Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/11/06 12:0 a.m.51 views

PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls

ProCheckUp Research http://procheckup.com/procheckup-labs/pr11-07.aspx PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls Vulnerability found: 3rd May 2011 Vendor informed: 20th July 2011 Vulnerability fixed: 16th...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2012/11/06 12:0 a.m.24 views

multiple critical vulnerabilities in sophos products

List, I've completed the second paper in my series analyzing Sophos Antivirus internals, titled "Practical Attacks against Sophos Antivirus". As the name suggests, this paper describes realistic attacks against networks using Sophos products. The paper includes a working pre-authentication remote...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2012/11/05 12:0 a.m.47 views

Apple iOS 6.0 multiple security vulnerabilities

Information leakage, protection bypass, memory corruption, race conditions...

10CVSS2.1AI score0.14415EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns
added 2012/11/05 12:0 a.m.30 views

HP Performance Insight with Sybase DoS

No description provided...

10CVSS0.04394EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/11/05 12:0 a.m.46 views

[security bulletin] HPSBMU02827 SSRT100924 rev.1 - HP Performance Insight with Sybase, Remote Denial of Service (DoS) and Loss of Data

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03555488 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03555488 Version: 1 HPSBMU02827...

10CVSS0.4AI score0.04394EPSS
Exploits0
securityvulns
securityvulns
added 2012/11/05 12:0 a.m.82 views

APPLE-SA-2012-11-01-2 Safari 6.0.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-01-2 Safari 6.0.2 Safari 6.0.2 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2 Impact: Visiting a maliciously crafted website may lead to an...

10CVSS0.4AI score0.14415EPSS
Exploits3
securityvulns
securityvulns
added 2012/11/05 12:0 a.m.85 views

APPLE-SA-2012-11-01-1 iOS 6.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-01-1 iOS 6.0.1 iOS 6.0.1 is now available and addresses the following: Kernel Available for: iPhone 3GS and later, iPod touch 4th generation and later, iPad 2 and later Impact: Maliciously crafted or compromised iOS applications may b...

10CVSS0.4AI score0.14415EPSS
Exploits3
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.23 views

Cisco Unified MeetingPlace Web Conferencing security vulnerabilities

Buffer overflow, SQL injection...

7.8CVSS3.4AI score0.0202EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.39 views

OpenOffice / LibreOffice DoS

NULL pointer dereference on different formats parsing...

4.3CVSS2.9AI score0.03482EPSS
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.168 views

NetCat CMS v5.0.1 - Multiple Web Vulnerabilities

Title: ====== NetCat CMS v5.0.1 - Multiple Web Vulnerabilities Date: ===== 2012-10-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=738 VL-ID: ===== 738 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: ============= Vendor...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.185 views

VaM Shop v1.69 - Multiple Web Vulnerabilities

Title: ====== VaM Shop v1.69 - Multiple Web Vulnerabilities Date: ===== 2012-10-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=730 VL-ID: ===== 730 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: ============= Vendor...

8AI score
Exploits0
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.26 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References6Affected Software6
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.99 views

PrestaShop <= 1.5.1 Persistent XSS

PrestaShop = 1.5.1 Persistent XSS Tested under: Firefox, Chrome and Safari latest versions Discover Credits: David Sopas - [email protected] | @dsopas | davidsopas.com/labs Original link: http://davidsopas.com/labs/prestashopxss.txt Description: PrestaShop is the most reliable and flexible...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.126 views

XSS in dokeos 2.1.1

Exploit Title : Dokeos 2.1.1 Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 10/17/12 version: 2.1.1 software link:www.dokeos.com Dokeos description Dokeos is an open source e-learning platform programmed in PHP, Javascript and HTML which...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.69 views

Multiple Vulnerabilities in LibreOffice

Advisory ID: HTB23106 Product: LibreOffice Suite Vendor: LibreOffice Vulnerable Versions: 3.5.5.3 and probably prior Tested Version: 3.5.5.3 Vendor Notification: July 26, 2012 Public Disclosure: October 31, 2012 Vulnerability Type: NULL Pointer Dereference CWE-476 CVE Reference: CVE-2012-4233...

4.3CVSS7.8AI score0.03482EPSS
Exploits0
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.128 views

PG Dating Pro v1.0 CMS - Multiple Web Vulnerabilities

Title: ====== PG Dating Pro v1.0 CMS - Multiple Web Vulnerabilities Date: ===== 2012-10-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=736 VL-ID: ===== 736 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...

