Securityvulns - Page 109 of Securityvulns Vulnerabilities List

securityvulns•added 2013/03/02 12:0 a.m.•66 views

OpenSSL / PolarSSL / GnuTLS security vulnerabilities

Timing attacks, DoS...

5CVSS3.7AI score0.09511EPSS

Exploits1References2Affected Software3

securityvulns•added 2013/03/02 12:0 a.m.•55 views

[SE-2012-01] New security issues affecting Oracle's Java SE 7u15

Hello All, We had yet another look into Oracle's Java SE 7 software that was released by the company on Feb 19, 2013. As a result, we have discovered two new security issues numbered 54 and 55, which when combined together can be successfully used to gain a complete Java security sandbox bypass i...

7.3AI score

securityvulns•added 2013/03/02 12:0 a.m.•66 views

[USN-1752-1] GnuTLS vulnerability

========================================================================== Ubuntu Security Notice USN-1752-1 February 27, 2013 gnutls13, gnutls26 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

4CVSS0.1AI score0.01146EPSS

securityvulns•added 2013/03/02 12:0 a.m.•62 views

PHP securiy vulnerabilities

safedir protection bypass and code execution on SOAP handling...

7.5CVSS1.9AI score0.03157EPSS

securityvulns•added 2013/03/02 12:0 a.m.•76 views

[USN-1754-1] Sudo vulnerability

========================================================================== Ubuntu Security Notice USN-1754-1 February 28, 2013 sudo vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.9CVSS7.8AI score0.0813EPSS

Exploits8

securityvulns•added 2013/03/02 12:0 a.m.•31 views

Denial of Service vulnerability in War FTP Daemon 1.82

Late last week, security researchers at jura.ba reported a Denial of Service vulnerability in War FTP Daemon 1.82. The problem was rooted in the way log messages was relayed from the internal log handler to the Windows Event log when the sever was running as a Windows service. Theoretically, it...

2.2AI score

securityvulns•added 2013/03/02 12:0 a.m.•38 views

VUPEN Security Research - Microsoft Windows OLE Automation Code Execution Vulnerability

VUPEN Security Research - Microsoft Windows OLE Automation Remote Code Execution Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems and graphical user interfaces produced b...

1AI score

securityvulns•added 2013/03/02 12:0 a.m.•48 views

Linux kernel security vulnerabilities

Privilege escalation, information leak...

7.2CVSS2.9AI score0.15053EPSS

Exploits14References3Affected Software1

securityvulns•added 2013/03/02 12:0 a.m.•26 views

RSA Authentication Agent protection bypass

In some cases only PIN is requested insted of full authentication sequence...

5.4CVSS4.4AI score0.00097EPSS

securityvulns•added 2013/03/02 12:0 a.m.•55 views

ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability EMC Identifier: ESA-2013-012 CVE Identifier: CVE-2013-0931 Severity Rating: CVSS v2 Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P Affected Products: Product...

5.4CVSS0.3AI score0.00097EPSS

securityvulns•added 2013/03/02 12:0 a.m.•96 views

Unauthenticated remote access to D-Link DIR-645 devices

Unauthenticated remote access to D-Link DIR-645 devices ======================================================= ADVISORY INFORMATION Title: Unauthenticated remote access to D-Link DIR-645 devices Discovery date: 20/02/2013 Release date: 27/02/2013 Credits: Roberto Paleari [email protected],...

1.3AI score

securityvulns•added 2013/03/02 12:0 a.m.•24 views

cfingerd buffer overflow

Buffer overflow on request parsing...

10CVSS4.8AI score0.01562EPSS

securityvulns•added 2013/03/02 12:0 a.m.•71 views

[ MDVSA-2013:015 ] apache

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:015 http://www.mandriva.com/security/ Package : apache Date : February 26, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in apache ASF...

4.3CVSS6.9AI score0.58223EPSS

Exploits3

securityvulns•added 2013/03/02 12:0 a.m.•54 views

Microsoft Windows multiple security vulnerabilities

Quartz.dll memory corruption, .Net privilege escalation, multiple kernel race conditions, CSRSS privilege escalation, TCP/IP DoS...

