Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2002/11/09 12:0 a.m.87 views

Simple Web Server protected files access

URL http://server.com///secret/file allows protected file access...

2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/10/24 12:0 a.m.87 views

DH team: Norton Antivirus Corporate Edition Privilege Escalation

Dear Bugtraq, Product: Norton Antivirus Corporate Edition Final 7.60.962 Vendor: Symantec Type: Local Risk: High system privileges Discovered: ERRor [email protected] of Domain HELL Team Description: Norton Antivirus allows to run winhlp32 in context of local system. Details: Norton Antivirus add...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2002/08/16 12:0 a.m.87 views

Delete arbitrary files using Help and Support Center [MSRC 1198dg]

MS Tracking ID: MSRC 1198dg Date Reported: 25/06/02 Date Published: 15/08/02 Vendor: Microsoft Impact: Delete files through CSS condition in Help Center Resolution: To be fixed in XP SP1 Tested Applications: IE6 + all service packs to date of publishing Windows XP + all patches to date of...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2001/11/14 12:0 a.m.87 views

Re: More problems with RADIUS (protocol and implementations)

I note that the original message didn't cite my short message to Bugtraq about security issues with RADIUS: http://cert.uni-stuttgart.de/archive/bugtraq/2000/12/msg00332.html Some points in that message were also covered by Joshua, he added a number of good points, and missed a few others...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2001/10/20 12:0 a.m.87 views

Minor IE vulnerability: about: URLs

Zone spoofing? Oh yes, that reminds me. Here's another one. Affected: Internet Explorer under Windows, up to version 6 Risk: Low Workaround: Disable scripting in the Internet Zone Problem: If an unknown 'about:' name is used, IE echos the string exactly to the page. So 'about:foo' results in an...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2001/05/16 12:0 a.m.87 views

3COM OfficeConnect DSL router vulneratibilities

Yesterday night I discovered a vulnerabilty. The router is a 3COM OfficeConnect 812 and the vulnerability is on the HTTP server, on port 80. When you enter with a browser on one of this router, you are asked for user/password, if you fail, you can see a web page telling you that is a protected...

7AI score
Exploits0
securityvulns
securityvulns
added 2001/02/14 12:0 a.m.87 views

RFP2101: RFPlutonium to fuel your PHP-Nuke

-----/ RFP2101 /-------------------------------/ rfp.labs / wiretrip/---- RFPlutonium to fuel your PHP-Nuke SQL hacking user logins in PHP-Nuke web portal ------------------------------------/ rain forest puppy / [email protected] Table of contents: -/ 1 / Standard advisory information -/ 2 / High...

7.5CVSS7.2AI score0.1207EPSS
Exploits3
securityvulns
securityvulns
added 2001/02/12 12:0 a.m.87 views

Symantec pcAnywhere 9.0 DoS / Buffer Overflow

============================================================================= Securax-SA-14 Security Advisory belgian.networking.security Dutch ============================================================================= Topic: Symantec pcAnywhere 9.0 DoS / Buffer Overflow Announced: 2001-02-08...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2000/09/20 12:0 a.m.87 views

Cisco PIX Firewall (smtp content filtering hack)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 How to escape "fixup smtp" of Cisco Pix Firewall: The Cisco Pix Firewall normally restrict some protocol commandhttp,ftp,smtp and manage multisession protocolh323, ftp,sqlnet . I made some test on a BSDI3.0 running sendmail9 placed in the dmz . The Pi...

7AI score
Exploits0
securityvulns
securityvulns
added 2000/08/31 12:0 a.m.87 views

[EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com GoodTech's FTP Server vulnerable to a DoS RNTO ---------------------------------------------------------------------------- SUMMARY...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/07/10 12:0 a.m.87 views

Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability "THE KING IS THE NEXT RELEASE" USSR Advisory Code: USSR-2000049 Release Date: July 10, 2000 Systems Affected: WircSrv Irc Server v5.07s THE PROBLEM The Ussr Labs team has recently discovered...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2000/06/10 12:0 a.m.87 views

Security Bulletin (MS00-040)

Patch Available for "Remote Registry Access Authentication" Vulnerability Originally posted: June 08, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Windows NT 4.0. Under certain conditions, the vulnerability could be used to cause a...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.86 views

Boolean-based SQL injection Vulnerability in K2 Platforms

Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoint Version: 4.6.7 Tested Version: Version 4.6.7 Severity: HIGH CVE Reference: CVE-2015-7299 About the Product: K2 smartforms ca...

7.5CVSS7.3AI score0.02297EPSS
Exploits3
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.86 views

[SECURITY] [DSA 3373-1] owncloud security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3373-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 18, 2015 https://www.debian.org/security/faq...

