Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2003/03/27 12:0 a.m.87 views

Microsoft Security Bulletin MS03-010: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks 331953 Date: 26 March 2003 Software: Microsoftr Windowsr NT 4.0, Windows 2000, or Windows XP Impact: denial of servi...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2003/01/11 12:0 a.m.87 views

Re: [VSA0304] Half-Life Client remote hole via Adminmod plugin

Dear VOID.AT Security, This bug is not related to adminmod, but is rather the bug in Half Life itself. At least absolutely same problem is in amx plugin. amxpsay ssss causes same trouble. So this is a bug in HalfLife client and may be exploited by malicious server operator including remote one wi...

2.8AI score
Exploits0
securityvulns
securityvulns
added 2002/11/09 12:0 a.m.87 views

Simple Web Server protected files access

URL http://server.com///secret/file allows protected file access...

2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/10/20 12:0 a.m.87 views

Minor IE vulnerability: about: URLs

Zone spoofing? Oh yes, that reminds me. Here's another one. Affected: Internet Explorer under Windows, up to version 6 Risk: Low Workaround: Disable scripting in the Internet Zone Problem: If an unknown 'about:' name is used, IE echos the string exactly to the page. So 'about:foo' results in an...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2000/07/10 12:0 a.m.87 views

Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability "THE KING IS THE NEXT RELEASE" USSR Advisory Code: USSR-2000049 Release Date: July 10, 2000 Systems Affected: WircSrv Irc Server v5.07s THE PROBLEM The Ussr Labs team has recently discovered...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.86 views

CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine

Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...

7.5CVSS0.3AI score0.07505EPSS
Exploits5
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.86 views

vfront-0.99.2 CSRF & Persistent XSS

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt Vendor: ============== www.vfront.org Product: =================================================================================== vfront-0.99.2 is a PHP web...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.86 views

Arbitrary file deletion and multiple XSS vulnerabilities in pfSense

Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 without technical details Vendor Notification: March 4, 2015 Vendor Patch: March 5, 2015 Public Disclosure: March 25, 2015...

6.8CVSS0.1AI score0.65927EPSS
Exploits6
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.86 views

[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3

CVE-2015-1517 Piwigo - SQL Injection in Version 2.7.3 ---------------------------------------------------------------- Product Information: Software: Piwigo Tested Version: 2.7.3, released on 9 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link: http://piwigo.org/basics/downloads...

6CVSS0.3AI score0.02718EPSS
Exploits4
securityvulns
securityvulns
added 2015/01/13 12:0 a.m.86 views

[ MDVSA-2015:022 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:022 http://www.mandriva.com/en/support/security/ Package : wireshark Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated wireshark packages fix security vulnerabilities: The DE...

5CVSS5.6AI score0.02775EPSS
Exploits0
securityvulns
securityvulns
added 2014/11/24 12:0 a.m.86 views

APPLE-SA-2014-11-17-3 Apple TV 7.0.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-3 Apple TV 7.0.2 Apple TV 7.0.2 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may cause an unexpected application...

9.3CVSS0.9AI score0.03404EPSS
Exploits0
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.86 views

Improper Access Control in ArticleFR

Advisory ID: HTB23219 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 11.06.2014 and probably prior Tested Version: 11.06.2014 Advisory Publication: June 11, 2014 without technical details Vendor Notification: June 11, 2014 Public Disclosure: July 30, 2014 Vulnerability Type:...

0.7AI score0.14484EPSS
Exploits5
securityvulns
securityvulns
added 2014/09/15 12:0 a.m.86 views

Microsoft SQL Server multiple security vulnerabilities

XSS, stack overrun...

6.8CVSS2AI score0.26499EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.86 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.6AI score0.10773EPSS
Exploits30References24Affected Software16
securityvulns
securityvulns
added 2014/07/14 12:0 a.m.86 views

file / PHP multiple security vulnerabilities

Memroy corruptions, DoS, information leakage...

7.5CVSS1.5AI score0.30128EPSS
Exploits7References1Affected Software1
securityvulns
securityvulns
added 2014/05/07 12:0 a.m.86 views

[USN-2209-1] libvirt vulnerabilities

========================================================================== Ubuntu Security Notice USN-2209-1 May 07, 2014 libvirt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5.8CVSS0.8AI score0.00573EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.86 views

[CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0

Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6233...

4.3CVSS0.03223EPSS
Exploits7
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.86 views

CVE-2014-2383 - Arbitrary file read in dompdf

Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is present on dompdf.php file that allows remote or local...

4.3CVSS0.2AI score0.39374EPSS
Exploits6
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.86 views

[USN-2173-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2173-1 April 26, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

10CVSS0.6AI score0.10385EPSS
Exploits1
securityvulns
securityvulns
added 2014/03/18 12:0 a.m.86 views

Microsoft Internet Explorer multiple security vulnerabilities

Multiple memory corruptions...

