Securityvulns - Page 100 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2013/05/10 12:0 a.m.•43 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.03368EPSS

Exploits7References5Affected Software6

securityvulns•added 2013/05/10 12:0 a.m.•28 views

EMC RSA Authentication Agent crossite scripting

No description provided...

4.3CVSS3AI score0.00496EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/05/10 12:0 a.m.•75 views

CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.39 Description: Bug 54178 described a scenario where elements of a previo...

2.6CVSS0.7AI score0.08446EPSS

securityvulns•added 2013/05/10 12:0 a.m.•36 views

Vulnerability in "Fujitsu Desktop Update" (for Windows)

Hi @ll, Fujitsu's update utility "Fujitsu Desktop Update" see http://support.ts.fujitsu.com/DeskUpdate/Index.asp, which is factory-preinstalled on every Fujitsu Siemens PC with Windows, has a vulnerability which allows the execution of a rogue program in the security context of the current user...

securityvulns•added 2013/05/10 12:0 a.m.•51 views

ESA-2013-037: EMC AlphaStor Buffer Overflow Vulnerability

ESA-2013-037.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-037: EMC AlphaStor Buffer Overflow Vulnerability EMC Identifier: ESA-2013-037 EMC Identifier: NW150511 CVE Identifier: CVE-2013-0946 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected product: • EMC...

9.3CVSS1.5AI score0.56445EPSS

securityvulns•added 2013/05/10 12:0 a.m.•58 views

[USN-1821-1] telepathy-idle vulnerability

========================================================================== Ubuntu Security Notice USN-1821-1 May 09, 2013 telepathy-idle vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

5.8CVSS5.8AI score0.0025EPSS

securityvulns•added 2013/05/10 12:0 a.m.•35 views

Cisco Unified Customer Voice Portal multiple security vulnerabilities

DoS, privilege escalation code execution, files access...

10CVSS3.7AI score0.04958EPSS

Exploits0Affected Software1

securityvulns•added 2013/05/10 12:0 a.m.•100 views

[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3544 Chunked transfer encoding extension size is not limited Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.36 Description: When processing a request submitted...

5CVSS0.38137EPSS

securityvulns•added 2013/05/10 12:0 a.m.•46 views

Apache Tomcat security vulnerabilities

DoS, session fixation, information leakage...

6.8CVSS1.6AI score0.38137EPSS

Exploits5References3Affected Software1

securityvulns•added 2013/05/10 12:0 a.m.•79 views

Vulnerabilities in VideoJS

Hello 3APA3A! I want to inform you about vulnerabilities in VideoJS. This is popular video and audio player, which is used at hundreds thousands of web sites and in multiple web applications. This is Cross-Site Scripting vulnerability in VideoJS. There is also DoS hole related to this player, whi...

securityvulns•added 2013/05/10 12:0 a.m.•28 views

EMC AlphaStor buffer overflow

Buffer overflow on commands parsing in AlphaStor Library Control Program...

9.3CVSS5.1AI score0.56445EPSS

Exploits3References1Affected Software1

securityvulns•added 2013/05/10 12:0 a.m.•37 views

Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]

On Sunday, May 05, 2013 10:13 PM I wrote: Hi @ll, Fujitsus http://www.fsc-pc.de/ factory preinstallation as found on a Fujitsu Lifebook A512 purchased a month ago of Windows 8 Professional x64 I'm VERY confident that other variants of Fujitsu's Windows 8 factory installation are just the like has...

securityvulns•added 2013/05/10 12:0 a.m.•32 views

EMC Documentum multiple security vulnerabilities

Session fixation, crossite scripting...

5.8CVSS1.4AI score0.00225EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/05/10 12:0 a.m.•107 views

[SECURITY] CVE-2013-2067 Session fixation with FORM authenticator

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2067 Session fixation with FORM authenticator Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.32 - - Tomcat 6.0.21 to 6.0.36 Description: FORM authentication associates the most recent...

6.8CVSS5.8AI score0.10445EPSS

securityvulns•added 2013/05/10 12:0 a.m.•72 views

Vulnerabilities in multiple web applications with VideoJS

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple web applications with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites and ...

securityvulns•added 2013/05/10 12:0 a.m.•77 views

Cross-Site Request Forgery (CSRF) in UMI.CMS

Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Versions: 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request Forgery CWE-352 CVE Reference: CVE-2013-275...

6.8CVSS0.00316EPSS

securityvulns•added 2013/05/10 12:0 a.m.•79 views

SEC Consult SA-20130507-0 :: Multiple vulnerabilities in NetApp OnCommand System Manager

SEC Consult Vulnerability Lab Security Advisory 20130507-0 ======================================================================= title: Multiple vulnerabilities product: NetApp OnCommand System Manager vulnerable version: = 2.1 and =2.0.2 fixed version: 2.2 only XSS fixed CVE: CVE-2013-3320 XSS...

