Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2008/09/29 12:0 a.m.87 views

Mozilla Foundation Security Advisory 2008-41

Mozilla Foundation Security Advisory 2008-41 Title: Privilege escalation via XPCnativeWrapper pollution Impact: Critical Announced: September 23, 2008 Reporter: mozbugra4, Olli Pettay Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey...

7.5CVSS0.7AI score0.05077EPSS
Exploits1
securityvulns
securityvulns
added 2008/08/12 12:0 a.m.87 views

Microsoft Security Bulletin MS08-044 – Critical Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)

Microsoft Security Bulletin MS08-044 – Critical Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution 924090 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves five privately reported vulnerabilities. These...

9.3CVSS1.5AI score0.35905EPSS
Exploits3
securityvulns
securityvulns
added 2008/08/03 12:0 a.m.87 views

[USN-634-1] OpenLDAP vulnerability

=========================================================== Ubuntu Security Notice USN-634-1 August 01, 2008 openldap2.2, openldap2.3 vulnerability CVE-2008-2952 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS...

5CVSS0.13173EPSS
Exploits0
securityvulns
securityvulns
added 2008/07/18 12:0 a.m.87 views

ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability

ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-044 July 17, 2008 -- CVE ID: CVE-2008-2785 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 2.0.x Mozilla Firefox 3.0.x -- TippingPointTM IPS...

9.3CVSS1AI score0.05284EPSS
Exploits1
securityvulns
securityvulns
added 2008/03/26 12:0 a.m.87 views

Invision Power Board <=2.3.x iFrame Vuln

Tested On: http://www.abarjigs.com/forum/ Effected on:Invision Power Board =2.3.x Type:Signature With iFrame Discovered By:CYBER.DARK.HIMU SHAHEEMIRZA Google: "style designed by Soi" or "Powered by IP.Board 2.3.1" Mail: [email protected],[email protected] HI TO ALL. HOW TO USE THIS...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/03/11 12:0 a.m.87 views

Multiple vulnerabilities in ASG-Sentry 7.0.0

Luigi Auriemma Application: ASG-Sentry http://www.asg-sentry.com Versions: = 7.0.0 Platforms: Windows and Unix Bugs: A arbitrary files deleting B heap-overflow in FxAgent C termination of FxIAList D buffer-overflow in FxIAList Exploitation: remote Date: 10 Mar 2008 Author: Luigi Auriemma e-mail:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2008/02/13 12:0 a.m.87 views

Microsoft Security Bulletin MS08-011 – Important Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)

Microsoft Security Bulletin MS08-011 – Important Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution 947081 Published: February 12, 2008 Version: 1.0 General Information Executive Summary This important security update resolves three privately reported...

9.3CVSS0.4AI score0.52632EPSS
Exploits11
securityvulns
securityvulns
added 2008/02/10 12:0 a.m.87 views

PKs Movie Database version 3.0.3 (SQL/XSS)

------------------------------------------------------------- H-T Team HouSSaMix + ToXiC350 from MoroCCo ------------------------------------------------------------- = Author : HouSSaMix From H-T Team = Script : PKs Movie Database version 3.0.3 = BUG 1 : Remote SQL Injection Vulnerability exploi...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2007/10/23 12:0 a.m.87 views

SYMSA-2007-013: Lotus Notes Memory Mapped Files Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2007-013 Advisory Title: Lotus Notes Memory Mapped Files Vulnerability Author: Ollie Whitehouse / [email protected] Release Date: 23-10-20...

6.2CVSS0.1AI score0.0027EPSS
Exploits1
securityvulns
securityvulns
added 2007/09/14 12:0 a.m.87 views

lighttpd buffer overflow

modfastcgi buffer overflow on headers parsing...

6.8CVSS3AI score0.12895EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2007/08/14 12:0 a.m.87 views

Xfce terminal client unescaped shell characters vulnerability

Shell characters are not filtered on URL processing...

