Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SecurityvulnsRecent
RecentMost viewed

47153 matches found

securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.31 views

EMC RecoverPoint for Virtual Machines restriction bypass

Privilege escalation...

7.2CVSS3.8AI score0.00059EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.54 views

SQL Injection in easy2map-photos wordpress plugin v1.09

Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.1.0 Vendor Contact:...

0.3AI score
Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.75 views

NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability

------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2015-0005 Synopsis: VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability Issue date: 2015-07-09 Updated on:...

7.2CVSS7.2AI score0.0013EPSS
Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.35 views

AirLive IP cameras commands injection

Few commands injection possibilities...

10CVSS2AI score0.42161EPSS
Exploits6References1
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.584 views

127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt Blog URL:...

7.5CVSS0.1AI score0.73501EPSS
Exploits6
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.23 views

stunnel authentication bypass

Authentication is possible if redictions are used...

5.8CVSS2.7AI score0.00248EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.107 views

ipTIME n104r3 vulnerable to CSRF and XSS attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: iptime n104r3 vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt Blog URL:...

Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.58 views

[SECURITY] [DSA 3299-1] stunnel4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3299-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2015 https://www.debian.org/security/faq -...

5.8CVSS2.2AI score0.00248EPSS
Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.51 views

phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPLITEADMIN0705.txt Vendor: ================================ bitbucket.org/phpliteadmin Product: ================================ phpLiteAdmin v1.1 Advisory Information:...

7.3AI score
Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.34 views

Android backup content spoofing

Malware application can spoof content of the adb backup...

4.6CVSS2.1AI score0.00118EPSS
Exploits1References1Affected Software1
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.46 views

Cisco ASA multiple security vulnerabilities

Multiple DoS conditions, commads injections, information disclosure, certificate validation bypass...

9CVSS2AI score0.00785EPSS
Exploits0Affected Software1
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.57 views

Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution

Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution CVEs: CVE-2015-1560, CVE-2015-1561 Vendor: Merethis - www.centreon.com Product: Centreon Version affected: 2.5.4 and prior Product description: Centreon is the choice of some of the world's largest companies...

7.5CVSS0.3AI score0.05236EPSS
Exploits6
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.56 views

Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5

Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-05 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpress.org/haet/ Vendor Notified: 2015-07-05, fixed...

0.7AI score
Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.48 views

AirLink101 SkyIPCam1620W commands injection

Commands injection, hardcoded credentials...

9CVSS1.7AI score0.33452EPSS
Exploits5References1
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.55 views

[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection

Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101...

9CVSS9.3AI score0.33452EPSS
Exploits5
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.44 views

CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Xpert.Line Vendor: Soreco AG 1 CVE ID: CVE-2015-3442 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Authors: Alessandro Zala [email protected] Andreas Hunkeler...

7.5CVSS0.4AI score0.01759EPSS
Exploits1
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.53 views

SQL Injection in easy2map wordpress plugin v1.24

Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/ Advisory...

Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.52 views

[CORE-2015-0012] - AirLive Multiple Products OS Command Injection

Advisory Information Title: AirLive Multiple Products OS Command Injection Advisory ID: CORE-2015-0012 Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection Date published: 2015-07-06 Date of last update: 2015-07-06 Vendors contacted: AirLive Release...

10CVSS10AI score0.42161EPSS
Exploits6
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.76 views

[USN-2671-1] Django vulnerabilities

========================================================================== Ubuntu Security Notice USN-2671-1 July 09, 2015 python-django vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

7.8CVSS0.7AI score0.15813EPSS
Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.55 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.8CVSS1.6AI score0.15813EPSS
Exploits16References12Affected Software10
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.48 views

CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal

The AjaxControlToolkit prior to version 15.1 has a file upload directory traversal vulnerability which on a poorly configured web server can lead to remote code execution. The issue affects any application using the AjaxFileUpload control. The vulnerability arises because the...

6.4CVSS1.9AI score0.00877EPSS
Exploits1
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.33 views

ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-115: EMC RecoverPoint for Virtual Machines VMs Restriction Bypass Vulnerability EMC Identifier: ESA-2015-115 CVE Identifier: CVE-2015-4526 Severity Rating: CVSSv2 Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Affected products: • EMC RecoverPoin...

7.2CVSS0.7AI score0.00059EPSS
Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.205 views

[SYSS-2015-031] sysPass - SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-031 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor Notification: 2014-07-27 Solutio...

8.1AI score
Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.70 views

[USN-2670-1] libwmf vulnerabilities

========================================================================== Ubuntu Security Notice USN-2670-1 July 08, 2015 libwmf vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.8CVSS0.9AI score0.05715EPSS
Exploits3
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.73 views

phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSQLITECMS0712.txt Vendor: ================================ phpsqlitecms.net Product: ================================ ilosuna-phpsqlitecms-d9b8219 Advisory Information:...

0.4AI score
Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.76 views

Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability

-------------------------------------------------------- Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability -------------------------------------------------------- Vendor ------ https://www.snorby.org/ Version ------- 2.6.2 Description ----------- During my research and testing of new IDS...

