Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SecurityvulnsRecent
RecentMost viewed

47153 matches found

securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•53 views

SQL Injection in Count Per Day WordPress Plugin

Advisory ID: HTB23267 Product: Count Per Day WordPress plugin Vendor: Tom Braider Vulnerable Versions: 3.4 and probably prior Tested Version: 3.4 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Vendor Patch: July 1, 2015 Public Disclosure: July 22,...

6.5CVSS7.8AI score0.09524EPSS
Exploits4
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•54 views

[USN-2675-1] LXC vulnerabilities

========================================================================== Ubuntu Security Notice USN-2675-1 July 22, 2015 lxc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

4.9CVSS0.1AI score0.00101EPSS
Exploits1
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•53 views

FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability

Document Title: =============== FoxyCart Bug Bounty 1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1451 098bdc9b309783df65044c5abb690dafdd4bcd436c380ae68c924fe37e14b4e0 Release Date: ============= 2015-07-15...

7.9AI score
Exploits0
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•43 views

Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt Vendor: ================================ www.openwebanalytics.com Product: ================================ Open-Web-Analytics-1.5.7 Advisory...

6.5AI score
Exploits0
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•132 views

libuser / userhelper security vulnerabilities

Unsafe files handling, insufficient characters filtering...

7.2CVSS2.7AI score0.21424EPSS
Exploits10References1
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•88 views

Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser

Hello, it is July 23, 2015, 17:00 UTC, the Coordinated Release Date for CVE-2015-3245 and CVE-2015-3246. Please find our advisory below, and our exploit attached. Qualys Security Advisory CVE-2015-3245 userhelper chfn newline filtering CVE-2015-3246 libuser passwd file handling -- Summary...

7.2CVSS7.1AI score0.21424EPSS
Exploits10
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•38 views

Logstash vulnerability CVE-2015-5378

Summary: Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and...

2.6AI score0.00673EPSS
Exploits0
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•62 views

NetCracker Resource Management 8.0 - XSS Vulnerability

Vulnerability type: Cross-site Scripting Vendor: http://www.netcracker.com/ Product: NetCracker Resource Management System Affected version: = 8.0 Patched version: 8.2 Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan CVE ID: CVE-2015-2207 PROOF OF CONCEPT XSS Cross-site scripting XSS vulnerabili...

1.5AI score0.00152EPSS
Exploits3
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•67 views

Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02]

See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt --------------------------------------------------------------------- modzero Security Advisory: Multiple Vulnerabilities in Xceedium Xsuite MZ-15-02 ---------------------------------------------------------------------...

7.5CVSS0.3AI score0.50998EPSS
Exploits10
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•32 views

Elastic Logstash directory traversal

Directory traversal in file output plugin...

6.4CVSS2.7AI score0.00673EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•33 views

CVE-2015-5379: Axigen XSS vulnerability for html attachments

CVEID: CVE-2015-5379 SUBJECT: Axigen XSS vulnerability for html attachments DESCRIPTION: Axigen's WebMail Ajax interface implements a view attachment function that executes javascript code that is part of email HTML attachments. This allows a malicious user to craft email messages that could expo...

3.5CVSS0.00254EPSS
Exploits0
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•49 views

ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability

Document Title: =============== ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1555 Release Date: ============= 2015-07-23 Vulnerability Laboratory ID VL-ID: ==================================== 1555...

0.4AI score
Exploits0
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•140 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.50998EPSS
Exploits25References17Affected Software11
securityvulns
securityvulns•added 2015/07/27 12:0 a.m.•44 views

[SECURITY] [DSA 3314-1] typo3-src end of life

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3314-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 23, 2015 https://www.debian.org/security/faq -...

0.9AI score
Exploits0
securityvulns
securityvulns•added 2015/07/26 12:0 a.m.•60 views

FreeBSD Security Advisory FreeBSD-SA-15:13.tcp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:13.tcp Security Advisory The FreeBSD Project Topic: Resource exhaustion due to sessions stuck in LASTACK state Category: core Module: inet Announced:...

7.1CVSS5.8AI score0.01894EPSS
Exploits0
securityvulns
securityvulns•added 2015/07/26 12:0 a.m.•77 views

[SECURITY] [DSA 3315-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3315-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 23, 2015 https://www.debian.org/security/faq -...

