Securityvulns - Page 12 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2015/07/05 12:0 a.m.•196 views

CollabNet Subversion Edge Hook Script Privilege Escalation

Vuln Title: The CollabNet Subversion Edge Management Frontend SVN hook scripts privilege escalation Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Privilege escalation design flaw CVE :...

securityvulns•added 2015/07/05 12:0 a.m.•37 views

Apache Storm code execution

Code execution on the web server...

10CVSS2AI score0.14399EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•118 views

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following: Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to...

10CVSS0.2AI score0.9986EPSS

securityvulns•added 2015/07/05 12:0 a.m.•75 views

Apple Mac OS X / EFI multiple security vulnerabilities

Privilege escalation, information disclosure, multiple memory corruptions...

10CVSS2.1AI score0.9986EPSS

Exploits47References2Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•28 views

unattended-upgrades man-in-the-middle

Under some conditions package spoofing is possible...

6.8CVSS2.1AI score0.01435EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•65 views

CollabNet Subversion Edge missing clickjacking protection

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement clickjacking protection Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Clickjacking Risk: Medium Status:...

securityvulns•added 2015/07/05 12:0 a.m.•66 views

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 Mac EFI Security Update 2015-001 is now available and addresses the following: EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application with root...

9.3CVSS0.07659EPSS

securityvulns•added 2015/07/05 12:0 a.m.•29 views

Polycom RealPresence Resource Manager multiple security vulnerabilities

Information disclosure, privilege escalation, directory traversal...

7.5CVSS3.2AI score0.06873EPSS

Exploits9References1Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•101 views

Apple QuickTime multiple security vulnerabilities

Multiple memory corruptions on different formats handling...

6.8CVSS1.4AI score0.03635EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•38 views

ipTIME code execution

Code execution via web interface...

Exploits0References2

securityvulns•added 2015/07/05 12:0 a.m.•65 views

Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10

Vulnerability: Session Fixation, Reflected XSS, Code Execution Affected Software: PivotX http://pivotx.net/ Affected Version: 2.3.10 probably also prior versions Patched Version: 2.3.11 Risk: Medium-High Session Fixation ================ Risk ---- Medium; If victim clicks link and logs in, then a...

securityvulns•added 2015/07/05 12:0 a.m.•107 views

Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Please find a text-only version below sent to security mailing-lists. The complete version on exploits about my last advisory of ipTIME products is posted here:...

securityvulns•added 2015/07/05 12:0 a.m.•123 views

CollabNet Subversion Edge indes local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "listViewItem" parameter of the "index" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

securityvulns•added 2015/07/05 12:0 a.m.•68 views

SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20150626-0 ======================================================================= title: Critical vulnerabilities allow surveillance on conferences product: Polycom RealPresence Resource Manager RPRM...

7.5CVSS1.9AI score0.06873EPSS

securityvulns•added 2015/07/05 12:0 a.m.•41 views

Apple Safari / Webkit multiple security vulnerabilities

Multiple memory corruptions...

6.8CVSS1.9AI score0.02766EPSS

Exploits0References2Affected Software2

securityvulns•added 2015/07/05 12:0 a.m.•107 views

novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt Vendor: ======================= community.novius-os.org Product: =============================================================== novius-os.5.0.1-elche is a PHP...

securityvulns•added 2015/07/05 12:0 a.m.•132 views

CollabNet Subversion Edge downloadHook local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "filename" parameter of the "downloadHook" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

securityvulns•added 2015/07/05 12:0 a.m.•32 views

EMC Isilon OneFS code execution

Command injection in web administration...

9CVSS2.3AI score0.02207EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•81 views

[CVE-2015-3188] Apache Storm remote code execution vulnerability

CVE-2015-3188: Apache Storm remote code execution vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Storm 0.10.0-beta Description: The UI daemon in Apache Storm 0.10.0-beta allows remote users to run arbitrary code as the user running the web serve...

10CVSS2.8AI score0.14399EPSS

securityvulns•added 2015/07/05 12:0 a.m.•42 views

libcrypto++ timing attacks

Rabin-Williams algorithm timing attacks...

