5CVSS6.9AI score0.01193EPSS
Exploits7
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.87 views

SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass

SEC Consult Vulnerability Lab Security Advisory 20121017-0 ======================================================================= title: ModSecurity multipart/invalid part ruleset bypass product: ModSecurity vulnerable version: = 2.6.8 fixed version: 2.7.0 CVE number: - impact: Depends what you...

7AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.87 views

Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities

Title: ====== Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities Date: ===== 2012-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=659 VL-ID: ===== 659 Common Vulnerability Scoring System: ==================================== 8.3 Introduction:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.87 views

Google Chrome 19 metro_driver.dll mishandling

Security Advisory - Google Chrome 19 metrodriver.dll mishandling ======================================================================== Summary : Google Chrome 19 is prone to unqualified DLL loading Date : 28 June 2012 Affected versions : Google Chrome v19.0.1084.21 up-to v20.0.1132.23 ID :...

7.2CVSS6.8AI score0.00442EPSS
Exploits1
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.87 views

ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-093 : Pwn2Own Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-093 June 12, 2012 - -- CVE ID: CVE-2012-1876 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --...

9.3CVSS0.3AI score0.64962EPSS
Exploits27
securityvulns
securityvulns
added 2012/05/21 12:0 a.m.87 views

APPLE-SA-2012-05-15-1 QuickTime 7.7.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-15-1 QuickTime 7.7.2 QuickTime 7.7.2 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application...

9.3CVSS1.4AI score0.28623EPSS
Exploits24
securityvulns
securityvulns
added 2012/04/24 12:0 a.m.87 views

OpenSSL memory corruption

Memory corruption in asn1d2ireadbio/SMIMEreadPKCS7/SMIMEreadCMS...

7.5CVSS1.8AI score0.48298EPSS
Exploits8References2Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.87 views

[SECURITY] [DSA 2414-1] fex security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2413-1 [email protected] http://www.debian.org/security/ Nico Golde February 21, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.04852EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/12 12:0 a.m.87 views

[SECURITY] [DSA 2407-1] cvs security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2407-1 [email protected] http://www.debian.org/security/ Florian Weimer February 09, 2012 http://www.debian.org/security/faq -...

10CVSS3.5AI score0.08396EPSS
Exploits0
securityvulns
securityvulns
added 2012/01/11 12:0 a.m.87 views

Apache mod_proxy unauthorized internal network access

Invalid processing for URI with preceeding @ sign...

5CVSS3.6AI score0.90734EPSS
Exploits14References1Affected Software1
securityvulns
securityvulns
added 2012/01/09 12:0 a.m.87 views

ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-002 : HP OpenView NNM ov.dll OVBuildPath Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-002 January 5, 2012 - -- CVE ID: CVE-2011-3167 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

10CVSS0.5AI score0.66402EPSS
Exploits8
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.87 views

Microsoft Windows multiple applications DLL hijacking

If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory...

9.3CVSS2.1AI score0.12123EPSS
Exploits1References44Affected Software3
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.87 views

AdaptCMS 2.x SQL Injection Vulnerability

========================================================================= AdaptCMS 2.x SQL Injection Vulnerability =========================================================================...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.87 views

[security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03058866Version: 1 HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon a...

10CVSS1AI score0.1169EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/02 12:0 a.m.87 views

Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20110928-nat Revision 1.0 For Public Release 2011 Sep 28 1600 UTC GMT +--------------------------------------------------------------------...

7.8CVSS0.3AI score0.02556EPSS
Exploits0
securityvulns
securityvulns
added 2011/09/13 12:0 a.m.87 views

Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron

Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in multiple plugins for different engines it's combinations of my three publications which I've made earlier at my site. In plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS,...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2011/08/05 12:0 a.m.87 views

APPLE-SA-2011-08-03-1 QuickTime 7.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-08-03-1 QuickTime 7.7 QuickTime 7.7 is now available and addresses the following: QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted pict file may...

9.3CVSS1.1AI score0.05084EPSS
Exploits2
securityvulns
securityvulns
added 2011/06/02 12:0 a.m.87 views

Post Revolution 0.8.0c Multiple Remote Vulnerabilities

info ——————————— Name : Post Revolution 0.8.0c Multiple Remote Vulnerabilities Class: Design Error && Input Validation Error CVE: CVE-2011-1952, CVE-2011-1953, CVE-2011-1954 Remote: Yes Local: No Credit : Javier Bassi javierbassi at gmail dot com Vulnerable : All versions prior to and including...

6.8CVSS0.7AI score0.01543EPSS
Exploits3
securityvulns
securityvulns
added 2011/05/21 12:0 a.m.87 views

XSS vulnerability in TWiki < 5.0.2

Information ----------------------------------- Name : XSS vulnerability in TWiki Software : TWiki 5.0.1 and possibily below. Vendor Hompeage : http://twiki.org/ Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur mesut at mavitunasecurity dot com Advisory Reference...

