Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2000/09/22 12:0 a.m.88 views

Linux news 22.09.00

2.4.0-test9-pre5 kernel released Вышла новая тестовая версия 2.4.0 кернела test9-pre5. Она включает в себя множество исправлений. Так же продолжен процесс синхронизации драйверов между 2.2 и 2.4 ветками Подробнее: http://balrog.ruwr.ru/tmp/test9-pre5.txt Роботы под Linux Как оказалось, на...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.87 views

Boolean-based SQL injection Vulnerability in K2 Platforms

Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoint Version: 4.6.7 Tested Version: Version 4.6.7 Severity: HIGH CVE Reference: CVE-2015-7299 About the Product: K2 smartforms ca...

7.5CVSS7.3AI score0.02297EPSS
Exploits3
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.87 views

CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine

Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...

7.5CVSS0.3AI score0.07505EPSS
Exploits5
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.87 views

APPLE-SA-2015-10-21-7 Xcode 7.1

APPLE-SA-2015-10-21-7 Xcode 7.1 Xcode 7.1 is now available and addresses the following: Swift Available for: OS X Yosemite v10.10.5 or later Impact: Swift programs performing certain type conversions may receive unexpected values Description: A type conversion issue existed that could lead to...

7.5CVSS6AI score0.01619EPSS
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.87 views

CSRF vulnerabilities in Callisto 821+R3 ADSL Router

Hello 3APA3A! After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devic...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.87 views

APPLE-SA-2015-10-21-3 Safari 9.0.1

APPLE-SA-2015-10-21-3 Safari 9.0.1 Safari 9.0.1 is now available and addresses the following: WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple...

6.8CVSS0.6AI score0.02755EPSS
Exploits0
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.87 views

[USN-2722-1] GDK-PixBuf vulnerability

========================================================================== Ubuntu Security Notice USN-2722-1 August 26, 2015 gdk-pixbuf vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS0.3AI score0.084EPSS
Exploits0
securityvulns
securityvulns
added 2015/07/13 12:0 a.m.87 views

HAProxy information disclosure

Under some conditions, data from previous request can be obtained...

5CVSS1AI score0.04274EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/07/13 12:0 a.m.87 views

PHP multiple security vulnerabilities

Code execution, DoS conditions, poisoned NULL byte vulnereability, information disclosure...

10CVSS1.7AI score0.50129EPSS
Exploits22References1Affected Software1
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.87 views

APPLE-SA-2015-06-30-6 iTunes 12.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-6 iTunes 12.2 iTunes 12.2 is now available and addresses the following: WebKit Available for: Windows 8 and Windows 7 Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected...

7.5CVSS0.1AI score0.04583EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/21 12:0 a.m.87 views

[SECURITY] [DSA 3290-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3290-1 [email protected] https://www.debian.org/security/ Ben Hutchings June 18, 2015 https://www.debian.org/security/faq -...

7.2CVSS0.9AI score0.02472EPSS
Exploits9
securityvulns
securityvulns
added 2015/06/13 12:0 a.m.87 views

[USN-2634-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2634-1 June 10, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.2CVSS0.1AI score0.02472EPSS
Exploits7
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.87 views

AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability

Exploit Title: AnimaGallery 2.6 theme and lang cookie parameter Local File Include Vulnerability Date: 2015/06/07 Vendor Homepage: http://dg.no.sapo.pt/ Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip Version: 2.6 Tested on: Centos 6.5,php 5.3.2,magicquotesgpc=off Category: webapps...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.87 views

vfront-0.99.2 CSRF & Persistent XSS

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt Vendor: ============== www.vfront.org Product: =================================================================================== vfront-0.99.2 is a PHP web...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.87 views

Reflected XSS Vulnerability in XSS In Manage Engine Device Expert

=============================================================================== Reflected XSS Vulnerability in XSS In Manage Engine Device Expert =============================================================================== . contents:: Table Of Content Overview ======== Title :Reflected XSS...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.87 views

Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17

Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @larry0 Date: 2015-03-29 Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/ Vendor: http://www.videowhisper.com/ Vendor Notified: 2015-03-29...

Exploits0
securityvulns
securityvulns
added 2014/11/24 12:0 a.m.87 views

[USN-2412-1] Ruby vulnerability

========================================================================== Ubuntu Security Notice USN-2412-1 November 20, 2014 ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 vulnerability ========================================================================== A security issue affects these releases of...

