Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/09/07 12:0 a.m.70 views

eFront Educational v3.6.11 - Multiple Web Vulnerabilities

Title: ====== eFront Educational v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=666 VL-ID: ===== 666 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.72 views

Сross-Site Request Forgery (CSRF) in TestLink

Advisory ID: HTB23088 Product: TestLink Vendor: teamst.org Vulnerable Versions: 1.9.3 and probably prior Tested Version: 1.9.3 Vendor Notification: April 18, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Request Forgery CWE-352 CVE Reference: CVE-2012-2275 CVSSv2 Base...

6.8CVSS6.3AI score0.02729EPSS
Exploits5
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.41 views

Group-Office Calendar SQL Injection

Title: ====== eFront Educational v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=666 VL-ID: ===== 666 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.80 views

[security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Web Session Hijacking

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03475750 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03475750 Version: 1 HPSBMU02811...

6.8CVSS0.1AI score0.01612EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.80 views

Ektron CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-009

Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.67 views

Admidio 2.3.5 Multiple security vulnerabilities

Advisory: Admidio 2.3.5 Multiple security vulnerabilities Advisory ID: SSCHADV2012-019 Author: Stefan Schurtz Affected Software: Successfully tested on Admidio 2.3.5 Vendor URL: http://www.admidio.org/ Vendor Status: fixed ========================== Vulnerability Description...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.122 views

Cross-Site Scripting (XSS) Vulnerabilities in Flogr

Advisory ID: HTB23110 Product: Flogr Vendor: Flogr Vulnerable Versions: 2.5.6 and probably prior Tested Version: 2.5.6 Vendor Notification: August 15, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-4336 CVSSv2 Base Score: 4.3...

4.3CVSS6.5AI score0.01631EPSS
Exploits3
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.52 views

ES Job Search Engine v3.0 - SQL injection vulnerability

Title: ====== ES Job Search Engine v3.0 - SQL injection vulnerability Date: ===== 2012-08-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=675 VL-ID: ===== 675 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: ============= ES...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.72 views

Group-Office Calendar SQL Injection

/------------------------------------- | Group-Office Calendar SQL Injection | -------------------------------------/ Summary ======= Versions of Group-Office a web app for online collaboration prior to 4.0.90 are subject to a SQL injection vulnerability located in the calendar module. A PHP file...

6.5CVSS7.3AI score0.01247EPSS
Exploits6
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.25 views

QNAP Turbo NAS privilege escalation

It's possible to manipulate files by absolute path...

2.5AI score
Exploits0References1
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.53 views

VMWare Tools susceptible to binary planting by hijack

Security Advisory - VMWare Tools susceptible to binary planting by hijack ========================================================================= Summary : VMWare Tools susceptible to binary planting Date : 4 September 2012 Affected versions : Product versions prior to - Workstation 8.0.4 Playe...

6.9CVSS0.00784EPSS
Exploits1
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.80 views

[SECURITY] [DSA 2539-1] zabbix security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2539-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 06, 2012 http://www.debian.org/security/faq -...

7.5CVSS1.9AI score0.0358EPSS
Exploits2
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.59 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.0358EPSS
Exploits13References13Affected Software11
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.29 views

HP Business Availability Center security vulnerabilities

Crossite scripting, requests spoofing, sessions hijacking...

6.8CVSS0.8AI score0.01612EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.38 views

VMWare Tools privilege escalation

It's possible to execute code via DLL hijacking...

6.9CVSS4.3AI score0.00784EPSS
Exploits1References1Affected Software5
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.69 views

[SECURITY] [DSA 2538-1] moin security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2538-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 05, 2012 http://www.debian.org/security/faq -...

