Securityvulns - Page 117 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2012/12/11 12:0 a.m.•78 views

SimpleInvoices 2011.1 Cross-Site-Scripting (XSS) Vulnerabilities CVE-2012-4932

Overview SimpleInvoices 2011.1 is vulnerable to Cross-site Scripting XSS. Software Description Simple Invoices is a free, open source, web based invoicing system that you can install on your server/pc or have hosted by one of our services providers. Vulnerability Overview The vulnerabilities POC...

4.3CVSS6.4AI score0.00757EPSS

securityvulns•added 2012/12/11 12:0 a.m.•69 views

[USN-1659-1] GIMP vulnerability

========================================================================== Ubuntu Security Notice USN-1659-1 December 10, 2012 gimp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.7AI score0.06336EPSS

securityvulns•added 2012/12/11 12:0 a.m.•96 views

Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework

Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...

6.8CVSS0.6AI score0.10613EPSS

securityvulns•added 2012/12/11 12:0 a.m.•38 views

FreeVimager 4.1.0 <= WriteAV Arbitrary Code Execution

!/usr/bin/perl FreeVimager 4.1.0 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://www.contaware.com Vendor Decription: This is a Free & Fast Image Viewer and Editor for Windows. It can as well play avi video files, ordinary audio files and audio...

securityvulns•added 2012/12/11 12:0 a.m.•33 views

Snare multiple security vulnerabilities

Information leakage, CSRF, XSS...

4.3CVSS2AI score0.00761EPSS

Exploits2References3Affected Software1

securityvulns•added 2012/12/11 12:0 a.m.•37 views

[email protected]

Snare for Linux Cross-Site Scripting via Log Injection I. BACKGROUND ---------------------- Snare for Linux provides a 'C2' or 'CAPP' style audit subsystem for the Linux operating system. It can be used as a standalone auditing tool for Linux, or can send data to the Snare Server for analysis and...

4.3CVSS0.4AI score0.00199EPSS

securityvulns•added 2012/12/11 12:0 a.m.•73 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.10613EPSS

Exploits6References3Affected Software2

securityvulns•added 2012/12/11 12:0 a.m.•31 views

DIMIN Viewer memory corruption

Memory corruption on GIF parsing...

Exploits0References1Affected Software1

securityvulns•added 2012/12/11 12:0 a.m.•41 views

Snare for Linux Password Disclosure

Snare for Linux Password Disclosure I. BACKGROUND ---------------------- Snare for Linux provides a 'C2' or 'CAPP' style audit subsystem for the Linux operating system. It can be used as a standalone auditing tool for Linux, or can send data to the Snare Server for analysis and storage. II...

0.7AI score0.00761EPSS

securityvulns•added 2012/12/11 12:0 a.m.•32 views

Centrify Deployment Manager v2.1.0.283 local root

Centrify Deployment Manager v2.1.0.283 local root 12/7/2012 Taking a little longer look at the software, I managed to win a race condition and get root with files in /tmp. Here is my analysis: root@h0g:/tmp ls -l /etc/shadow -r-------- 1 root shadow 1010 Dec 7 21:42 /etc/shadow root@h0g:/tmp...

securityvulns•added 2012/12/11 12:0 a.m.•25 views

Contaware FreeVimager memory corruption

Memory corruption on GIF parsing...

Exploits0References1Affected Software1

securityvulns•added 2012/12/11 12:0 a.m.•35 views

DIMIN Viewer 5.4.0 <= WriteAV Arbitrary Code Execution

!/usr/bin/perl DIMIN Viewer 5.4.0 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://www.dimin.net Vendor Decription: View images in countless formats, and apply a variety of effects with this small, fast, and powerful application. Dimin Viewer...

securityvulns•added 2012/12/10 12:0 a.m.•29 views

RIM BlackBerry PlayBook information leakage

Local HTML file can send any data outside...