0.1AI score0.03368EPSS

securityvulns•added 2013/05/10 12:0 a.m.•87 views

DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities

Title ----- DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities Severity -------- High Date Discovered --------------- March 19, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Dennis Lavrinenko, Bobby Lockett, and r@b13$ 1. Actuate...

securityvulns•added 2013/05/10 12:0 a.m.•49 views

ESA-2013-021: EMC Documentum Multiple Vulnerabilities

ESA-2013-021.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-021: EMC Documentum Multiple Vulnerabilities EMC Identifier: ESA-2013-021 CVE Identifier: CVE-2013-0937, CVE-2013-0938, CVE-2013-0939 Severity Rating: See below for individual scores Affected products: • EMC Documentum Webtop...

5.8CVSS0.2AI score0.00225EPSS

securityvulns•added 2013/05/10 12:0 a.m.•35 views

telepathy-idle insufficient certificate check

Server certificate is not checked...

5.8CVSS2AI score0.0025EPSS

Exploits0References1

securityvulns•added 2013/05/10 12:0 a.m.•67 views

ESA-2013-031: RSA® Authentication Agent Cross-Site Scripting (XSS) Vulnerability

ESA-2013-031.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-031: RSA® Authentication Agent Cross-Site Scripting XSS Vulnerability EMC Identifier: ESA-2013-031 CVE Identifier: CVE-2013-0942 Severity Rating: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected Products: RSA®...

4.3CVSS0.2AI score0.00496EPSS

securityvulns•added 2013/05/09 12:0 a.m.•27 views

gpsd memory corruption

Memory corruption on request processing...

4.3CVSS2.7AI score0.0201EPSS

Exploits1References1Affected Software1

securityvulns•added 2013/05/09 12:0 a.m.•50 views

[USN-1820-1] gpsd vulnerability

========================================================================== Ubuntu Security Notice USN-1820-1 May 08, 2013 gpsd vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

4.3CVSS0.5AI score0.0201EPSS

securityvulns•added 2013/05/09 12:0 a.m.•56 views

GNU glibc security vulnerabilities

Buffer overflow in regexec, buffer overflow in getaddrinfo...

5CVSS3.7AI score0.03104EPSS

Exploits2References1Affected Software1

securityvulns•added 2013/05/09 12:0 a.m.•57 views

[USN-1817-1] libxml2 vulnerability

========================================================================== Ubuntu Security Notice USN-1817-1 May 07, 2013 libxml2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

7.5CVSS1.5AI score0.00954EPSS

securityvulns•added 2013/05/09 12:0 a.m.•57 views

[USN-1818-1] Mesa vulnerability

========================================================================== Ubuntu Security Notice USN-1818-1 May 07, 2013 mesa vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

7.5CVSS0.8AI score0.00443EPSS

securityvulns•added 2013/05/09 12:0 a.m.•39 views

Mesa / WebGL / libgl buffer overflow

Heap overflow...

7.5CVSS2.7AI score0.00443EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/05/09 12:0 a.m.•39 views

Cisco Prime Data Center Network Manager code execution

TCP/1099 and TCP/9099 services code execution...

10CVSS3.6AI score0.0246EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/05/09 12:0 a.m.•37 views

libxml security vulnerabilities

Multiple use-after-free vulnerabilities...

7.5CVSS2.1AI score0.00954EPSS

Exploits1References1Affected Software1

securityvulns•added 2013/05/09 12:0 a.m.•47 views

[2.0 Update] Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability Advisory ID: cisco-sa-20121031-dcnm Revision 2.0 Last Updated 2013 May 08 16:00 UTC GMT For Public Release 2012 October 31 16:00 UTC GMT...

securityvulns•added 2013/05/09 12:0 a.m.•82 views

[ MDVSA-2013:163 ] glibc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:163 http://www.mandriva.com/en/support/security/ Package : glibc Date : May 7, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in glibc:...

5CVSS8.3AI score0.03104EPSS

securityvulns•added 2013/05/06 12:0 a.m.•29 views

Dell EqualLogic directory traversal

It's possible to access system files...

Exploits0References1

securityvulns•added 2013/05/06 12:0 a.m.•82 views

SQL Injection Vulnerability in Symphony

Advisory ID: HTB23148 Product: Symphony Vendor: http://getsymphony.com/ Vulnerable Versions: 2.3.1 and probably prior Tested Version: 2.3.1 Vendor Notification: March 13, 2013 Vendor Patch: March 24, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

6.5CVSS8.1AI score0.00628EPSS

securityvulns•added 2013/05/06 12:0 a.m.•217 views

CVE-2013-2504 : Matrix42 Service Desk XSS

43zsec SECURITY ADVISORY CVE ID : CVE-2013-2504 Product: Service Store 5.3 SP3 5.33.946.0 Vendor: matrix42 - member of asseco group Subject: Cross-site Scripting - XSS Classification: PCI 2.0: 6.5.7 PCI 1.2: 6.5.1 OWASP: A2 CWE: 79 CAPEC: 19 WASC: 08 Risk: High Effect: Remotely exploitable Author...

4.3CVSS5.8AI score0.00912EPSS

securityvulns•added 2013/05/06 12:0 a.m.•46 views

3CX Phone outdated libraries

Outdated versions of OpenSSL and FFmpeg/FFdshow are used...

