Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/05/10 12:0 a.m.47 views

Apache Tomcat security vulnerabilities

DoS, session fixation, information leakage...

6.8CVSS1.6AI score0.11001EPSS
Exploits5References3Affected Software1
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.40 views

Fujitsu notebooks privilege escalation

Untrusted path to executables...

3.7AI score
Exploits0References2
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.56 views

ESA-2013-037: EMC AlphaStor Buffer Overflow Vulnerability

ESA-2013-037.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-037: EMC AlphaStor Buffer Overflow Vulnerability EMC Identifier: ESA-2013-037 EMC Identifier: NW150511 CVE Identifier: CVE-2013-0946 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected product: • EMC...

9.3CVSS1.5AI score0.28547EPSS
Exploits3
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.101 views

[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3544 Chunked transfer encoding extension size is not limited Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.36 Description: When processing a request submitted...

5CVSS0.11001EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.91 views

DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities

Title ----- DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities Severity -------- High Date Discovered --------------- March 19, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Dennis Lavrinenko, Bobby Lockett, and r@b13$ 1. Actuate...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.37 views

Cisco Unified Customer Voice Portal multiple security vulnerabilities

DoS, privilege escalation code execution, files access...

10CVSS3.7AI score0.03436EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.109 views

[SECURITY] CVE-2013-2067 Session fixation with FORM authenticator

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2067 Session fixation with FORM authenticator Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.32 - - Tomcat 6.0.21 to 6.0.36 Description: FORM authentication associates the most recent...

6.8CVSS5.8AI score0.07147EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.60 views

ESA-2013-021: EMC Documentum Multiple Vulnerabilities

ESA-2013-021.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-021: EMC Documentum Multiple Vulnerabilities EMC Identifier: ESA-2013-021 CVE Identifier: CVE-2013-0937, CVE-2013-0938, CVE-2013-0939 Severity Rating: See below for individual scores Affected products: • EMC Documentum Webtop...

5.8CVSS0.2AI score0.0109EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.36 views

telepathy-idle insufficient certificate check

Server certificate is not checked...

5.8CVSS2AI score0.00951EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.71 views

ESA-2013-031: RSA® Authentication Agent Cross-Site Scripting (XSS) Vulnerability

ESA-2013-031.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-031: RSA® Authentication Agent Cross-Site Scripting XSS Vulnerability EMC Identifier: ESA-2013-031 CVE Identifier: CVE-2013-0942 Severity Rating: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected Products: RSA®...

4.3CVSS0.2AI score0.0237EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.38 views

Vulnerability in "Fujitsu Desktop Update" (for Windows)

Hi @ll, Fujitsu's update utility "Fujitsu Desktop Update" see http://support.ts.fujitsu.com/DeskUpdate/Index.asp, which is factory-preinstalled on every Fujitsu Siemens PC with Windows, has a vulnerability which allows the execution of a rogue program in the security context of the current user...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.34 views

EMC Documentum multiple security vulnerabilities

Session fixation, crossite scripting...

5.8CVSS1.4AI score0.0109EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.75 views

Vulnerabilities in multiple web applications with VideoJS

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple web applications with VideoJS. Earlier I've wrote about vulnerabilities in VideoJS http://seclists.org/fulldisclosure/2013/May/21. This is popular video and audio player, which is used at hundreds thousands of web sites and ...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.80 views

Vulnerabilities in VideoJS

Hello 3APA3A! I want to inform you about vulnerabilities in VideoJS. This is popular video and audio player, which is used at hundreds thousands of web sites and in multiple web applications. This is Cross-Site Scripting vulnerability in VideoJS. There is also DoS hole related to this player, whi...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.78 views

CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.39 Description: Bug 54178 described a scenario where elements of a previo...

2.6CVSS0.7AI score0.06501EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.30 views

EMC AlphaStor buffer overflow

Buffer overflow on commands parsing in AlphaStor Library Control Program...

9.3CVSS5.1AI score0.28547EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.29 views

EMC RSA Authentication Agent crossite scripting

No description provided...

4.3CVSS3AI score0.0237EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.39 views

Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]

On Sunday, May 05, 2013 10:13 PM I wrote: Hi @ll, Fujitsus http://www.fsc-pc.de/ factory preinstallation as found on a Fujitsu Lifebook A512 purchased a month ago of Windows 8 Professional x64 I'm VERY confident that other variants of Fujitsu's Windows 8 factory installation are just the like has...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.46 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.03547EPSS
Exploits7References5Affected Software6
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.82 views

Cross-Site Request Forgery (CSRF) in UMI.CMS

Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Versions: 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request Forgery CWE-352 CVE Reference: CVE-2013-275...

6.8CVSS0.02286EPSS
Exploits5
securityvulns
securityvulns
added 2013/05/10 12:0 a.m.61 views

[USN-1821-1] telepathy-idle vulnerability

========================================================================== Ubuntu Security Notice USN-1821-1 May 09, 2013 telepathy-idle vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

5.8CVSS5.8AI score0.00951EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/09 12:0 a.m.61 views

[USN-1817-1] libxml2 vulnerability

========================================================================== Ubuntu Security Notice USN-1817-1 May 07, 2013 libxml2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

7.5CVSS1.5AI score0.03786EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/09 12:0 a.m.85 views

[ MDVSA-2013:163 ] glibc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:163 http://www.mandriva.com/en/support/security/ Package : glibc Date : May 7, 2013 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in glibc:...