10CVSS5.1AI score0.81532EPSS

securityvulns•added 2013/03/02 12:0 a.m.•30 views

[USN-1753-1] DBus-GLib vulnerability

========================================================================== Ubuntu Security Notice USN-1753-1 February 27, 2013 dbus-glib vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

7.2CVSS0.7AI score0.00223EPSS

Exploits2

securityvulns•added 2013/03/02 12:0 a.m.•89 views

[ MDVSA-2013:016 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:016 http://www.mandriva.com/security/ Package : php Date : February 28, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php: PHP...

7.5CVSS8.4AI score0.03157EPSS

securityvulns•added 2013/03/02 12:0 a.m.•67 views

[IA48] Photodex ProShow Producer v5.0.3297 Insecure Library Loading Vulnerability

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Uncontrolled Search Path Element CWE-427 Date found: 2013-02-23 Date published: 2013-02-23 CVSSv2 Score: 4,4...

0.3AI score

securityvulns•added 2013/02/24 12:0 a.m.•30 views

Boost library protection bypass

Invalid UTF-8 sequences validation...

5CVSS2.9AI score0.00918EPSS

securityvulns•added 2013/02/24 12:0 a.m.•60 views

Alt-N MDaemon's WorldClient Disclosure of Authentication Credentials Vulnerability

========================================================================================== Alt-N MDaemon's WorldClient Disclosure of Authentication Credentials Vulnerability ========================================================================================== Software: Alt-N MDaemon v13.0.3...

1.5AI score

securityvulns•added 2013/02/24 12:0 a.m.•76 views

Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability

====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...

0.6AI score

securityvulns•added 2013/02/24 12:0 a.m.•100 views

[USN-1731-1] OpenStack Cinder vulnerability

========================================================================== Ubuntu Security Notice USN-1731-1 February 21, 2013 cinder vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS0.7AI score0.03938EPSS

securityvulns•added 2013/02/24 12:0 a.m.•84 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.81971EPSS

Exploits35References12Affected Software7

securityvulns•added 2013/02/24 12:0 a.m.•55 views

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (Resource Manager) (CVE-2013-0358)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager Resource Manager February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remot...

4.3CVSS0.2AI score0.00311EPSS

securityvulns•added 2013/02/24 12:0 a.m.•30 views

NetGear DGN2200 multiple security vulnerabilities

XSS, code execution, information leakage...

2.3AI score

Exploits0References1

securityvulns•added 2013/02/24 12:0 a.m.•125 views

PHP-Fusion 7.02.05 SQL Injection

SQL Injection vulnerability exists in releases since 7.02.01 till 7.02.05 of PHP-Fusion CMS. The vulnerability allows the attacker to authenticate as an arbitrary user and act with its rights which might lead to the code execution. Because of exploitation simplicity, the potential risk is very...

0.5AI score

securityvulns•added 2013/02/24 12:0 a.m.•78 views

TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle 11g Stealth Password Cracking Vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Database Server version 11gR1, 11gR2 Remote exploitable: Yes No authentication to Database Server is needed...

6.4CVSS9.5AI score0.44041EPSS

Exploits4

securityvulns•added 2013/02/24 12:0 a.m.•63 views

TeamSHATTER Security Advisory: SQL Injection in Oracle Alter FBA Table (CVE-2012-1751)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Alter FBA Table February 20, 2013 Risk Level: High Affected versions: Oracle Database Enterprise Edition 11.1, 11.2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched...

6.5CVSS1AI score0.00375EPSS

securityvulns•added 2013/02/24 12:0 a.m.•61 views

Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities

Over 85 of different vulnerabilites are fixed in CPU...

10CVSS2AI score0.66845EPSS

Exploits21References14

securityvulns•added 2013/02/24 12:0 a.m.•68 views

[CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF‏

Exploit Title: Wordpress pretty-link plugin XSS in SWF Release Date: 20/02/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip Vendor Homepage: http://prettylinkpro.com/ Tested on:...

4.3CVSS0.2AI score0.1032EPSS

Exploits3

securityvulns•added 2013/02/24 12:0 a.m.•57 views

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (dBClone) (CVE-2013-0374)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager dBClone February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote...

