Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2010/07/24 12:0 a.m.88 views

Mozilla Foundation Security Advisory 2010-48

Mozilla Foundation Security Advisory 2010-48 Title: Dangling pointer crash regression from plugin parameter array fix Impact: Critical Announced: July 20, 2010 Reporter: Daniel Holbert Products: Firefox 3.6.7 Fixed in: Firefox 3.6.8 Description Mozilla developer Daniel Holbert reported that the f...

10CVSS0.2AI score0.0413EPSS
Exploits1
securityvulns
securityvulns
added 2010/07/24 12:0 a.m.88 views

Mozilla Foundation Security Advisory 2010-40

Mozilla Foundation Security Advisory 2010-40 Title: nsTreeSelection dangling pointer remote code execution vulnerability Impact: Critical Announced: July 20, 2010 Reporter: regenrecht via TippingPoint's Zero Day Initiative Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.7 Firefox...

9.3CVSS1.3AI score0.06672EPSS
Exploits1
securityvulns
securityvulns
added 2010/04/05 12:0 a.m.88 views

DynPG CMS Multiple Remote File Inclusion Vulnerability

fucking the Web Apps attack edition / / / / L /' / , / / /' , / /' /' / /' / / / / / / L / / / // // // ///////////L // ////// // // Hack0wn! Security Project / /&...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2010/03/11 12:0 a.m.88 views

Chaton <= 1.5.2 Local File Include Vulnerability

================================================ Chaton = 1.5.2 Local File Include Vulnerability ================================================ + Chaton = 1.5.2 Local File Include Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/03/02 12:0 a.m.88 views

Oracle Siebel 7.x CRM Cross Site Scripting Vulnerability

======================================================= Yaniv Miron aka "Lament" Advisory Feb 27, 2010 Oracle Siebel 7.x CRM 7.7, 7.8 tested Cross Site Scripting Vulnerability ======================================================= ===================== I. BACKGROUND ===================== Siebel...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2010/02/08 12:0 a.m.88 views

TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility

=================================================================== TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility =================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2009/12/09 12:0 a.m.88 views

Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution 975539 Published: December 08, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microso...

9.3CVSS2.6AI score0.31232EPSS
Exploits1
securityvulns
securityvulns
added 2009/06/16 12:0 a.m.88 views

[waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09

waraxe-2009-SA074 - Multiple Vulnerabilities in TorrentTrader Classic 1.09 =============================================================================== Author: Janek Vind "waraxe" Date: 15. June 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-74.html Description of vulnerable...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2009/06/09 12:0 a.m.88 views

Microsoft Security Bulletin MS09-020 - Important Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)

Microsoft Security Bulletin MS09-020 - Important Vulnerabilities in Internet Information Services IIS Could Allow Elevation of Privilege 970483 Published: June 9, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and one...

7.6CVSS0.4AI score0.98447EPSS
Exploits5
securityvulns
securityvulns
added 2009/04/07 12:0 a.m.88 views

Family Connections 1.8.2 Blind SQL Injection (Correct Version)

Salvatore "drosophila" Fresta + Application: Family Connection + Version: = 1.8.2 + Website: http://www.familycms.com + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 1 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/01/20 12:0 a.m.88 views

SQL Injection and DoS vulnerabilities in Power Phlogger

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых SQL Injection и DoS уязвимостях в Power Phlogger. SQL Injection: Уязвимость можно использовать в частности для удаления стилей в том числе системных: http://site/edCss.php?cssstr=22/&action=delete Или для проведения DoS атак:...

8.6AI score
Exploits0
securityvulns
securityvulns
added 2009/01/20 12:0 a.m.88 views

Microsoft Bluetooth Stack OBEX Directory Traversal

Title: Microsoft Bluetooth Stack OBEX Directory Traversal Author: Alberto Moreno Tablado Vendor: Microsoft Product: Windows Mobile 6 Professional Probably Windows Mobile 5.0 for Pocket PC and Windows Mobile 5.0 for Pocket PC Phone Edition References:...

1AI score
Exploits0
securityvulns
securityvulns
added 2008/12/23 12:0 a.m.88 views

FreeSSHD buffer overflow

sftp post authentication buffer overflow...

