Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/05/06 12:0 a.m.84 views

TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2

TC-SA-2013-01: Reflected Cross-Site-Scripting XSS vulnerability in e107 CMS v1.0.2 Published: 2013/04/03 Version 1.0 Affected Products: e107 version 1.0.2 others not tested http://www.e107.org References: TC-SA-2013-01 www.tele-consulting.com/advisories/TC-SA-2013-01.txt used for updates...

4.3CVSS6.5AI score0.03219EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.98 views

[SQLi] vBilling for FreeSWITCH

vBilling for FreeSWITCH. http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.html Michal Blaszczak 1 SQL Injection reset password any SIP account file: controllers/customer.php $sql2 = "UPDATE directoryparams SET paramvalue = '".$newpassword."' WHERE directoryid = '".$recordid."' "; 2...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.218 views

SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey

SEC Consult Vulnerability Lab Security Advisory 20130417-0 ======================================================================= title: Multiple vulnerabilities in Sosci Survey product: Sosci Survey vulnerable version: 2.3.04a fixed version: 2.3.04a impact: Critical homepage:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.223 views

CVE-2013-2504 : Matrix42 Service Desk XSS

43zsec SECURITY ADVISORY CVE ID : CVE-2013-2504 Product: Service Store 5.3 SP3 5.33.946.0 Vendor: matrix42 - member of asseco group Subject: Cross-site Scripting - XSS Classification: PCI 2.0: 6.5.7 PCI 1.2: 6.5.1 OWASP: A2 CWE: 79 CAPEC: 19 WASC: 08 Risk: High Effect: Remotely exploitable Author...

4.3CVSS5.8AI score0.03039EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.75 views

MailOrderWorks v5.907 - Multiple Web Vulnerabilities

Title: ====== MailOrderWorks v5.907 - Multiple Web Vulnerabilities Date: ===== 2013-01-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=798 VL-ID: ===== 796 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============= Mail...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.27 views

OpenText/IXOS ECM for SAP NetWeaver code exeution

ABAP code injection...

6.8CVSS2.5AI score0.01264EPSS
Exploits1References1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.33 views

Multiple Vulnerabilities in D-Link DSL-320B

Device: DSL-320B Firmware Version: EUDSL-320B v1.23 date: 28.12.2010 Vendor URL: http://www.dlink.com/de/de/home-solutions/connect/modems-and-gateways/dsl-320b-adsl-2-ethernet-modem ============ Vulnerability Overview: ============ Access to the Config file without authentication = full...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.68 views

Remote command injection in Ruby Gem kelredd-pruview 0.3.8

Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Larry W. Cashdollar 4/4/2013 @larry0 Description: "A gem to ease generating image previews thumbnails of various files." https://rubygems.org/gems/kelredd-pruview Remote commands can be executed if the file name contains shell meta...

8AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.35 views

Vulnerability in Microsoft Security Essentials <v4.2

Hi @ll, versions of Microsoft Security Essentials before the current v4.2 see https://support.microsoft.com/kb/2805304 have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account almost like https://support.microsoft.com/kb/2781197 alias...

3.5AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.84 views

[waraxe-2013-SA#101] - Update Spoofing Vulnerability in Royal TS 2.1.5

waraxe-2013-SA101 - Update Spoofing Vulnerability in Royal TS 2.1.5 =============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-101.html Description of vulnerable...

7AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.63 views

Apache VCL improper input validation

CVE-2013-0267: Apache VCL improper input validation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache VCL 2.1, 2.2, 2.2.1, 2.3, 2.3.1 Description: Some parts of VCL did not properly validate input data. This problem was present both in the Privileges portion of...

6.5CVSS0.8AI score0.03748EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.87 views

[ISecAuditors Security Advisories] Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9

============================================= INTERNET SECURITY AUDITORS ALERT 2013-012 - Original release date: March 19th, 2013 - Last revised: April 6th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2631...

5.4AI score0.01755EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.87 views

[CVE-2013-1814] Apache Rave exposes User over API

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

4CVSS6.2AI score0.7322EPSS
Exploits10
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.165 views

Open-Xchange Security Advisory 2013-04-17

Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...

