Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/10/22 12:0 a.m.222 views

[INTREST SEC] Atlassian Confluence Wiki XSS Vulnerability

------------------------------- INTREST SEC | Security Advisory ------------------------------- Product: Confluence Wiki Vendor: Atlassian www.atlassian.com Vulnerability Type: Cross Site Scripting XSS Risk Level: High classified by vendor Discovered by: INTREST SEC - NID Public Diclosure:...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.56 views

XSS and IAA vulnerabilities in Wordfence Security for WordPress

Hello 3APA3A! I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in Wordfence Security for WordPress. Wordfence - it's security plugin for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are Wordfence Securit...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.25 views

F5 Firepass URL redirection

Uncontrolled redirection from my.activation.cns.php3 page...

1.9AI score
Exploits0References1
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.32 views

SonicWALL EMail Security multiple security vulnerabilities

Crossite scripting, crossite request forgery, etc...

1.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.111 views

[waraxe-2012-SA#092] - Multiple Vulnerabilities in Wordpress Slideshow Plugin

waraxe-2012-SA092 - Multiple Vulnerabilities in Wordpress Slideshow Plugin =============================================================================== Author: Janek Vind "waraxe" Date: 17. October 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-92.html Description of vulnerab...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.34 views

CMSQLITE v1.3.2 - Multiple Web Vulnerabiltiies

Title: ====== CMSQLITE v1.3.2 - Multiple Web Vulnerabiltiies Date: ===== 2012-10-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=726 VL-ID: ===== 726 Common Vulnerability Scoring System: ==================================== 4.3 Introduction: ============= CMSQLite is...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.63 views

Multiple vulnerabilities in jCore

Advisory ID: HTB23107 Product: jCore Vendor: jcore.net Vulnerable Versions: 1.0pre and probably prior Tested Version: 1.0pre Vendor Notification: August 1, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References: CVE-2012-4231,...

7.5CVSS7.5AI score0.04298EPSS
Exploits4
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.132 views

[waraxe-2012-SA#089] - Multiple Vulnerabilities in TorrentTrader 2.08

waraxe-2012-SA089 - Multiple Vulnerabilities in TorrentTrader 2.08 =============================================================================== Author: Janek Vind "waraxe" Date: 17. September 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-89.html Description of vulnerable...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.78 views

phptax 0.8 <= Remote Code Execution Vulnerability

----------------------------------------------------- phptax 0.8 = Remote Code Execution Vulnerability ----------------------------------------------------- Discovered by: Jean Pascal Pereira [email protected] Vendor information: "PhpTax is free software to do your U.S. income taxes. Tested under...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.114 views

vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities

Title: ====== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities Date: ===== 2012-10-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=721 VL-ID: ===== 721 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.59 views

Multiple vulnerabilities in Subrion CMS

Advisory ID: HTB23113 Product: Subrion CMS Vendor: The Subrion development team Vulnerable Versions: 2.2.1 and probably prior Tested Version: 2.2.1 Vendor Notification: September 5, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79,...

7.5CVSS7.7AI score0.04393EPSS
Exploits8
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.220 views

F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection

OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides secure remote access to enterprise applications and data for users over any device or network while protecting your corporate. See http://www.f5.com/pdf/products/firepass-overview.pdf...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.112 views

FileBound - Privilege Escalation Vulnerability - Security Advisory - SOS-12-010

Sense of Security - Security Advisory - SOS-12-010 Release Date. 10-Oct-2012 Last Update. - Vendor Notification Date. 14-Aug-2012 Product. FileBound On-Site Platform. Windows Affected versions. All versions prior to 6.2 Severity Rating. High Impact. Privilege escalation Attack Vector. From remote...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.114 views

Better WP Security v3.4.3 Wordpress - Web Vulnerabilities

Title: ====== Better WP Security v3.4.3 Wordpress - Web Vulnerabilities Date: ===== 2012-08-20 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=691 VL-ID: ===== 691 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.34 views

[waraxe-2012-SA#093] - Multiple Vulnerabilities in Wordpress Social Discussions Plugin

waraxe-2012-SA093 - Multiple Vulnerabilities in Wordpress Social Discussions Plugin ====================================================================================== Author: Janek Vind "waraxe" Date: 17. October 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-93.html...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.45 views

CA20121018-01: Security Notice for CA ARCserve Backup

-----BEGIN PGP SIGNED MESSAGE----- CA20121018-01: Security Notice for CA ARCserve Backup Issued: October 18, 2012 CA Technologies support is alerting customers to multiple risks with certain CA ARCserve Backup RPC services. Two vulnerabilities exist that can allow a remote attacker to execute...