7.8CVSS2.5AI score0.02239EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2007/07/31 12:0 a.m.87 views

BellaBook Admin Bypass/Remote Code Execution

?php / AUTHOR: ilker kandemir DOWNLOAD: http://www.jemjabella.co.uk/scripts/BellaBuffs.zip Explanation: The user verification routine used in most of the files is: requireonce'prefs.php'; if isset$COOKIE'bellabuffs' if $COOKIE'bellabuffs' == md5$adminname.$adminpass.$secret if isset$GET'ap' $page...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.87 views

[USN-489-1] Linux kernel vulnerabilities

=========================================================== Ubuntu Security Notice USN-489-1 July 19, 2007 linux-source-2.6.15 vulnerability CVE-2006-4623, CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876,...

7.8CVSS1.4AI score0.04012EPSS
Exploits16
securityvulns
securityvulns
added 2007/04/04 12:0 a.m.87 views

MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-001 Original release: 2007-04-03 Last update: 2007-04-03 Topic: telnetd allows login as arbitrary user Severity: CRITICAL CVE: CVE-2007-0956 CERT: VU220816 SUMMARY ======= The MIT krb5 telnet daemon telnetd allows...

10CVSS9.6AI score0.97848EPSS
Exploits14
securityvulns
securityvulns
added 2007/04/02 12:0 a.m.87 views

Kaqoo Auction (install_root) Multiple Remote File Include Vulnerabilities

To ConTacT mE @ www.Asb-May.net/bb ScRiPt:-http://kaqoo.com/server/download.php GrEaTz To:-ToOofa-HaCk.eGy-Alkmadz-Bright Dark All AsB-MaY DisCoverY ExPloIts GrOup Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs Gr0uP Wrong Code:- includeonce"$installroot...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2007/03/15 12:0 a.m.87 views

Microsoft Internet Explorer page content spoofing

Crossite scripting in res://ieframe.dll/navcancl.htmhttp://www.site.com page allows to inject HTML code into page...

4.3CVSS0.3AI score0.2978EPSS
Exploits1References1
securityvulns
securityvulns
added 2007/03/09 12:0 a.m.87 views

ZDI-07-009: Novell Netmail WebAdmin Buffer Overflow Vulnerability

ZDI-07-009: Novell Netmail WebAdmin Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-009.html March 7, 2007 -- CVE ID: CVE-2007-1350 -- Affected Vendor: Novell -- Affected Products: Novell NetMail 3.5.2 -- TippingPointTM IPS Customer Protection: TippingPoint IPS...

6.8CVSS0.3AI score0.19398EPSS
Exploits5
securityvulns
securityvulns
added 2007/01/24 12:0 a.m.87 views

FishCart [injection sql]

vendor site: http://fishcart.org/ product :fish cart bug:injection sql risk : medium injection sql : /display.php?cartid=200701210157208&zid=1&lid=1&olimit=5&cat=&key1=&nlst=y&olst='sql change the cartid value with yours laurent gaffie http://s-a-p.ca/ contact: [email protected]...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2007/01/09 12:0 a.m.87 views

Microsoft Security Bulletin MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

Microsoft Security Bulletin MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 927198 Published: January 9, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Excel Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...

9.3CVSS0.41694EPSS
Exploits4
securityvulns
securityvulns
added 2006/11/22 12:0 a.m.87 views

gNews Publisher SQL Injection Vulnerabilites

Aria-Security's Research Team www.Aria-Security.Com For further help Original Advisory at: http://www.aria-security.com/forum/showthread.php?t=37 ----------------------------------------- Software: gNews Publisher Vendor: http://gazatem.com Method: SQL Injection Poc:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/10/11 12:0 a.m.87 views

Directory Traversal Vulnerability in Goop Gallery 2.0.2

Armorize Technologies Security Advisory Advisory No: Armorize-ADV-2006-0004 Status: Partial Date: 2006/10/04 Bugtraq No.: N/A Summary: Armorize-ADV-2006-0004 discloses a special case of directory traversal vulnerability found in Goop Gallery, which is is a directory based photo gallery and does n...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/08/30 12:0 a.m.87 views

Microsoft Windows DHCP client buffer overflow

Buffer overflow on DHCP server response parsing...

