Securityvulns - Page 12 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2015/07/05 12:0 a.m.•77 views

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and address the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite...

6.8CVSS0.3AI score0.01116EPSS

securityvulns•added 2015/07/05 12:0 a.m.•36 views

IBM Domino Web Server crossite scripting

No description provided...

2.1CVSS1.9AI score0.00295EPSS

Exploits0References2Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•41 views

libcrypto++ timing attacks

Rabin-Williams algorithm timing attacks...

5CVSS1.9AI score0.00403EPSS

Exploits0References1

securityvulns•added 2015/07/05 12:0 a.m.•63 views

Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10

Vulnerability: Session Fixation, Reflected XSS, Code Execution Affected Software: PivotX http://pivotx.net/ Affected Version: 2.3.10 probably also prior versions Patched Version: 2.3.11 Risk: Medium-High Session Fixation ================ Risk ---- Medium; If victim clicks link and logs in, then a...

securityvulns•added 2015/07/05 12:0 a.m.•73 views

CollabNet Subversion Edge insecure password change

Vuln Title: The CollabNet Subversion Edge management frontend does not require current password upon password change Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Insecure password change...

securityvulns•added 2015/07/05 12:0 a.m.•57 views

SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20150626-0 ======================================================================= title: Critical vulnerabilities allow surveillance on conferences product: Polycom RealPresence Resource Manager RPRM...

7.5CVSS1.9AI score0.34308EPSS

securityvulns•added 2015/07/05 12:0 a.m.•76 views

CSRF Vulnerability in C2Box application CVE-2015-4460

Please add this advisory to your archive. Thanks. Title: Cross-Site Request Forgery CSRF Vulnerability in C2Box application Allows adding an Admin User or reset any user's password. Author: Wissam Bashour - Help AG Middle East Vendor: boxautomationB.A.S Product: C2Box Version: All versions below...

6.8CVSS6.7AI score0.00318EPSS

securityvulns•added 2015/07/05 12:0 a.m.•83 views

[SECURITY] [DSA 3293-1] pyjwt security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3293-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 20, 2015 https://www.debian.org/security/faq -...

securityvulns•added 2015/07/05 12:0 a.m.•25 views

HP-UX privilege escalation

pppoec privilege escalation...

7.2CVSS2.6AI score0.00046EPSS

Exploits0References1

securityvulns•added 2015/07/05 12:0 a.m.•29 views

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability EMC Identifier: ESA-2015-112 CVE Identifier: CVE-2015-4525 Severity Rating: CVSS v2 Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C Affected products: • EMC Isilon OneFS 7.2.0.0 - 7.2.0.1 • EMC...

9CVSS0.5AI score0.00857EPSS

securityvulns•added 2015/07/05 12:0 a.m.•34 views

Apache Storm code execution

Code execution on the web server...

10CVSS2AI score0.1242EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•56 views

CollabNet Subversion Edge missing brute force protection

Vuln Title: The CollabNet Subversion Edge does not protect against brute forcing accounts Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Risk: Medium Status:...

securityvulns•added 2015/07/05 12:0 a.m.•185 views

CollabNet Subversion Edge Password Hash Leak

Vuln Title: The CollabNet Subversion Edge Management frontend user credential hash leak Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Credential leak Risk: Medium Status: public/fixed Fixed...

securityvulns•added 2015/07/05 12:0 a.m.•41 views

[security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04718530 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04718530 Version: 1 HPSBUX03359 rev....

7.2CVSS0.2AI score0.00046EPSS

securityvulns•added 2015/07/05 12:0 a.m.•39 views

XSS vulnerability in IBM Domino

Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in IBM Domino. This is one from many vulnerabilities in Domino, which I've found at 03.05.2012. In previous years I wrote about multiple vulnerabilities in Lotus Domino http://securityvulns.ru/docs29277.html and Lotus Notes...

securityvulns•added 2015/07/05 12:0 a.m.•41 views

CollabNet Subversion Edge autocomplete on

Vuln Title: The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Ris...

securityvulns•added 2015/07/05 12:0 a.m.•40 views

Apple Safari / Webkit multiple security vulnerabilities

Multiple memory corruptions...