Exploits0References1Affected Software1

securityvulns•added 2013/05/06 12:0 a.m.•1486 views

SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum

SEC Consult Vulnerability Lab Security Advisory 20130311-0 ======================================================================= title: Persistent cross-site scripting vulnerability product: jforum vulnerable version: 2.1.9 fixed version: - impact: medium homepage: http://jforum.net/ found:...

securityvulns•added 2013/05/06 12:0 a.m.•62 views

Remote command execution in fastreader ruby gem

Ruby gem fastreader-1.0.8 remote code exec 3/6/2013 if the url contains any ; characters code will be executed as the user. for example if fastreader is fed http://www.g;id;.com id will be executed. ./fastreader-1.0.8/lib/entrycontroller.rb .strip only removes whitespace before and after the URL...

securityvulns•added 2013/05/06 12:0 a.m.•59 views

Remote command execution in Ruby Gem ldoce 0.0.2

Remote command execution in Ruby Gem ldoce 0.0.2 Larry W. Cashdollar @larry0 3/25/2013 Ldoce Ruby Gem: Easily interface with the Longman Dictionary of Contemporary English API from Ruby: NB currently mac only as it depends on the afplay command. https://rubygems.org/gems/ldoce...

6.8CVSS1AI score0.005EPSS

securityvulns•added 2013/05/06 12:0 a.m.•54 views

WordPress podPress Plugin XSS in SWF

Exploit Title: WordPress podPress Plugin XSS in SWF Release Date: 28/03/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/podpress.8.8.10.17.zip Tested on: XPsp3 Affected version: 8.8.10.13 before Goog...

0.1AI score0.0049EPSS

securityvulns•added 2013/05/06 12:0 a.m.•55 views

Vulnerabilities in SWFUpload in multiple web applications: WordPress, Dotclear, InstantCMS, AionWeb and others

Hello 3APA3A! Earlier I've wrote about Content Spoofing and Cross-Site Scripting vulnerabilities in SWFUpload http://securityvulns.ru/docs29181.html. This is very popular flash-file, which is used at tens millions of web sites and in hundreds of web applications only WordPress is used at more the...

securityvulns•added 2013/05/06 12:0 a.m.•75 views

[SECURITY] [DSA 2651-1] smokeping security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2651-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 20, 2013 http://www.debian.org/security/faq -...

4.3CVSS1.8AI score0.0048EPSS

securityvulns•added 2013/05/06 12:0 a.m.•54 views

[ MDVSA-2013:147 ] libarchive

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:147 http://www.mandriva.com/en/support/security/ Package : libarchive Date : April 19, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and...

5CVSS7.6AI score0.01196EPSS

securityvulns•added 2013/05/06 12:0 a.m.•103 views

Path Traversal in AWS XMS

Advisory ID: HTB23147 Product: AWS XMS Vendor: http://www.aws-dms.com Vulnerable Versions: 2.5 and probably prior Tested Version: 2.5 Vendor Notification: March 6, 2013 Vendor Patch: March 16, 2013 Public Disclosure: March 27, 2013 Vulnerability Type: Path Traversal CWE-22 CVE Reference:...

7.9AI score0.25819EPSS

securityvulns•added 2013/05/06 12:0 a.m.•59 views

XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very widespread flash-file an...

4.3CVSS5.7AI score0.01856EPSS

securityvulns•added 2013/05/06 12:0 a.m.•30 views

HP Managed Printing Administration crossite scripting

No description provided...

4.3CVSS0.9AI score0.00595EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/05/06 12:0 a.m.•52 views

[ MDVSA-2013:149 ] roundcubemail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:149 http://www.mandriva.com/en/support/security/ Package : roundcubemail Date : April 21, 2013 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in roundcubemail...

5CVSS6.2AI score0.0034EPSS

securityvulns•added 2013/05/06 12:0 a.m.•27 views

Unauthorized access to different HP printing devices

It's possible to access files...

5CVSS3.2AI score0.02058EPSS

Exploits1References1Affected Software2

securityvulns•added 2013/05/06 12:0 a.m.•98 views

[SQLi] vBilling for FreeSWITCH

vBilling for FreeSWITCH. http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html Michal Blaszczak 1 SQL Injection reset password any SIP account file: controllers/customer.php $sql2 = "UPDATE directoryparams SET paramvalue = '".$newpassword."' WHERE directoryid = '".$recordid."' "; 2...

securityvulns•added 2013/05/06 12:0 a.m.•83 views

[waraxe-2013-SA#101] - Update Spoofing Vulnerability in Royal TS 2.1.5

waraxe-2013-SA101 - Update Spoofing Vulnerability in Royal TS 2.1.5 =============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-101.html Description of vulnerable...

securityvulns•added 2013/05/06 12:0 a.m.•80 views

TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2

TC-SA-2013-01: Reflected Cross-Site-Scripting XSS vulnerability in e107 CMS v1.0.2 Published: 2013/04/03 Version 1.0 Affected Products: e107 version 1.0.2 others not tested http://www.e107.org References: TC-SA-2013-01 www.tele-consulting.com/advisories/TC-SA-2013-01.txt used for updates...

4.3CVSS6.5AI score0.00533EPSS

Total number of security vulnerabilities47153