Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2013/01/14 12:0 a.m.59 views

ProFTPd symbolic links vulnerability

No description provided...

1.2CVSS1.3AI score0.00693EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.58 views

[USN-1686-1] FreeType vulnerabilities

========================================================================== Ubuntu Security Notice USN-1686-1 January 14, 2013 freetype vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

4.3CVSS0.6AI score0.03857EPSS
Exploits0
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.43 views

FreeType security vulnerabilities

Multiple vulnerabilities on BDF fonts parsing...

4.3CVSS2.8AI score0.03857EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.127 views

Adobe ColdFusion multiple security vulnerabilities

Authentication bypass, privilege escalation, information leakage...

10CVSS3.1AI score0.93797EPSS
Exploits12Affected Software1
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.59 views

[SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code

Hello All, We were notified today of ongoing attacks with the use of a new Java vulnerability affecting latest version 7 Update 10 of the software 12. Due to the unpatched status of Issue 50 3 and some inquiries received regarding whether the attack code found exploited this bug, we had a quick...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.58 views

IL, XSS, FPD, AoF, DoS, AFU vulnerabilities in Daily Edition Mouss theme for WordPress

Hello 3APA3A! I want to warn you about multiple vulnerabilities in Daily Edition Mouss theme for WordPress. In 2011 when I wrote about Cross-Site Scripting WASC-08, Full path disclosure WASC-13, Abuse of Functionality WASC-42 and Denial of Service WASC-10 vulnerabilities in TimThumb and multiple...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.38 views

Adobe Reader / Acrobat multiple security vulnereabilities

Multiple memory corruptions, buffer overflows, integer overflows, privilege escalations, code executions...

10CVSS4.3AI score0.10004EPSS
Exploits4
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.64 views

CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash

CVE-2012-5649 JSONP arbitrary code execution with Adobe Flash Severity: Moderate Vendor: The Apache Software Foundation Affected Versions: JSONP is supported but disabled by default in all currently supported releases of Apache CouchDB. Administrator access is required to enable it. Releases up t...

6.8CVSS2.4AI score0.06558EPSS
Exploits0
securityvulns
securityvulns
added 2013/01/14 12:0 a.m.102 views

Adobe Flash Player memory corruption

Memory corruption on SWF parsing...

10CVSS3.7AI score0.08158EPSS
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.72 views

Chrome for Android - Download Function Information Disclosure

CVE Number: CVE-2012-4906 Title: Chrome for Android - Download Function Information Disclosure Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Rogue Android apps can steal...

5CVSS5.9AI score0.03103EPSS
Exploits1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.113 views

Chrome for Android - UXSS via com.android.browser.application_id Intent extra

CVE Number: CVE-2012-4905 Title: Chrome for Android - UXSS via com.android.browser.applicationid Intent extra Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: By sending a...

4.3CVSS0.5AI score0.01553EPSS
Exploits1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.18 views

Facebook for Android information leakage

Malicious app can steal private files...

2AI score
Exploits0References1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.73 views

Nero MediaHome Multiple Remote DoS Vulnerabilities

Advisory ID: HTB23130 Product: Nero MediaHome Vendor: Nero Vulnerable Versions: 4.5.8.0 and probably prior Tested Version: 4.5.8.0 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: January 9, 2013 Vulnerability Type: Improper Handling of Length Parameter Inconsistency...

5CVSS0.3AI score0.07681EPSS
Exploits6
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.33 views

Microsoft System Center Operations Manager crossite scripting

Crossite scripting in Web console...

4.3CVSS1.5AI score0.16618EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.58 views

New vulnerabilities in MODx Revolution

Hello 3APA3A! I want to warn you about two new vulnerabilities in MODx Revolution. This is addition to previous publication about vulnerabilities in MODx Revolution http://securityvulns.ru/docs28923.html. These are Abuse of Functionality vulnerabilities in MODx related to earlier mentioned Brute...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.29 views

Cisco Prime LAN Management Solution code execution

Insufficient network traffic validation...

10CVSS2.9AI score0.04635EPSS
Exploits4Affected Software1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.53 views

Facebook for Android - Information Diclosure Vulnerability

Title: Facebook for Android - Information Diclosure Vulnerability Affected Software: Facebook Application 1.8.1 for Android Confirmed on Android 2.2 Credit: Takeshi Terada Issue Status: v1.8.2 was released which fixes this vulnerability Overview: The LoginActivity of Facebook app has improper...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.39 views

EMC Networker buffer overflow

Buffer overflow in nsrindexd RPC based service...

9.3CVSS4.2AI score0.03189EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.94 views

TomatoCart 1.x | Unrestricted File Creation

OVERVIEW TomatoCart 1.x versions are vulnerable to Unrestricted File Creation. 2. BACKGROUND TomatoCart is an innovative Open Source shopping cart solution developed by Wuxi Elootec Technology Co., Ltd. It is forked from osCommerce 3 as a separate project and is released under the GNU General...