9.3CVSS2AI score0.85239EPSS
Exploits40Affected Software1
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.86 views

[CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7

Advisory Information Title: Multiple Reflected XSS vulnerabilities in JAMon Date published: 2013-01-23 Date of last update: 2013-01-23 Vendors contacted: JAMon v 2.7 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-6235 CVSS v2 Base Score:...

4.3CVSS0.02232EPSS
Exploits2
securityvulns
securityvulns
added 2014/01/08 12:0 a.m.86 views

[USN-2075-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2075-1 January 03, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.1CVSS0.5AI score0.09408EPSS
Exploits7
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.86 views

Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability

Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2013/10/13 12:0 a.m.86 views

[SECURITY] [DSA 2776-1] drupal6 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2776-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 11, 2013 http://www.debian.org/security/faq -...

6.8CVSS1.4AI score0.02746EPSS
Exploits1
securityvulns
securityvulns
added 2013/08/28 12:0 a.m.86 views

[SECURITY] [DSA 2741-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2741-1 [email protected] http://www.debian.org/security/ Michael Gilbert August 25, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.6AI score0.01627EPSS
Exploits0
securityvulns
securityvulns
added 2013/08/14 12:0 a.m.86 views

[SECURITY] [DSA 2736-1] putty security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2736-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 11, 2013 http://www.debian.org/security/faq -...

6.8CVSS1.4AI score0.03447EPSS
Exploits4
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.86 views

SQL Injection Vulnerability in Symphony

Advisory ID: HTB23148 Product: Symphony Vendor: http://getsymphony.com/ Vulnerable Versions: 2.3.1 and probably prior Tested Version: 2.3.1 Vendor Notification: March 13, 2013 Vendor Patch: March 24, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

6.5CVSS8.1AI score0.02355EPSS
Exploits3
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.86 views

Multiple XSS vulnerabilities in Events Manager WordPress plugin

Advisory ID: HTB23139 Product: Events Manager WordPress plugin Vendor: Marcus Sykes Vulnerable Versions: 5.3.3 and probably prior Tested Version: 5.3.3 Vendor Notification: January 16, 2013 Vendor Patch: January 17, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: Cross-Site Scripting...

4.3CVSS0.2AI score0.02058EPSS
Exploits3
securityvulns
securityvulns
added 2012/12/10 12:0 a.m.86 views

Fwd: SQL injection

Product: FOOT Gestion Version: - Vendor: Winsoft Vendor site:http://www.footgestion.ch Status: fixed Level: High ========= Description ========= FOOT Gestion is a soccer team management CMS. The solution is based on a software and a CMS website. The website module is affected by a SQL injection...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/24 12:0 a.m.86 views

Apple iOS multiple security vulnerabilities

Large number of vulnerabilities in different components...

10CVSS2.1AI score0.73164EPSS
Exploits5References1Affected Software1
securityvulns
securityvulns
added 2012/08/13 12:0 a.m.86 views

Cross-Site Scripting (XSS) in Redaxo

Advisory ID: HTB23098 Product: Redaxo Vendor: Redaxo team Vulnerable Versions: 4.4 and probably prior Tested Version: 4.4 Vendor Notification: 4 July 2012 Vendor Patch: 23 July 2012 Public Disclosure: 25 July 2012 Vulnerability Type: Cross-Site Scripting XSS CVE Reference: CVE-2012-3869 CVSSv2 Ba...

4.3CVSS6.6AI score0.01206EPSS
Exploits3
securityvulns
securityvulns
added 2012/07/11 12:0 a.m.86 views

NDTV Cross Site Scripting Vulnerabilitiy

Exploit Title : NDTV Cross Site Scripting Vulnerabilitiy Author : Iranian Security & Research Team Discovered By : zilli0o0n Home : sec-lab.ir Contact : research at sec-lab dot ir Software Link : www.ndtv.com DorK : "Copyright NDTV Convergence Limited 2012"...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.86 views

[SECURITY] [DSA 2506-1] libapache-mod-security security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.03303EPSS
Exploits2
securityvulns
securityvulns
added 2011/11/25 12:0 a.m.86 views

Mozilla Foundation Security Advisory 2011-49

Mozilla Foundation Security Advisory 2011-49 Title: Memory corruption while profiling using Firebug Impact: Critical Announced: November 8, 2011 Reporter: Marc Schoenefeld Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description Marc...

9.3CVSS9.5AI score0.0233EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/16 12:0 a.m.86 views

APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update iOS 5.0.1 Software Update is now available and addresses the following: CFNetwork Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch 3rd...

9.3CVSS0.05329EPSS
Exploits5
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.86 views

TeamSHATTER Security Advisory: Buffer Overflow in Oracle Database (CTXSYS.DRVDISP.TABLEFUNC_ASOWN function)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR1, 10gR2 and 11gR1 Remote exploitable: Yes Authentication to Database Server is needed Credits: This vulnerability was discovered a...