5CVSS6.2AI score0.056EPSS
Exploits1
securityvulns
securityvulns
added 2014/11/03 12:0 a.m.87 views

[SECURITY] [DSA 3059-1] dokuwiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3059-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 29, 2014 http://www.debian.org/security/faq -...

5CVSS1.9AI score0.02519EPSS
Exploits0
securityvulns
securityvulns
added 2014/10/18 12:0 a.m.87 views

APPLE-SA-2014-10-16-4 OS X Server v3.2.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-4 OS X Server v3.2.2 OS X Server v3.2.2 is now available and addresses the following: Server Available for: OS X Mavericks v10.9.5 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are kno...

4.3CVSS4.5AI score0.99999EPSS
Exploits7
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.87 views

Cross-Site Request Forgery (CSRF) in Kanboard

Advisory ID: HTB23217 Product: Kanboard Vendor: http://kanboard.net/ Vulnerable Versions: 1.0.5 and probably prior Tested Version: 1.0.5 Advisory Publication: May 28, 2014 without technical details Vendor Notification: May 28, 2014 Vendor Patch: June 30, 2014 Public Disclosure: July 2, 2014...

6.8CVSS7.1AI score0.0069EPSS
Exploits3
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.87 views

[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]

Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.87 views

[ MDVSA-2014:182 ] zarafa

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:182 http://www.mandriva.com/en/support/security/ Package : zarafa Date : September 24, 2014 Affected: Business Server 1.0 Problem Description: Updated zarafa packages fix security vulnerabilities: Robert...

2.1CVSS5.4AI score0.00424EPSS
Exploits0
securityvulns
securityvulns
added 2014/08/10 12:0 a.m.87 views

[ MDVSA-2014:159 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:159 http://www.mandriva.com/en/support/security/ Package : wireshark Date : August 8, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

5CVSS7.8AI score0.03252EPSS
Exploits3
securityvulns
securityvulns
added 2014/06/26 12:0 a.m.87 views

[oss-security] CVE Request: iodine: authentication bypass by client

Hi oss-security, iodine 0.7.0 has just been released, which fixes an authentication bypass issue discovered by Oscar Reparaz. The fix is here: https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850 and the new release is available at the homepage:...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.87 views

[USN-2105-1] MAAS vulnerabilities

========================================================================== Ubuntu Security Notice USN-2105-1 February 13, 2014 maas vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.3CVSS0.5AI score0.02379EPSS
Exploits1
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.87 views

[CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0

Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6233...

4.3CVSS0.03223EPSS
Exploits7
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.87 views

[SECURITY] [DSA 2913-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2913-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 25, 2014 http://www.debian.org/security/faq -...

4.3CVSS0.6AI score0.01568EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/02 12:0 a.m.87 views

[security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04249113 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04249113 Version: 2 HPSBMU03009 rev....

5CVSS0.5AI score0.99999EPSS
Exploits87
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.87 views

[CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7

Advisory Information Title: Multiple Reflected XSS vulnerabilities in JAMon Date published: 2013-01-23 Date of last update: 2013-01-23 Vendors contacted: JAMon v 2.7 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-6235 CVSS v2 Base Score:...

4.3CVSS0.02232EPSS
Exploits2
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.87 views

Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability

Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2013/10/03 12:0 a.m.87 views

OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption

OWASP ESAPI for Java Security Advisory 1 The OWASP Foundation MAC Bypass in ESAPI Symmetric Encryption Summary ======= Category: Symmetric cryptography Module: ESAPI Encryptor interface Announced: 2013-08-23 via ESAPI-Dev mailing list...

2.6CVSS9AI score0.02426EPSS
Exploits1
securityvulns
securityvulns
added 2013/08/14 12:0 a.m.87 views

[SECURITY] [DSA 2736-1] putty security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2736-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 11, 2013 http://www.debian.org/security/faq -...

6.8CVSS1.4AI score0.03447EPSS
Exploits4
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.87 views

[CVE-2013-1814] Apache Rave exposes User over API

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

4CVSS6.2AI score0.7322EPSS
Exploits10
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.87 views

QlikView integer overflow

Integer overflow on .qvw files parsing...

5.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/02/14 12:0 a.m.87 views

[USN-1720-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1720-1 February 12, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.9CVSS0.00407EPSS
Exploits1
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.87 views

Layton Helpbox 4.4.0 Multiple Security Issues

Layton Helpbox 4.4.0 Multiple Security Issues: Layton Helpbox 4.4.0 Multiple SQL Injection Points CVE-2012-4971 http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html Layton Helpbox 4.4.0 Authorisation Bypass Vulnerability CVE-2012-4975...