Exploits0
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.65 views

Remote Buffer Overflow Vulnerability in Samsung Kies

Advisory ID: HTB23136 Product: Samsung Kies Vendor: Samsung Electronics Vulnerable Versions: 2.5.0.121141 Tested Version: 2.5.0.121141 on Windows 7 SP1 and Internet Explorer 9.0 Vendor Notification: December 19, 2012 Vendor Patch: December 27, 2012 Public Disclosure: January 9, 2013 Vulnerability...

10CVSS0.1AI score0.15349EPSS
Exploits3
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.32 views

X.Org / XFree86 xfs DoS

Invalid SendErrToClient function use...

3.6CVSS1.6AI score0.00351EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.82 views

Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart

Advisory ID: HTB23135 Product: Quick.Cms, Quick.Cart Vendor: OpenSolution team Vulnerable Versions: Quick.Cms 5.0, Quick.Cart 6.0 and probably prior Tested Version: Quick.Cms 5.0, Quick.Cart 6.0 Vendor Notification: December 19, 2012 Vendor Patch: December 20, 2012 Public Disclosure: January 9,...

4.3CVSS6.1AI score0.0391EPSS
Exploits3
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.34 views

Nero MediaHome DoS

Different vulnerabilities on TCP/54444 requests parsing...

5CVSS4.2AI score0.07681EPSS
Exploits6References1Affected Software1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.38 views

Samsung Kies ActiveX multiple security vulnerabilities

Code execution, files modification...

10CVSS3.1AI score0.31563EPSS
Exploits6References2Affected Software1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.88 views

TomatoCart 1.x | Cross Site Request Forgery Protection Bypass via JavaScript Hijacking

OVERVIEW TomatoCart 1.x versions are vulnerable to Cross Site Request Forgery Protection Bypass. 2. BACKGROUND TomatoCart is an innovative Open Source shopping cart solution developed by Wuxi Elootec Technology Co., Ltd. It is forked from osCommerce 3 as a separate project and is released under...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.88 views

Chrome for Android - Cookie theft from Chrome by malicious Android app

CVE Number: CVE-2012-4909 Title: Chrome for Android - Cookie theft from Chrome by malicious Android app Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Symbolic links can be...

4.3CVSS0.1AI score0.02147EPSS
Exploits1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.106 views

Chrome for Android - Bypassing SOP for Local Files By Symlinks

CVE Number: CVE-2012-4908 Title: Chrome for Android - Bypassing SOP for Local Files By Symlinks Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Chrome for Android's Same-Origi...

7.5CVSS5.8AI score0.03348EPSS
Exploits1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.72 views

[SECURITY] [DSA 2602-1] zendframework security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2602-1 [email protected] http://www.debian.org/security/ Florian Weimer January 08, 2013 http://www.debian.org/security/faq -...

5CVSS1.4AI score0.01705EPSS
Exploits0
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.28 views

Cisco Unified IP Phones 7900 privilege escalation

Insufficient syscall arguments check...

6.8CVSS3AI score0.004EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.104 views

Chrome for Android - Android APIs exposed to JavaScript

CVE Number: CVE-2012-4907 Title: Chrome for Android - Android APIs exposed to JavaScript Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: By abusing Java objects exposed to...

9.3CVSS0.4AI score0.01012EPSS
Exploits1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.35 views

Google Chrome for Android multiple security vulnerabilities

Multiple protection bypass and privilege escalation vulnerabilities...

9.3CVSS3.3AI score0.03348EPSS
Exploits5References5Affected Software1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.60 views

Microsoft Windows multiple security vulnerabilities

Print spooler service code execution, XML library integer overflow and memory corruption, multiple .Net vulnerabilities, Win32K privilege escalation SSL/TLS library protection bypass, Open Data Protocol DoS...

10CVSS3.9AI score0.32096EPSS
Exploits19Affected Software1
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.66 views

ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability. EMC Identifier: ESA-2013-001 EMC CQ Identifier: NW145612 EMC CQ Identifier: NW145894 CVE Identifier: CVE-2012-4607 Severity Rating: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected Products: EMC...

9.3CVSS1.2AI score0.03189EPSS
Exploits0
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.54 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Multiple memory corruptions, buffer overflows, privilege escalations, address spoofing, misissued certificate...

10CVSS3.2AI score0.73364EPSS
Exploits30Affected Software3
securityvulns
securityvulns
added 2013/01/10 12:0 a.m.72 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.04458EPSS
Exploits8References5Affected Software6
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.30 views

Rapid7 Nexpose security vulnerabilities

Crossite scripting and request forgery...

