Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/04/22 12:0 a.m.62 views

VUPEN Security Research - Oracle Java JavaFX Video Frame Decoding Remote Heap Overflow (Pwn2Own 2013)

VUPEN Security Research - Oracle Java JavaFX Video Frame Decoding Remote Heap Overflow Pwn2Own 2013 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Java is the foundation for virtually every type of networked application and is the global...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.72 views

SEC Consult SA-20130417-2 :: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server

SEC Consult Vulnerability Lab Security Advisory 20130417-2 ======================================================================= title: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server product: Oracle WebCenter Sites Satellite Server former FatWire Satellite Serv...

4CVSS5.7AI score0.02207EPSS
Exploits5
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.90 views

Re: [SE-2012-01] Details of issues fixed by Java SE 7 Update 21

Hello All, We wanted to add the following information to our yesterday post. We've learned that RedHat's Bugzilla associates CVE-2013-1537 1 with the RMI issue allowing for a remote loading and execution of arbitrary Java code on servers 2. It looks that Oracle has finally patched RMI vulnerabili...

10CVSS0.1AI score0.09691EPSS
Exploits0
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.40 views

Adobe Flash Player multiple security vulnerabilities

Multiple memory corruptions...

10CVSS1.9AI score0.09257EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.88 views

VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)

VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion Code Execution CVE-2013-2555 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that...

10CVSS0.08458EPSS
Exploits1
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.59 views

Oracle Java / OpenJDK multiple security vulnerabilities

42 different vulnerabilities...

10CVSS2.2AI score0.86963EPSS
Exploits22References6Affected Software2
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.64 views

[SECURITY] [DSA 2662-1] xen security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2662-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 18, 2013 http://www.debian.org/security/faq -...

4.7CVSS0.5AI score0.00372EPSS
Exploits0
securityvulns
securityvulns
added 2013/04/22 12:0 a.m.65 views

[ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services

ESNC-2013-003 Remote OS Command Execution in SAP BASIS Communication Services Please refer to www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact...

6CVSS1.3AI score0.01331EPSS
Exploits0
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.34 views

DoS vulnerability in Internet Explorer (access violation)

Hello 3APA3A! I want to warn you about Denial of Service vulnerabilities in Internet Explorer. This is access violation. I've made the exploit and tested this vulnerability at 13.02.2013. This exploit is based on video by TheSecuritylab for IE7. As I've tested, it also works in IE6 and IE8...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.88 views

[SECURITY] [DSA 2659-1] libapache-mod-security security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2659-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.8AI score0.04208EPSS
Exploits1
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.31 views

DartWebserver DoS

NULL pointer dereference...

1.9AI score0.06603EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.55 views

[CVE-REQUEST] Multiple CSRF vulnerabilities on Foscam IP cameras web UI

Embedded Web interface version 2.4.10.3 and older of Foscam FI8910W, FI8908W and many others is vulnerable to CSRF attacks. This allows attacker to perform calls to any CGI API using cached basic server authentication data stored in victims browser. Details: For example, the following URL request...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.56 views

Apache mod_security security vulnerabilities

Local files access, resources exhausiton...

7.5CVSS2.3AI score0.04208EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.31 views

Cisco Unified MeetingPlace Application Server security vulnerabilities

Authentication bypass, unauthorized access...

9.3CVSS4AI score0.01844EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.45 views

Firefox for Android weak permissions

Weak apptmp permissions allows to overwrite addons...

4.3CVSS2.8AI score0.00994EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.56 views

libc glob() resources exhaustion

It's possible to build recursive template, leading to memory exhaustion...

7.8CVSS2.8AI score0.32357EPSS
Exploits11References5Affected Software3
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.198 views

CVE-2013-0798 : World read and write access to app_tmp directory on Android

Fourteenforty Research Institute, Inc. Security Advisory World read and write access to apptmp directory on Firefox for Android 2013/04/02 === Summary === World read and write access to apptmp directory on Firefox for Android allows replacing Firefox add-ons. === Severity === Middle === Affected...

4.3CVSS8.3AI score0.00994EPSS
Exploits0
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.26 views

Cisco Prime Network Control Systems default account

Default database account...