8.7AI score
Exploits0
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.64 views

[CVE-2012-5692] Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution Vulnerability

------------------------------------------------------------------------------ Invision Power Board = 3.3.4 "unserialize" PHP Code Execution Vulnerability ------------------------------------------------------------------------------ author..............: Egidio Romano aka EgiX...

10CVSS0.4AI score0.24905EPSS
Exploits15
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.88 views

Nth Dimension Security Advisory (NDSA20121010)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20121010 Date: 10th October 2012 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: Konqueror 4.7.3 http://konqueror.kde.org/ Vendor: KDE...

9.3CVSS8.8AI score0.12599EPSS
Exploits10
securityvulns
securityvulns
added 2012/11/02 12:0 a.m.32 views

Konqueror memory corruptions

Few different memory corruptions...

6.8CVSS2.1AI score0.12599EPSS
Exploits9References1Affected Software1
securityvulns
securityvulns
added 2012/11/01 12:0 a.m.30 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6CVSS1.6AI score0.0132EPSS
Exploits3References3Affected Software3
securityvulns
securityvulns
added 2012/11/01 12:0 a.m.57 views

[waraxe-2012-SA#095] - Multiple Vulnerabilities in Wordpress FoxyPress Plugin

waraxe-2012-SA095 - Multiple Vulnerabilities in Wordpress FoxyPress Plugin =============================================================================== Author: Janek Vind "waraxe" Date: 30. October 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-95.html Description of vulnerab...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/11/01 12:0 a.m.137 views

Content Spoofing and Cross-Site Scripting vulnerabilities in Bitrix Site Manager

Hello 3APA3A! I want to warn you about security vulnerabilities in Bitrix Site Manager. It is commercial CMS. These are Content Spoofing and Cross-Site Scripting vulnerabilities. These holes bypass built-in WAF and all other protections of Bitrix. ------------------------- Affected products:...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2012/11/01 12:0 a.m.108 views

[BUGTRAQ]Security Advisory - TP-LINK TL-WR841N LFI - [UPDATE]

=| Security Advisory - TP-LINK TL-WR841N LFI |= Issue: TL-WR841N 300Mbps Wireless N Router by "TP-LINK" Firmware Version: 3.13.9 Build 120201 Rel.54965n And Below versions Discovered Date: 24/10/2012 CVE-ID: CVE-2012-5687 Author: Matan Azugi [email protected] Product Vendor:...

7.8CVSS6.2AI score0.68716EPSS
Exploits4
securityvulns
securityvulns
added 2012/11/01 12:0 a.m.98 views

SQL Injection Vulnerability in OrangeHRM

Advisory ID: HTB23119 Product: OrangeHRM Vendor: OrangeHRM Inc. Vulnerable Versions: 2.7.1-rc.1 and probably prior Tested Version: 2.7.1-rc.1 Vendor Notification: October 10, 2012 Public Disclosure: October 31, 2012 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2012-5367 CVSSv2 Base...

6CVSS0.1AI score0.0132EPSS
Exploits3
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.31 views

EMC Avamar Client for VMware weak encryption

Server access password is stored locally in cleartext...

3.3CVSS2.4AI score0.00618EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.21 views

CorePlayer flash video player crossite scripting

Crossite scripting via callback parameter...

2.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.30 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.01822EPSS
Exploits0References4Affected Software3
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.46 views

[SECURITY] [DSA 2567-1] request-tracker3.8 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2567-1 [email protected] http://www.debian.org/security/ Florian Weimer October 26, 2012 http://www.debian.org/security/faq -...

6.8CVSS2.1AI score0.01822EPSS
Exploits0
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.58 views

[SECURITY] [DSA 2568-1] rtfm security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2568-1 [email protected] http://www.debian.org/security/ Florian Weimer October 26, 2012 http://www.debian.org/security/faq -...

4CVSS1.2AI score0.01662EPSS
Exploits0
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.129 views

[security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03538957 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03538957 Version: 1 HPSBUX02825...

0.5AI score0.12471EPSS
Exploits1
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.48 views

EMC Avamar Client for VMware Sensitive Information Disclosure Vulnerability

ESA-2012-053.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-053: EMC Avamar Client for VMware Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2012-053 CVE Identifier: CVE-2012-4610 Severity Rating: CVSS v2 Base Score: 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C Affected Products...