10CVSS3.2AI score0.2482EPSS
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.86 views

CSRF vulnerabilities in Callisto 821+R3 ADSL Router

Hello 3APA3A! After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devic...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2015/07/20 12:0 a.m.86 views

[SECURITY] [DSA 3311-1] mariadb-10.0 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3311-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2015 https://www.debian.org/security/faq -...

5.7CVSS1.8AI score0.09984EPSS
Exploits1
securityvulns
securityvulns
added 2015/06/21 12:0 a.m.86 views

[SECURITY] [DSA 3290-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3290-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 18, 2015 https://www.debian.org/security/faq -...

7.2CVSS0.9AI score0.02472EPSS
Exploits9
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.86 views

vfront-0.99.2 CSRF & Persistent XSS

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt Vendor: ============== www.vfront.org Product: =================================================================================== vfront-0.99.2 is a PHP web...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2015/05/25 12:0 a.m.86 views

[SECURITY] [DSA 3270-1] postgresql-9.4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3270-1 [email protected] http://www.debian.org/security/ Christoph Berg May 22, 2015 http://www.debian.org/security/faq -...

4.3CVSS0.4AI score0.08565EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.86 views

Reflected XSS Vulnerability in XSS In Manage Engine Device Expert

=============================================================================== Reflected XSS Vulnerability in XSS In Manage Engine Device Expert =============================================================================== . contents:: Table Of Content Overview ======== Title :Reflected XSS...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.86 views

Arbitrary file deletion and multiple XSS vulnerabilities in pfSense

Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 without technical details Vendor Notification: March 4, 2015 Vendor Patch: March 5, 2015 Public Disclosure: March 25, 2015...

6.8CVSS0.1AI score0.65927EPSS
Exploits6
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.86 views

[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3

CVE-2015-1517 Piwigo - SQL Injection in Version 2.7.3 ---------------------------------------------------------------- Product Information: Software: Piwigo Tested Version: 2.7.3, released on 9 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link: http://piwigo.org/basics/downloads...

6CVSS0.3AI score0.02718EPSS
Exploits4
securityvulns
securityvulns
added 2014/11/24 12:0 a.m.86 views

APPLE-SA-2014-11-17-3 Apple TV 7.0.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-3 Apple TV 7.0.2 Apple TV 7.0.2 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may cause an unexpected application...

9.3CVSS0.9AI score0.03404EPSS
Exploits0
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.86 views

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

Advisory ID: HTB23237 Product: MaxButtons WordPress plugin Vendor: Max Foundry Vulnerable Versions: 1.26.0 and probably prior Tested Version: 1.26.0 Advisory Publication: September 24, 2014 without technical details Vendor Notification: September 24, 2014 Vendor Patch: October 2, 2014 Public...

4.3CVSS6.2AI score0.02053EPSS
Exploits3
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.86 views

Cross-Site Request Forgery (CSRF) in Kanboard

Advisory ID: HTB23217 Product: Kanboard Vendor: http://kanboard.net/ Vulnerable Versions: 1.0.5 and probably prior Tested Version: 1.0.5 Advisory Publication: May 28, 2014 without technical details Vendor Notification: May 28, 2014 Vendor Patch: June 30, 2014 Public Disclosure: July 2, 2014...

6.8CVSS7.1AI score0.0069EPSS
Exploits3
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.86 views

Improper Access Control in ArticleFR

Advisory ID: HTB23219 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 11.06.2014 and probably prior Tested Version: 11.06.2014 Advisory Publication: June 11, 2014 without technical details Vendor Notification: June 11, 2014 Public Disclosure: July 30, 2014 Vulnerability Type:...

0.7AI score0.14484EPSS
Exploits5
securityvulns
securityvulns
added 2014/09/15 12:0 a.m.86 views

Microsoft SQL Server multiple security vulnerabilities

XSS, stack overrun...

6.8CVSS2AI score0.26499EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.86 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.6AI score0.10773EPSS
Exploits30References24Affected Software16
securityvulns
securityvulns
added 2014/08/04 12:0 a.m.86 views

[SECURITY] [DSA 2993-1] tor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2993-1 [email protected] http://www.debian.org/security/ Peter Palfrader July 31, 2014 http://www.debian.org/security/faq -...

5.8CVSS0.2AI score0.02094EPSS
Exploits0
securityvulns
securityvulns
added 2014/07/14 12:0 a.m.86 views

file / PHP multiple security vulnerabilities

Memroy corruptions, DoS, information leakage...