7.5CVSS3.2AI score0.01323EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.76 views

MacOSX 10.8.3 ftpd Remote Resource Exhaustion

MacOSX 10.8.3 ftpd Remote Resource Exhaustion Maksymilian Arciemowicz http://cxsecurity.com/ http://cvemap.org/ Public Date: 01.02.2013 http://cxsecurity.com/cveshow/CVE-2010-2632 http://cxsecurity.com/cveshow/CVE-2011-0418 --- 1. Description --- Old vulnerability in libc allow to denial of servi...

7.8CVSS0.7AI score0.32357EPSS
Exploits11
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.26 views

Microsoft Internet Explorer DoS

Crash on recursive CSS inclusion...

2.4AI score
Exploits0References1
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.77 views

[USN-1799-1] NVIDIA graphics drivers vulnerability

========================================================================== Ubuntu Security Notice USN-1799-1 April 10, 2013 nvidia-graphics-drivers, nvidia-graphics-drivers-updates, nvidia-settings, nvidia-settings-updates vulnerability...

7.1CVSS1.4AI score0.04807EPSS
Exploits0
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.52 views

Linux kernel multiple security vulnerabilities

DoS, protection bypass, nVidia drivers buffer overflow, information leakage...

7.1CVSS5.2AI score0.04807EPSS
Exploits3References3Affected Software1
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.69 views

[USN-1793-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1793-1 April 08, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.2CVSS6.1AI score0.005EPSS
Exploits3
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.53 views

[CVE-2012-5389] Null Pointer Derefence in Dart Webserver <= 1.9.2

Overview =============== DartWebserver.Dll is an HTTP server provided by Dart Comunications dart.com. It is distributed in their PowerTCP/Webserver For ActiveX product and likely other similar products. "Build web applications in any familiar software development environment. Use WebServer for...

0.06603EPSS
Exploits0
securityvulns
securityvulns
added 2013/04/15 12:0 a.m.65 views

Cisco IOS multiple security vulnerabilities

RSVP DoS, IKE DoS, NAT implementation DoS, Smart Install client DoS, SPT DoS, IP SLA DoS, SIP DoS...

7.8CVSS2.2AI score0.0196EPSS
Exploits0Affected Software2
securityvulns
securityvulns
added 2013/04/12 12:0 a.m.31 views

Microsoft SharePoint weak permissions

Weak documents access rights...

3.5CVSS1.7AI score0.16991EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/04/12 12:0 a.m.37 views

Microsoft Active Directory DoS

Memory exhaustion...

5CVSS2.6AI score0.27005EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/04/12 12:0 a.m.39 views

Microsoft Remote Desktop Connection Client ActiveX code execution

Use-after-free in ActiveX...

9.3CVSS3.5AI score0.20661EPSS
Exploits1Affected Software1
securityvulns
securityvulns
added 2013/04/12 12:0 a.m.33 views

Microsoft multiple applications crossite scripting

Invalid characters sanitization...

4.3CVSS2.3AI score0.15432EPSS
Exploits0Affected Software5
securityvulns
securityvulns
added 2013/04/12 12:0 a.m.41 views

Microsoft Windows multiple security vulnerabilities

Multiple privilege escalations in kernel, CSRSS and drivers...

7.2CVSS4.3AI score0.04625EPSS
Exploits6Affected Software1
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.59 views

Multiple Vulnerabilities in D-Link devices

Device Name: DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110 Vendor: D-Link ============ Vulnerable Firmware Releases: ============ DIR-815 v1.03b02 unauthenticated command injection DIR-645 v1.02 unauthenticated command injection DIR-645 v1.03 authenticated command...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.189 views

[security bulletin] HPSBMU02785 SSRT100526 rev.2 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03216705 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03216705 Version: 2 HPSBMU02785...

10CVSS0.9AI score0.64803EPSS
Exploits8
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.35 views

[ MDVSA-2013:043 ] libgssglue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:043 http://www.mandriva.com/en/support/security/ Package : libgssglue Date : April 5, 2013 Affected: Business Server 1.0 Problem Description: This update fixes insecure getenv usage in libgssglue, which coul...