0.4AI score
Exploits0
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.45 views

libwmf multiple security vulnerabilities

Multiple memory corruptions...

6.8CVSS2.5AI score0.05715EPSS
Exploits3References1Affected Software1
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.41 views

ipTime routers code execution

Code execution via shell characters injection into DHCP request hostname...

4.8AI score
Exploits0References2
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.51 views

CVE-2014-7952, Android ADB backup APK injection vulnerability

The Android operating system offers a backup/restore mechanism of installed packages through the ADB utility. Full backup of applications including the private files stored on /data partition is performed by default, but applications can customize this behavior by implementing a BackupAgent class...

6.9AI score0.00118EPSS
Exploits1
securityvulns
securityvulnsadded 2015/07/14 12:0 a.m.263 views

VMWare applications privilege escalation

Weak executable file DACL...

7.2CVSS3.5AI score0.0013EPSS
Exploits0References1Affected Software3
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.124 views

[USN-2658-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2658-1 July 06, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

10CVSS1.2AI score0.69613EPSS
Exploits20
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.67 views

[SECURITY] [DSA 3303-1] cups-filters security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3303-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 07, 2015 https://www.debian.org/security/faq -...

7.5CVSS1.9AI score0.33515EPSS
Exploits0
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.86 views

[USN-2668-1] HAProxy vulnerability

========================================================================== Ubuntu Security Notice USN-2668-1 July 07, 2015 haproxy vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

5CVSS0.3AI score0.00094EPSS
Exploits0
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.49 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Multiple NSS cryptography vulnerabilities, memory corruptions, restriction bypasses, information disclosure, privilege escalation...

10CVSS2.3AI score0.92346EPSS
Exploits1Affected Software3
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.83 views

[SECURITY] [DSA 3306-1] pdns security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3306-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini July 09, 2015 https://www.debian.org/security/faq -...

7.8CVSS2.2AI score0.00506EPSS
Exploits0
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.71 views

[USN-2667-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2667-1 July 07, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

9CVSS1AI score0.05914EPSS
Exploits0
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.47 views

[slackware-security] ntp (SSA:2015-188-03)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security ntp SSA:2015-188-03 New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

3.5CVSS6.2AI score0.01575EPSS
Exploits0
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.81 views

[USN-2666-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2666-1 July 07, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

9CVSS0.7AI score0.05914EPSS
Exploits0
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.48 views

ISC bind named DoS

Crash on DNSSEC validation...

7.8CVSS1.3AI score0.27161EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.47 views

cups-filters buffer overflow

texttopdf buffer overflows...

7.5CVSS3.7AI score0.33515EPSS
Exploits0References1
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.34 views

Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed On November 2013 I discovered vulnerability in EMC Documentum Content Server which allow authenticated user to execute arbitrary commands using dmbptransition docbase method for detailed...

0.1AI score0.00987EPSS
Exploits4
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.86 views

HAProxy information disclosure

Under some conditions, data from previous request can be obtained...

5CVSS1AI score0.00094EPSS
Exploits0References1
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.86 views

PHP multiple security vulnerabilities

Code execution, DoS conditions, poisoned NULL byte vulnereability, information disclosure...

10CVSS1.7AI score0.69613EPSS
Exploits23References1Affected Software1
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.33 views

pdns recursor DoS

CPU exhaustion and crash on processing name that refers to itself...

7.8CVSS3.1AI score0.00506EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.68 views

[USN-2669-1] Bind vulnerability

========================================================================== Ubuntu Security Notice USN-2669-1 July 07, 2015 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

7.8CVSS0.1AI score0.27161EPSS
Exploits0
securityvulns
securityvulnsadded 2015/07/13 12:0 a.m.48 views

ntpd DoS

Crash is possible under specific conditions...

3.5CVSS1.3AI score0.01575EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2015/07/09 12:0 a.m.40 views

OpenSSL restrictions bypass

Certificate without CA flag can be validated as a valid signing certificate...

6.4CVSS2.7AI score0.76307EPSS
Exploits6
securityvulns
securityvulnsadded 2015/07/05 12:0 a.m.63 views

CollabNet Subversion Edge missing clickjacking protection

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement clickjacking protection Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Clickjacking Risk: Medium Status:...

0.9AI score
Exploits0
securityvulns
securityvulnsadded 2015/07/05 12:0 a.m.80 views

Path Traversal in BlackCat CMS

Advisory ID: HTB23263 Product: BlackCat CMS Vendor: Black Cat Development Vulnerable Versions: 1.1.1 and probably prior Tested Version: 1.1.1 Advisory Publication: June 10, 2015 without technical details Vendor Notification: June 10, 2015 Vendor Patch: June 24, 2015 Public Disclosure: July 1, 201...

5CVSS7.7AI score0.31814EPSS
Exploits2
securityvulns
securityvulnsadded 2015/07/05 12:0 a.m.29 views

EMC Isilon OneFS code execution

Command injection in web administration...

9CVSS2.3AI score0.00857EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities47153