5CVSS1.9AI score0.02879EPSS

Exploits0References1

securityvulns•added 2015/07/05 12:0 a.m.•44 views

CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html CVE ID : CVE-2015-3443 Product: Secret Server 1 Vendor: Thycotic Subject: Stored Cross-Site Scripting Vulnerability XSS Risk: High Effect: Remotely exploitable Author: Marco Delai [email protected] Date: June 24th 2015...

3.5CVSS6AI score0.02019EPSS

securityvulns•added 2015/07/05 12:0 a.m.•61 views

CollabNet Subversion Edge weak password storage mechanism

Vuln Title: The CollabNet Subversion Edge stores passwords as unsalted MD5 hashes Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Insecure password storage Risk: Medium Status: public/fixed...

securityvulns•added 2015/07/05 12:0 a.m.•42 views

XSS vulnerability in IBM Domino

Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in IBM Domino. This is one from many vulnerabilities in Domino, which I've found at 03.05.2012. In previous years I wrote about multiple vulnerabilities in Lotus Domino http://securityvulns.ru/docs29277.html and Lotus Notes...

securityvulns•added 2015/07/05 12:0 a.m.•87 views

APPLE-SA-2015-06-30-6 iTunes 12.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-6 iTunes 12.2 iTunes 12.2 is now available and addresses the following: WebKit Available for: Windows 8 and Windows 7 Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected...

7.5CVSS0.1AI score0.04583EPSS

securityvulns•added 2015/07/05 12:0 a.m.•38 views

IBM Domino Web Server crossite scripting

No description provided...

2.1CVSS1.9AI score0.01777EPSS

Exploits0References2Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•46 views

CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability

In November 2014, SEARCH-LAB Ltd. discovered a security vulnerability in Microsec e-Szigno, and Netlock Mokka computer applications that are used to generate and validate digital signatures, which are applied within the official Hungarian government processes. The vulnerability affected the...

6.8CVSS0.5AI score0.02118EPSS

securityvulns•added 2015/07/05 12:0 a.m.•64 views

[SECURITY] [DSA 3296-1] libcrypto++ security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3296-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 29, 2015 https://www.debian.org/security/faq -...

5CVSS1.4AI score0.02879EPSS

securityvulns•added 2015/07/05 12:0 a.m.•67 views

CollabNet Subversion Edge missing XSRF protection

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement XSRF protection tokens Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: XSRF Risk: Low Status: public/fixed Fix...

securityvulns•added 2015/07/05 12:0 a.m.•107 views

CollabNet Subversion Edge show local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via "fileName" parameter of the show action Date: 10.10.2014 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local file...

securityvulns•added 2015/07/05 12:0 a.m.•82 views

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and address the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite...

6.8CVSS0.3AI score0.02766EPSS

securityvulns•added 2015/07/05 12:0 a.m.•68 views

APPLE-SA-2015-06-30-5 QuickTime 7.7.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-5 QuickTime 7.7.7 QuickTime 7.7.7 is now available and addresses the following: QT Media Foundation Available for: Windows 7 and Windows Vista Impact: Processing a maliciously crafted file may lead to an unexpected application...

6.8CVSS0.3AI score0.03635EPSS

securityvulns•added 2015/07/05 12:0 a.m.•77 views

CollabNet Subversion Edge insecure password change

Vuln Title: The CollabNet Subversion Edge management frontend does not require current password upon password change Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Insecure password change...

securityvulns•added 2015/07/05 12:0 a.m.•76 views

ManageEngine Asset Explorer v6.1 - Persistent Vulnerability

Document Title: =============== ManageEngine Asset Explorer v6.1 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1488 Release Date: ============= 2015-06-22 Vulnerability Laboratory ID VL-ID: ===================================...

securityvulns•added 2015/07/05 12:0 a.m.•130 views

CollabNet Subversion Edge weak password policy

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement a strong password policy Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Risk: Medi...

securityvulns•added 2015/07/05 12:0 a.m.•42 views

GeniXCMS XSS Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt Vendor: ============================================= genixcms.org Product: ===================================================== GeniXCMS v0.0.3 is a PHP...

securityvulns•added 2015/07/05 12:0 a.m.•43 views

mysql-lite-administrator XSS vulnerabilities

Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt Vendor: ============================================= code.google.com/p/mysql-lite-administrator Product:...

securityvulns•added 2015/07/05 12:0 a.m.•46 views

CollabNet Subversion Edge autocomplete on

Vuln Title: The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Ris...

securityvulns•added 2015/07/05 12:0 a.m.•50 views

IBM Domino Web Server Cross-site Scripting Vulnerability (CVE-2015-1981)

Hello 3APA3A! Earlier I wrote about XSS vulnerability in IBM Domino http://seclists.org/fulldisclosure/2015/May/128. I informed IBM in May about it and at 17.06.2015 they fixed it and released security bulletin. Security Bulletin: IBM Domino Web Server Cross-site Scripting Vulnerability...