6.2CVSS6.1AI score0.0044EPSS
Exploits0
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.68 views

Aastra IP Telephone hardcoded telnet admin password

Aastra IP Telephone hardcoded telnet admin password --------------------------------------------------- Affected products ================= Aastra 6753i IP Telephone Firmware Version 3.2.2.56 Firmware Release Code SIP Boot Version 2.5.2.1010 Background ========== "The 6753i from Aastra offers...

Exploits0
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.45 views

HP LoadRunner security vulnerabilities

Few different buffer overflows...

10CVSS2.2AI score0.64803EPSS
Exploits8References1Affected Software1
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.29 views

libgssapi / libgssglue privilege escalation

Insecure getenv usage...

6.2CVSS3AI score0.0044EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.38 views

Subversion multiple security vulnerabilities

Multiple DoS conditions...

5CVSS2.6AI score0.51442EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.19 views

Multiple vulnerabilities in D-Link devices

Code execution, information leakage...

3.2AI score
Exploits0References1
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.54 views

[slackware-security] subversion (SSA:2013-095-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security subversion SSA:2013-095-01 New subversion packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...

5CVSS8.4AI score0.51442EPSS
Exploits0
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.49 views

Aastra IP phones backdoor

Hardcoded telnet account admin/Mqozn...

2.1AI score
Exploits0References1
securityvulns
securityvulns
added 2013/04/09 12:0 a.m.41 views

MIT Kerberos 5 DoS

pkinitcryptoopenssl.c NULL pointer dereference...

7.1CVSS2.5AI score0.04211EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.38 views

OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability

OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability 3/6/2013 Larry W. Cashdollar @larry0 The infiniband diagnostic utiltiy handles files in /tmp insecurely. A malicious user can clobber root owned files with common symlink attacks. http://www.openfabrics.org/downloads/ibutils/ nobody@exdb01...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.130 views

Novell GroupWise Multiple Remote Code Execution Vulnerabilities

Advisory ID: HTB23131 Product: Novell GroupWise Vendor: Novell Inc. Vulnerable Versions: 12.0.0.8586 and probably prior Tested Version: 12.0.0.8586 on Windows 7 SP1 and Internet Explorer 9.0 Vendor Notification: November 26, 2012 Vendor Patch: January 30, 2013 Public Disclosure: April 3, 2013...

10CVSS0.4AI score0.12299EPSS
Exploits0
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.39 views

libav / ffmpeg multiple security vulnerabilities

Vulnerabilities on multiple media formats parsing...

7.5CVSS3.7AI score0.01986EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.87 views

QlikView integer overflow

Integer overflow on .qvw files parsing...

5.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.168 views

Authentication bypass on Netgear WNR1000

Authentication bypass on Netgear WNR1000 ======================================== ADVISORY INFORMATION Title: Authentication bypass on Netgear WNR1000 Discovery date: 10/11/2012 Release date: 29/03/2013 Credits: Roberto Paleari [email protected], twitter: @rpaleari VULNERABILITY INFORMATION...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.37 views

Groovy Media Player buffer overflow Vulnerability

Title: ==== Groovy Media Player 3.2.0 Buffer Overflow Vulnerability Credit: ====== Name: Akshaysinh Vaghela Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== CVE-2013-2760 Reserved Date: ==== 21-03-2013 CL-ID: ==== CRD-2013-02 Vendor: ======...

6.8CVSS0.6AI score0.03555EPSS
Exploits5
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.104 views

[USN-1789-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-1789-1 April 04, 2013 postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities ========================================================================== A security issue affects these...

8.5CVSS8.1AI score0.54312EPSS
Exploits4
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.35 views

GNOME Online Accounts SSL certificate spoofing

Insufficient certificate check...

4.3CVSS2.4AI score0.01362EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/04/08 12:0 a.m.119 views

Cisco Video Surveillance Operations Manager Multiple vulnerabilities

Exploit Title:Cisco Video Surveillance Operations Manager Multiple vulnerabilities Google Dork: intitle:"Video Surveillance Operations Manager Login" Date: 22 Feb 2013 reported to the vendor Exploit Author: Bassem | bassem.co Vendor Homepage: www.cisco.com Version: Version 6.3.2 Tested on: Versio...

0.3AI score
Exploits0
Total number of security vulnerabilities47153