0.6AI score0.01877EPSS

Exploits1References1

securityvulns•added 2012/12/10 12:0 a.m.•81 views

Fwd: SQL injection

Product: FOOT Gestion Version: - Vendor: Winsoft Vendor site:http://www.footgestion.ch Status: fixed Level: High ========= Description ========= FOOT Gestion is a soccer team management CMS. The solution is based on a software and a CMS website. The website module is affected by a SQL injection...

securityvulns•added 2012/12/10 12:0 a.m.•38 views

Forescout NAC multiple security vulnerabilities

Crossite scripting, protection bypass...

5.8CVSS1.8AI score0.08919EPSS

Exploits2References2Affected Software1

securityvulns•added 2012/12/10 12:0 a.m.•59 views

Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability

Application- Wordpress Plugin Simple Gmail Login Exploit - Stack Trace Error URL- http://wordpress.org/extend/plugins/simple-gmail-login/ Author- Aditya Balapure Link - http://adityabalapure.blogspot.in/ Description Once you have installed this plugin you can login to wp-admin using your ordinary...

securityvulns•added 2012/12/10 12:0 a.m.•41 views

OpenStack security vulnerabilities

User authorization vulnerabilities...

5.8CVSS2.9AI score0.01906EPSS

Exploits2References2

securityvulns•added 2012/12/10 12:0 a.m.•44 views

Update on CVE assigned for Video Lead Form Plugin Cross-Site

Exploit Title : Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 24/11/12 version: 0.5 software link: http://wordpress.org/extend/plugins/video-lead-form/ CVE Assigned - CVE-2012-6312...

4.3CVSS0.1AI score0.01143EPSS

securityvulns•added 2012/12/10 12:0 a.m.•34 views

Microsoft Internet Explorer 7

Hello 3APA3A! I want to warn you about Denial of Service vulnerabilities in Internet Explorer. I've found these DoS holes in IE7 already in August 2010. ------------------------- Affected products: ------------------------- Vulnerable are Internet Explorer 7 7.00.5730.13 and other versions of IE7...

securityvulns•added 2012/12/10 12:0 a.m.•51 views

Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability

========================================================================================== Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability ==========================================================================================...

securityvulns•added 2012/12/10 12:0 a.m.•70 views

NGS000330 Technical Advisory: Squiz CMS File Path Traversal

======= Summary ======= Name: Squiz CMS - File Path Traversal Release Date: 30 November 2012 Reference: NGS00330 Discoverer: Robert Ray [email protected] Vendor: Squiz Vendor Reference: 11846 Systems Affected: Squiz CMS V11654 Risk: High Status: Published ======== TimeLine ========...

securityvulns•added 2012/12/10 12:0 a.m.•65 views

Forescout NAC (Network Access Control) multiple vulnerabilities

Forescout NAC Network Access Control multiple vulnerabilities: Forescout NAC 6.3.4.1 Cross-Site Redirection Vulnerability CVE-2012-4982 The Forescout NAC device is vulnerable to cross-site redirection and could be used to redirect a targetted victim to a malicious site. The 'a' parameter is...

5.8CVSS0.5AI score0.08919EPSS

securityvulns•added 2012/12/10 12:0 a.m.•58 views

Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL

Exploit Title : Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 24/11/12 version: 0.5 software link: http://wordpress.org/extend/plugins/video-lead-form/ Video Lead Form plugin descripti...

securityvulns•added 2012/12/10 12:0 a.m.•29 views

Microsoft Internet Explorer 7 memory corruption

Memory corruption on redirection to data: uri containing some tags...

Exploits0References1

securityvulns•added 2012/12/10 12:0 a.m.•90 views

NGS000241 Technical Advisory: SysAid Helpdesk Pro Blind SQL Injection

======= Summary ======= Name: SysAid Helpdesk Pro - Blind SQL Injection Release Date: 30 November 2012 Reference: NGS00241 Discoverer: Daniel Compton [email protected] Vendor: SysAid Vendor Reference: Systems Affected: SysAid Helpdesk 8.5 Pro Risk: High Status: Published ========...

securityvulns•added 2012/12/10 12:0 a.m.•58 views

Low severity flaw in RIM BlackBerry PlayBook OS browser

Summary The web browser which comes as part of the RIM BlackBerry PlayBook OS can be tricked into disclosing the contents of local files through the planting of a malicious HTML file through the standard download mechanism. It should be noted that in order to exploit this issue, user interaction ...

