Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/03/11 12:0 a.m.39 views

Samsung TV DoS (possible overflow) via SOAPACTION

!/bin/bash Samsung TV DoS possible overflow via SOAPACTION Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Verified for ue55es6800. Nope, it's different than http://www.exploit-db.com/exploits/18751/. havetelnet ? RCE : "vuln is DoS if not clever...

2.9AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.64 views

[IA32] HP Intelligent Management Center v5.1 E0202 topoContent.jsf Non-Persistent Cross-Site Scripting

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: HP Intelligent Management Center Vendor URL: www.hp.com Type: Cross-Site Scripting CWE-79 Date found: 2012-06-08 Date published: 2013-03-04 CVSSv2 Score: CWE-79: 3,5 AV:N/AC:M/Au:S/C:N/I:P/A:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.43 views

Verax NMS multiple security vulnerabilities

Authentication bypass, replay attacks, hardcoded private key, information leakage...

1.7AI score0.02008EPSS
Exploits6References4Affected Software1
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.108 views

Varnish 2.1.5, 3.0.3 DoS in http_GetHdr() while parsing Vary header

httpGetHdr | l == strlenhdr + 1 Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.0.3, 2.1.5 Summary: It's possible to crash Varnish via assertion if the single header within the Vary header is longer then 127 bytes. The 'l' cachehttp.c2...

1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.62 views

[security bulletin] HPSBMU02849 SSRT101124 rev.1 - HP ServiceCenter, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03680085 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03680085 Version: 1 HPSBMU02849...

7.5CVSS0.2AI score0.02523EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.57 views

[ MDVSA-2013:017 ] libxml2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:017 http://www.mandriva.com/security/ Package : libxml2 Date : March 5, 2013 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in libxml2: A denial of service...

4.3CVSS8.4AI score0.02972EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.83 views

[USN-1756-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1756-1 March 06, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.5CVSS0.5AI score0.01557EPSS
Exploits5
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.26 views

Corel WordPerfect uninitialized pointer dereference

User-controlled pointer dereferences on WPD parsing...

3.8AI score0.0207EPSS
Exploits1References1
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.36 views

Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc

DoS loop, 100 cpu strHdrAcptLangGetItem at errorpage.cc Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.2.5, 3.2.7 This error is only triggered when squid needs to generate an error page for example backend node is not responding etc...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.59 views

[SECURITY] [DSA 2641-1] perl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2641-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 09, 2013 http://www.debian.org/security/faq -...

7.5CVSS1.5AI score0.03577EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.38 views

Perl memory leakage

Memory leakage on hash tables...

7.5CVSS1.1AI score0.03577EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.175 views

Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption.

httpMakeVaryMark header value 'value' http.cc:603 line Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.2.5 It takes combination of a 5x requests and responses in less than 10 seconds to crash the parent: Request -- cut -- !/usr/bin/env...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.41 views

Corel Quattro Pro DoS

NULL pointer dereferences on QPW parsing...

4.3CVSS3.3AI score0.02952EPSS
Exploits2References1
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.69 views

Multiple NULL Pointer Dereference Vulnerabilities in Corel Quattro Pro X6

Advisory ID: HTB23112 Product: Corel Quattro Pro X6 Standard Edition Vendor: Corel Corporation Vulnerable Versions: 16.0.0.388, other versions may be also affected Tested Version: 16.0.0.388 on Windows 7 SP1 32 bits Vendor Notification: August 27, 2012 Public Disclosure: March 7, 2013 Vulnerabili...

4.3CVSS6.7AI score0.02952EPSS
Exploits2
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.42 views

Untrusted Pointer Dereference Vulnerability in Corel WordPerfect X6

Advisory ID: HTB23114 Product: Corel WordPerfect X6 Standard Edition Vendor: Corel Corporation Vulnerable Versions: 16.0.0.388, other versions may be also affected Tested Version: 16.0.0.388 on Windows 7 SP1 32 bits Vendor Notification: September 12, 2012 Public Disclosure: March 7, 2013...

0.0207EPSS
Exploits1
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.49 views

Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/05/2013 01:53 PM, [email protected] wrote: DoS loop, 100 cpu strHdrAcptLangGetItem at errorpage.cc Authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466 c8e74ebd8392fda4788179f9a02bb49337638e7b AKAT-1 Versions: 3.2.5, 3.2.7 This error i...

