Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/03/13 12:0 a.m.29 views

Microsoft Visio Viewer memory corruption

Memory corruption on Visio files prasing...

9.3CVSS3AI score0.26684EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/03/13 12:0 a.m.31 views

Microsoft Outlook for Mac information leakage

External content is requested during message parsing...

5CVSS2.9AI score0.20801EPSS
Exploits1
securityvulns
securityvulns
added 2013/03/13 12:0 a.m.32 views

Microsoft OneNote information leakage

Information leakage on OneNote files parsing...

5CVSS2.5AI score0.23969EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/03/13 12:0 a.m.50 views

Privoxy information leakage

Proxy-Authenticate and Proxy-Authorization headers are not filtered, making it possible to hijack authentication information...

5.8CVSS3AI score0.04632EPSS
Exploits2References1
securityvulns
securityvulns
added 2013/03/13 12:0 a.m.52 views

Microsoft Silverlight code execution

Memory corruption...

9.3CVSS2.4AI score0.81868EPSS
Exploits8Affected Software1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.73 views

CVE-2013-1413

COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2013-1413 CSNC ID: CSNC-2013-003 Product: i-doit Vendor: synetics Gesellschaft fьr Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...

4.3CVSS0.3AI score0.01161EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.59 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

8.5CVSS1.6AI score0.06977EPSS
Exploits10References13Affected Software10
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.141 views

US-CERT Alert TA13-064A: Oracle Java Contains Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System TA13-064A: Oracle Java Contains Multiple Vulnerabilities Original release date: March 05, 2013 Systems Affected Any system using Oracle Java 7, 6, 5 1.7, 1.6, 1.5 including Java Platform Standard Edition 7 Java SE 7 Jav...

10CVSS0.2AI score0.85882EPSS
Exploits10
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.104 views

[security bulletin] HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC), iMC TACACS+ Authentication Manager (TAM), and iMC User Access Manager (UAM), Cross Site Scripting (XSS), Remote Code Execution,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03689276 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03689276 Version: 1 HPSBGN02854...

10CVSS0.6AI score0.63744EPSS
Exploits15
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.44 views

Varnish 2.1.5, 3.0.3 DoS in VRY_Create() while parsing Vary header

VRYCreate | q == ',' Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions affected: 3.0.3 2.1.5 Summary: Varnish 2.1.5 and 3.0.3 crash and restart via assert while parsing Vary header backend response. This could be used if attacker gained...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.57 views

Verax NMS Authenication Bypass (CVE-2013-1350)

Verax NMS Authenication Bypass CVE-2013-1350 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing...

1.4AI score0.01514EPSS
Exploits1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.61 views

Verax NMS Password Disclosure (CVE-2013-1631)

Verax NMS Password Disclosure CVE-2013-1631 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing...

1.2AI score0.01315EPSS
Exploits2
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.119 views

APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 o...

10CVSS0.2AI score0.85882EPSS
Exploits10
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.133 views

Exploit for D-Link DAP 1150

Hello! Here is exploit for D-Link DAP 1150. About vulnerabilities in it, which were used in this exploit, I've wrote in 2011. I've presented this exploit in my article "CSRF Attacks on Network Devices" in the magazine PenTest Extra 02/2012 http://pentestmag.com/pentestextra022012/, released in...

Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.44 views

DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion

Title ----- DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion Severity -------- High Date Discovered --------------- February 14, 2013 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: 0x00string, Ryan Oliver and r@b13$ Vulnerability Description...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.84 views

[CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability

CVE-REQUEST Foscam = 11.37.2.48 path traversal vulnerability Summary: Foscam firmware = 11.37.2.48 is prone to a path traversal vulnerability in the embedded web interface. The unauthenticated attacker can access to the entire filesystem and steal web & wifi credentials. Details: GET...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.286 views

SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise (part 1)

SEC Consult Vulnerability Lab Security Advisory 20130308-0 ======================================================================= title: Multiple critical vulnerabilities part 1 product: GroundWork Monitor Enterprise vulnerable version: 6.7.0 fixed version: none - optional technical bulletin...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.94 views

[SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples

CVE-2013-0248 Apache Commons FileUpload - Insecure examples Severity: Low Vendor: The Apache Software Foundation Versions Affected: - Commons FileUpload 1.0 to 1.2.2 Description: Commons FileUpload provides file upload capability for Servlets and web applications. During the upload process,...