6CVSS1.6AI score0.0209EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.78 views

QNAP Turbo NAS Multiple Path Injection

Vulnerability: Multiple Path Injection Product: QNAP Turbo NAS Vendor: QNAP Version affected: = 3.7.3 build 20120801 Status: Unpatched Website: http://web.qnap.com/prodetailfeature.asp?pid=202 Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it This...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.63 views

Cross-Site Scripting (XSS) in Kayako Fusion

Advisory ID: HTB23095 Product: Kayako Fusion Vendor: Kayako Vulnerable Versions: 4.40.1148 and probably prior Tested Version: 4.40.1148 Vendor Notification: June 6, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-3233 CVSSv2 Base...

4.3CVSS6.5AI score0.02003EPSS
Exploits3
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.102 views

eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities

Title: ====== eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=668 VL-ID: ===== 668 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/04 12:0 a.m.35 views

Adobe Photoshop buffer overflow

Buffer overflow on TIFF parsing...

10CVSS5AI score0.08985EPSS
Exploits0References1
securityvulns
securityvulns
added 2012/09/04 12:0 a.m.26 views

MAPower / Sitecom / Conceptronic storage devices directory traversal

Directory traversal via web interface...

4.7AI score
Exploits0References2
securityvulns
securityvulns
added 2012/09/04 12:0 a.m.56 views

[slackware-security] glibc (SSA:2012-244-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security glibc SSA:2012-244-01 New glibc packages are available for Slackware 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...

4.6CVSS6.8AI score0.00993EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/04 12:0 a.m.49 views

Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow

====================================================================== Secunia Research 03/09/2012 - Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow - ====================================================================== Table of Contents Affected...

10CVSS1AI score0.08985EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/04 12:0 a.m.51 views

Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center

Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= - System Access - Exposure of...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/04 12:0 a.m.50 views

Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic GrabnGo Network Storage

Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= - System Access - Exposur...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/09/04 12:0 a.m.51 views

GNU libc buffer overflow

Buffer overflow in strtod, strtof, strtold, and strtodl string functions...

4.6CVSS3.9AI score0.00993EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.310 views

XSS and IL vulnerabilities in IBM Lotus Domino

Hello 3APA3A! I want to warn you about Cross-Site Scripting and Information Leakage vulnerabilities in IBM Lotus Domino. At 15th of August IBM released the advisory concerning these Cross-Site Scripting vulnerabilities. CVE ID: CVE-2012-3302. ------------------------- Affected products:...

4.3CVSS0.1AI score0.01148EPSS
Exploits3
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.44 views

DataWatch Monarch Business Intelligence (BI) v5.1 Blind SQL injection

DataWatch Monarch BI v5.1 admin section blind SQL injection Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI client section is prone to a blind SQL...

2.4AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.66 views

Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and...

4.3CVSS6AI score0.01553EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.47 views

ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability

OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Cross-site Request Forgery CSRF / XSRF. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful feature-set means there's always a way to...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.77 views

XSS and SQL Injection Vulnerabilities in Jara

Information -------------------- Name : XSS and SQL Injection Vulnerabilities in Jara Software : Jara 1.6 and possibly below. Vendor Homepage : http://sourceforge.net/projects/jara/ Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Canberk Bolat Advisory...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.112 views

Magy cms v 2.0.1121 BETA Blind Sql injection

Hello Dear ЗАРАЗА, Please see attach. Attached file is commented and complete exploit which is written in AUTOIT. It exploits targetted cms using time based way and obtains default 5 usernames + corresponding MD5 passwords from target site. If anything unclear please let us know. TIA as always...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.64 views

NGS00330 Patch Notification: Squiz CMS Directory Traversal

High risk vulnerability in Squiz CMS 20 August 2012 Robert Ray of NCC Group has discovered a High risk vulnerability in Squiz CMS Impact: Directory Traversal Versions affected: Squiz CMS V11654 An updated version of the software has been released to address these vulnerabilities:...

Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.33 views

Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow

====================================================================== Secunia Research 01/08/2012 - Citrix Access Gateway Plug-in for Windows - - "nsepacom" ActiveX Buffer Overflow Vulnerability - ====================================================================== Table of Contents Affected...