7.5CVSS0.1AI score0.03255EPSS
Exploits3
securityvulns
securityvulns•added 2015/07/26 12:0 a.m.•32 views

Cisco IOS DoS

DoS in TFTP server...

7.1CVSS1AI score0.00563EPSS
Exploits0Affected Software1
securityvulns
securityvulns•added 2015/07/26 12:0 a.m.•50 views

Google Chrome / Chromium multiple security vulnerabilities

Restrictions bypass, multiple memory corruptions, crossite scripting...

7.5CVSS1.7AI score0.03255EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns•added 2015/07/26 12:0 a.m.•81 views

[USN-2685-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2685-1 July 24, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.8CVSS0.1AI score0.21228EPSS
Exploits0
securityvulns
securityvulns•added 2015/07/26 12:0 a.m.•29 views

Cisco Unified MeetingPlace password reset

It's possible to change password without entering previous one and session validation...

10CVSS1.7AI score0.00366EPSS
Exploits0Affected Software1
securityvulns
securityvulns•added 2015/07/26 12:0 a.m.•32 views

Cisco Application Policy Infrastructure Controller privilege escalation

It's possible to obtain root access...

9CVSS4.4AI score0.00716EPSS
Exploits0
securityvulns
securityvulns•added 2015/07/26 12:0 a.m.•21 views

EMC Avamar directory traversal

No description provided...

7.8CVSS2.8AI score0.00571EPSS
Exploits0References1
securityvulns
securityvulns•added 2015/07/26 12:0 a.m.•41 views

FreeBSD DoS

Resources exhaustion via LASTACK state connections...

7.1CVSS3AI score0.01894EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns•added 2015/07/26 12:0 a.m.•45 views

ESA-2015-118: EMC Avamar Directory Traversal Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability EMC Identifier: ESA-2015-118 CVE Identifier: CVE-2015-4527 Severity Rating: CVSS v2 Base Score: 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N Affected products: • EMC Avamar Server all versions from 7.0 to...

7.8CVSS0.9AI score0.00571EPSS
Exploits0
securityvulns
securityvulns•added 2015/07/26 12:0 a.m.•86 views

[SECURITY] [DSA 3313-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2015 https://www.debian.org/security/faq -...

7.8CVSS1.7AI score0.21228EPSS
Exploits4
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•72 views

Elasticsearch CVE-2015-5531

Summary: Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack that allows an attacker to retrieve files that are readable by the Elasticsearch JVM process. We have been assigned CVE-2015-5531 for this issue. Fixed versions: Versions 1.6.1 and 1.7.0 address the...

5CVSS2.6AI score0.92032EPSS
Exploits7
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•84 views

[SECURITY] [DSA 3311-1] mariadb-10.0 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3311-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 20, 2015 https://www.debian.org/security/faq -...

5.7CVSS1.8AI score0.39693EPSS
Exploits1
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•143 views

15 TOTOLINK router models vulnerable to multiple RCEs

Hash: SHA512 Advisory Information Title: 15 TOTOLINK router models vulnerable to multiple RCEs Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt Blog URL: https://pierrekim.github.io/blog/2015-07-16-15-TOTOLINK-products-vulnerable-to-multiple-RCEs.html Date published:...

7.5CVSS0.73501EPSS
Exploits6
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•442 views

Apache security vulnerabilities

DoS, few potential vulnerabilities...

5CVSS2.9AI score0.24118EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•68 views

[SECURITY] [DSA 3309-1] tidy security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3309-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 18, 2015 https://www.debian.org/security/faq -...

6.8CVSS3.6AI score0.04407EPSS
Exploits2
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•49 views

Backdoor credentials found in 4 TOTOLINK router models

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: Backdoor credentials found in 4 TOTOLINK router models Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x03.txt Blog URL:...

Exploits0
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•569 views

Elasticsearch CVE-2015-5377

Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253. Deployments are vulnerable even when Groovy dynamic scripting is disabled. We have...

7.5CVSS2.7AI score0.64446EPSS
Exploits5
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•61 views

Oracle E-Business Suite Servlet URL Redirection Vulnerability

Oracle E-Business Suite Servlet URL Redirection vulnerability CVE-2015-2630 Versions Affected: 11.5.10.2, 12.0.6, 12.1.3 Discussion: Oracle E-Business Suite is prone to a remote URL-redirection vulnerability. This vulnerability may allow a malicious user to perform a phishing attack by sending a...

