Securityvulns - Page 102 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2013/05/06 12:0 a.m.•26 views

Cisco Device Manager code execution

Code execution via JAR applications...

9.3CVSS4.2AI score0.00837EPSS

Exploits0Affected Software2

securityvulns•added 2013/05/06 12:0 a.m.•73 views

[SECURITY] [DSA 2640-1] zoneminder security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2640-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 14, 2013 http://www.debian.org/security/faq -...

7.5CVSS2.5AI score0.7823EPSS

securityvulns•added 2013/05/06 12:0 a.m.•49 views

XSS vulnerability in JW Player and JW Player Pro

Hello 3APA3A! I want to warn you about new XSS vulnerability in JW Player and JW Player Pro. Last year I've written about multiple Content Spoofing and Cross-Site Scripting vulnerabilities in JW Player and JW Player Pro, and this is new Cross-Site Scripting vulnerability about which I've not wrot...

securityvulns•added 2013/05/06 12:0 a.m.•82 views

Open-Xchange Security Advisory 2013-03-13

Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions. Proof regarding authenticity can be obtained from the...

5.8CVSS0.3AI score0.02186EPSS

securityvulns•added 2013/05/06 12:0 a.m.•29 views

EMC RSA Archer multiple security vulnerabilities

Code execution, crosite scripting, authorization bypass...

4.3CVSS3.7AI score0.00225EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/05/06 12:0 a.m.•34 views

Vulnerability in Microsoft Security Essentials <v4.2

Hi @ll, versions of Microsoft Security Essentials before the current v4.2 see https://support.microsoft.com/kb/2805304 have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account almost like https://support.microsoft.com/kb/2781197 alias...

securityvulns•added 2013/05/06 12:0 a.m.•100 views

PHP Code Injection in FUDforum

Advisory ID: HTB23146 Product: FUDforum Vendor: FUDforum Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Vendor Notification: February 21, 2013 Vendor Patch: March 11, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: Code Injection CWE-94 CVE Reference: CVE-2013-2267...

7.7AI score0.12249EPSS

securityvulns•added 2013/05/06 12:0 a.m.•40 views

libarchive integer overflow

Integer overflow on zip file creation leads to buffer overflow...

5CVSS3.8AI score0.01196EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/05/06 12:0 a.m.•167 views

MiniMagic ruby gem remote code execution

MiniMagic ruby gem remote code execution 3/12/2013 https://github.com/hcatlin/minimagick A ruby wrapper for ImageMagick or GraphicsMagick command line. Tested on both Ruby 1.9.2 and Ruby 1.8.7. If a URL is from an untrusted source, commands can be injected into it for remote code execution with t...

securityvulns•added 2013/05/06 12:0 a.m.•61 views

Remote command execution for Ruby Gem ftpd-0.2.1

Remote command execution for Ruby Gem ftpd-0.2.1 2/28/2013 https://github.com/wconrad/ftpd http://rubygems.org/gems/ftpd "ftpd is a pure Ruby FTP server library. It supports implicit and explicit TLS, passive and active mode, and most of the commands specified in RFC 969. It an be used as part of...

securityvulns•added 2013/05/06 12:0 a.m.•32 views

D-Link DSL-320B unauthorized access

It's possible to access configuration files without authentication...

Exploits0References1

securityvulns•added 2013/05/06 12:0 a.m.•127 views

Vulnerabilities in jPlayer

Hello 3APA3A! I want to inform you about multiple vulnerabilities in jPlayer. These are Cross-Site Scripting and Content Spoofing and vulnerabilities in jPlayer. Which is used at tens thousands of web sites and in multiple web applications. ------------------------- Affected products:...

4.3CVSS5.7AI score0.08796EPSS

securityvulns•added 2013/05/06 12:0 a.m.•110 views

[waraxe-2013-SA#102] - Reflected XSS in phpMyAdmin 3.5.7

waraxe-2013-SA102 - Reflected XSS in phpMyAdmin 3.5.7 =============================================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html Description of vulnerable software: phpMyAdmi...

securityvulns•added 2013/05/06 12:0 a.m.•211 views

SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey

SEC Consult Vulnerability Lab Security Advisory 20130417-0 ======================================================================= title: Multiple vulnerabilities in Sosci Survey product: Sosci Survey vulnerable version: 2.3.04a fixed version: 2.3.04a impact: Critical homepage:...

securityvulns•added 2013/05/06 12:0 a.m.•54 views

XSS vulnerabilities in ZeroClipboard and multiple web applications

Hello 3APA3A! In February I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard and multiple web applications. This is additional information on this topic. XSS vulnerabilities in ZeroClipboard http://securityvulns.ru/docs29105.html XSS vulnerabilities in YAML, Multiproject for...