4.1AI score
Exploits0References3
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.87 views

MyGallery "Room.php" SQL Injection

=========================================== Discovered By: C.B.B.L CrAzY CrAcKeR ,Breeeeh ,BoNy-m ,LiNuXrOOt =========================================== Example:- /MyGallery/Room.php?id=SQL Injection ===========================================...

2.1AI score
Exploits0
securityvulns
securityvulns
added 2006/05/31 12:0 a.m.87 views

# MHG Security Team --- PHP NUKE All version Remote File Inc.

Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,Яy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS Vulnerable :...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2006/05/25 12:0 a.m.87 views

QBv14 XSS

QBv14 XSS Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate possible defacement QBv14 doesn't filter anything at all, in short: XSS heaven..... Nomenumbra...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2006/03/17 12:0 a.m.87 views

Microsoft Internet Explorer array index overflow

Array index overflow for large number of HTML tag's events handlers. Vulnerability can be used for hidden malware installation...

2.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2006/02/07 12:0 a.m.87 views

Heimdal rshd privilege escalation

No description provided...

2.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/05/06 12:0 a.m.87 views

[hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart

http://www.hackgen.org/advisories/hackgen-2005-004.txt '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' hackgen-2005-004 ' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' Multiple bugs in MidiCart PHP Shopping Cart '...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2005/04/27 12:0 a.m.87 views

MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: MetaCart2 for PayFlow Multiple S...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/04/13 12:0 a.m.87 views

Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923)

Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer 890923 Issued: April 12, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

7.5CVSS1.4AI score0.58357EPSS
Exploits9
securityvulns
securityvulns
added 2005/04/03 12:0 a.m.87 views

In-game server crash in Call of Duty 1.5b and United Offensive 1.51b

Luigi Auriemma Applications: Call of Duty = 1.5b Call of Duty: United Offensive = 1.51b http://www.callofduty.com Platforms: Windows only Linux is safe and Mac has not been tested Bug: crash Exploitation: remote, versus server in-game Date: 02 Apr 2005 Author: Luigi Auriemma e-mail:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2004/10/02 12:0 a.m.87 views

[SA12685] proxytunnel Username and Password Disclosure

TITLE: proxytunnel Username and Password Disclosure SECUNIA ADVISORY ID: SA12685 VERIFY ADVISORY: http://secunia.com/advisories/12685/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system SOFTWARE: proxytunnel 1.x http://secunia.com/product/3983/ DESCRIPTION: A...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2004/04/20 12:0 a.m.87 views

phpBB 2.0.8a and lower - IP spoofing vulnerability

Advisory Name : phpBB 2.0.8a and lower - IP spoofing vulnerability Release Date : Apr 18, 2004 Application : phpBB Version : phpBB 2.0.8a and previous versions Platform : PHP Vendor URL : http://www.phpbb.com/ Author : Wang / SRR Project Group of Ready Response [email protected] Overview A...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2004/04/19 12:0 a.m.87 views

[NT] Serv-U LIST -l Parameter Buffer Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2004/02/17 12:0 a.m.87 views

Another YabbSE SQL Injection

Summary YaBB SE is a PHP/MySQL port of the popular forum software YaBB yet another bulletin board. An SQL injection vulnerability allows a remote attacker to execute malicious SQL statements on the database remotely Details Vulnerable Systems: YaBB SE versions 1.5.4, 1.5.5, possibly others The fi...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2004/02/11 12:0 a.m.87 views

Microsoft Security Bulletin MS04-005

Microsoft Security Bulletin MS04-005 Vulnerability in Virtual PC for Mac could lead to privilege elevation 835150 Issued: February 10, 2004 Version: 1.0 Summary Who should read this document: Customers who are using Microsoft® Virtual PC for Mac Impact of vulnerability: Elevation of Privilege...