6.8CVSS1.9AI score0.01116EPSS

Exploits0References2Affected Software2

securityvulns•added 2015/07/05 12:0 a.m.•39 views

CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability

In November 2014, SEARCH-LAB Ltd. discovered a security vulnerability in Microsec e-Szigno, and Netlock Mokka computer applications that are used to generate and validate digital signatures, which are applied within the official Hungarian government processes. The vulnerability affected the...

6.8CVSS0.5AI score0.00411EPSS

securityvulns•added 2015/07/05 12:0 a.m.•27 views

Polycom RealPresence Resource Manager multiple security vulnerabilities

Information disclosure, privilege escalation, directory traversal...

7.5CVSS3.2AI score0.34308EPSS

Exploits9References1Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•83 views

[SECURITY] [DSA 3295-1] cacti security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3295-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 24, 2015 https://www.debian.org/security/faq -...

7.5CVSS1.4AI score0.03761EPSS

securityvulns•added 2015/07/05 12:0 a.m.•125 views

CollabNet Subversion Edge weak password policy

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement a strong password policy Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Risk: Medi...

securityvulns•added 2015/07/05 12:0 a.m.•47 views

[SECURITY] [DSA 3297-1] unattended-upgrades security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3297-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 29, 2015 https://www.debian.org/security/faq -...

6.8CVSS1.9AI score0.00087EPSS

securityvulns•added 2015/07/05 12:0 a.m.•84 views

APPLE-SA-2015-06-30-6 iTunes 12.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-6 iTunes 12.2 iTunes 12.2 is now available and addresses the following: WebKit Available for: Windows 8 and Windows 7 Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected...

7.5CVSS0.1AI score0.03816EPSS

securityvulns•added 2015/07/05 12:0 a.m.•73 views

Apple Mac OS X / EFI multiple security vulnerabilities

Privilege escalation, information disclosure, multiple memory corruptions...

10CVSS2.1AI score0.92346EPSS

Exploits47References2Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•90 views

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following: Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to...

10CVSS0.2AI score0.92346EPSS

securityvulns•added 2015/07/05 12:0 a.m.•105 views

novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt Vendor: ======================= community.novius-os.org Product: =============================================================== novius-os.5.0.1-elche is a PHP...

securityvulns•added 2015/07/05 12:0 a.m.•58 views

CollabNet Subversion Edge tail local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "fileName" parameter of the "tail" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local...

securityvulns•added 2015/07/05 12:0 a.m.•33 views

ipTIME code execution

Code execution via web interface...

Exploits0References2

securityvulns•added 2015/07/05 12:0 a.m.•71 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.31814EPSS

Exploits12References25Affected Software6

securityvulns•added 2015/07/05 12:0 a.m.•59 views

CollabNet Subversion Edge weak password storage mechanism

Vuln Title: The CollabNet Subversion Edge stores passwords as unsalted MD5 hashes Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Insecure password storage Risk: Medium Status: public/fixed...

securityvulns•added 2015/07/05 12:0 a.m.•128 views

CollabNet Subversion Edge downloadHook local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "filename" parameter of the "downloadHook" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

securityvulns•added 2015/07/05 12:0 a.m.•100 views

Apple QuickTime multiple security vulnerabilities

Multiple memory corruptions on different formats handling...

6.8CVSS1.4AI score0.03642EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•38 views

CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html CVE ID : CVE-2015-3443 Product: Secret Server 1 Vendor: Thycotic Subject: Stored Cross-Site Scripting Vulnerability XSS Risk: High Effect: Remotely exploitable Author: Marco Delai [email protected] Date: June 24th 2015...

3.5CVSS6AI score0.0155EPSS

securityvulns•added 2015/07/05 12:0 a.m.•119 views

CollabNet Subversion Edge indes local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "listViewItem" parameter of the "index" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

securityvulns•added 2015/07/05 12:0 a.m.•101 views

CollabNet Subversion Edge show local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via "fileName" parameter of the show action Date: 10.10.2014 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local file...

securityvulns•added 2015/07/05 12:0 a.m.•65 views

APPLE-SA-2015-06-30-5 QuickTime 7.7.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-5 QuickTime 7.7.7 QuickTime 7.7.7 is now available and addresses the following: QT Media Foundation Available for: Windows 7 and Windows Vista Impact: Processing a maliciously crafted file may lead to an unexpected application...