4.3CVSS5.3AI score0.01856EPSS

securityvulns•added 2013/05/06 12:0 a.m.•72 views

[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics

============================================= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I...

securityvulns•added 2013/05/06 12:0 a.m.•62 views

XSS and CS vulnerabilities in Dotclear

Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...

4.3CVSS5.4AI score0.06259EPSS

securityvulns•added 2013/05/04 12:0 a.m.•30 views

ESA-2013-028: EMC NetWorker Elevation of Privilege Vulnerability

ESA-2013-028.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-028: EMC NetWorker Elevation of Privilege Vulnerability EMC Identifier: ESA-2013-028 EMC Identifier: NW147983 CVE Identifier: CVE-2013- 0940 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected product...

securityvulns•added 2013/05/04 12:0 a.m.•39 views

ClamAV multiple security vulnerabilities

Buffer overflow on UPX decompression, array overflow on PDF parsing...

5CVSS4.7AI score0.08669EPSS

Exploits1References2Affected Software1

securityvulns•added 2013/05/04 12:0 a.m.•67 views

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "Scroll" Use-after-free (MS13-028)

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "Scroll" Use-after-free MS13-028 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the...

securityvulns•added 2013/05/04 12:0 a.m.•34 views

FUSE symlink vulnerabilities

It's possible to umount any partition...

5.8CVSS2.2AI score0.0268EPSS

Exploits1Affected Software1

securityvulns•added 2013/05/04 12:0 a.m.•68 views

[USN-1813-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1813-1 May 02, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

7.2CVSS0.4AI score0.01068EPSS

securityvulns•added 2013/05/04 12:0 a.m.•97 views

WowzaMediaServer SecureToken bypass (and worse)

Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: By default all installations of WMS use four modules in their application's config file: base, properties, logging, flvplayback. I've found out that the properties...

securityvulns•added 2013/05/04 12:0 a.m.•65 views

[security bulletin] HPSBMU02872 SSRT101185 rev.1 - HP Service Manager, Remote Disclosure of Information, Cross Site

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03748875 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03748875 Version: 1 HPSBMU02872...

5CVSS0.3AI score0.00635EPSS

securityvulns•added 2013/05/04 12:0 a.m.•86 views

Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities

128 vulnerabilities in different application...

10CVSS2.4AI score0.68905EPSS

Exploits32References4Affected Software24

securityvulns•added 2013/05/04 12:0 a.m.•90 views

CORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0303 Advisory URL:...

0.7AI score0.91897EPSS

securityvulns•added 2013/05/04 12:0 a.m.•42 views

Re: Nginx ngx_http_close_connection function integer overflow

Hello, On Thu, 25 Apr 2013, 06:52-0000, [email protected] wrote: ... II. DESCRIPTION --------------------- Qihoo 360 Web Security Research Team discovered a critical vulnerability in nginx. The vulnerability is caused by a int overflow error within the Nginx ngxhttpcloseconnection function when...

securityvulns•added 2013/05/04 12:0 a.m.•20 views

Wowza Media Server security vulnerabilities

Directory traversal, authentication bypass...

Exploits0References2

securityvulns•added 2013/05/04 12:0 a.m.•63 views

WowzaMediaServer StorageDir escape (regression)

Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: In early 2009 I reported problem with processing of requests with relative paths. The issue surfaced again. In a nutshell, you can escape Applications StorageDir...

securityvulns•added 2013/05/04 12:0 a.m.•31 views

HP Service Manager security vulnerabilities

XSS, information leakage...

5CVSS1.6AI score0.00635EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/05/04 12:0 a.m.•32 views

EMC Avamar server / client security vulnerabilities

Unauthorized files access, insufficient certificate validation...

9.3CVSS3.6AI score0.00207EPSS

Exploits0References2Affected Software1

securityvulns•added 2013/05/04 12:0 a.m.•47 views

ESA-2013-034: EMC Avamar Improper Authorization vulnerability

ESA-2013-034.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-034: EMC Avamar Improper Authorization vulnerability EMC Identifier: ESA-2013-034 CVE Identifier: CVE-2013-0944 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:M/Au:S/C:C/I:P/A:P Affected products: • EMC Avamar Server 5.x •...

3.5CVSS0.8AI score0.00162EPSS

securityvulns•added 2013/05/04 12:0 a.m.•104 views

nginx integer overflow

Integer overflow leads to code execution...

Exploits0References2Affected Software1

securityvulns•added 2013/05/04 12:0 a.m.•32 views

Microsoft Internet Explorer multiple security vulnerabilities

Use-after-free vulnerabilities...