3.3CVSS7.7AI score0.0068EPSS
Exploits1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.38 views

WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS)

------------------ WordPress Count-Per-Day plugin 3.2.5. Type-1 reflected Cross Site Scripting XSS affected versions = 3.2.5. tested on 3.2.5, 3.2.3 impact: - code execution in browser context author: alejandr0.m0f0 1/ navigate to the page: /wordpress/wp-admin/?page=cpdmetaboxes 2/ bottom of the...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.17 views

Samsung TV buffer overflow

Buffer overflow on TCP/7676 SOAPACTION request processing...

4AI score
Exploits0References1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.45 views

Varnish 2.1.5 DoS in STV_alloc() while parsing Content-Length header

STValloc | st != NULL Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Full panic message: Panic message: Assert error in STValloc, stevedore.c line 192:012 Conditionst != NULL not true. Summary: Varnish 2.1.5 crash and restart via...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.70 views

[SECURITY] [DSA 2636-1] xen security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2636-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 01, 2013 http://www.debian.org/security/faq -...

6.1CVSS1.8AI score0.00716EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.22 views

Varnish multiple security vulnerabilities

Different DoS conditions on HTTP headers parsing...

1AI score
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.110 views

SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2)

SEC Consult Vulnerability Lab Security Advisory 20130308-1 ======================================================================= title: Multiple high risk vulnerabilities part 2 product: GroundWork Monitor Enterprise vulnerable version: 6.7.0 fixed version: none - optional technical bulletin...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.272 views

CS and XSS vulnerabilities in SWFUpload

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in SWFUpload. This is very popular flash-file, which is used at tens millions of web sites and in hundreds of web applications such as WordPress, only this web application is used at more then 62 millions of web sit...

4.3CVSS0.09088EPSS
Exploits10
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.86 views

Multiple XSS vulnerabilities in Events Manager WordPress plugin

Advisory ID: HTB23139 Product: Events Manager WordPress plugin Vendor: Marcus Sykes Vulnerable Versions: 5.3.3 and probably prior Tested Version: 5.3.3 Vendor Notification: January 16, 2013 Vendor Patch: January 17, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: Cross-Site Scripting...

4.3CVSS0.2AI score0.02058EPSS
Exploits3
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.58 views

Verax NMS Password Replay Attack (CVE-2013-1351)

Verax NMS Password Replay Attack CVE-2013-1351 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducin...

0.8AI score0.02008EPSS
Exploits3
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.66 views

OS Command Injection in CosCms

Advisory ID: HTB23145 Product: CosCms Vendor: http://www.coscms.org Vulnerable Versions: 1.721 and probably prior Tested Version: 1.721 Vendor Notification: February 13, 2013 Vendor Patch: February 13, 2013 Public Disclosure: March 6, 2013 Vulnerability Type: OS Command Injection CWE-78 CVE...

8.5CVSS0.06977EPSS
Exploits5
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.22 views

HP LaserJet Pro printers unauthorized access

No description provided...

8.8CVSS3AI score0.0246EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.30 views

Re: rpi-update tmpfile vulnerability

Hello everyone, I took a closer look at this vulnerability here is my exploit to share: 45 cat /tmp/updateScript.sh EOF -- if we own it first, wait for IMODIFY and inject our malicious code 46 !/bin/bash 47 if mv "$tempFileName" "$0"; then 48 rm -- "$0" 49 exec env UPDATESELF=0 /bin/bash "$0"...

7AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.20 views

Kaspersky Internet Security DoS

Different DoS conditions on IPv6 processing...

2.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.114 views

Varnish 2.1.5 DoS in fetch_straight() while parsing Content-Length header

fetchstraight | uintmaxtcl == cll Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 2.1.5 Summary It is possible to crash via assert varnish child processes by sending invalid Content-Length reponse header. Panic message: Assert error in...

2AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.49 views

HP Intelligent Management Center multiple security vulnerabilities

Crossite scripting, code execution, information disclosure...

10CVSS1.5AI score0.63744EPSS
Exploits15References2
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.28 views

rpi-update symlink vulnerability

Unsafe temp file creation...

