Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•41 views

VUPEN Security Research - Microsoft Windows OLE Automation Code Execution Vulnerability

VUPEN Security Research - Microsoft Windows OLE Automation Remote Code Execution Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Microsoft Windows is a series of software operating systems and graphical user interfaces produced b...

1AI score
Exploits0
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•29 views

RSA Authentication Agent protection bypass

In some cases only PIN is requested insted of full authentication sequence...

5.4CVSS4.4AI score0.00548EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•25 views

cfingerd buffer overflow

Buffer overflow on request parsing...

10CVSS4.8AI score0.03125EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•60 views

[SECURITY] [DSA 2635-1] cfingerd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2635-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 1, 2013 http://www.debian.org/security/faq -...

10CVSS1.9AI score0.03125EPSS
Exploits0
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•91 views

[ MDVSA-2013:016 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:016 http://www.mandriva.com/security/ Package : php Date : February 28, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php: PHP...

7.5CVSS8.4AI score0.10136EPSS
Exploits0
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•30 views

dbus-glib privilege escalation

NameOwnerChanged signale processing privilege escalation...

7.2CVSS3.3AI score0.0109EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•57 views

Microsoft Windows multiple security vulnerabilities

Quartz.dll memory corruption, .Net privilege escalation, multiple kernel race conditions, CSRSS privilege escalation, TCP/IP DoS...

10CVSS5.1AI score0.69936EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•79 views

[USN-1754-1] Sudo vulnerability

========================================================================== Ubuntu Security Notice USN-1754-1 February 28, 2013 sudo vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.9CVSS7.8AI score0.03202EPSS
Exploits8
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•56 views

[SE-2012-01] New security issues affecting Oracle's Java SE 7u15

Hello All, We had yet another look into Oracle's Java SE 7 software that was released by the company on Feb 19, 2013. As a result, we have discovered two new security issues numbered 54 and 55, which when combined together can be successfully used to gain a complete Java security sandbox bypass i...

7.3AI score
Exploits0
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•59 views

Apache security vulnerabilities

modinfo, modstatus, modimagemap, modldap, modproxyftp, modproxybalancer crossite scripting...

4.3CVSS1.6AI score0.22913EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•73 views

[ MDVSA-2013:015 ] apache

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:015 http://www.mandriva.com/security/ Package : apache Date : February 26, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in apache ASF...

4.3CVSS6.9AI score0.22913EPSS
Exploits3
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•19 views

War FTP Daemon memory corruption

Memory corruption on logging...

1.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•32 views

[USN-1753-1] DBus-GLib vulnerability

========================================================================== Ubuntu Security Notice USN-1753-1 February 27, 2013 dbus-glib vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

7.2CVSS0.7AI score0.0109EPSS
Exploits2
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•63 views

[USN-1750-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1750-1 February 26, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.2CVSS7.5AI score0.0418EPSS
Exploits12
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•101 views

Unauthenticated remote access to D-Link DIR-645 devices

Unauthenticated remote access to D-Link DIR-645 devices ======================================================= ADVISORY INFORMATION Title: Unauthenticated remote access to D-Link DIR-645 devices Discovery date: 20/02/2013 Release date: 27/02/2013 Credits: Roberto Paleari [email protected],...

1.3AI score
Exploits0
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•70 views

[IA48] Photodex ProShow Producer v5.0.3297 Insecure Library Loading Vulnerability

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Uncontrolled Search Path Element CWE-427 Date found: 2013-02-23 Date published: 2013-02-23 CVSSv2 Score: 4,4...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•71 views

OpenSSL / PolarSSL / GnuTLS security vulnerabilities

Timing attacks, DoS...

5CVSS3.7AI score0.35584EPSS
Exploits2References2Affected Software3
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•49 views

Linux kernel security vulnerabilities

Privilege escalation, information leak...

7.2CVSS2.9AI score0.0418EPSS
Exploits14References3Affected Software1
securityvulns
securityvulns
•added 2013/03/02 12:0 a.m.•74 views

[USN-1747-1] Transmission vulnerability

========================================================================== Ubuntu Security Notice USN-1747-1 February 25, 2013 transmission vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...

7.5CVSS0.4AI score0.05098EPSS
Exploits1
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•54 views

TeamSHATTER Security Advisory: Cross-site scripting in Oracle EM (advReplicationAdmin) (CVE-2013-0355)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cross-site scripting in Oracle Enterprise Manager advReplicationAdmin TeamSHATTER Security Advisory February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes...

4.3CVSS5.4AI score0.00985EPSS
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•129 views

PHP-Fusion 7.02.05 SQL Injection

SQL Injection vulnerability exists in releases since 7.02.01 till 7.02.05 of PHP-Fusion CMS. The vulnerability allows the attacker to authenticate as an arbitrary user and act with its rights which might lead to the code execution. Because of exploitation simplicity, the potential risk is very...

0.5AI score
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•81 views

TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle 11g Stealth Password Cracking Vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Database Server version 11gR1, 11gR2 Remote exploitable: Yes No authentication to Database Server is needed...

6.4CVSS9.5AI score0.31437EPSS
Exploits4
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•3924 views

XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS

Hello 3APA3A! After my previous list of vulnerable software with ZeroClipboard.swf, here is a list of software with ZeroClipboard10.swf. These are Cross-Site Scripting vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS. Earlier I've wrote about Cross-Site Scripting...