Exploits0
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.64 views

[ MDVSA-2013:020 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:020 http://www.mandriva.com/en/support/security/ Package : wireshark Date : March 8, 2013 Affected: Enterprise Server 5.0 Problem Description: Multiple vulnerabilities was found and corrected in Wireshark:...

6.1CVSS6.6AI score0.02828EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.42 views

Squid security vulnerabilities

CPU exhaustion DoS, memory corruption...

7.8CVSS2.3AI score0.18307EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.38 views

Wireshark multiple security vulnerabilities

Multiple vulnerabilities on CLNP, DTLS, DCP-ETSI, NTLMSSP and another protocols parsing...

6.1CVSS2.4AI score0.02828EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2013/03/10 12:0 a.m.49 views

sudo protection bypass

It's possible to bypass password request by manipulating timestamps. Session id hijacking is possible under some conditions...

6.9CVSS1.5AI score0.03202EPSS
Exploits8References1Affected Software1
securityvulns
securityvulns
added 2013/03/05 12:0 a.m.64 views

[SE-2012-01] One more attack affecting Oracle's Java SE 7u15

Hello All, Last week, Oracle disputed our claim regarding one of the Issues reported to the company on Feb 25, 2012. This was Issue 54 that was partly responsible for a successful attack demonstrated in the environment of Java SE 7 Update 15. It turns out Oracle's attempt to deny Issue 54 turned...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.30 views

Cisco Prime Central / Cisco Unified Communications Manager / Cisco Unified Presence Server DoS

Different DoS conditions on traffic processing...

7.8CVSS3.1AI score0.02292EPSS
Exploits0Affected Software3
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.48 views

[Onapsis Security Advisory 2013-002] SAP SDM Denial of Service

Onapsis Security Advisory 2013-002: SAP SDM Denial of Service This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new...

Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.44 views

Stored Cross-site Scripting ('XSS') in Airvana HubBub C1-600-RT Femtocell

Advisory ID: NEOCAN-2013-002 Advisory Title: Stored XSS 'cross-site scripting' in Airvana HubBub C1-600-RT router Author: Scott Behrens / [email protected] Release Date: 02/27/2013 Vendor: Airvana Application: Airrave 2.5 router administration page Platform: Web Application Severity:...

4.3CVSS5.1AI score0.01265EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.30 views

Airvana HubBub routers crossite scripting

Web interface crossite scripting...

4.3CVSS1.5AI score0.01265EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.47 views

[Onapsis Security Advisory 2013-001] SAP Portal PDC Information Disclosure

Onapsis Security Advisory 2013-001: SAP Portal PDC Information Disclosure This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.56 views

[Onapsis Security Advisory 2013-004] SAP J2EE Core Service Arbitrary File Access

Onapsis Security Advisory 2013-004: SAP J2EE Core Service Arbitrary File Access This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories,...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.409 views

[waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05

waraxe-2013-SA097 - Multiple Vulnerabilities in PHP-Fusion 7.02.05 =============================================================================== Author: Janek Vind "waraxe" Date: 27. February 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-97.html Description of vulnerable...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.40 views

Adobe Reader / Acrobat security vulnerabilities

Buffer oveflows are exploited in-the-wild...

9.3CVSS3.3AI score0.86979EPSS
Exploits4Affected Software2
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.78 views

[KIS-2013-03] Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability

------------------------------------------------------------------- Joomla! = 3.0.2 highlight.php PHP Object Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://www.joomla.org/ - Affected Versions: Version 3.0.2 and earlier 3.0.x...

7.5CVSS0.03149EPSS
Exploits6
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.130 views

Fileutils ruby gem possible remote command execution and insecure file handling in /tmp

Fileutils ruby gem possible remote command execution and insecure file handling in /tmp 2/23/2013 Hi list, I was looking at some gem files and noticed a few issues with fileutils-0.7 http://rubygems.org/gems/fileutils "A set of utility classes to extract meta data from different file types"...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.71 views

[Onapsis Security Advisory 2013-006] SAP SMD Agent Code Injection

Onapsis Security Advisory 2013-006: SAP SMD Agent Code Injection This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.21 views

SAP applications multiple security vulnerabilities

Code executions, filesystem access, information leakage, DoS...