7.5CVSS6.9AI score0.01193EPSS
Exploits7
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.87 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.67256EPSS
Exploits31References26Affected Software14
securityvulns
securityvulns
added 2012/05/21 12:0 a.m.87 views

APPLE-SA-2012-05-15-1 QuickTime 7.7.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-15-1 QuickTime 7.7.2 QuickTime 7.7.2 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application...

9.3CVSS1.4AI score0.28623EPSS
Exploits24
securityvulns
securityvulns
added 2012/04/24 12:0 a.m.87 views

OpenSSL memory corruption

Memory corruption in asn1d2ireadbio/SMIMEreadPKCS7/SMIMEreadCMS...

7.5CVSS1.8AI score0.48298EPSS
Exploits8References2Affected Software1
securityvulns
securityvulns
added 2012/01/11 12:0 a.m.87 views

Apache mod_proxy unauthorized internal network access

Invalid processing for URI with preceeding @ sign...

5CVSS3.6AI score0.90734EPSS
Exploits14References1Affected Software1
securityvulns
securityvulns
added 2012/01/09 12:0 a.m.87 views

ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-002 : HP OpenView NNM ov.dll OVBuildPath Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-002 January 5, 2012 - -- CVE ID: CVE-2011-3167 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

10CVSS0.5AI score0.66402EPSS
Exploits8
securityvulns
securityvulns
added 2011/12/15 12:0 a.m.87 views

Microsoft Office multiple security vulnerabilities

Privilege escalation, use-after-free, insecure DLL loading, memory corruption...

9.3CVSS2.7AI score0.28059EPSS
Exploits9References2Affected Software1
securityvulns
securityvulns
added 2011/11/25 12:0 a.m.87 views

Mozilla Foundation Security Advisory 2011-49

Mozilla Foundation Security Advisory 2011-49 Title: Memory corruption while profiling using Firebug Impact: Critical Announced: November 8, 2011 Reporter: Marc Schoenefeld Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description Marc...

9.3CVSS9.5AI score0.0233EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/16 12:0 a.m.87 views

APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update iOS 5.0.1 Software Update is now available and addresses the following: CFNetwork Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch 3rd...

9.3CVSS0.05329EPSS
Exploits5
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.87 views

ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient,Type Checking Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient Type Checking Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-288 October 15, 2011 - - -- CVE ID: CVE-2011-1999 - - -- CVSS: 7.5,...

9.3CVSS0.2AI score0.27959EPSS
Exploits2
securityvulns
securityvulns
added 2011/09/09 12:0 a.m.87 views

Loop (ricetta.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Loop ricetta.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.loopmm.com/ Persian Gulf 4 Ever! Dork : "Loop - creazioni multimediali" "inurl:ricetta.php?id="...

2.6AI score
Exploits0
securityvulns
securityvulns
added 2011/06/02 12:0 a.m.87 views

Post Revolution 0.8.0c Multiple Remote Vulnerabilities

info ——————————— Name : Post Revolution 0.8.0c Multiple Remote Vulnerabilities Class: Design Error && Input Validation Error CVE: CVE-2011-1952, CVE-2011-1953, CVE-2011-1954 Remote: Yes Local: No Credit : Javier Bassi javierbassi at gmail dot com Vulnerable : All versions prior to and including...

6.8CVSS0.7AI score0.01543EPSS
Exploits3
securityvulns
securityvulns
added 2011/04/13 12:0 a.m.87 views

ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability

ZDI-11-119: Pwn2Own Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-119 April 12, 2011 -- CVE ID: CVE-2011-1345 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...

9.3CVSS0.1AI score0.40875EPSS
Exploits1
securityvulns
securityvulns
added 2011/03/10 12:0 a.m.87 views

Plaintext injection in STARTTLS (multiple implementations)

This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP Simple Mail Transfer Protocol over TLS Transport Layer Security including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is...

6.8CVSS8.7AI score0.16334EPSS
Exploits1
securityvulns
securityvulns
added 2011/01/07 12:0 a.m.87 views

[SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2140-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 05, 2011 http://www.debian.org/security/faq -...

7.2CVSS2.3AI score0.02772EPSS
Exploits0
Total number of security vulnerabilities5000