5.7AI score
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•116 views

SQLi found in Kodak Insite

Hello ... While investigating a recent installation of Kodak's Insite Creative Workflow System for my current employer, an SQL Injection vulnerability was discovered in its "Forgot Your Password?" page. An example of this application can be seen on the Kodak site...

8.1AI score
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•71 views

CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date...

0.3AI score0.22612EPSS
Exploits7
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•47 views

squid cachemanager DoS

cachemgr.cgi resources exhaustion...

5CVSS2AI score0.23026EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•65 views

[ MDVSA-2013:013 ] squid

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:013 http://www.mandriva.com/security/ Package : squid Date : February 20, 2013 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in squid...

5CVSS8.4AI score0.23026EPSS
Exploits1
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•60 views

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (SCPLBL_COLLECTED parameters) (CVE-2013-0353)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager SCPLBLCOLLECTED parameters February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes...

4.3CVSS0.4AI score0.00985EPSS
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•66 views

TeamSHATTER Security Advisory: SQL Injection in Oracle Alter FBA Table (CVE-2012-1751)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Alter FBA Table February 20, 2013 Risk Level: High Affected versions: Oracle Database Enterprise Edition 11.1, 11.2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched...

6.5CVSS1AI score0.01593EPSS
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•59 views

TeamSHATTER Security Advisory: HTTP Response Splitting in Oracle EM (policyViewSettings) (CVE-2013-0354)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager policyViewSettings February 20, 2013 Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Y...

4.3CVSS6.2AI score0.01228EPSS
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•60 views

[SECURITY] [DSA 2628-1] nss-pam-ldapd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2628-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 18, 2013 http://www.debian.org/security/faq -...

6.8CVSS3.5AI score0.03582EPSS
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•47 views

nss-pam-ldapd fd_set overflow

FDSET structure overflow...

6.8CVSS3AI score0.03582EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•35 views

HP ArcSight multiple security vulnerabilities

Information leakage, code execution, crossite scripting...

6.8CVSS0.7AI score0.03792EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•32 views

Boost library protection bypass

Invalid UTF-8 sequences validation...

5CVSS2.9AI score0.0287EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•87 views

Alt-N MDaemon Email Body HTML/JS Injection Vulnerability

============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: HTML/JS Injection Remot...

1.4AI score
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•55 views

[SECURITY] [DSA 2625-1] wireshark security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2625-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 17, 2013 http://www.debian.org/security/faq -...

2.9CVSS2.2AI score0.00938EPSS
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•89 views

Foswiki Security: Alert CVE-2013-1666 - Remote Code Execution Vulnerability in MAKETEXT macro.

---+ Security Alert: Code injection vulnerability in MAKETEXT macro This advisory alerts you of a potential security issue with your Foswiki installation. A vulnerability has been reported against the core Perl module CPAN:Locale::Maketext 1, which Foswiki uses to provide translations when...

7.5CVSS9.9AI score0.61604EPSS
Exploits15
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•101 views

[USN-1731-1] OpenStack Cinder vulnerability

========================================================================== Ubuntu Security Notice USN-1731-1 February 21, 2013 cinder vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS0.7AI score0.04863EPSS
Exploits1
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•76 views

[USN-1734-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1734-1 February 21, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS1AI score0.04863EPSS
Exploits1
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•58 views

CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a relatively minor issue, hence no embargo. Michael Scherer [email protected] of Red Hat found: Looking for incorrect /tmp/ usage, I found the following piece of code in /usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb...

2.1CVSS0.3AI score0.00343EPSS
Exploits1
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•65 views

US-CERT Alert TA13-051A - Oracle Java Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-051A Oracle Java Multiple Vulnerabilities Original release date: February 20, 2013 Last revised: -- Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 13 and earlier JDK and...

0.8AI score
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•135 views

Alt-N MDaemon's WorldClient Username Enumeration Vulnerability

==================================================================== Alt-N MDaemon's WorldClient Username Enumeration Vulnerability ==================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•75 views

TeamSHATTER Security Advisory: Oracle EM Segment Advisor Arbitrary URL redirection/phishing (CVE-2012-3219)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager Segment Advisor Arbitrary URL redirection/phishing vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5,...

4.3CVSS1AI score0.01228EPSS
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•87 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.65724EPSS
Exploits35References12Affected Software7
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•4014 views

XSS vulnerabilities in ZeroClipboard

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in ZeroClipboard. Last week I've made my research of these vulnerabilities and informed all developers previous and current of ZeroClipboard. When I've downloaded ZeroClipboard in September 2011, when I was writing my article Attacks vi...

6.2AI score
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•4654 views

XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in YAML, MultiProject extension for Trac, UserCollections extension for Piwigo, TAO and TableTools plugin for DataTables plugin for jQuery with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•63 views

Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities

Over 85 of different vulnerabilites are fixed in CPU...

10CVSS2AI score0.68914EPSS
Exploits21References14
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•78 views

[USN-1730-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1730-1 February 20, 2013 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

5CVSS0.9AI score0.04863EPSS
Exploits2
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•79 views

[security bulletin] HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight Logger, Remote Disclosure of Information, Command Injection, Cross-Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03606700 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03606700 Version: 1 HPSBMU02836...

6.8CVSS0.2AI score0.03792EPSS
Exploits0
securityvulns
securityvulns
•added 2013/02/24 12:0 a.m.•73 views

TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Database GeoRaster API overflow February 20, 2013 Risk Level: High Affected versions: Oracle Database 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability w...

9CVSS0.4AI score0.01969EPSS
Exploits0
Total number of security vulnerabilities47153