8.5CVSS0.3AI score0.0224EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.86 views

[security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03058866Version: 1 HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon a...

10CVSS1AI score0.1169EPSS
Exploits0
securityvulns
securityvulns
added 2011/09/09 12:0 a.m.86 views

Loop (ricetta.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Loop ricetta.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.loopmm.com/ Persian Gulf 4 Ever! Dork : "Loop - creazioni multimediali" "inurl:ricetta.php?id="...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2011/08/05 12:0 a.m.86 views

APPLE-SA-2011-08-03-1 QuickTime 7.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-08-03-1 QuickTime 7.7 QuickTime 7.7 is now available and addresses the following: QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted pict file may...

9.3CVSS1.1AI score0.05084EPSS
Exploits2
securityvulns
securityvulns
added 2011/04/21 12:0 a.m.86 views

Videcon Viola DVR VIO-4/1000 directory traversal

Directory traversal in Web interface...

3.7AI score
Exploits0References1
securityvulns
securityvulns
added 2011/03/10 12:0 a.m.86 views

Plaintext injection in STARTTLS (multiple implementations)

This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP Simple Mail Transfer Protocol over TLS Transport Layer Security including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is...

6.8CVSS8.7AI score0.16334EPSS
Exploits1
securityvulns
securityvulns
added 2011/03/03 12:0 a.m.86 views

iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability

iDefense Security Advisory 03.01.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 01, 2011 I. BACKGROUND The Alcatel-Lucent OmniPCX Enterprise Communication Server CS is a communication server platform that provides multimedia call processing for both Alcatel-Lucent and third-party...

5.8CVSS0.8AI score0.02318EPSS
Exploits0
securityvulns
securityvulns
added 2011/02/11 12:0 a.m.86 views

iDefense Security Advisory 02.08.11: Adobe Flash Player ActionScript Memory Corruption Vulnerability

iDefense Security Advisory 02.08.11 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2011 I. BACKGROUND Adobe Flash Player is an application for viewing animations and movies using computer programs such as a Web browser; in common usage, Flash lets you put animation and movies on a...

9.3CVSS0.05238EPSS
Exploits0
securityvulns
securityvulns
added 2011/01/13 12:0 a.m.86 views

[USN-1042-1] PHP vulnerabilities

=========================================================== Ubuntu Security Notice USN-1042-1 January 11, 2011 php5 vulnerabilities CVE-2009-5016, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4156, CVE-2010-4409, CVE-2010-4645...

6.8CVSS0.4AI score0.18878EPSS
Exploits16
securityvulns
securityvulns
added 2011/01/07 12:0 a.m.86 views

Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability

============================================================================== Joomla! 1.0.x 1.0.15 | Cross Site Scripting XSS Vulnerability ============================================================================== 1. OVERVIEW The Joomla! 1.0.x series are currently vulnerable to Cross Site...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/01/07 12:0 a.m.86 views

[SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2140-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 05, 2011 http://www.debian.org/security/faq -...

7.2CVSS2.3AI score0.02772EPSS
Exploits0
securityvulns
securityvulns
added 2010/12/28 12:0 a.m.86 views

Path disclosure in KaiBB

Vulnerability ID: HTB22746 Reference: http://www.htbridge.ch/advisory/pathdisclosureinkaibb.html Product: KaiBB Vendor: Mi-Dia http://www.mi-dia.co.uk/ Vulnerable Version: 1.0.1 Vendor Notification: 09 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted, Awaiting...

Exploits0
securityvulns
securityvulns
added 2010/11/30 12:0 a.m.86 views

n.runs-SA-2010.003 - Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.003 16-Nov-2010 Vendor: Hewlett-Packard, http://www.hp.com Affected Products: Various HP LaserJet MFP devices See HP advisory 3 for the complete list Vulnerability: Directory Traversal in PJL interface Risk: HIGH Vendor...

7.8CVSS5.9AI score0.1313EPSS
Exploits14
securityvulns
securityvulns
added 2010/11/24 12:0 a.m.86 views

[eVuln.com] Multiple XSS in MCG GuestBook

New eVuln Advisory: Multiple XSS in MCG GuestBook Summary: http://evuln.com/vulns/144/summary.html Details: http://evuln.com/vulns/144/description.html -----------Summary----------- eVuln ID: EV0144 Software: MCG GuestBook Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site Scripti...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2010/11/10 12:0 a.m.86 views

[ MDVSA-2010:226 ] dhcp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:226 http://www.mandriva.com/security/ Package : dhcp Date : November 10, 2010 Affected: 2009.1, 2010.0, 2010.1 Problem Description: A vulnerability was discovered and corrected in ISC dhcp: ISC DHCP server 4...

4.3CVSS6.4AI score0.09402EPSS
Exploits0
Total number of security vulnerabilities5000