2.1CVSS1AI score0.01777EPSS

securityvulns•added 2015/07/05 12:0 a.m.•49 views

[SECURITY] [DSA 3297-1] unattended-upgrades security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3297-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 29, 2015 https://www.debian.org/security/faq -...

6.8CVSS1.9AI score0.01435EPSS

securityvulns•added 2015/07/05 12:0 a.m.•28 views

HP-UX privilege escalation

pppoec privilege escalation...

7.2CVSS2.6AI score0.00555EPSS

Exploits0References1

securityvulns•added 2015/07/05 12:0 a.m.•82 views

CSRF Vulnerability in C2Box application CVE-2015-4460

Please add this advisory to your archive. Thanks. Title: Cross-Site Request Forgery CSRF Vulnerability in C2Box application Allows adding an Admin User or reset any user's password. Author: Wissam Bashour - Help AG Middle East Vendor: boxautomationB.A.S Product: C2Box Version: All versions below...

6.8CVSS6.7AI score0.02659EPSS

securityvulns•added 2015/07/05 12:0 a.m.•52 views

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities EMC Identifier: ESA-2015-108 CVE Identifier: CVE-2015-0547, CVE-2015-0548 Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs Affected products: • EM...

4CVSS0.6AI score0.0144EPSS

securityvulns•added 2015/07/05 12:0 a.m.•62 views

CollabNet Subversion Edge tail local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "fileName" parameter of the "tail" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local...

securityvulns•added 2015/07/05 12:0 a.m.•100 views

APPLE-SA-2015-06-30-1 iOS 8.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-1 iOS 8.4 iOS 8.4 is now available and addresses the following: Application Store Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A malicious universal provisioning profile app ma...

7.8CVSS0.4AI score0.9986EPSS

securityvulns•added 2015/07/05 12:0 a.m.•77 views

Apple iOS multiple security vulnerabilities

DoS, certificate trust vulnerabilities, multiple memory corruptions, information disclosure, weak cyphers, code execution...

7.8CVSS3AI score0.9986EPSS

Exploits5References1Affected Software1

securityvulns•added 2015/07/05 12:0 a.m.•60 views

CollabNet Subversion Edge missing brute force protection

Vuln Title: The CollabNet Subversion Edge does not protect against brute forcing accounts Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Lack of defensive measures Risk: Medium Status:...

securityvulns•added 2015/07/05 12:0 a.m.•25 views

Microsec e-Szigno / Netlock Mokka content spoofing

Signed content spoofing...

6.8CVSS1.8AI score0.02118EPSS

Exploits0References1Affected Software2

securityvulns•added 2015/07/05 12:0 a.m.•55 views

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-097: EMC Secure Remote Services ESRS Virtual Edition VE Multiple Security Vulnerabilities CVE Identifier: CVE-2015-0543, CVE-2015-0544 Severity Rating: CVSS v2 Base Score: See below for individual scores for each CVE Affected products: • ESRS...

9.3CVSS0.7AI score0.02518EPSS

securityvulns•added 2015/07/05 12:0 a.m.•88 views

Path Traversal in BlackCat CMS

Advisory ID: HTB23263 Product: BlackCat CMS Vendor: Black Cat Development Vulnerable Versions: 1.1.1 and probably prior Tested Version: 1.1.1 Advisory Publication: June 10, 2015 without technical details Vendor Notification: June 10, 2015 Vendor Patch: June 24, 2015 Public Disclosure: July 1, 201...

5CVSS7.7AI score0.1765EPSS

securityvulns•added 2015/07/05 12:0 a.m.•85 views

[SECURITY] [DSA 3295-1] cacti security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3295-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 24, 2015 https://www.debian.org/security/faq -...

7.5CVSS1.4AI score0.03227EPSS

Total number of security vulnerabilities47153