5CVSS6.4AI score0.01046EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.72 views

[USN-1800-1] HAProxy vulnerabilities

========================================================================== Ubuntu Security Notice USN-1800-1 April 15, 2013 haproxy vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5.1CVSS1.2AI score0.05464EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.62 views

[waraxe-2013-SA#100] - Update Spoofing Vulnerability in mRemote 1.50

waraxe-2013-SA100 - Update Spoofing Vulnerability in mRemote 1.50 =============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-100.html Description of vulnerable softwar...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.36 views

DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal

Title ----- DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal Severity -------- High Discovered By ------------- Evan Sylvester and r@b13$ Date Discovered --------------- February 19, 2013 Vulnerability Description ------------------------- The Dell EqualLogic PS6110X is vulnerable to a...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.129 views

Vulnerabilities in jPlayer

Hello 3APA3A! I want to inform you about multiple vulnerabilities in jPlayer. These are Cross-Site Scripting and Content Spoofing and vulnerabilities in jPlayer. Which is used at tens thousands of web sites and in multiple web applications. ------------------------- Affected products:...

4.3CVSS5.7AI score0.05494EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.83 views

Open-Xchange Security Advisory 2013-03-13

Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions. Proof regarding authenticity can be obtained from the...

5.8CVSS0.3AI score0.02939EPSS
Exploits10
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.64 views

Remote command execution for Ruby Gem ftpd-0.2.1

Remote command execution for Ruby Gem ftpd-0.2.1 2/28/2013 https://github.com/wconrad/ftpd http://rubygems.org/gems/ftpd "ftpd is a pure Ruby FTP server library. It supports implicit and explicit TLS, passive and active mode, and most of the commands specified in RFC 969. It an be used as part of...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.28 views

Cisco Device Manager code execution

Code execution via JAR applications...

9.3CVSS4.2AI score0.02409EPSS
Exploits0Affected Software2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.101 views

[SECURITY] [DSA 2653-1] icinga security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2653-1 [email protected] http://www.debian.org/security/ Florian Weimer March 26, 2013 http://www.debian.org/security/faq -...

7.5CVSS2.4AI score0.6645EPSS
Exploits15
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.84 views

SQL Injection Vulnerability in Symphony

Advisory ID: HTB23148 Product: Symphony Vendor: http://getsymphony.com/ Vulnerable Versions: 2.3.1 and probably prior Tested Version: 2.3.1 Vendor Notification: March 13, 2013 Vendor Patch: March 24, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

6.5CVSS8.1AI score0.02355EPSS
Exploits3
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.75 views

[SECURITY] [DSA 2640-1] zoneminder security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2640-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 14, 2013 http://www.debian.org/security/faq -...

7.5CVSS2.5AI score0.47895EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.61 views

XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very widespread flash-file an...

4.3CVSS5.7AI score0.06316EPSS
Exploits4
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.78 views

[SECURITY] [DSA 2651-1] smokeping security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2651-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 20, 2013 http://www.debian.org/security/faq -...

4.3CVSS1.8AI score0.0134EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.107 views

XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress

Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very...

4.3CVSS5.6AI score0.06316EPSS
Exploits4
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.54 views

XSS vulnerabilities in ZeroClipboard and multiple web applications

Hello 3APA3A! In February I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard and multiple web applications. This is additional information on this topic. XSS vulnerabilities in ZeroClipboard http://securityvulns.ru/docs29105.html XSS vulnerabilities in YAML, Multiproject for...

4.3CVSS5.3AI score0.06316EPSS
Exploits4
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.296 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.7322EPSS
Exploits87References48Affected Software38
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.138 views

Multiple Vulnerabilities in KrisonAV CMS

Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...

6.8CVSS6.6AI score0.01826EPSS
Exploits6
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.41 views

libarchive integer overflow

Integer overflow on zip file creation leads to buffer overflow...

5CVSS3.8AI score0.03926EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.56 views

[ MDVSA-2013:147 ] libarchive

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:147 http://www.mandriva.com/en/support/security/ Package : libarchive Date : April 19, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and...

5CVSS7.6AI score0.03926EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.171 views

MiniMagic ruby gem remote code execution

MiniMagic ruby gem remote code execution 3/12/2013 https://github.com/hcatlin/minimagick A ruby wrapper for ImageMagick or GraphicsMagick command line. Tested on both Ruby 1.9.2 and Ruby 1.8.7. If a URL is from an untrusted source, commands can be injected into it for remote code execution with t...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.101 views

PHP Code Injection in FUDforum

Advisory ID: HTB23146 Product: FUDforum Vendor: FUDforum Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Vendor Notification: February 21, 2013 Vendor Patch: March 11, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: Code Injection CWE-94 CVE Reference: CVE-2013-2267...

7.7AI score0.08829EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.98 views

[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin

waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...