6.8CVSS1.7AI score0.02306EPSS
Exploits6References2Affected Software1
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.48 views

AST-2012-014: Crashes due to large stack allocations when using TCP

Asterisk Project Security Advisory - AST-2012-014 Product Asterisk Summary Crashes due to large stack allocations when using TCP Nature of Advisory Stack Overflow Susceptibility Remote Unauthenticated Sessions SIP Remote Authenticated Sessions XMPP, HTTP Severity Critical Exploits Known No Report...

5CVSS0.2AI score0.03032EPSS
Exploits0
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.21 views

PMSoftware Simple Webserver directory traversal

Request with relative path allows file retrieval...

4.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.39 views

Asterisk security vulnerabilities

DoS conditions caused by resources exhaustion...

5CVSS2.1AI score0.03032EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.35 views

Simple Webserver 2.3-rc1 Directory Traversal

Exploit Title: Simple Webserver 2.3-rc1 Directory Traversal Date: 01/02/2013 Exploit Author: CwG GeNiuS Vendor Homepage: http://www.pmx.it Software Link: http://www.pmx.it/download/sws-2.3-rc1-i686.exe Version: 2.3-rc1 and earlier Tested on: Windows 7 Enterprise SP1 Vulnerability: When removing t...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.43 views

DoS vulnerability in Flash player (access violation)

Hello 3APA3A! I want to warn you about Denial of Service vulnerability in Flash player plugin for browsers. I've found this vulnerability in June 11.06.2011. That time I've wrote about this built-in DoS in new version of Flash player as a "surprise" from Adobe for owners of old browser, because i...

1AI score
Exploits0
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.50 views

AST-2012-015: Denial of Service Through Exploitation of Device State Caching

Asterisk Project Security Advisory - AST-2012-015 Product Asterisk Summary Denial of Service Through Exploitation of Device State Caching Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Critical Exploits Known None Reported On 26 July, 2012 Reported By...

4.3CVSS0.7AI score0.02106EPSS
Exploits0
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.68 views

CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF)

Product: Nexpose Security Console Vendor: Rapid7 Version: 5.5.3 Tested Version: 5.5.1 Vendor Notified Date: December 19, 2012 Release Date: January 2, 2013 Risk: High Authentication: None required Remote: Yes Description: Multiple Cross-Site Request Forgery CSRF vulnerabilities in Nexpose Securit...

6.8CVSS6.8AI score0.02306EPSS
Exploits5
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.24 views

Слабая криптография в IP-телефонах Aastra

Configuration file encryption is vulnerable to replay attacks...

2AI score
Exploits0References1
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.93 views

Aastra IP Telephone encrypted .tuz configuration file leakage

Aastra IP telephone encrypted .tuz configuration file leakage ------------------------------------------------------------- Affected products ================= Aastra 6753i IP Telephone Firmware Version 3.2.2.56 Firmware Release Code SIP Boot Version 2.5.2.1010 Background ========== "The 6753i fr...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/01/05 12:0 a.m.55 views

CVE-2012-6494 - Nexpose Security Console - Session Hijacking

Product: Nexpose Security Console Vendor: Rapid7 Version: 5.5.3 Tested Version: 5.5.1 Vendor Notified Date: December 19, 2012 Release Date: January 2, 2013 Risk: Medium Authentication: Access to logs required. Remote: Yes Description: Due to a flaw in the way the Nexpose Security Console logs...

0.4AI score0.01205EPSS
Exploits1
securityvulns
securityvulns
added 2013/01/02 12:0 a.m.29 views

Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability

Title: ====== Log Analyzer 3.6.0 - Cross Site Scripting Vulnerability Date: ===== 2012-12-20 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=792 Vendor:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2013/01/02 12:0 a.m.29 views

Charybdis IRC server DoS

assert on client capabilities negotiation...

2.5AI score
Exploits0References1
securityvulns
securityvulns
added 2013/01/02 12:0 a.m.45 views

Multiple vulnerabilities in RocketTheme themes for WordPress

Hello 3APA3A! Earlier I've wrote to the list about multiple vulnerabilities in multiple themes for WordPress http://seclists.org/fulldisclosure/2012/Dec/236. In that later I've mentioned 16 themes by RocketTheme with Rokbox: Afterburner, Refraction, Solarsentinel, Mixxmag, Iridium, Infuse,...

Exploits0
securityvulns
securityvulns
added 2013/01/02 12:0 a.m.33 views

Charybdis: Improper assumptions in the server handshake code may lead to a remote crash

Access vector: network Access complexity: low Authentication requirement: none Confidentiality impact: none Integrity impact: none Availability impact: complete CVSSv2 temporal score: 6.4 Exploitability: functional exploit exists Remediation level: official fix Report confidence: confirmed Summar...

1.2AI score
Exploits0
Total number of security vulnerabilities47153