6.8CVSS0.3AI score0.03642EPSS

securityvulns•added 2015/07/05 12:0 a.m.•39 views

Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed On April 2014 I discovered vulnerability in EMC Documentum Content Server which allow authenticated user to elevate privileges, hijack Content Server filesystem or execute arbitrary comman...

9CVSS7AI score0.01198EPSS

securityvulns•added 2015/07/05 12:0 a.m.•60 views

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 Mac EFI Security Update 2015-001 is now available and addresses the following: EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application with root...

9.3CVSS0.31141EPSS

securityvulns•added 2015/07/05 12:0 a.m.•76 views

[CVE-2015-3188] Apache Storm remote code execution vulnerability

CVE-2015-3188: Apache Storm remote code execution vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Storm 0.10.0-beta Description: The UI daemon in Apache Storm 0.10.0-beta allows remote users to run arbitrary code as the user running the web serve...

10CVSS2.8AI score0.1242EPSS

securityvulns•added 2015/07/05 12:0 a.m.•74 views

ManageEngine Asset Explorer v6.1 - Persistent Vulnerability

Document Title: =============== ManageEngine Asset Explorer v6.1 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1488 Release Date: ============= 2015-06-22 Vulnerability Laboratory ID VL-ID: ===================================...

securityvulns•added 2015/07/05 12:0 a.m.•135 views

CollabNet Subversion Edge missing single login restriction

Vuln Title: The CollabNet Subversion Edge management missing single login restriction Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: No single login restriction Risk: Low Status:...

securityvulns•added 2015/07/05 12:0 a.m.•35 views

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities CVE Identifier: CVE-2015-0551, CVE-2015-4524 Severity Rating: CVSS v2 Base Score: See below for CVSSv2 scores for individual CVEs Affected products: • EMC Documentum WebTop,...

6.5CVSS0.5AI score0.00896EPSS

securityvulns•added 2015/07/05 12:0 a.m.•193 views

CollabNet Subversion Edge Hook Script Privilege Escalation

Vuln Title: The CollabNet Subversion Edge Management Frontend SVN hook scripts privilege escalation Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Privilege escalation design flaw CVE :...

securityvulns•added 2015/07/05 12:0 a.m.•27 views

unattended-upgrades man-in-the-middle

Under some conditions package spoofing is possible...

6.8CVSS2.1AI score0.00087EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•97 views

Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Please find a text-only version below sent to security mailing-lists. The complete version on exploits about my last advisory of ipTIME products is posted here:...

securityvulns•added 2015/07/05 12:0 a.m.•22 views

Microsec e-Szigno / Netlock Mokka content spoofing

Signed content spoofing...

6.8CVSS1.8AI score0.00411EPSS

Exploits0References1Affected Software2

securityvulns•added 2015/07/05 12:0 a.m.•46 views

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-097: EMC Secure Remote Services ESRS Virtual Edition VE Multiple Security Vulnerabilities CVE Identifier: CVE-2015-0543, CVE-2015-0544 Severity Rating: CVSS v2 Base Score: See below for individual scores for each CVE Affected products: • ESRS...

9.3CVSS0.7AI score0.00827EPSS

securityvulns•added 2015/07/05 12:0 a.m.•62 views

CollabNet Subversion Edge missing XSRF protection

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement XSRF protection tokens Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: XSRF Risk: Low Status: public/fixed Fix...

securityvulns•added 2015/07/05 12:0 a.m.•38 views

mysql-lite-administrator XSS vulnerabilities

Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt Vendor: ============================================= code.google.com/p/mysql-lite-administrator Product:...

securityvulns•added 2015/07/05 12:0 a.m.•62 views

[SECURITY] [DSA 3296-1] libcrypto++ security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3296-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 29, 2015 https://www.debian.org/security/faq -...

5CVSS1.4AI score0.00403EPSS

Total number of security vulnerabilities47153