Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/05/06 12:0 a.m.30 views

EMC RSA Archer multiple security vulnerabilities

Code execution, crosite scripting, authorization bypass...

4.3CVSS3.7AI score0.01166EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.51 views

XSS vulnerability in JW Player and JW Player Pro

Hello 3APA3A! I want to warn you about new XSS vulnerability in JW Player and JW Player Pro. Last year I've written about multiple Content Spoofing and Cross-Site Scripting vulnerabilities in JW Player and JW Player Pro, and this is new Cross-Site Scripting vulnerability about which I've not wrot...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.24 views

Censornet Professional multiple security vulnerabilities

Crossite scripting, SQL injections...

1.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.92 views

WordPress Plugin: Advanced XML Reader v0.3.4 XXE Vulnerability

The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE XML eXternal Entity processing attacks. After installing the plugin on a Windows machine, I created a text file in the root of C: named "test.txt", which...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.39 views

OWASP WAF protection bypass

It's possible to bypass protection by using non-standard URL encodings...

2.9AI score
Exploits0References1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.59 views

Remote command execution in Ruby Gem Command Wrap

Remote command execution in Ruby Gem Command Wrap 3/15/2013 http://rubygems.org/gems/commandwrap Commands executed if the remote URL or filename contains the shell character ';'. The commands will be executed as the client user if tricked into using the malicious URL or filename. Examining the...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.56 views

[SE-2012-01] Yet another Reflection API flaw affecting Oracle's Java SE

Hello All, Today, a vulnerability report with an accompanying Proof of Concept code was sent to Oracle notifying the company of a new security weakness affecting Java SE 7 software. The new flaw was verified to affect all versions of Java SE 7 including the recently released 1.7.021-b11. It can b...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.35 views

Vulnerability in Microsoft Security Essentials <v4.2

Hi @ll, versions of Microsoft Security Essentials before the current v4.2 see https://support.microsoft.com/kb/2805304 have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account almost like https://support.microsoft.com/kb/2781197 alias...

3.5AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.84 views

[waraxe-2013-SA#101] - Update Spoofing Vulnerability in Royal TS 2.1.5

waraxe-2013-SA101 - Update Spoofing Vulnerability in Royal TS 2.1.5 =============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-101.html Description of vulnerable...

7AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.63 views

Apache VCL improper input validation

CVE-2013-0267: Apache VCL improper input validation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache VCL 2.1, 2.2, 2.2.1, 2.3, 2.3.1 Description: Some parts of VCL did not properly validate input data. This problem was present both in the Privileges portion of...

6.5CVSS0.8AI score0.03748EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.87 views

[ISecAuditors Security Advisories] Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9

============================================= INTERNET SECURITY AUDITORS ALERT 2013-012 - Original release date: March 19th, 2013 - Last revised: April 6th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2631...

5.4AI score0.01755EPSS
Exploits2
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.87 views

[CVE-2013-1814] Apache Rave exposes User over API

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

4CVSS6.2AI score0.7322EPSS
Exploits10
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.1491 views

SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum

SEC Consult Vulnerability Lab Security Advisory 20130311-0 ======================================================================= title: Persistent cross-site scripting vulnerability product: jforum vulnerable version: 2.1.9 fixed version: - impact: medium homepage: http://jforum.net/ found:...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.108 views

Path Traversal in AWS XMS

Advisory ID: HTB23147 Product: AWS XMS Vendor: http://www.aws-dms.com Vulnerable Versions: 2.5 and probably prior Tested Version: 2.5 Vendor Notification: March 6, 2013 Vendor Patch: March 16, 2013 Public Disclosure: March 27, 2013 Vulnerability Type: Path Traversal CWE-22 CVE Reference:...

7.9AI score0.10008EPSS
Exploits4
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.41 views

libarchive integer overflow

Integer overflow on zip file creation leads to buffer overflow...