7.5CVSS1.7AI score0.04053EPSS
Exploits4
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.83 views

SonicWALL EMail Security 7.3.5 - Multiple Vulnerabilities

Title: ====== SonicWALL EMail Security 7.3.5 - Multiple Vulnerabilities Date: ===== 2012-08-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=543 VL-ID: ===== 543 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.201 views

Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability

a bug in Vbulletin blogpluginuseradmin v4.1.12 that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : Vbulletin blogpluginuseradmin v4.1.12 Sql Injection Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link :...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.75 views

Omnistar Mailer v7.2 - Multiple Web Vulnerabilities

Title: ====== Omnistar Mailer v7.2 - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=711 VL-ID: ===== 711 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ============= The...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.170 views

MitM-vulnerability in Palo Alto Networks GlobalProtect

--------------------------------------------------------------------- SySS-Advisory: MitM-vulnerability in Palo Alto Networks GlobalProtect --------------------------------------------------------------------- Problem discovered: July 12th 2012 Vendor contacted: July 13th 2012 Advisory published:...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.125 views

Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities

Title: ====== Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=700 VL-ID: ===== 700 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: =============...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.55 views

Multiple vulnerabilities in OpenX

Advisory ID: HTB23116 Product: OpenX Vendor: OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Vendor Notification: September 19, 2012 Public Disclosure: October 10, 2012 Vulnerability Type: Cross-Site Scripting CWE-79, SQL Injection CWE-89 CVE References: CVE-2012-4989,...

7.5CVSS0.04388EPSS
Exploits3
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.87 views

SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass

SEC Consult Vulnerability Lab Security Advisory 20121017-0 ======================================================================= title: ModSecurity multipart/invalid part ruleset bypass product: ModSecurity vulnerable version: = 2.6.8 fixed version: 2.7.0 CVE number: - impact: Depends what you...

7AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.64 views

SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection

OVERVIEW SilverStripe 2.4.7 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND SilverStripe CMS is easy for both developers and content authors to work with. The SilverStripe Framework keeps the code tucked away neatly so that it can be accessed easily by programmers but...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.89 views

Axis VoIP Manager v2.1.5.7 - Multiple Web Vulnerabilities

Title: ====== Axis VoIP Manager v2.1.5.7 - Multiple Web Vulnerabilities Date: ===== 2012-09-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=686 VL-ID: ===== 686 Common Vulnerability Scoring System: ==================================== 2.3 Introduction: =============...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.245 views

NeoBill CMS v0.8 Alpha - Multiple Web Vulnerabilities

Title: ====== NeoBill CMS v0.8 Alpha - Multiple Web Vulnerabilities Date: ===== 2012-08-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=685 VL-ID: ===== 685 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.107 views

Multiple vulnerabilities in Megapolis.Portal Manager

Hello 3APA3A! I want to warn you about multiple Cross-Site Scripting vulnerabilities in Megapolis.Portal Manager. It's commercial CMS from Softline-IT earlier Softline, which in particularly widespread among Ukrainian government sites including ministry, parliament, two special services and many...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.114 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.04697EPSS
Exploits34References28Affected Software25
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.58 views

Multiple vulnerabilities in AContent

Advisory ID: HTB23117 Product: AContent Vendor: ATutor Vulnerable Versions: 1.2 and probably prior Tested Version: 1.2 Vendor Notification: September 26, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Improper Authentication CWE-287, Cross-Site Scripting CWE-79...

7.5CVSS0.3AI score0.04697EPSS
Exploits7
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.33 views

BF, XSS, CSRF and Redirector vulnerabilities in IBM Lotus Notes Traveler

Hello 3APA3A! I want to warn you about Brute Force, Cross-Site Scripting, Cross-Site Request Forgery and Redirector vulnerabilities in IBM Lotus Notes Traveler. IBM are planning to release their advisory soon concerning these vulnerabilities. ------------------------- Affected products:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.37 views

SEC Consult SA-20121017-1 :: Unirgy uStoreLocator SQL Injection - Magento extension

SEC Consult Vulnerability Lab Security Advisory 20121017-1 ======================================================================= title: SQL Injection product: Unirgy uStoreLocator - Magento extension vulnerable version: =2.0.0 fixed version: =2.0.1 impact: High homepage: http://www.unirgy.com/...

