Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/05/06 12:0 a.m.27 views

OpenText/IXOS ECM for SAP NetWeaver code exeution

ABAP code injection...

6.8CVSS2.5AI score0.01264EPSS
Exploits1References1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.33 views

Multiple Vulnerabilities in D-Link DSL-320B

Device: DSL-320B Firmware Version: EUDSL-320B v1.23 date: 28.12.2010 Vendor URL: http://www.dlink.com/de/de/home-solutions/connect/modems-and-gateways/dsl-320b-adsl-2-ethernet-modem ============ Vulnerability Overview: ============ Access to the Config file without authentication = full...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.68 views

Remote command injection in Ruby Gem kelredd-pruview 0.3.8

Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Larry W. Cashdollar 4/4/2013 @larry0 Description: "A gem to ease generating image previews thumbnails of various files." https://rubygems.org/gems/kelredd-pruview Remote commands can be executed if the file name contains shell meta...

8AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.35 views

Vulnerability in Microsoft Security Essentials <v4.2

Hi @ll, versions of Microsoft Security Essentials before the current v4.2 see https://support.microsoft.com/kb/2805304 have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account almost like https://support.microsoft.com/kb/2781197 alias...

3.5AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.84 views

[waraxe-2013-SA#101] - Update Spoofing Vulnerability in Royal TS 2.1.5

waraxe-2013-SA101 - Update Spoofing Vulnerability in Royal TS 2.1.5 =============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-101.html Description of vulnerable...

7AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.87 views

[ISecAuditors Security Advisories] Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9

============================================= INTERNET SECURITY AUDITORS ALERT 2013-012 - Original release date: March 19th, 2013 - Last revised: April 6th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2631...

5.4AI score0.01755EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.87 views

[CVE-2013-1814] Apache Rave exposes User over API

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

4CVSS6.2AI score0.7322EPSS
Exploits10
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.165 views

Open-Xchange Security Advisory 2013-04-17

Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...

5CVSS6.4AI score0.01046EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.72 views

[USN-1800-1] HAProxy vulnerabilities

========================================================================== Ubuntu Security Notice USN-1800-1 April 15, 2013 haproxy vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5.1CVSS1.2AI score0.05464EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.62 views

[waraxe-2013-SA#100] - Update Spoofing Vulnerability in mRemote 1.50

waraxe-2013-SA100 - Update Spoofing Vulnerability in mRemote 1.50 =============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-100.html Description of vulnerable softwar...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.36 views

DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal

Title ----- DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal Severity -------- High Discovered By ------------- Evan Sylvester and r@b13$ Date Discovered --------------- February 19, 2013 Vulnerability Description ------------------------- The Dell EqualLogic PS6110X is vulnerable to a...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.129 views

Vulnerabilities in jPlayer

Hello 3APA3A! I want to inform you about multiple vulnerabilities in jPlayer. These are Cross-Site Scripting and Content Spoofing and vulnerabilities in jPlayer. Which is used at tens thousands of web sites and in multiple web applications. ------------------------- Affected products:...

4.3CVSS5.7AI score0.05494EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.83 views

Open-Xchange Security Advisory 2013-03-13

Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions. Proof regarding authenticity can be obtained from the...

5.8CVSS0.3AI score0.02939EPSS
Exploits10
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.64 views

Remote command execution for Ruby Gem ftpd-0.2.1

Remote command execution for Ruby Gem ftpd-0.2.1 2/28/2013 https://github.com/wconrad/ftpd http://rubygems.org/gems/ftpd "ftpd is a pure Ruby FTP server library. It supports implicit and explicit TLS, passive and active mode, and most of the commands specified in RFC 969. It an be used as part of...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.28 views

Cisco Device Manager code execution

Code execution via JAR applications...

9.3CVSS4.2AI score0.02409EPSS
Exploits0Affected Software2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.101 views

[SECURITY] [DSA 2653-1] icinga security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2653-1 [email protected] http://www.debian.org/security/ Florian Weimer March 26, 2013 http://www.debian.org/security/faq -...