7.5CVSS1.5AI score0.30128EPSS
Exploits7References1Affected Software1
securityvulns
securityvulns
added 2014/05/07 12:0 a.m.86 views

[USN-2209-1] libvirt vulnerabilities

========================================================================== Ubuntu Security Notice USN-2209-1 May 07, 2014 libvirt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5.8CVSS0.8AI score0.00573EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.86 views

[USN-2105-1] MAAS vulnerabilities

========================================================================== Ubuntu Security Notice USN-2105-1 February 13, 2014 maas vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.3CVSS0.5AI score0.02379EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.86 views

[SECURITY] [DSA 2913-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2913-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 25, 2014 http://www.debian.org/security/faq -...

4.3CVSS0.6AI score0.01555EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.86 views

CVE-2014-2383 - Arbitrary file read in dompdf

Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is present on dompdf.php file that allows remote or local...

4.3CVSS0.2AI score0.39374EPSS
Exploits6
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.86 views

[USN-2173-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2173-1 April 26, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

10CVSS0.6AI score0.10385EPSS
Exploits1
securityvulns
securityvulns
added 2014/03/18 12:0 a.m.86 views

Microsoft Internet Explorer multiple security vulnerabilities

Multiple memory corruptions...

9.3CVSS2AI score0.85239EPSS
Exploits40Affected Software1
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.86 views

[USN-2075-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2075-1 January 03, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.1CVSS0.5AI score0.09408EPSS
Exploits7
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.86 views

Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability

Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2013/08/14 12:0 a.m.86 views

[SECURITY] [DSA 2736-1] putty security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2736-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 11, 2013 http://www.debian.org/security/faq -...

6.8CVSS1.4AI score0.03447EPSS
Exploits4
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.86 views

Voice Logger astTECS - bypass login & arbitrary file download

Author: Michal Blaszczak Website: http://blaszczakm.blogspot.com Project: hack voip - http://blaszczakm.blogspot.com/search/label/hack20voip Date: 16.07.2013 Voice Logger - VoIP software for Call Center 1 bypass login login: admin' or 1='1 password: admin line: 168 file: managerlogin.server.php 2...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.86 views

[CVE-2013-1814] Apache Rave exposes User over API

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

4CVSS6.2AI score0.7322EPSS
Exploits10
securityvulns
securityvulns
added 2013/03/24 12:0 a.m.86 views

[ MDVSA-2013:022 ] openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:022 http://www.mandriva.com/en/support/security/ Package : openssh Date : March 13, 2013 Affected: Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in openssh:...

5CVSS6.7AI score0.1651EPSS
Exploits1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.86 views

Multiple XSS vulnerabilities in Events Manager WordPress plugin

Advisory ID: HTB23139 Product: Events Manager WordPress plugin Vendor: Marcus Sykes Vulnerable Versions: 5.3.3 and probably prior Tested Version: 5.3.3 Vendor Notification: January 16, 2013 Vendor Patch: January 17, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: Cross-Site Scripting...

4.3CVSS0.2AI score0.02058EPSS
Exploits3
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.86 views

SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass

SEC Consult Vulnerability Lab Security Advisory 20121017-0 ======================================================================= title: ModSecurity multipart/invalid part ruleset bypass product: ModSecurity vulnerable version: = 2.6.8 fixed version: 2.7.0 CVE number: - impact: Depends what you...

7AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.86 views

Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities

Title: ====== Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities Date: ===== 2012-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=659 VL-ID: ===== 659 Common Vulnerability Scoring System: ==================================== 8.3 Introduction:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/07/23 12:0 a.m.86 views

Google Chrome 19 metro_driver.dll mishandling

Security Advisory - Google Chrome 19 metrodriver.dll mishandling ======================================================================== Summary : Google Chrome 19 is prone to unqualified DLL loading Date : 28 June 2012 Affected versions : Google Chrome v19.0.1084.21 up-to v20.0.1132.23 ID :...

7.2CVSS6.8AI score0.00442EPSS
Exploits1
securityvulns
securityvulns
added 2012/05/21 12:0 a.m.86 views

APPLE-SA-2012-05-15-1 QuickTime 7.7.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-15-1 QuickTime 7.7.2 QuickTime 7.7.2 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application...

9.3CVSS1.4AI score0.28623EPSS
Exploits24
securityvulns
securityvulns
added 2012/01/09 12:0 a.m.86 views

OpenKM 5.1.7 Privilege Escalation

COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-001 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Privilege Escalation, Improper Access Control Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/01/09 12:0 a.m.86 views

ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-002 : HP OpenView NNM ov.dll OVBuildPath Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-002 January 5, 2012 - -- CVE ID: CVE-2011-3167 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

10CVSS0.5AI score0.66402EPSS
Exploits8
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.86 views

AdaptCMS 2.x SQL Injection Vulnerability

========================================================================= AdaptCMS 2.x SQL Injection Vulnerability =========================================================================...

8.1AI score
Exploits0
Total number of security vulnerabilities5000