2.2AI score
Exploits0References2
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.82 views

Verax NMS Hardcoded Private Key (CVE-2013-1352)

Verax NMS Hardcoded Private Key CVE-2013-1352 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing...

0.7AI score0.02008EPSS
Exploits3
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.172 views

SIP Witch 0.7.4 w/libosip2-4.0.0 DoS via NULL pointer derefence in libosip2

SIP Witch 0.7.4 w/libosip2-4.0.0 Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 DoS by the NULL pointer derefence in libosip2. True, found in the ancient version of sipwitch default in BT5 but the problem lies in the library used by it and may...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.167 views

Exploit for stealing admin's account in Question2Answer

Hello! Here is exploit for stealing admin's account in Question2Answer. This exploit uses Cross-Site Request Forgery vulnerability at http://site/account and Insufficient Anti-automation vulnerabilities at http://site/forgot and http://site/reset, which I've described in the second advisory about...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.32 views

rpi-update tmpfile vulnerability

Raspberry Pi Firmware Updater Vulnerability Application: https://github.com/Hexxeh/rpi-update/ Version Tested: Github source as of 10ad1e975a 10th Feb commit Vulnerability 1: A malicious user can clobber any file due to insecure tmp file handling. Example: Any unprivileged user can create the...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.111 views

[security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03684249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03684249 Version: 1 HPSBPI02851...

8.8CVSS0.0246EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.46 views

[PT-2013-17] Arbitrary Files Reading in mnoGoSearch

----------------------------------------------------------- PT-2013-17 Positive Technologies Security Advisory Arbitrary Files Reading in mnoGoSearch ----------------------------------------------------------- --- Vulnerable software mnoGoSearch Version: 3.3.12 and earlier Application link:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.82 views

Remote system freeze thanks to Kaspersky Internet Security 2013

I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time, nor the desire to do so. But Kaspersky did not react, so ... quick and dirty: Kaspersky Internet Security 2013 and any other Kaspersky product which includes the firewall...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.117 views

Stored XSS in Terillion Reviews Wordpress Plugin

CVE Assigned-CVE-2013-2501 Exploit Title : Stored XSS in Terillion Reviews Plugin Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 08/03/13 Software link: http://wordpress.org/extend/plugins/terillion-reviews/ The Terillion Reviews Plugin in Wordpress...

4.3CVSS0.3AI score0.05268EPSS
Exploits2
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.40 views

AoF, IAA and CSRF vulnerabilities in Question2Answer

Hello 3APA3A! These are Abuse of Functionality, Insufficient Anti-automation and Cross-Site Request Forgery vulnerabilities in Question2Answer. This is the second part of vulnerabilities in this web application. ------------------------- Affected products: ------------------------- Vulnerable are...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.33 views

HP ServiceCenter DoS

No description provided...

7.5CVSS0.9AI score0.02523EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.40 views

Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND

Subversion MKACTIVITY Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 libsvnfs's svnfsfilelength fun tested on 1.6.17 and few others gdb where 0 0x00007f2595db9d60 in svnfsfilelength from /usr/lib/x8664-linux-gnu/libsvnfs-1.so.1 1 0x00007f25961f2d...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.22 views

Apache mod_dav_svn DoS

NULL pointer dereference on MKACTIVITY and PROPDINF requests processing...

2.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.43 views

Verax NMS multiple security vulnerabilities

Authentication bypass, replay attacks, hardcoded private key, information leakage...

1.7AI score0.02008EPSS
Exploits6References4Affected Software1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.108 views

Varnish 2.1.5, 3.0.3 DoS in http_GetHdr() while parsing Vary header

httpGetHdr | l == strlenhdr + 1 Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.0.3, 2.1.5 Summary: It's possible to crash Varnish via assertion if the single header within the Vary header is longer then 127 bytes. The 'l' cachehttp.c2...

1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.62 views

[security bulletin] HPSBMU02849 SSRT101124 rev.1 - HP ServiceCenter, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03680085 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03680085 Version: 1 HPSBMU02849...

7.5CVSS0.2AI score0.02523EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.57 views

[ MDVSA-2013:017 ] libxml2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:017 http://www.mandriva.com/security/ Package : libxml2 Date : March 5, 2013 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in libxml2: A denial of service...

4.3CVSS8.4AI score0.02972EPSS
Exploits0
Total number of security vulnerabilities47153