6.6AI score0.01877EPSS

securityvulns•added 2012/12/10 12:0 a.m.•305 views

BF and FPD vulnerabilities in MODx

Hello 3APA3A! I want to warn you about security vulnerabilities in MODx. This is the first part of the vulnerabilities in this CMS the first 19 vulnerabilities. These are Brute Force and Full path disclosure vulnerabilities in MODx. It's about 0.x and 1.x Evolution versions of MODx CMS. In 2.x...

securityvulns•added 2012/12/10 12:0 a.m.•45 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.06944EPSS

Exploits18References21Affected Software13

securityvulns•added 2012/12/10 12:0 a.m.•70 views

Multiple vulnerabilities in Achievo

Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...

6.5CVSS7.3AI score0.00862EPSS

securityvulns•added 2012/12/10 12:0 a.m.•59 views

[DC-2012-11-002] DefenseCode ThunderScan ASP.Net C# Advisory: BugTracker.Net Multiple Security Vulnerabilities

DefenseCode ThunderScan ASP.Net C Advisory: BugTracker.Net Multiple Security Vulnerabilities Advisory ID: DC-2012-11-002 Advisory Title: BugTracker.Net Multiple Security Vulnerabilities Advisory URL: http://www.defensecode.com/article/bugtracker.netmultiplesecurityvulnerabilities-31 Software:...

securityvulns•added 2012/12/10 12:0 a.m.•23 views

FortiGate FortiDB crossite scripting

Few crossite scripting vulnerabilities...

Exploits0References1

securityvulns•added 2012/12/10 12:0 a.m.•53 views

XSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb, Liferay Portal, SurgeMail, symfony

Hello 3APA3A! I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in AionWeb, Magento, Liferay Portal, SurgeMail, symfony and that this hole is available in many other web applications. In previous letters I've wrote...

securityvulns•added 2012/12/10 12:0 a.m.•57 views

SilverStripe CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-011

Sense of Security - Security Advisory - SOS-12-011 Release Date. 30-Nov-2012 Last Update. - Vendor Notification Date. 29-Oct-2012 Product. SilverStripe CMS Platform. Windows Affected versions. 3.0.2 Severity Rating. Medium Impact. Privilege escalation, cross-site scripting Attack Vector. From...

securityvulns•added 2012/12/10 12:0 a.m.•61 views

Wordpress Facebook Survey v1 - SQL Injection Vulnerability

Title: ====== Wordpress Facebook Survey v1 - SQL Injection Vulnerability Date: ===== 2012-11-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=766 VL-ID: ===== 766 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...

securityvulns•added 2012/12/10 12:0 a.m.•54 views

[USN-1641-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1641-1 November 28, 2012 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

4.9CVSS0.6AI score0.00561EPSS

securityvulns•added 2012/12/10 12:0 a.m.•56 views

XSS vulnerability in swfupload in TYPO3 CMS, TinyMCE, Liferay Portal, Drupal, Codeigniter, SentinelleOnAir

Hello 3APA3A! I will draw your attention to XSS vulnerability in other web applications with swfupload. This is finial advisory concerning different versions of this flash application. Earlier I've wrote about swfupload in Archiv plugin for TinyMCE, Squeeze Documents for SPIP, Upload Manager for...

securityvulns•added 2012/12/10 12:0 a.m.•113 views

ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities

ESA-2012-052.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-052: RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities EMC Identifier: ESA-2012-052 CVE Identifier: CVE-2012-4608 CVE Identifier: CVE-2012-4609 Severity Rating: CVSS v2 Base Score: 6. 8...