3.3AI score
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2008/12/18 12:0 a.m.88 views

Joomla: Session hijacking vulnerability, CVE-2008-4122

Joomla: Session hijacking vulnerability, CVE-2008-4122 References https://vulners.com/cve/CVE-2008-4122 http://int21.de/cve/CVE-2008-4122-joomla.html http://enablesecurity.com/2008/08/11/surf-jack-https-will-not-save-you/ https://www.defcon.org/html/defcon-16/dc-16-speakers.htmlPerry Description...

5CVSS7.5AI score0.01257EPSS
Exploits0
securityvulns
securityvulns
added 2008/10/29 12:0 a.m.88 views

[ MDVSA-2008:218 ] lynx

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:218 http://www.mandriva.com/security/ Package : lynx Date : October 28, 2008 Affected: 2008.0, 2008.1, 2009.0 Problem Description: A vulnerability was found in the Lynxcgi: URI handler that could allow an...

10CVSS6.8AI score0.0506EPSS
Exploits0
securityvulns
securityvulns
added 2008/09/29 12:0 a.m.88 views

Mozilla Foundation Security Advisory 2008-41

Mozilla Foundation Security Advisory 2008-41 Title: Privilege escalation via XPCnativeWrapper pollution Impact: Critical Announced: September 23, 2008 Reporter: mozbugra4, Olli Pettay Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey...

7.5CVSS0.7AI score0.05077EPSS
Exploits1
securityvulns
securityvulns
added 2008/09/10 12:0 a.m.88 views

Microsoft Windows GDI library multiple security vulnerabilities

Multiple vulnerabilities on different graphics format parsing...

9.3CVSS3.8AI score0.52886EPSS
Exploits5References6
securityvulns
securityvulns
added 2008/08/26 12:0 a.m.88 views

Secunia Research: Calendarix Basic Two SQL Injection Vulnerabilities

====================================================================== Secunia Research 25/08/2008 - Calendarix Basic Two SQL Injection Vulnerabilities - ====================================================================== Table of Contents Affected...

7.5CVSS0.6AI score0.01001EPSS
Exploits0
securityvulns
securityvulns
added 2008/08/12 12:0 a.m.88 views

Kayako SupportSuite < 3.30.00 Multiple Vulnerabilities

GulfTech Security Research August 09, 2008 Vendor : Kayako Infotech Ltd. URL : http://www.kayako.com/ Version : Kayako SupportSuite 3.30.00 Risk : Multiple Vulnerabilities Description: Kayako SupportSuite is a very popular online eSupport application that consists of several well known Kayako...

8.3AI score
Exploits0
securityvulns
securityvulns
added 2008/07/18 12:0 a.m.88 views

ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability

ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-044 July 17, 2008 -- CVE ID: CVE-2008-2785 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 2.0.x Mozilla Firefox 3.0.x -- TippingPointTM IPS...

9.3CVSS1AI score0.05284EPSS
Exploits1
securityvulns
securityvulns
added 2008/05/25 12:0 a.m.88 views

PCPIN Chat 6: potential XSS vulnerability in URL redirection script

All PCPIN Chat 6 versions prior to 6.11 are affected by the potential XSS vulnerability in URL redirection script. The vulnerability is caused by insufficient protocol scheme validation in file /inc/urlredirection.inc.php More info and patch here:...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2008/02/26 12:0 a.m.88 views

joomla com_garyscookbook SQL Injection(id)

joomla comgaryscookbook SQL Injectionid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl:"comgaryscookbook" DORK 2 : allinurl: comgaryscookbook "detail" EXPLOIT :...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2008/01/08 12:0 a.m.88 views

PostgreSQL 2007-01-07 Cumulative Security Release

Today the PostgreSQL Global Development Group is releasing updated versions which patch five security vulnerabilities. These releases update all current PostgreSQL versions, including 8.2, 8.1, 8.0, 7.4 and 7.3. They are considered CRITICAL and PostgreSQL DBAs and sysadmins should install the...

7.2CVSS0.4AI score0.03855EPSS
Exploits3
securityvulns
securityvulns
added 2007/12/12 12:0 a.m.88 views

Microsoft Security Bulletin MS07-063 – Important Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)

Microsoft Security Bulletin MS07-063 – Important Vulnerability in SMBv2 Could Allow Remote Code Execution 942624 Published: December 11, 2007 Version: 1.0 General Information Executive Summary This important security update resolves a privately reported vulnerability in Server Message Block Versi...