4.3CVSS2.2AI score0.00311EPSS
Exploits0
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•25 views

ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability EMC Identifier: ESA-2015-122 CVE Identifier: CVE-2015-4528 Severity Rating: CVSS v2 Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Affected products: • EMC Documentum CenterStage...

3.5CVSS0.6AI score0.00179EPSS
Exploits0
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•47 views

ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability ESA Identifier: ESA-2015-123 CVE Identifier: CVE-2015-4529 Severity Rating: CVSS v2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Affected products: • EMC Documentum WebTop versions 6.8 and...

5.8CVSS0.6AI score0.00253EPSS
Exploits0
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•479 views

[slackware-security] httpd (SSA:2015-198-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security httpd SSA:2015-198-01 New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

5CVSS6.2AI score0.24118EPSS
Exploits0
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•89 views

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

Quarterly CPU fixed over 170 different vulnerabilities...

10CVSS1.9AI score0.94325EPSS
Exploits64References3Affected Software55
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•45 views

[SECURITY] [DSA 3310-1] freexl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3310-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 19, 2015 https://www.debian.org/security/faq -...

1.2AI score
Exploits0
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•26 views

TOTOLINK routers multiple security vulnerabilities

Code execution, backdoor account, CSRF, XSS...

4.8AI score
Exploits0References4
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•108 views

freexl library DoS

DoS on Excel document parsing...

3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•51 views

tidy security vulnerabilities

Buffer overflow and integer overflow on HTML parsing...

6.8CVSS3AI score0.04407EPSS
Exploits2References1
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•59 views

Elasticsearch security vulnerabilities

Code execution, directory traversal...

7.5CVSS4.8AI score0.92032EPSS
Exploits12References2Affected Software1
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•130 views

Backdoor and RCE found in 8 TOTOLINK router models

Hello, Please find a text-only version below sent to security mailing-lists. The complete version on analysing the backdoor in TOTOLINK products is posted here: https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html === text-version of the advisory without...

Exploits0
securityvulns
securityvulns•added 2015/07/20 12:0 a.m.•40 views

4 TOTOLINK router models vulnerable to CSRF and XSS attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 4 TOTOLINK router models vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x01.txt Blog URL:...

Exploits0
securityvulns
securityvulns•added 2015/07/19 12:0 a.m.•30 views

Adobe Shockwave Player security vulnerabilities

Memory corruptions...

10CVSS3.3AI score0.0599EPSS
Exploits0Affected Software1
securityvulns
securityvulns•added 2015/07/19 12:0 a.m.•142 views

Adobe Flash Player multiple security vulnerabilities

Multiple memory corruptions, buffer overflows, information disclosure...

10CVSS2.1AI score0.93205EPSS
Exploits11Affected Software1
securityvulns
securityvulns•added 2015/07/19 12:0 a.m.•69 views

Microsoft Windows multiple security vulnerabilities

Internet Explorer and VBScript multiple security vulnerabilities, RDP code execution, Hyper-V code execution, multiple privilege escalations...

10CVSS2.8AI score0.69243EPSS
Exploits8Affected Software1
securityvulns
securityvulns•added 2015/07/19 12:0 a.m.•42 views

Adobe Reader / Acrobat multiple security vulnerabilities

Buffer overflows, memory corruptions, information disclosure...

10CVSS2.7AI score0.06102EPSS
Exploits2Affected Software1
securityvulns
securityvulns•added 2015/07/19 12:0 a.m.•49 views

Microsoft Office multiple security vulnerabilities

Memory corruptions, DLL planting, restrictions bypass...

9.3CVSS2.3AI score0.6448EPSS
Exploits0Affected Software2
securityvulns
securityvulns•added 2015/07/14 12:0 a.m.•63 views

SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8

Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version: 1.4.9 Risk: Medium Vendor Contacted: 2015-05-18 Vendor Fix: 2015-07-09 Public Disclosure: 2015-07-10 SQL Injection...

0.7AI score
Exploits0
Total number of security vulnerabilities47153