Securityvulns - Page 113 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2013/01/27 12:0 a.m.•28 views

ircd-ratbox / Charybdis DoS

Crash with assert on connection initialization...

5CVSS2.1AI score0.00463EPSS

Exploits2References1Affected Software2

securityvulns•added 2013/01/27 12:0 a.m.•32 views

Multiple Vulnerabilities in Linksys WRT54GL

Device Name: Linksys WRT54GL v1.1 Vendor: Linksys/Cisco ============ Vulnerable Firmware Releases: ============ Firmware Version: 4.30.15 build 2, 01/20/2011 ============ Device Description: ============ The Router lets you access the Internet via a wireless connection, broadcast at up to 54 Mbps...

securityvulns•added 2013/01/27 12:0 a.m.•30 views

F5 BIG-IP security vulnerabilities

SQL and XML injections...

7.5CVSS2.6AI score0.08849EPSS

Exploits4References2Affected Software1

securityvulns•added 2013/01/27 12:0 a.m.•73 views

SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability

SEC Consult Vulnerability Lab Security Advisory 20130122-1 ======================================================================= title: SQL Injection product: F5 BIG-IP vulnerable version: =11.2.0 fixed version: 11.2.0 HF3 11.2.1 HF3 CVE number: CVE-2012-3000 impact: Medium homepage:...

7.5CVSS0.1AI score0.01277EPSS

securityvulns•added 2013/01/27 12:0 a.m.•51 views

ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities EMC Identifier: ESA-2013-008 EMC Identifier: NW146708 CVE Identifier: CVE-2013-0928, CVE-2013-0929 Severity Rating: See below for individual severity scores Affected product: EMC AlphaStor 4.0 prior...

9.3CVSS0.6AI score0.78669EPSS

securityvulns•added 2013/01/27 12:0 a.m.•33 views

EMC AlphaStor security vulnerabilities

Command injection, format string vulnerability...

9.3CVSS2.2AI score0.78669EPSS

Exploits10References1Affected Software1

securityvulns•added 2013/01/27 12:0 a.m.•45 views

HP Diagnostics Server code execution

magentservice.exe code execution on TCP/23472 request parsing...

Exploits0References2Affected Software1

securityvulns•added 2013/01/27 12:0 a.m.•53 views

[SECURITY] [DSA 2612-1] ircd-ratbox security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2612-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 24, 2013 http://www.debian.org/security/faq -...

5CVSS2.1AI score0.00463EPSS

securityvulns•added 2013/01/27 12:0 a.m.•28 views

Vino information leakage

It's possible to access clipboard content without authentication...

5CVSS2.5AI score0.00608EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/01/27 12:0 a.m.•45 views

SEC Consult SA-20130124-0 :: Critical SSH Backdoor in multiple Barracuda Networks Products

SEC Consult Vulnerability Lab Security Advisory 20130124-0 ======================================================================= title: Critical SSH Backdoor in multiple Barracuda Networks Products vulnerable products: Barracuda Spam and Virus Firewall Barracuda Web Filter Barracuda Message...

securityvulns•added 2013/01/27 12:0 a.m.•25 views

Multiple Barracuda Networks products backdoors

There are built-in SSH-accessible system accounts with unfiltered IP ranges...

Exploits0References1

securityvulns•added 2013/01/27 12:0 a.m.•52 views

Re: EMC Avamar: World writable cache files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-003: EMC Avamar Client Elevation of Privilege Vulnerability EMC Identifier: ESA-2013-003 CVE Identifier: CVE-2012-2291 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected Products: EMC Avamar HP-UX Client 4.x, 5.x and...

7.2CVSS6AI score0.00032EPSS

securityvulns•added 2013/01/27 12:0 a.m.•24 views

EMC Avamar weak permissions

Cache files are world writable...

7.2CVSS1.7AI score0.00032EPSS

Exploits0References2

securityvulns•added 2013/01/27 12:0 a.m.•53 views

[USN-1701-1] Vino vulnerability

========================================================================== Ubuntu Security Notice USN-1701-1 January 22, 2013 vino vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

5CVSS0.4AI score0.00608EPSS

securityvulns•added 2013/01/27 12:0 a.m.•23 views

Cisco Linksys WRT54GL multiple security vulnerabilities

Code execution, crossite scripting, crossite request forgery...

Exploits0References1

securityvulns•added 2013/01/27 12:0 a.m.•51 views

PHP information leakage

opensslencrypt memory disclosure...

5CVSS1AI score0.00374EPSS

securityvulns•added 2013/01/27 12:0 a.m.•52 views

[security bulletin] HPSBMU02841 SSRT100724 rev.1 - HP Diagnostics Server, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03645497 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03645497 Version: 1 HPSBMU02841...

10CVSS0.7AI score0.35722EPSS

securityvulns•added 2013/01/27 12:0 a.m.•88 views

Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin

Exploit Title : Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 01/21/13 version: 34.05 software link:http://wordpress.org/extend/plugins/cardoza-wordpress-poll/ Wordpress Poll plugin description Wordpress Poll is...