5CVSS3.8AI score0.03926EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.56 views

[ MDVSA-2013:147 ] libarchive

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:147 http://www.mandriva.com/en/support/security/ Package : libarchive Date : April 19, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and...

5CVSS7.6AI score0.03926EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.138 views

Multiple Vulnerabilities in KrisonAV CMS

Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...

6.8CVSS6.6AI score0.01826EPSS
Exploits6
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.59 views

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "CDisplayPointer" Use-after-free (MS13-028)

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "CDisplayPointer" Use-after-free MS13-028 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as par...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.75 views

Cisco/Linksys E1200 N300 Reflected XSS

Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.70 views

NGS00416 Patch Notification: Oracle 11g TNS listener remote Invalid Pointer Read (pre-auth)

High Risk Vulnerability in Oracle Database 11g 1 May 2013 Andy Davis of NCC Group has discovered a High risk vulnerability in Oracle Database 11g Impact: Invalid pointer read Remote DoS Versions affected: Oracle Database 11g Security patch information can be found at the following URL:...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.58 views

Personal File Share HTTP Server Remote Overflow Vulnerability

Title: Personal File Share HTTP Server Remote Overflow Vulnerability Software : Personal File Share HTTP Server Software Version : UNKNOWN Vendor: http://www.srplab.com/ Vulnerability Published : 2013-04-28 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0,...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.69 views

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "Scroll" Use-after-free (MS13-028)

VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "Scroll" Use-after-free MS13-028 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.50 views

ESA-2013-035: EMC Avamar Client Improper Certificate Validation Vulnerability

ESA-2013-035.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-035: EMC Avamar Client Improper Certificate Validation Vulnerability EMC Identifier: ESA-2013-035 CVE Identifier: CVE-2013-0945 Severity Rating: CVSS v2 Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C Affected products: EMC Avamar...

9.3CVSS1.1AI score0.00858EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.68 views

[security bulletin] HPSBMU02872 SSRT101185 rev.1 - HP Service Manager, Remote Disclosure of Information, Cross Site

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03748875 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03748875 Version: 1 HPSBMU02872...

5CVSS0.3AI score0.02202EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.105 views

nginx integer overflow

Integer overflow leads to code execution...

4.3AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.72 views

[USN-1813-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1813-1 May 02, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

7.2CVSS0.4AI score0.0135EPSS
Exploits6
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.41 views

ClamAV multiple security vulnerabilities

Buffer overflow on UPX decompression, array overflow on PDF parsing...

5CVSS4.7AI score0.03547EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.23 views

Microchip controllers IPv6 implementation buffer overflow

Buffer overflow on fragmented packets parsing...

4.7AI score
Exploits0References1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.99 views

WowzaMediaServer SecureToken bypass (and worse)

Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: By default all installations of WMS use four modules in their application's config file: base, properties, logging, flvplayback. I've found out that the properties...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.21 views

Wowza Media Server security vulnerabilities

Directory traversal, authentication bypass...

4.8AI score
Exploits0References2
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.39 views

Unchecked Buffer in Microchip TCP/IP Stack Could Allow Remote Code Execution

Unchecked Buffer in Microchip TCP/IP Stack Could Allow Remote Code Execution ============================= ==== General Information ==== ============================= == Executive Summary == The function TCPIPIPV6ProcessFragmentationHeader does not correctly validate the "fragment offset" field i...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.71 views

NGS00415 Patch Notification: Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth)

High Risk Vulnerability in Oracle Database 11g 1 May 2013 Andy Davis of NCC Group has discovered a High risk vulnerability in Oracle Database 11g Impact: Null Pointer Dereference Remote DoS Versions affected: Oracle Database 11g Security patch information can be found at the following URL:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.87 views

Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities

128 vulnerabilities in different application...

10CVSS2.4AI score0.58817EPSS
Exploits32References4Affected Software24
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.22 views

Cisco Linksys E1200 / N300 XSS

XSS in Web interface...