6.5CVSS0.1AI score0.28851EPSS
Exploits18
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.118 views

[waraxe-2013-SA#102] - Reflected XSS in phpMyAdmin 3.5.7

waraxe-2013-SA102 - Reflected XSS in phpMyAdmin 3.5.7 =============================================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html Description of vulnerable software: phpMyAdmi...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.61 views

Remote command execution in Ruby Gem ldoce 0.0.2

Remote command execution in Ruby Gem ldoce 0.0.2 Larry W. Cashdollar @larry0 3/25/2013 Ldoce Ruby Gem: Easily interface with the Longman Dictionary of Contemporary English API from Ruby: NB currently mac only as it depends on the afplay command. https://rubygems.org/gems/ldoce...

6.8CVSS1AI score0.01959EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.59 views

Report OWASP WAF Naxsi bypass Vulnerability

OWASP WAF Naxsi bypass Vulnerability Certain unspecified input is not properly handed in naxsisrc/naxsiutils.c naxsiunescapeuriuchar dst, uchar src, sizet size, ngxuintt type before being used to filtered. This can be exploited to bypass some WAF rules. Naxsi site https://code.google.com/p/naxsi/...

Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.57 views

Vulnerabilities in SWFUpload in multiple web applications: WordPress, Dotclear, InstantCMS, AionWeb and others

Hello 3APA3A! Earlier I've wrote about Content Spoofing and Cross-Site Scripting vulnerabilities in SWFUpload http://securityvulns.ru/docs29181.html. This is very popular flash-file, which is used at tens millions of web sites and in hundreds of web applications only WordPress is used at more the...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.40 views

[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver

ESNC-2013-004 Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact...

6.8CVSS7AI score0.01264EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.57 views

SQL Injection in b2evolution

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

6.5CVSS8.1AI score0.02749EPSS
Exploits5
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.30 views

Huawei devices buffer overflow

Multiple buffer overflows in SNMPv3 daemon...

3.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.62 views

Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable

Product Name: Vanilla Forums Vulnerable Version: Up to vanilla-core-2-0-18-4 Tested on: Windows Server 2003 Apache 2.4.3 PHP 5.4.7 MySQL 5.5.27 Vulnerability Overview: SQL-Injection is possible, because$POST arrays are not proper sanitized. You do not need to be authenticated. Vulnerability...

Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.53 views

Vulnerabilities in multiple plugins for WordPress with jPlayer

Hello 3APA3A! I want to inform you about multiple vulnerabilities in multiple plugins for WordPress with jPlayer. These are Cross-Site Scripting and Content Spoofing and vulnerabilities. I've wrote about vulnerabilities in jPlayer earlier http://seclists.org/fulldisclosure/2013/Apr/192. jPlayer i...

6AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.54 views

[ MDVSA-2013:149 ] roundcubemail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:149 http://www.mandriva.com/en/support/security/ Package : roundcubemail Date : April 21, 2013 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in roundcubemail...

5CVSS6.2AI score0.02287EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.91 views

Multiple buffer overflows on Huawei SNMPv3 service

Multiple buffer overflows on Huawei SNMPv3 service ================================================== ADVISORY INFORMATION Title: Multiple buffer overflows on Huawei SNMPv3 service Discovery date: 11/02/2013 Release date: 06/05/2013 Credits: Roberto Paleari [email protected], @rpaleari...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.33 views

VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6

Hi @ll, the current 3CXPhone6.msi for Windows, available from http://www.3cx.com/VOIP/sip-phone/, digitally signed on 2012-07-30, installs the following outdated and vulnerable 3rd-party libraries: libeay32.dll and ssleay32.dll version 0.9.8h from 2008-05-28 of OpenSSL. The current version of...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.31 views

Dell EqualLogic directory traversal

It's possible to access system files...

3.8AI score
Exploits0References1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.31 views

SEC Consult 20130404-0 :: Multiple Vulnerabilities in Censornet Professional v4 (2.1.7)

SEC Consult Vulnerability Lab Security Advisory 20130404-0 ======================================================================= title: Multiple Vulnerabilities product: Censornet Professional v4 2.1.7 vulnerable version: 2.1.7 fixed version: impact: high homepage: http://www.censornet.com/...

Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.39 views

Vulnerabilities in multiple themes for WordPress with jPlayer

Hello 3APA3A! I want to inform you about multiple vulnerabilities in multiple themes for WordPress with jPlayer. These are Cross-Site Scripting, Content Spoofing and Full path disclosure vulnerabilities. I've wrote about vulnerabilities in jPlayer earlier...

0.6AI score
Exploits0
Total number of security vulnerabilities47153