3.3CVSS1.3AI score0.00618EPSS
Exploits1
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.63 views

PIAF H.M.S - SQL Injection

Exploit Title: PIAF H.M.S - SQL Injection Date: 28/10/2012 Author: Michal Blaszczak Website: http://blaszczakm.blogspot.com Vendor Homepage: http://code.google.com/p/piafhms/ file: bills.php line: 86-87 $query = $query . " ORDER BY ID DESC"; printf$query; query: SELECT FROM Users WHERE Room =...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.118 views

Exploit - EasyITSP by Lemens Telephone Systems 2.0.2

?php errorreporting0; $arguments = getopt"a:b:c:"; $url = $arguments'a'; $idpod =$arguments'b'; $idend =$arguments'c'; ifcount$arguments!=3 echo ' Exploit - EasyITSP by Lemens Telephone Systems 2.0.2 '."n"; echo ' Discovery users with passwords '."n"; echo ' '."n"; echo ' Author: Michal Blaszczak...

Exploits0
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.24 views

Cross-Site Scripting vulnerability in CorePlayer

Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in CorePlayer. This is the same flash video player, which was used at online voting translations - today, 28.10.2012, on parliamentary elections in Ukraine and earlier this year on presidential elections in Russia. Concerni...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/10/30 12:0 a.m.63 views

Oracle Java / OpenJDK multiple security vulnerabilities

30 of different vulnerabilities...

10CVSS2.2AI score0.91013EPSS
Exploits30References3Affected Software2
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.22 views

IBM Informix Dynamic Server buffer overflow

SET COLLATION buffer overflow...

3.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.41 views

Team SHATTER Security Advisory: Elevated roles through DBCC

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Elevated roles through DBCC Risk Level: High Affected versions: Sybase ASE 15.0, 15.5, 15.7 Remote exploitable: No Credits: This vulnerability was discovered and researched by Martin Rakhmanov of Application...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.97 views

XSS Vulnerabilities in ClipBucket

Information -------------------- Name : XSS Vulnerabilities in ClipBucket Software : ClipBucket 2.6 and possibly below. Vendor Homepage : http://clip-bucket.com Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory Reference : NS-12-013 Description...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.61 views

[SECURITY] [DSA 2541-1] beaker security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2541-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 07, 2012 http://www.debian.org/security/faq -...

4.3CVSS0.8AI score0.02447EPSS
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.29 views

Cisco ASA-CX Context-Aware Security appliance / Cisco Prime Security Manager DoS

File resources exhaustion...

7.8CVSS2.4AI score0.01895EPSS
Exploits0Affected Software2
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.178 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Information leakage, multiple memory corruptions, crossite scripting, etc...

10CVSS1.7AI score0.42609EPSS
Exploits11Affected Software3
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.87 views

Layton Helpbox 4.4.0 Multiple Security Issues

Layton Helpbox 4.4.0 Multiple Security Issues: Layton Helpbox 4.4.0 Multiple SQL Injection Points CVE-2012-4971 http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html Layton Helpbox 4.4.0 Authorisation Bypass Vulnerability CVE-2012-4975...

7.5CVSS6.9AI score0.01193EPSS
Exploits7
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.32 views

Sitecom Home Storage Center security vulnerabilities

SQL injection, XSS...

1.7AI score
Exploits0References2
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.82 views

[waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin

waraxe-2012-SA094 - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin ============================================================================================= Author: Janek Vind "waraxe" Date: 24. October 2012 Location: Estonia, Tartu Web:...

Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.51 views

Wordpress 3.4 Cross-Site Scripting Vulnerability

a bug in Wordpress 3.4 that allows to us to occur a Cross-Site Scripting on a Remote machin. Exploit Title : Wordpress 3.4 Cross-Site Scripting Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum/ Software Link : http://wordpress.org Security Risk : High Version : Al...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.389 views

Knowledge Base EE v4.62.0 - SQL Injection Vulnerability

Title: ====== Knowledge Base EE v4.62.0 - SQL Injection Vulnerability Date: ===== 2012-09-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=702 VL-ID: ===== 702 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.19 views

IBM DB2 privilege escalation

Privilege escalation via GETWRAPCFGC and GETWRAPCFGC2 stored procedures...

3.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.77 views

Sybase ASE security vulnerabilities

Повышение привилегий, выполнение кода...

1.5AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.131 views

VaM Shop Cross-Site Scripting and Blind SQL Injection Vulnerabilities

Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,69 and probably prior versions. Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: High Credit: Security Effect Teamhttp://seceffect.tumblr.com/ Vulnerability Details: 1. Blind SQL injection in...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.35 views

Cisco Unified Presence / Jabber Extensible Communications Platform DoS

Crash on stream header parsing...

7.8CVSS2.2AI score0.02774EPSS
Exploits0Affected Software2
Total number of security vulnerabilities47153