6.8CVSS0.4AI score0.00224EPSS

securityvulns•added 2012/12/10 12:0 a.m.•51 views

CSRF, AoF, DoS and IAA vulnerabilities in MODx

Hello 3APA3A! I want to warn you about new security vulnerabilities in MODx. This is the second part of the vulnerabilities in this CMS 6 vulnerabilities to previous 19 vulnerabilities. These are Cross-Site Request Forgery, Abuse of Functionality, Denial of Service and Insufficient Anti-automatio...

securityvulns•added 2012/12/10 12:0 a.m.•150 views

FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability

Title: ====== FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability Date: ===== 2012-11-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=558 VL-ID: ===== 558 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: ============...

securityvulns•added 2012/12/10 12:0 a.m.•77 views

Manage Engine Exchange Reporter v4.1 - Multiple Web Vulnerabilites

Title: ====== Manage Engine Exchange Reporter v4.1 - Multiple Web Vulnerabilites Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=688 VL-ID: ===== 688 Common Vulnerability Scoring System: ==================================== 4.5 Introduction:...

securityvulns•added 2012/12/10 12:0 a.m.•47 views

tinymcpuk xss vulnerability

================================================================= tinymcpuk xss vulnerability ================================================================= Exploit Title: tinymcpuk xss vulnerability Google Dork: n/a Date: 1/12/2012 GMT+7 Exploit Author: eidelweiss @randyarios Vendor Homepage:...

securityvulns•added 2012/12/10 12:0 a.m.•31 views

RSA NetWitness Informer multiple security vulnerabilities

Web interface multiple vulnerabilities...

6.8CVSS3.1AI score0.00224EPSS

Exploits0References1Affected Software1

securityvulns•added 2012/12/10 12:0 a.m.•37 views

XSS Vulnerability in Simple Slider Wordpress Plugin

Exploit Title : Simple Slider Plugin Cross-Site Scripting Vulnerabilities Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 21/11/12 version: 1.0 software link: http://wordpress.org/extend/plugins/simple-slider Simple Slider plugin description Simple Slider Plugin for WordPre...

securityvulns•added 2012/12/10 12:0 a.m.•88 views

Multiple vulnerabilities in dotProject

Advisory ID: HTB23124 Product: dotProject Vendor: dotproject.net Vulnerable Versions: 2.1.6 and probably prior Tested Version: 2.1.6 Vendor Notification: October 31, 2012 Vendor Patch: November 7, 2012 Public Disclosure: November 21, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site...

6.8CVSS0.5AI score0.02305EPSS

securityvulns•added 2012/12/10 12:0 a.m.•29 views

FortiGate FortiWeb crossite scripting

Few crossite scripting vulnerabilities...

Exploits0References1

securityvulns•added 2012/12/10 12:0 a.m.•171 views

FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities

Title: ====== FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Date: ===== 2012-12-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=702 VL-ID: ===== 702 Common Vulnerability Scoring System: ==================================== 2.1 Introduction: =============...

securityvulns•added 2012/12/10 12:0 a.m.•69 views

ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities

Title: ====== ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities Date: ===== 2012-11-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=689 VL-ID: ===== 689 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

securityvulns•added 2012/12/10 12:0 a.m.•361 views

Update on CVE assigned for Wordpress Plugin Simple Gmail Login

Application- Wordpress Plugin Simple Gmail Login Exploit - Stack Trace Error URL- http://wordpress.org/extend/plugins/simple-gmail-login/ Author- Aditya Balapure Link - http://adityabalapure.blogspot.in/ CVE Assigned- CVE-2012-6313. Description Once you have installed this plugin you can login to...

5CVSS6.2AI score0.06944EPSS

securityvulns•added 2012/12/09 12:0 a.m.•24 views

splunk DoS

Crash on malcrafted packet...

Exploits0References1Affected Software1

securityvulns•added 2012/12/09 12:0 a.m.•27 views

HP LaserJet printers crossite scripting

No description provided...

4.3CVSS1.4AI score0.00623EPSS

Exploits0References1

Total number of security vulnerabilities47153