1.9AI score
Exploits0References1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.35 views

stunnel integer overflow

Integer overflow leads to buffer overflow...

6.6CVSS3.8AI score0.02932EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.35 views

EMC Avamar server / client security vulnerabilities

Unauthorized files access, insufficient certificate validation...

9.3CVSS3.6AI score0.00861EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.51 views

ESA-2013-034: EMC Avamar Improper Authorization vulnerability

ESA-2013-034.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-034: EMC Avamar Improper Authorization vulnerability EMC Identifier: ESA-2013-034 CVE Identifier: CVE-2013-0944 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:M/Au:S/C:C/I:P/A:P Affected products: • EMC Avamar Server 5.x •...

3.5CVSS0.8AI score0.00861EPSS
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.33 views

Microsoft Internet Explorer multiple security vulnerabilities

Use-after-free vulnerabilities...

9.3CVSS1.9AI score0.20539EPSS
Exploits2References2Affected Software1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.52 views

D-Link IP cameras multiple security vulnerabilities

Code execution, authentication bypass, hardcoded credentials, information leakage...

2.5AI score0.40353EPSS
Exploits10References1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.32 views

EMC Networker privilege escalation

Weak file permissions...

7.2CVSS3.2AI score0.00387EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.31 views

SRPLab Personal File Share buffer overflow

Buffer overflow on oversized request in HTTP server...

2.4AI score
Exploits0References1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.52 views

[USN-1816-1] ClamAV vulnerabilities

========================================================================== Ubuntu Security Notice USN-1816-1 May 03, 2013 clamav vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

5CVSS0.5AI score0.03547EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.72 views

NGS00423 Patch Notification: Oracle Retail Invoice Manager SQL Injection

High Risk Vulnerability in Oracle Retail Central Office 1 May 2013 Andrew Davies of NCC Group has discovered a High risk vulnerability in Oracle Retail Central Office Impact: SQL Injection Versions affected: Oracle Retail Central Office, versions 13.1, 13.2, 13.3, 13.4 Security patch information...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.44 views

Re: Nginx ngx_http_close_connection function integer overflow

Hello, On Thu, 25 Apr 2013, 06:52-0000, [email protected] wrote: ... II. DESCRIPTION --------------------- Qihoo 360 Web Security Research Team discovered a critical vulnerability in nginx. The vulnerability is caused by a int overflow error within the Nginx ngxhttpcloseconnection function when...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.34 views

HP Service Manager security vulnerabilities

XSS, information leakage...

5CVSS1.6AI score0.02202EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.62 views

[ MDVSA-2013:154 ] util-linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:154 http://www.mandriva.com/en/support/security/ Package : util-linux Date : April 29, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and...

5.8CVSS5.3AI score0.09848EPSS
Exploits1
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.94 views

CORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0303 Advisory URL:...

0.7AI score0.40353EPSS
Exploits10
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.66 views

WowzaMediaServer StorageDir escape (regression)

Product: Wowza Media Server URL: http://www.wowza.com/ Description: WMS is a quite popular RTMP/HLS/HDS/RTSP streaming server Issue: In early 2009 I reported problem with processing of requests with relative paths. The issue surfaced again. In a nutshell, you can escape Applications StorageDir...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.32 views

ESA-2013-028: EMC NetWorker Elevation of Privilege Vulnerability

ESA-2013-028.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-028: EMC NetWorker Elevation of Privilege Vulnerability EMC Identifier: ESA-2013-028 EMC Identifier: NW147983 CVE Identifier: CVE-2013- 0940 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected product...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2013/05/04 12:0 a.m.42 views

FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver [REVISED]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:05.nfsserver Security Advisory The FreeBSD Project Topic: Insufficient input validation in the NFS server Category: core Module: nfsserver Announced: 2013-04-2...

7.5CVSS6.4AI score0.0351EPSS
Exploits0
Total number of security vulnerabilities47153