9.3CVSS1.9AI score0.36834EPSS

Exploits2References2Affected Software1

securityvulns•added 2013/05/04 12:0 a.m.•22 views

Cisco Linksys E1200 / N300 XSS

XSS in Web interface...

Exploits0References1

securityvulns•added 2013/05/04 12:0 a.m.•63 views

NGS00416 Patch Notification: Oracle 11g TNS listener remote Invalid Pointer Read (pre-auth)

High Risk Vulnerability in Oracle Database 11g 1 May 2013 Andy Davis of NCC Group has discovered a High risk vulnerability in Oracle Database 11g Impact: Invalid pointer read Remote DoS Versions affected: Oracle Database 11g Security patch information can be found at the following URL:...

securityvulns•added 2013/05/04 12:0 a.m.•40 views

util-linux / mount information leakage

It's possible to check file existance...

5.8CVSS2.2AI score0.0268EPSS

Exploits1References1Affected Software1

securityvulns•added 2013/05/04 12:0 a.m.•47 views

ESA-2013-035: EMC Avamar Client Improper Certificate Validation Vulnerability

ESA-2013-035.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-035: EMC Avamar Client Improper Certificate Validation Vulnerability EMC Identifier: ESA-2013-035 CVE Identifier: CVE-2013-0945 Severity Rating: CVSS v2 Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C Affected products: EMC Avamar...

9.3CVSS1.1AI score0.00207EPSS

securityvulns•added 2013/05/04 12:0 a.m.•56 views

[ MDVSA-2013:157 ] krb5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:157 http://www.mandriva.com/en/support/security/ Package : krb5 Date : April 30, 2013 Affected: Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in krb5:...

7.1CVSS5.5AI score0.02274EPSS

securityvulns•added 2013/05/04 12:0 a.m.•48 views

[SECURITY] [DSA 2665-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2665-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez April 30, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.4AI score0.00691EPSS

securityvulns•added 2013/05/04 12:0 a.m.•37 views

Unchecked Buffer in Microchip TCP/IP Stack Could Allow Remote Code Execution

Unchecked Buffer in Microchip TCP/IP Stack Could Allow Remote Code Execution ============================= ==== General Information ==== ============================= == Executive Summary == The function TCPIPIPV6ProcessFragmentationHeader does not correctly validate the "fragment offset" field i...

securityvulns•added 2013/05/04 12:0 a.m.•57 views

[SECURITY] [DSA 2664-1] stunnel4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2664-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 2, 2013 http://www.debian.org/security/faq -...

6.6CVSS1.8AI score0.0201EPSS

securityvulns•added 2013/05/04 12:0 a.m.•23 views

Microchip controllers IPv6 implementation buffer overflow

Buffer overflow on fragmented packets parsing...

Exploits0References1

securityvulns•added 2013/05/04 12:0 a.m.•56 views

Personal File Share HTTP Server Remote Overflow Vulnerability

Title: Personal File Share HTTP Server Remote Overflow Vulnerability Software : Personal File Share HTTP Server Software Version : UNKNOWN Vendor: http://www.srplab.com/ Vulnerability Published : 2013-04-28 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0,...

securityvulns•added 2013/05/04 12:0 a.m.•55 views

[USN-1815-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1815-1 May 02, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

6.9CVSS0.2AI score0.01424EPSS

securityvulns•added 2013/05/04 12:0 a.m.•60 views

[ MDVSA-2013:154 ] util-linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:154 http://www.mandriva.com/en/support/security/ Package : util-linux Date : April 29, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and...

5.8CVSS5.3AI score0.0268EPSS

securityvulns•added 2013/05/04 12:0 a.m.•34 views

stunnel integer overflow

Integer overflow leads to buffer overflow...

6.6CVSS3.8AI score0.0201EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/05/04 12:0 a.m.•64 views

NGS00422 Patch Notification: Oracle Retail Integration Bus Manager Directory Traversal

High Risk Vulnerability in Oracle Retail Integration Bus Manager 1 May 2013 Andrew Davies of NCC Group has discovered a High risk vulnerability in Oracle Retail Integration Bus Manager Impact: Directory traversal Versions affected: Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2 Security...

securityvulns•added 2013/05/04 12:0 a.m.•49 views

D-Link IP cameras multiple security vulnerabilities

Code execution, authentication bypass, hardcoded credentials, information leakage...

2.5AI score0.91897EPSS

Exploits10References1

securityvulns•added 2013/05/04 12:0 a.m.•30 views

EMC Networker privilege escalation

Weak file permissions...

7.2CVSS3.2AI score0.00032EPSS

Exploits0References1Affected Software1

Total number of security vulnerabilities47153