10CVSS1.2AI score0.41243EPSS
Exploits1
securityvulns
securityvulns
added 2007/11/05 12:0 a.m.88 views

Skalinks <= 1_5 Cross Site Request Forgery Add Admin

| | | | | | | | | | | || | | | | | | | | |/ |/ | |/ / | ' / | | || ' / | |/ |/ | | | | | | | | | | | | | | | || | | | | | / | |/,||||| ||, | /| ||/|,|| / | |/ | | | Site: www.hackinginside.altervista.org | | Project: Skalinks = 15 Cross Site Request Forgery Add Admin | | Author: Vincy | | Email:...

Exploits0
securityvulns
securityvulns
added 2007/07/31 12:0 a.m.88 views

BellaBook Admin Bypass/Remote Code Execution

?php / AUTHOR: ilker kandemir DOWNLOAD: http://www.jemjabella.co.uk/scripts/BellaBuffs.zip Explanation: The user verification routine used in most of the files is: requireonce'prefs.php'; if isset$COOKIE'bellabuffs' if $COOKIE'bellabuffs' == md5$adminname.$adminpass.$secret if isset$GET'ap' $page...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.88 views

iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability

Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability iDefense Security Advisory 07.19.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 19, 2007 I. BACKGROUND Microsoft Internet Explorer and Mozilla Firefox are the two most popular web browsers. Many people have...

4.3CVSS8.3AI score0.29355EPSS
Exploits3
securityvulns
securityvulns
added 2007/07/04 12:0 a.m.88 views

Cross Site Scripting in Oliver Library Management System

BACKGROUND ========== "Oliver is the web-based Library Management System for Schools. Softlink has built on the understanding of thousands of school clients, over many years, and has designed a new system for school libraries and learning resource centres in the 21st century" -- from...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2007/03/25 12:0 a.m.88 views

PHP variables unset use after free vulnerability

There is no access counters for SESSION and HTTPSESSIONVARS variables, making it possible to trigger use-after-free conditions by unsetting these variables. In addition, it's possible to deserealize these variables...

7.5CVSS3.7AI score0.09233EPSS
Exploits2References3Affected Software1
securityvulns
securityvulns
added 2007/03/19 12:0 a.m.88 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.5AI score0.0494EPSS
Exploits3References7Affected Software8
securityvulns
securityvulns
added 2007/03/13 12:0 a.m.88 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.3CVSS1.5AI score0.06578EPSS
Exploits5References5Affected Software8
securityvulns
securityvulns
added 2007/02/12 12:0 a.m.88 views

Philboard (id) Remote SQL Injection

---------------------------------------------------- Philboard id Remote SQL Injection ---------------------------------------------------- Bulan: xoron xoron.info - xoron.biz Google Dork : "Powered by Philboard" , "inurl:philboardforum.asp" ----------------------------------------------------...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/12/19 12:0 a.m.88 views

[ MDKSA-2006:233 ] - Updated dbus packages fix vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2006:233 http://www.mandriva.com/security/ Package : dbus Date : December 18, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 Problem Description: A vulnerability was discovered in D-Bus that could be...

1.7CVSS5.8AI score0.00364EPSS
Exploits0
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.88 views

gNews Publisher SQL Injection Vulnerabilites

Aria-Security's Research Team www.Aria-Security.Com For further help Original Advisory at: http://www.aria-security.com/forum/showthread.php?t=37 ----------------------------------------- Software: gNews Publisher Vendor: http://gazatem.com Method: SQL Injection Poc:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/10/11 12:0 a.m.88 views

Directory Traversal Vulnerability in Goop Gallery 2.0.2

Armorize Technologies Security Advisory Advisory No: Armorize-ADV-2006-0004 Status: Partial Date: 2006/10/04 Bugtraq No.: N/A Summary: Armorize-ADV-2006-0004 discloses a special case of directory traversal vulnerability found in Goop Gallery, which is is a directory based photo gallery and does n...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/08/30 12:0 a.m.88 views

Microsoft Windows DHCP client buffer overflow

Buffer overflow on DHCP server response parsing...