7.5CVSS2.4AI score0.6645EPSS
Exploits15
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.84 views

SQL Injection Vulnerability in Symphony

Advisory ID: HTB23148 Product: Symphony Vendor: http://getsymphony.com/ Vulnerable Versions: 2.3.1 and probably prior Tested Version: 2.3.1 Vendor Notification: March 13, 2013 Vendor Patch: March 24, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

6.5CVSS8.1AI score0.02355EPSS
Exploits3
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.75 views

[SECURITY] [DSA 2640-1] zoneminder security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2640-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 14, 2013 http://www.debian.org/security/faq -...

7.5CVSS2.5AI score0.47895EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.61 views

XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very widespread flash-file an...

4.3CVSS5.7AI score0.06316EPSS
Exploits4
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.107 views

XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress

Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very...

4.3CVSS5.6AI score0.06316EPSS
Exploits4
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.54 views

XSS vulnerabilities in ZeroClipboard and multiple web applications

Hello 3APA3A! In February I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard and multiple web applications. This is additional information on this topic. XSS vulnerabilities in ZeroClipboard http://securityvulns.ru/docs29105.html XSS vulnerabilities in YAML, Multiproject for...

4.3CVSS5.3AI score0.06316EPSS
Exploits4
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.296 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.7322EPSS
Exploits87References48Affected Software38
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.138 views

Multiple Vulnerabilities in KrisonAV CMS

Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...

6.8CVSS6.6AI score0.01826EPSS
Exploits6
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.41 views

libarchive integer overflow

Integer overflow on zip file creation leads to buffer overflow...

5CVSS3.8AI score0.03926EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.56 views

[ MDVSA-2013:147 ] libarchive

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:147 http://www.mandriva.com/en/support/security/ Package : libarchive Date : April 19, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and...

5CVSS7.6AI score0.03926EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.171 views

MiniMagic ruby gem remote code execution

MiniMagic ruby gem remote code execution 3/12/2013 https://github.com/hcatlin/minimagick A ruby wrapper for ImageMagick or GraphicsMagick command line. Tested on both Ruby 1.9.2 and Ruby 1.8.7. If a URL is from an untrusted source, commands can be injected into it for remote code execution with t...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.101 views

PHP Code Injection in FUDforum

Advisory ID: HTB23146 Product: FUDforum Vendor: FUDforum Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Vendor Notification: February 21, 2013 Vendor Patch: March 11, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: Code Injection CWE-94 CVE Reference: CVE-2013-2267...

7.7AI score0.08829EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.98 views

[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin

waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...

6.5CVSS0.1AI score0.28851EPSS
Exploits18
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.118 views

[waraxe-2013-SA#102] - Reflected XSS in phpMyAdmin 3.5.7

waraxe-2013-SA102 - Reflected XSS in phpMyAdmin 3.5.7 =============================================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html Description of vulnerable software: phpMyAdmi...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.61 views

Remote command execution in Ruby Gem ldoce 0.0.2

Remote command execution in Ruby Gem ldoce 0.0.2 Larry W. Cashdollar @larry0 3/25/2013 Ldoce Ruby Gem: Easily interface with the Longman Dictionary of Contemporary English API from Ruby: NB currently mac only as it depends on the afplay command. https://rubygems.org/gems/ldoce...

6.8CVSS1AI score0.01959EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.59 views

Report OWASP WAF Naxsi bypass Vulnerability

OWASP WAF Naxsi bypass Vulnerability Certain unspecified input is not properly handed in naxsisrc/naxsiutils.c naxsiunescapeuriuchar dst, uchar src, sizet size, ngxuintt type before being used to filtered. This can be exploited to bypass some WAF rules. Naxsi site https://code.google.com/p/naxsi/...

Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.57 views

Vulnerabilities in SWFUpload in multiple web applications: WordPress, Dotclear, InstantCMS, AionWeb and others

Hello 3APA3A! Earlier I've wrote about Content Spoofing and Cross-Site Scripting vulnerabilities in SWFUpload http://securityvulns.ru/docs29181.html. This is very popular flash-file, which is used at tens millions of web sites and in hundreds of web applications only WordPress is used at more the...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.40 views

[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver

ESNC-2013-004 Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact...