5CVSS8.3AI score0.04113EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/09 12:0 a.m.57 views

GNU glibc security vulnerabilities

Buffer overflow in regexec, buffer overflow in getaddrinfo...

5CVSS3.7AI score0.04113EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2013/05/09 12:0 a.m.40 views

Cisco Prime Data Center Network Manager code execution

TCP/1099 and TCP/9099 services code execution...

10CVSS3.6AI score0.03126EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/09 12:0 a.m.28 views

gpsd memory corruption

Memory corruption on request processing...

4.3CVSS2.7AI score0.0415EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2013/05/09 12:0 a.m.49 views

[2.0 Update] Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability Advisory ID: cisco-sa-20121031-dcnm Revision 2.0 Last Updated 2013 May 08 16:00 UTC GMT For Public Release 2012 October 31 16:00 UTC GMT...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2013/05/09 12:0 a.m.40 views

Mesa / WebGL / libgl buffer overflow

Heap overflow...

7.5CVSS2.7AI score0.01116EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/09 12:0 a.m.59 views

[USN-1818-1] Mesa vulnerability

========================================================================== Ubuntu Security Notice USN-1818-1 May 07, 2013 mesa vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

7.5CVSS0.8AI score0.01116EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/09 12:0 a.m.53 views

[USN-1820-1] gpsd vulnerability

========================================================================== Ubuntu Security Notice USN-1820-1 May 08, 2013 gpsd vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

4.3CVSS0.5AI score0.0415EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/09 12:0 a.m.38 views

libxml security vulnerabilities

Multiple use-after-free vulnerabilities...

7.5CVSS2.1AI score0.03786EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.33 views

D-Link DSL-320B unauthorized access

It's possible to access configuration files without authentication...

3.5AI score
Exploits0References1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.48 views

3CX Phone outdated libraries

Outdated versions of OpenSSL and FFmpeg/FFdshow are used...

3.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.137 views

Multiple Vulnerabilities in KrisonAV CMS

Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...

6.8CVSS6.6AI score0.01826EPSS
Exploits6
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.44 views

Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS

Advisory ID: HTB23141 Product: GetSimple CMS Vendor: get-simple.info Vulnerable Versions: 3.1.2 and probably prior Tested Version: 3.1.2 Vendor Notification: January 23, 2013 Vendor Patch: April 26, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...

0.0106EPSS
Exploits5
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.68 views

XSS and CS vulnerabilities in Dotclear

Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...

4.3CVSS5.4AI score0.09088EPSS
Exploits10
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.63 views

[security bulletin] HPSBPI02868 SSRT101017 rev.1 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03737200 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03737200 Version: 1 HPSBPI02868...

4.3CVSS0.4AI score0.02519EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.55 views

ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities

ESA-2013-015.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities EMC Identifier: ESA-2013-015 CVE Identifier: CVE-2013-0932, CVE-2013-0933, CVE-2013-0934 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected Products: RS...

4.3CVSS6.4AI score0.01166EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.20 views

Microsoft Antimalware privilege escalation

It's possible to execute code with local system rights...

7.2CVSS3AI score0.01806EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.32 views

Cisco Unified Computing System multiple security vulnerabilities

Buffer overflow, information leakage, authentication bypass, DoS...

10CVSS3AI score0.03596EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.88 views

[ MDVSA-2013:160 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:160 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : May 3, 2013 Affected: Business Server 1.0 Problem Description: Updated phpmyadmin package fixes security vulnerabilities: In some...

6CVSS6.3AI score0.28851EPSS
Exploits16
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.54 views

Multiple vulnerabilities in Colormix theme for WordPress

Hello 3APA3A! Last year I've disclosed vulnerabilities in JW Player and in RokBox. Which were fixed by the developers - JW Player developers fixed one hole and promised to fix others later and RokBox fixed all holes but it was questionable how they fixed holes related to JW Player. In December I'...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.74 views

hornbill supportworks SQL injection

Summary SQL Injection Vulnerability in ITSM component of Hornbill Supportworks Application CVE number: CVE-2013-2594 Impact: High Vendor homepage: http://www.hornbill.com Vendor notified: 19/11/2012 Vendor response: This issue has reportedly been fixed but the vendor refused to give version...

7.5CVSS1.1AI score0.02638EPSS
Exploits6
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.82 views

Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability

Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812Jun 15, 2009 Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 6.4,...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.78 views

[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics

============================================= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.58 views

WordPress podPress Plugin XSS in SWF

Exploit Title: WordPress podPress Plugin XSS in SWF Release Date: 28/03/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/podpress.8.8.10.17.zip Tested on: XPsp3 Affected version: 8.8.10.13 before Goog...

0.1AI score0.02745EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.52 views

Curl Ruby Gem Remote command execution

Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd = "curl cookiesstore browsertype @setupparams ref "url" " 132 if @debug 133 puts cmd.red 134 end 135 result =...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.27 views

Oracle Java / IBM Java protection bypass

Sandbox protection bypass via Reflaction API...

4.3AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.30 views

HP Managed Printing Administration crossite scripting

No description provided...

4.3CVSS0.9AI score0.02519EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.72 views

SynConnect PMS SQL Injection Vulnerability

Title: ==== SynConnect - SQL Injection vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== Date: ==== 01-03-2013 CRD: ==== CRD-2013-01 Vendor: ====== Synchroweb Technology is a provider of application...

8.3AI score
Exploits0
Total number of security vulnerabilities47153