4.1AI score
Exploits0References3
securityvulns
securityvulns
added 2006/08/21 12:0 a.m.88 views

Mambo jim Component Remote Include Vulnerability

C Y B E R - W A R R I O R T I M Mambo jim Component Remote Include Vulnerability Author: XORON Class: Remote cont@ct: x0r0nathotmaildotcom Code: in install.jim.php , line 16 requireonce$mosConfigabsolutepath."/components/comjim/readme.txt"; Exploit:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2006/07/28 12:0 a.m.88 views

a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability

a6mambohelpdesk Mambo Component = 18RC1 Remote Include Vulnerability Rish : High Class : Remote Script : a6mambohelpdesk Thanx : www.lezr.com/vb codes ? include "$mosConfiglivesite/components/coma6mambohelpdesk/about.html" ; ? d0rkiz : allinurl:"coma6mambohelpdesk"...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/07/13 12:0 a.m.88 views

Lazarus Guestbook Cross Site Scripting Vulnerabilities

Produce : Lazarus Guestbook Website : http://carbonize.co.uk/Lazarus/ Version : = 1.6 Problem : Cross Site Scripting 1 The first probleme is in codes-english.php ,"show" parameter in lang/codes-english.php isn't properly sanitised This can be exploited to execute arbitrary HTML and javascript cod...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/05/31 12:0 a.m.88 views

# MHG Security Team --- PHP NUKE All version Remote File Inc.

Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,Яy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS Vulnerable :...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/05/25 12:0 a.m.88 views

QBv14 XSS

QBv14 XSS Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate possible defacement QBv14 doesn't filter anything at all, in short: XSS heaven..... Nomenumbra...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2006/04/25 12:0 a.m.88 views

NASL 'Split' function Buffer overflow Vulnerability

NASL Split function Buffer Overflow Vulnerability OS2A ID: OS2A1005 Status: 20/04/2006 Issue Discovered 21/04/2006 Fixed 25/04/2006 Advisory Released Class: Buffer Overflow Severity: Medium Overview: ------------- Nessus is a popular remote vulnerability scanner with a plugin architecture, each...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2006/03/01 12:0 a.m.88 views

[security bulletin] SSRT061118 rev.1 - HP System Management Homepage (SMH) Running on Windows: Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00601530 Version: 1 HPSBMA02099 SSRT061118 rev.1 - HP System Management Homepage SMH Running on Windows: Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be act...

Exploits0
securityvulns
securityvulns
added 2005/11/28 12:0 a.m.88 views

[Full-disclosure] ZRCSA-200503 - ktools Buffer Overflow Vulnerability

ZRCSA-200503 - ktools Buffer Overflow Vulnerability Zone-H Research Center Security Advisory 200503 http://www.zone-h.fr Date of release: 27/11/2005 Software: ktools http://konst.org.ua/ktools Affected versions: = 0.3 Risk: Medium Discovered by: Mehdi Oudad "deepfear" and Kevin Fernandez...

Exploits0
securityvulns
securityvulns
added 2005/11/03 12:0 a.m.88 views

Glider collect'n kill game buffer overflow

Buffer overflow on oversized player name...

4.6AI score
Exploits0References1
securityvulns
securityvulns
added 2005/05/06 12:0 a.m.88 views

[hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart

http://www.hackgen.org/advisories/hackgen-2005-004.txt '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' hackgen-2005-004 ' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' Multiple bugs in MidiCart PHP Shopping Cart '...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2005/04/27 12:0 a.m.88 views

MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: MetaCart2 for PayFlow Multiple S...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2004/10/30 12:0 a.m.88 views

CGI bugs

No description provided...

1.4AI score
Exploits0References12Affected Software12
securityvulns
securityvulns
added 2004/04/20 12:0 a.m.88 views

phpBB 2.0.8a and lower - IP spoofing vulnerability

Advisory Name : phpBB 2.0.8a and lower - IP spoofing vulnerability Release Date : Apr 18, 2004 Application : phpBB Version : phpBB 2.0.8a and previous versions Platform : PHP Vendor URL : http://www.phpbb.com/ Author : Wang / SRR Project Group of Ready Response [email protected] Overview A...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2004/04/19 12:0 a.m.88 views

[NT] Serv-U LIST -l Parameter Buffer Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.5AI score
Exploits0
Total number of security vulnerabilities5000