0.7AI score0.00965EPSS

securityvulns•added 2013/01/27 12:0 a.m.•57 views

SEC Consult SA-20130122-0 :: F5 BIG-IP XML External Entity Injection vulnerability

SEC Consult Vulnerability Lab Security Advisory 20130122-0 ======================================================================= title: XML External Entity Injection XXE product: F5 BIG-IP vulnerable version: =11.2.0 fixed version: 11.2.0 HF3 11.2.1 HF3 CVE number: CVE-2012-2997 impact: Medium...

4CVSS6.6AI score0.08849EPSS

securityvulns•added 2013/01/21 12:0 a.m.•118 views

[SE-2012-01] Java 7 Update 11 confirmed to be vulnerable

Hello All, This post might be interesting for those concerned about the state of Oracle's Java SE security. We have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 1 JRE version 1.7.011-b21. MBeanInstantiator bug...

10CVSS0.2AI score0.93614EPSS

securityvulns•added 2013/01/21 12:0 a.m.•41 views

qemu buffer overflow

Buffer overflow in e1000 emulator...

9.3CVSS3AI score0.07525EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/01/21 12:0 a.m.•71 views

NSOADV-2013-001: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/appliance/)

-------------------------- NSOADV-2013-001 --------------------------- SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass /appliance/ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11...

0.6AI score0.89468EPSS

securityvulns•added 2013/01/21 12:0 a.m.•51 views

NSOADV-2013-002: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/sgms/)

-------------------------- NSOADV-2013-002 --------------------------- SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass /sgms/ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 111111...

0.3AI score0.57719EPSS

securityvulns•added 2013/01/21 12:0 a.m.•77 views

CVE-2012-6452 Axway Secure Messenger Username Disclosure

Product: Axway Email Firewall Component: Secure Messenger Vendor: Axway Vulnerable Versions: 6.5 and earlier on the Email Firewall EMF platform only Tested Version: 6.3.2 Build 4230 Vendor Notification: December 8, 2012 Vendor Patch: Secure Messenger version 6.5.0 Updated Release 7 Public...

5CVSS0.1AI score0.00348EPSS

securityvulns•added 2013/01/21 12:0 a.m.•47 views

Linux kernel security vulnerabilities

Invalid hot-added memory handling, information leakage on module loading, DoS...

4.9CVSS1.6AI score0.00579EPSS

Exploits3References3Affected Software1

securityvulns•added 2013/01/21 12:0 a.m.•54 views

Secunia Research: Oracle Outside In Technology Paradox Database Handling Buffer Overflow

====================================================================== Secunia Research 16/01/2013 - Oracle Outside In Technology Stream Filters - - Paradox Database Handling Buffer Overflow - ====================================================================== Table of Contents Affected...

6.8CVSS0.6AI score0.20464EPSS

securityvulns•added 2013/01/21 12:0 a.m.•43 views

Axway Email Firewall information leakage

Different authentication error codes for existant and non-existant user...

5CVSS2.5AI score0.00348EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/01/21 12:0 a.m.•89 views

Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability

Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting XSS vulnerability: - CVE: CVE-2012-5053 - Deloitte Argentina Advisory Code: DTTAR-20130001 - Vendor Status: CONFIRMED - Public Disclosure Date: January, 15th, 2013. - Vendors Affected: Trimble - http://www.trimble.com/ - Systems...

4.3CVSS0.1AI score0.00322EPSS

securityvulns•added 2013/01/21 12:0 a.m.•57 views

Secunia Research: Oracle Outside In Technology Paradox Database Handling Denial of Service

====================================================================== Secunia Research 16/01/2013 - Oracle Outside In Technology Stream Filters - - Paradox Database Handling Denial of Service - ====================================================================== Table of Contents Affected...

6.8CVSS0.6AI score0.00781EPSS

securityvulns•added 2013/01/21 12:0 a.m.•88 views

0-day vulnerability in Oracle Java is used to install maliscious software

Applet can grant permissions to itself...

10CVSS2.1AI score0.93614EPSS

Exploits38References3Affected Software2

securityvulns•added 2013/01/21 12:0 a.m.•98 views

[SECURITY] [DSA 2608-1] qemu security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2608-1 [email protected] http://www.debian.org/security/ Florian Weimer January 15, 2013 http://www.debian.org/security/faq -...

9.3CVSS1.5AI score0.07525EPSS

securityvulns•added 2013/01/21 12:0 a.m.•40 views

Trimble Infrastructure GNSS crossite scripting

Web interface crossite scripting...

4.3CVSS1.3AI score0.00322EPSS

Exploits0References1

securityvulns•added 2013/01/21 12:0 a.m.•95 views

[USN-1696-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1696-1 January 18, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.9CVSS6.5AI score0.00579EPSS

securityvulns•added 2013/01/21 12:0 a.m.•40 views

SonicWALL GMS/Viewpoint/Analyzer authentication bypass

It's possible to access few directories without authentication...