2.7AI score
Exploits0References6
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.102 views

Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities

Title: ====== Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities Date: ===== 2013-01-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=824 ID: SWIFT-3119 URL: http://dev.kayako.com/browse/SWIFT-3119 VL-ID: ===== 824 Common Vulnerability Scoring System:...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.109 views

Multiple Vulnerabilities in Piwigo

Advisory ID: HTB23144 Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.4.6 and probably prior Tested Version: 2.4.6 Vendor Notification: February 6, 2013 Vendor Patch: February 19, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Request Forgery CWE-352, Path...

7.6CVSS6.8AI score0.56011EPSS
Exploits12
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.73 views

[SECURITY] [DSA 2633-1] fusionforge security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2633-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez February 26, 2013 http://www.debian.org/security/faq -...

6.9CVSS1.4AI score0.00374EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.45 views

Adobe Flash Player multiple security vulnerabilities

Multiple code execution vulnerabilities are exploited in-the-wild...

10CVSS2.3AI score0.77597EPSS
Exploits11Affected Software1
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.71 views

[Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting

Onapsis Security Advisory 2013-003: SAP Enterprise Portal Cross-Site-Scripting This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories,...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.47 views

[Onapsis Security Advisory 2013-005] SAP CCMS Agent Code Injection

Onapsis Security Advisory 2013-005: SAP CCMS Agent Code Injection This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.105 views

Cross-Site Scripting (XSS) in Geeklog

Advisory ID: HTB23143 Product: Geeklog Vendor: http://www.geeklog.net Vulnerable Versions: 1.8.2 and probably prior Tested Version: 1.8.2 Vendor Notification: February 6, 2013 Vendor Patch: February 20, 2013 Public Disclosure: February 27, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...

4.3CVSS6.9AI score0.01885EPSS
Exploits3
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.82 views

Fwd: [SECURITY] CVE-2013-0253 Apache Maven 3.0.4

CVE-2013-0253 Apache Maven Severity: Medium Vendor: The Apache Software Foundation Versions Affected: - Apache Maven 3.0.4 - Apache Maven Wagon 2.1, 2.2, 2.3 Description: Apache Maven 3.0.4 with Apache Maven Wagon 2.1 has introduced a non-secure SSL mode by default. This mode disables all SSL...

5.8CVSS2.3AI score0.0157EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.49 views

BF, IAA and CSRF vulnerabilities in Question2Answer

Hello 3APA3A! These are Brute Force, Insufficient Anti-automation and Cross-Site Request Forgery vulnerabilities in Question2Answer. This is the first part of vulnerabilities in this web application. ------------------------- Affected products: ------------------------- Vulnerable are all version...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.79 views

[SECURITY] [DSA 2634-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2634-1 [email protected] http://www.debian.org/security/ Nico Golde February 27, 2013 http://www.debian.org/security/faq -...

6.4CVSS1.5AI score0.04593EPSS
Exploits2
securityvulns
securityvulns
added 2013/03/03 12:0 a.m.85 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.6CVSS1.6AI score0.56011EPSS
Exploits17References10Affected Software9
securityvulns
securityvulns
added 2013/03/02 12:0 a.m.37 views

Denial of Service vulnerability in War FTP Daemon 1.82

Late last week, security researchers at jura.ba reported a Denial of Service vulnerability in War FTP Daemon 1.82. The problem was rooted in the way log messages was relayed from the internal log handler to the Windows Event log when the sever was running as a Windows service. Theoretically, it...

2.2AI score
Exploits0
securityvulns
securityvulns
added 2013/03/02 12:0 a.m.65 views

PHP securiy vulnerabilities

safedir protection bypass and code execution on SOAP handling...

7.5CVSS1.9AI score0.10136EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/03/02 12:0 a.m.69 views

[IA48] Photodex ProShow Producer v5.0.3297 Insecure Library Loading Vulnerability

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Uncontrolled Search Path Element CWE-427 Date found: 2013-02-23 Date published: 2013-02-23 CVSSv2 Score: 4,4...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/03/02 12:0 a.m.60 views

ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability EMC Identifier: ESA-2013-012 CVE Identifier: CVE-2013-0931 Severity Rating: CVSS v2 Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P Affected Products: Product...

5.4CVSS0.3AI score0.00548EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/02 12:0 a.m.36 views

openjpeg library security vulnerabilities

Vulnerabilities on JPEG encoding and decoding...

10CVSS2.3AI score0.07695EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2013/03/02 12:0 a.m.33 views

Transmission memory corruption

micro transport packets parsing memory corruption...

7.5CVSS4.3AI score0.05098EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities47153