6.8CVSS7AI score0.01264EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.30 views

Huawei devices buffer overflow

Multiple buffer overflows in SNMPv3 daemon...

3.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.62 views

Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable

Product Name: Vanilla Forums Vulnerable Version: Up to vanilla-core-2-0-18-4 Tested on: Windows Server 2003 Apache 2.4.3 PHP 5.4.7 MySQL 5.5.27 Vulnerability Overview: SQL-Injection is possible, because$POST arrays are not proper sanitized. You do not need to be authenticated. Vulnerability...

Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.54 views

[ MDVSA-2013:149 ] roundcubemail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:149 http://www.mandriva.com/en/support/security/ Package : roundcubemail Date : April 21, 2013 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in roundcubemail...

5CVSS6.2AI score0.02287EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.91 views

Multiple buffer overflows on Huawei SNMPv3 service

Multiple buffer overflows on Huawei SNMPv3 service ================================================== ADVISORY INFORMATION Title: Multiple buffer overflows on Huawei SNMPv3 service Discovery date: 11/02/2013 Release date: 06/05/2013 Credits: Roberto Paleari [email protected], @rpaleari...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.31 views

Dell EqualLogic directory traversal

It's possible to access system files...

3.8AI score
Exploits0References1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.93 views

[KIS-2013-04] Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability

------------------------------------------------------------------ Joomla! = 3.0.3 remember.php PHP Object Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://www.joomla.org/ - Affected Versions: Version 3.0.3 and earlier 3.0.x...

5.5CVSS0.1AI score0.04848EPSS
Exploits6
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.34 views

Vulnerabilities in AI-Bolit

Hello 3APA3A! These are Brute Force and Information Leakage vulnerabilities in AI-Bolit. This is security web application. ------------------------- Affected products: ------------------------- Vulnerable are all versions of AI-Bolit. In version 20121014 the filename format was changed with addin...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.83 views

[SECURITY] [DSA 2646-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2646-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.03121EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.50 views

[SE-2012-01] New security vulnerabilities and broken fixes in IBM Java

Hello All, Security Explorations discovered 7 additional security issues 62-68 in the latest version of IBM SDK, Java Technology Edition software 1. A majority of the new flaws are due to insecure use or implementation of Java Reflection API. Additionally to the above, we found out that four issu...

1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.102 views

[waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1

waraxe-2013-SA098 - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 =============================================================================== Author: Janek Vind "waraxe" Date: 19. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-98.html Description of vulnerabl...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.342 views

Site by Webrevelation SQL Injection Vulnerability

=========================================================== Site by Webrevelation SQL Injection Vulnerability =========================================================== :-----------------------------------------------------------------------------------------------------------------------: :...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.64 views

Remote command execution in fastreader ruby gem

Ruby gem fastreader-1.0.8 remote code exec 3/6/2013 if the url contains any ; characters code will be executed as the user. for example if fastreader is fed http://www.g;id;.com id will be executed. ./fastreader-1.0.8/lib/entrycontroller.rb .strip only removes whitespace before and after the URL...

2.7AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.29 views

Unauthorized access to different HP printing devices

It's possible to access files...

5CVSS3.2AI score0.0385EPSS
Exploits1References1Affected Software2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.30 views

EMC RSA Archer multiple security vulnerabilities

Code execution, crosite scripting, authorization bypass...

4.3CVSS3.7AI score0.01166EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.24 views

Censornet Professional multiple security vulnerabilities

Crossite scripting, SQL injections...

1.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.92 views

WordPress Plugin: Advanced XML Reader v0.3.4 XXE Vulnerability

The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE XML eXternal Entity processing attacks. After installing the plugin on a Windows machine, I created a text file in the root of C: named "test.txt", which...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.39 views

OWASP WAF protection bypass

It's possible to bypass protection by using non-standard URL encodings...

2.9AI score
Exploits0References1
Total number of security vulnerabilities47153