4.3CVSS6.4AI score0.02728EPSS
Exploits2
securityvulns
securityvulns
added 2011/05/03 12:0 a.m.87 views

Proofpoint Protection Server Cross-Site Scripting Vulnerability - SOS-11-005

Sense of Security - Security Advisory - SOS-11-005 Release Date. 03-May-2011 Last Update. - Vendor Notification Date. 28-Apr-2011 Product. Proofpoint Protection Server Platform. Appliance Affected versions. 5.5.5 verified, and possibly others Severity Rating. Medium Impact. Cookie/credential thef...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.87 views

About the security content of Safari 5.0.5

About the security content of Safari 5.0.5 Last Modified: April 14, 2011 Article: HT4596 Email this article Print this page Summary This document describes the security content of Safari 5.0.5. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until...

10CVSS0.1AI score0.09754EPSS
Exploits0
securityvulns
securityvulns
added 2011/03/29 12:0 a.m.87 views

Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003

Sense of Security - Security Advisory - SOS-11-003 Release Date. 28-Mar-2011 Last Update. - Vendor Notification Date. 25-Mar-2011 Product. Wordpress Plugin BackWPup Platform. Independent Affected versions. 1.6.1 verified, possibly others Severity Rating. High Impact. System Access Attack Vector...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2011/03/10 12:0 a.m.87 views

Plaintext injection in STARTTLS (multiple implementations)

This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP Simple Mail Transfer Protocol over TLS Transport Layer Security including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is...

6.8CVSS8.7AI score0.16334EPSS
Exploits1
securityvulns
securityvulns
added 2011/02/08 12:0 a.m.87 views

[SECURITY] Oracle JVM bug causes denial of service in Apache Tomcat

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The original report is 1. Tomcat is affected when accessing a form based security constrained page or any page that calls javax.servlet.ServletRequest.getLocale or javax.servlet.ServletRequest.getLocales. Work-arounds have been implemented in the...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/01/07 12:0 a.m.87 views

[SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2140-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 05, 2011 http://www.debian.org/security/faq -...

7.2CVSS2.3AI score0.02772EPSS
Exploits0
securityvulns
securityvulns
added 2011/01/07 12:0 a.m.87 views

Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability

============================================================================== Joomla! 1.0.x 1.0.15 | Cross Site Scripting XSS Vulnerability ============================================================================== 1. OVERVIEW The Joomla! 1.0.x series are currently vulnerable to Cross Site...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/12/28 12:0 a.m.87 views

Path disclosure in KaiBB

Vulnerability ID: HTB22746 Reference: http://www.htbridge.ch/advisory/pathdisclosureinkaibb.html Product: KaiBB Vendor: Mi-Dia http://www.mi-dia.co.uk/ Vulnerable Version: 1.0.1 Vendor Notification: 09 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted, Awaiting...

Exploits0
securityvulns
securityvulns
added 2010/11/30 12:0 a.m.87 views

n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.003 16-Nov-2010 Vendor: Hewlett-Packard, http://www.hp.com Affected Products: Various HP LaserJet MFP devices See HP advisory 3 for the complete list Vulnerability: Directory Traversal in PJL interface Risk: HIGH Vendor...

7.8CVSS5.9AI score0.1313EPSS
Exploits14
securityvulns
securityvulns
added 2010/11/10 12:0 a.m.87 views

[ MDVSA-2010:226 ] dhcp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:226 http://www.mandriva.com/security/ Package : dhcp Date : November 10, 2010 Affected: 2009.1, 2010.0, 2010.1 Problem Description: A vulnerability was discovered and corrected in ISC dhcp: ISC DHCP server 4...

4.3CVSS6.4AI score0.09402EPSS
Exploits0
securityvulns
securityvulns
added 2010/11/09 12:0 a.m.87 views

[ MDVSA-2010:155-1 ] mysql

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:155-1 http://www.mandriva.com/security/ Package : mysql Date : November 8, 2010 Affected: 2009.1 Problem Description: Multiple vulnerabilities has been found and corrected in mysql: MySQL before 5.1.48 allow...

4CVSS6.7AI score0.12229EPSS
Exploits8
securityvulns
securityvulns
added 2010/09/27 12:0 a.m.87 views

[security bulletin] HPSBMA02584 SSRT100230 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02514953 Version: 1 HPSBMA02584 SSRT100230 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote URL Redirection NOTICE: The information in this Security Bulletin should be acte...

4.3CVSS0.01431EPSS
Exploits1
securityvulns
securityvulns
added 2010/09/10 12:0 a.m.87 views

Mozilla Foundation Security Advisory 2010-61

Mozilla Foundation Security Advisory 2010-61 Title: UTF-7 XSS by overriding document charset using object type attribute Impact: High Announced: September 7, 2010 Reporter: David Huang, Collin Jackson Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1...

4.3CVSS1AI score0.02107EPSS
Exploits0
securityvulns
securityvulns
added 2010/08/11 12:0 a.m.87 views

Microsoft Security Bulletin MS10-054 - Critical Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)

Microsoft Security Bulletin MS10-054 - Critical Vulnerabilities in SMB Server Could Allow Remote Code Execution 982214 Published: August 10, 2010 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Windows. The...

10CVSS2AI score0.7572EPSS
Exploits3
Total number of security vulnerabilities5000