4.6CVSS0.4AI score0.01531EPSS
Exploits0
securityvulns
securityvulns
added 2004/01/09 12:0 a.m.87 views

[SECURITY] INN: Buffer overflow in control message handling

A buffer overflow has been discovered in a portion of the control message handling code introduced in INN 2.4.0. It is fairly likely that this overflow could be remotely exploited to gain access to the user innd runs as. INN 2.3.x and earlier are not affected. The INN CURRENT tree is affected. So...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2003/10/06 12:0 a.m.87 views

Divine OpenMarket Content Server XSS

Content Server is a web content management from Divine www.divine.com A Cross Site Scripting in this product allows injection of hostile HTML/script into the error page. Example : http://www.mouffleton.com/servlet/ContentServer?pagename=body20onload=alertdocument.cookie; Workaround : Catch error...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2002/06/26 12:0 a.m.87 views

Salescart vuln.

Summary: In a business website which is made by Salescart, all customer records related to that website are reachable. All database can be hide to shop.mdb file, in fpdb directory. Any user can be reach this database whithous permission. There are some special informations this database and they...

7AI score
Exploits0
securityvulns
securityvulns
added 2001/10/20 12:0 a.m.87 views

Minor IE vulnerability: about: URLs

Zone spoofing? Oh yes, that reminds me. Here's another one. Affected: Internet Explorer under Windows, up to version 6 Risk: Low Workaround: Disable scripting in the Internet Zone Problem: If an unknown 'about:' name is used, IE echos the string exactly to the page. So 'about:foo' results in an...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2000/11/14 12:0 a.m.87 views

Rideway PN Telnet DoS

Strumpf Noir Society Advisories ! Public release ! -- -= Rideway PN Telnet DoS =- Release date: Tuesday, November 14, 2000 Introduction: RideWay PN is a proxy server application that enables multiple users to share resources and files and that allows users to access the Internet simultaneously...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2000/07/10 12:0 a.m.87 views

Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability "THE KING IS THE NEXT RELEASE" USSR Advisory Code: USSR-2000049 Release Date: July 10, 2000 Systems Affected: WircSrv Irc Server v5.07s THE PROBLEM The Ussr Labs team has recently discovered...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2000/06/08 12:0 a.m.87 views

Переполнение буфера в HP Openview Network Node Manager v6.1

Строка длиной 4068 символов посланная в порт TCP/2345 вызывает классическое переполнение буфера...

0.7AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.86 views

CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine

Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...

7.5CVSS0.3AI score0.07505EPSS
Exploits5
securityvulns
securityvulns
added 2015/08/24 12:0 a.m.86 views

WebSolutions India Design CMS - SQL Injection Vulnerability

Document Title: =============== WebSolutions India Design CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1577 Release Date: ============= 2015-08-20 Vulnerability Laboratory ID VL-ID: ===================================...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.86 views

Multiple Vulnerabilities in ISPConfig

Advisory ID: HTB23260 Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Versions: 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 4, 2015 Public Disclosure: June 1...

6.8CVSS0.7AI score0.02135EPSS
Exploits7
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.86 views

Arbitrary file deletion and multiple XSS vulnerabilities in pfSense

Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 without technical details Vendor Notification: March 4, 2015 Vendor Patch: March 5, 2015 Public Disclosure: March 25, 2015...

6.8CVSS0.1AI score0.65927EPSS
Exploits6
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.86 views

[USN-2583-1] Linux kernel vulnerability

========================================================================== Ubuntu Security Notice USN-2583-1 April 30, 2015 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

6.2CVSS0.6AI score0.00317EPSS
Exploits0
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.86 views

[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3

CVE-2015-1517 Piwigo - SQL Injection in Version 2.7.3 ---------------------------------------------------------------- Product Information: Software: Piwigo Tested Version: 2.7.3, released on 9 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link: http://piwigo.org/basics/downloads...

6CVSS0.3AI score0.02718EPSS
Exploits4
securityvulns
securityvulns
added 2015/01/13 12:0 a.m.86 views

[ MDVSA-2015:022 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:022 http://www.mandriva.com/en/support/security/ Package : wireshark Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated wireshark packages fix security vulnerabilities: The DE...

5CVSS5.6AI score0.02775EPSS
Exploits0
Total number of security vulnerabilities5000