7.8AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.55 views

SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability

OVERVIEW SilverStripe 2.4.7 and lower versions are vulnerable to Persistent Cross Site Scripting. 2. BACKGROUND SilverStripe CMS is easy for both developers and content authors to work with. The SilverStripe Framework keeps the code tucked away neatly so that it can be accessed easily by...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/10/22 12:0 a.m.155 views

Omnistar Document Manager v8.0 - Multiple Vulnerabilities

Title: ====== Omnistar Document Manager v8.0 - Multiple Vulnerabilities Date: ===== 2012-10-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=712 VL-ID: ===== 712 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.18 views

Critical issues affecting Steam users

We have just released a paper 1, in which we prove that the current implementation of the Steam Browser Protocol handling mechanism is an excellent attack vector to exploit local issues in a remote fashion. Steam 2 is the biggest gaming related digital delivery platform with an audience of more...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.25 views

Valve Steam multiple security vulnerabilities

Buffer overflows, code executions and game engines vulnerabilities can be exploited via steam:// URI handler...

3.7AI score
Exploits0References1
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.48 views

Hardcoreview memory corruption

Memory corruption on GIF parsing...

3.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.38 views

[CVE-2012-4750] Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability

Title: Ezhometech EzServer 7.0 Remote Heap Corruption Vulnerability Description: EzServer is a software for audio and video streaming adopted by various companies worldwide. Version 7.0 is affected by a remote heap corruption vulnerability. Version 6.x is not affected by this issue, as does not...

1.3AI score0.08905EPSS
Exploits4
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.69 views

Visual Tools DVRs multiple security vulnerabilities

Information leakage, code execution...

3.3AI score
Exploits0References1
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.59 views

Visual Tools DVR multiple vulnerabilities

Title: Visual Tools DVR multiple vulnerabilities Version affected: VS Series = 3.0.6.16, VX Series = 4.2.19.2 Vendor: http://www.visual-tools.com/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Status: unpatched Visual Tools develops, manufactures a...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.38 views

graphicsmagick memory corruption

Memory corruption on PNG parsing...

4.3CVSS3.8AI score0.02468EPSS
Exploits1Affected Software1
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.45 views

ESA-2012-035: RSAR Adaptive Authentication (On-Premise) Information Disclosure Vulnerability

ESA-2012-035.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-035: RSA® Adaptive Authentication On-Premise Information Disclosure Vulnerability EMC Identifier: ESA-2012-035 CVE Identifier: CVE-2012-2286 Severity Rating: CVSS v2 Base Score: 7.9 AV:A/AC:M/Au:N/C:C/I:C/A:C Affected Product...

2.9CVSS0.5AI score0.00553EPSS
Exploits0
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.30 views

RSA Adaptive Authentication information leakage

No description provided...

2.9CVSS2.8AI score0.00553EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.36 views

Ezhometech EzServer memory corruption

Memory corruption on RTMP AMF request parsing...

3.8AI score0.08905EPSS
Exploits4References1Affected Software1
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.57 views

Multiple vulnerabilities in Samsung Kies

Advisory ID: HTB23099 Product: Samsung Kies Vendor: Samsung Electronics Vulnerable Versions: 2.3.2.1205420 and probably prior Tested Version: 2.3.2.1205420 Vendor Notification: June 25, 2012 Public Disclosure: October 15, 2012 Vulnerability Type: NULL Pointer Dereference CWE-476, Improper Access...

0.4AI score0.31563EPSS
Exploits3
securityvulns
securityvulns
added 2012/10/17 12:0 a.m.26 views

Hardcoreview WriteAV Arbitrary Code Execution

!/usr/bin/perl Hardcoreview WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://sourceforge.net/projects/hardcoreview/ Vendor Description: Image browser. Designed and created for profesional and amature watching image files. All kind of image files...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2012/10/15 12:0 a.m.34 views

EMC NetWorker Module for Microsoft Applications security vulnerabilities

Code execution, information leakage...

9.3CVSS2.5AI score0.03626EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/10/15 12:0 a.m.32 views

Microsoft Office Excel ReadAV Arbitrary Code Execution

!/usr/bin/perl Microsoft Office Excel ReadAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://office.microsoft.com Vendor Description: Microsoft Excel is a commercial spreadsheet application written and distributed by Microsoft for Microsoft Windows and Ma...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2012/10/15 12:0 a.m.28 views

utempter allows fake host setting

Quoting from http://bugs.debian.org/689562 Utempter does not cannot? verify the setting of host, so it can easily be faked. This may affect any software that depend on utmp correctness. Demo of the issue: psz@bari:$ cat silly.c include sys/types.h include sys/stat.h include fcntl.h include unistd...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/10/15 12:0 a.m.31 views

utempter information spoofing

User supplied data is not checked before writing to utmp...

2.3AI score
Exploits0References1
securityvulns
securityvulns
added 2012/10/15 12:0 a.m.34 views

VLC code execution

Code execution on PNG files parsing...

3.7AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities47153