4.2AI score0.89468EPSS

Exploits14References2Affected Software1

securityvulns•added 2013/01/21 12:0 a.m.•31 views

Cisco ASA DoS

DoS on H.323 processing...

7.8CVSS2.4AI score0.0071EPSS

Exploits0Affected Software1

securityvulns•added 2013/01/16 12:0 a.m.•48 views

Microsoft Internet Explorer use-after-free vulnerabilities

Use-after-free vulnerability in CButton is actively used in-the-wild...

9.3CVSS2.7AI score0.91236EPSS

Exploits12Affected Software1

securityvulns•added 2013/01/14 12:0 a.m.•61 views

CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI

CVE-2012-5650 DOM based Cross-Site Scripting via Futon UI Affected Versions: Apache CouchDB releases up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable. Description: Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An...

4.3CVSS0.7AI score0.00895EPSS

securityvulns•added 2013/01/14 12:0 a.m.•58 views

Multiple vulnerabilities in Floating Tweets for WordPress

Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin Floating Tweets for WordPress. These are Full path disclosure, Directory Traversal and Cross-Site Scripting vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are Floating...

securityvulns•added 2013/01/14 12:0 a.m.•69 views

[USN-1683-1] Linux kernel vulnerability

========================================================================== Ubuntu Security Notice USN-1683-1 January 10, 2013 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

2.1CVSS0.00579EPSS

securityvulns•added 2013/01/14 12:0 a.m.•57 views

IL, XSS, FPD, AoF, DoS, AFU vulnerabilities in Daily Edition Mouss theme for WordPress

Hello 3APA3A! I want to warn you about multiple vulnerabilities in Daily Edition Mouss theme for WordPress. In 2011 when I wrote about Cross-Site Scripting WASC-08, Full path disclosure WASC-13, Abuse of Functionality WASC-42 and Denial of Service WASC-10 vulnerabilities in TimThumb and multiple...

securityvulns•added 2013/01/14 12:0 a.m.•38 views

Adobe Reader / Acrobat multiple security vulnereabilities

Multiple memory corruptions, buffer overflows, integer overflows, privilege escalations, code executions...

10CVSS4.3AI score0.2159EPSS

securityvulns•added 2013/01/14 12:0 a.m.•91 views

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-010A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: January 10, 2013 Last revised: -- Systems Affected Any system using Oracle Java 7 1.7, 1.7.0 including Java Platform...

securityvulns•added 2013/01/14 12:0 a.m.•64 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.10746EPSS

Exploits2References8Affected Software4

securityvulns•added 2013/01/14 12:0 a.m.•43 views

FreeType security vulnerabilities

Multiple vulnerabilities on BDF fonts parsing...

4.3CVSS2.8AI score0.02977EPSS

Exploits0References1Affected Software1

securityvulns•added 2013/01/14 12:0 a.m.•94 views

CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows

CVE-2012-5641 Information disclosure via unescaped backslashes in URLs on Windows Affected Versions: All Windows-based releases of Apache CouchDB, up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable. Description: A specially crafted request could be used to access content directly that wou...

5CVSS0.2AI score0.0373EPSS

securityvulns•added 2013/01/14 12:0 a.m.•53 views

Multiple vulnerabilities in TinyBrowser

Hello 3APA3A! I want to warn you about multiple vulnerabilities in TinyBrowser for TinyMCE. These are new vulnerabilities in addition to my 2009 and 2011 advisories about Arbitrary File Upload and Code Execution vulnerabilities in TinyBrowser. It concerns as TinyBrowser, as all web applications...

securityvulns•added 2013/01/14 12:0 a.m.•101 views

Arbitrary File Upload and Code Execution in Accusoft Prizm Content Connect

In the course of our security assessment consulting we often find 0day vulnerabilities and report them to vendors. In this particular case the vendor has unfortunately shown a general disregard for the security risk of this uncovered vulnerability which was originally disclosed privately to them ...

1.2AI score0.10746EPSS

securityvulns•added 2013/01/14 12:0 a.m.•82 views

OrangeHRM 2.7.1 Vacancy Name Persistent XSS

OrangeHRM1 2.7.12 -- the latest stable release as of this writing -- suffers from a persistent XSS in the vacancy name variable. Steps: 1. Navigate to following URL: http://domain/symfony/web/index.php/recruitment/viewJobVacancy 2. Add or Edit a Vacancy 3. In the Vacancy Name parameter put XSS...

securityvulns•added 2013/01/14 12:0 a.m.•55 views

[USN-1686-1] FreeType vulnerabilities

========================================================================== Ubuntu Security Notice USN-1686-1 January 14, 2013 freetype vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

4.3CVSS0.6AI score0.02977EPSS

securityvulns•added 2013/01/14 12:0 a.m.•79 views

[SECURITY] [DSA 2606-1] proftpd-dfsg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2606-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 13, 2013 http://www.debian.org/security/faq -...

1.2CVSS1.9AI score0.00057EPSS

Total number of security vulnerabilities47153