4.3CVSS0.5AI score0.00311EPSS

securityvulns•added 2013/02/24 12:0 a.m.•52 views

Ruby multiple security vulnerabilities

Crossite scripting, protection bypass...

7.5CVSS1.5AI score0.17317EPSS

Exploits2References1Affected Software1

securityvulns•added 2013/02/24 12:0 a.m.•70 views

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (advReplicationAdmin) (CVE-2013-0372)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager advReplicationAdmin February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits:...

4.3CVSS0.2AI score0.00442EPSS

securityvulns•added 2013/02/24 12:0 a.m.•4010 views

XSS vulnerabilities in ZeroClipboard

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in ZeroClipboard. Last week I've made my research of these vulnerabilities and informed all developers previous and current of ZeroClipboard. When I've downloaded ZeroClipboard in September 2011, when I was writing my article Attacks vi...

6.2AI score

securityvulns•added 2013/02/24 12:0 a.m.•52 views

Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability

===================================================================================== Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability ===================================================================================== Software: Alt-N MDaemon v13.0.3 and prior...

0.2AI score

securityvulns•added 2013/02/24 12:0 a.m.•71 views

[USN-1734-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1734-1 February 21, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS1AI score0.03938EPSS

securityvulns•added 2013/02/24 12:0 a.m.•35 views

SAP Netweaver Message Server multiple security vulnerabilities

Code execution, DoS...

2.5AI score0.68888EPSS

Exploits7References1Affected Software1

securityvulns•added 2013/02/24 12:0 a.m.•50 views

[SECURITY] [DSA 2625-1] wireshark security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2625-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 17, 2013 http://www.debian.org/security/faq -...

2.9CVSS2.2AI score0.00509EPSS

securityvulns•added 2013/02/24 12:0 a.m.•67 views

CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date...

0.3AI score0.68888EPSS

Exploits7

securityvulns•added 2013/02/24 12:0 a.m.•72 views

TeamSHATTER Security Advisory: Oracle EM Segment Advisor Arbitrary URL redirection/phishing (CVE-2012-3219)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager Segment Advisor Arbitrary URL redirection/phishing vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5,...

4.3CVSS1AI score0.00363EPSS

securityvulns•added 2013/02/24 12:0 a.m.•49 views

[USN-1727-1] Boost vulnerability

========================================================================== Ubuntu Security Notice USN-1727-1 February 18, 2013 boost1.49 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

5CVSS0.3AI score0.00918EPSS

securityvulns•added 2013/02/24 12:0 a.m.•44 views

nss-pam-ldapd fd_set overflow

FDSET structure overflow...

6.8CVSS3AI score0.02899EPSS

securityvulns•added 2013/02/24 12:0 a.m.•85 views

Foswiki Security: Alert CVE-2013-1666 - Remote Code Execution Vulnerability in MAKETEXT macro.

---+ Security Alert: Code injection vulnerability in MAKETEXT macro This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext 1, which Foswiki uses to provide translations when...

7.5CVSS9.9AI score0.81971EPSS

Exploits15

securityvulns•added 2013/02/24 12:0 a.m.•75 views

[security bulletin] HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight Logger, Remote Disclosure of Information, Command Injection, Cross-Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03606700 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03606700 Version: 1 HPSBMU02836...

6.8CVSS0.2AI score0.01529EPSS

securityvulns•added 2013/02/24 12:0 a.m.•76 views

[USN-1730-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1730-1 February 20, 2013 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

5CVSS0.9AI score0.03938EPSS

Exploits2

securityvulns•added 2013/02/24 12:0 a.m.•64 views

[ MDVSA-2013:013 ] squid

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:013 http://www.mandriva.com/security/ Package : squid Date : February 20, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in squid...

5CVSS8.4AI score0.69682EPSS

securityvulns•added 2013/02/24 12:0 a.m.•53 views

Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability

================================================================== Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability ================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: Remote Code...

2.2AI score

securityvulns•added 2013/02/24 12:0 a.m.•130 views

Alt-N MDaemon's WorldClient Username Enumeration Vulnerability

==================================================================== Alt-N MDaemon's WorldClient Username Enumeration Vulnerability ==================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...

0.4AI score