9.3CVSS0.8AI score0.14857EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.72 views

[ MDVSA-2012:140 ] mono

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:140 http://www.mandriva.com/security/ Package : mono Date : August 20, 2012 Affected: 2011. Problem Description: A vulnerability has been discovered and corrected in mono: Cross-site scripting XSS...

4.3CVSS6.1AI score0.01914EPSS
Exploits1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.59 views

apache struts2 remote code execute

this method was published at xcon2012 xcon.xfocus.net. kxlzx http://www.inbreak.net flow this and step by step: 1, down load struts2-showcase from struts.apache.org 2, run struts2-showcase. 3, open url: http://localhost:8080/struts2-showcase/skill/edit.action?skillName=SPRING-DEV 4, write skill...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.129 views

Vulnerabilities in JW Player Pro

Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player Pro. These are Content Spoofing and Cross-Site Scripting vulnerabilities. In June I've wrote about vulnerabilities in JW Player http://securityvulns.ru/docs28176.html. And these are vulnerabilities in licensed version of...

Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.56 views

XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS

Information -------------------- Name : XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS Software : Banana Dance CMS vB.2.1 Vendor Homepage : http://www.doyoubananadance.com Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Canberk Bolat...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.54 views

Nike+ Panel & Mobile App - Multiple Web Vulnerabilities

Title: ====== Nike+ Panel & Mobile App - Multiple Web Vulnerabilities Date: ===== 2012-08-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=663 VL-ID: ===== 663 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= Da...

7AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.46 views

Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities

Title: ====== Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities Date: ===== 2012-07-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=631 VL-ID: ===== 631 Common Vulnerability Scoring System: ==================================== 2 Introduction: =============...

Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.72 views

ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities

Title: ====== ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=667 http://www.vulnerability-lab.com/news/getnews.php?id=95 Manage Engine Ticket ID: 46119 VL-ID: ===== 667 Common Vulnerability...

Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.54 views

DataWatch Monarch BI v5.1 admin section reflected cross-site scripting

Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a reflected cross-site scripting vulnerability because it fails to sufficientl...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.81 views

[ MDVSA-2012:132 ] glpi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:132 http://www.mandriva.com/security/ Package : glpi Date : August 15, 2012 Affected: Enterprise Server 5.0 Problem Description: Multiple cross-site request forgery CSRF and cross-site scripting XSS flaws ha...

6.8CVSS6.2AI score0.01822EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.39 views

Ad Manager Pro v. 4 Remote FLI

-=--------------------ADVISORY-------------------=- Ad Manager Pro v. 4 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Ad Manager Pro -=+ Version: 4 -=+ Vendor's URL: http://www.phpwebscripts.com/ad-manager-pro/ -=+...

7AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.70 views

Arasism (IR) CMS - File Upload Vulnerability

Title: ====== Arasism IR CMS - File Upload Vulnerability Date: ===== 2012-07-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=657 VL-ID: ===== 657 Common Vulnerability Scoring System: ==================================== 6.5 Abstract: ========= The Laboratory Research...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.59 views

Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow

====================================================================== Secunia Research 01/08/2012 - Citrix Access Gateway Plug-in for Windows - - "nsepacom" ActiveX Integer Overflow Vulnerability - ====================================================================== Table of Contents Affected...

6.8CVSS0.7AI score0.03986EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.75 views

SaltOS 3.1 Cross-Site Scripting vulnerability

Advisory: SaltOS 3.1 Cross-Site Scripting vulnerability Advisory ID: SSCHADV2012-018 Author: Stefan Schurtz Affected Software: Successfully tested on SaltOS 3.1 r4908 Vendor URL: http://www.saltos.net Vendor Status: fixed ========================== Vulnerability Description...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.41 views

DataWatch Monarch Business Intelligence (BI) v5.1 Admin Section Blind XPath Injection

DataWatch Monarch BI v5.1 admin section blind XPath injection Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a blind XPath...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.110 views

CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass

Affected products ============== CodeIgniter = 2.1.1 PHP framework and all CodeIgniter-based PHP applications using its built-in XSS filtering mechanism. CVE ==== CVE-2012-1915 Introduction ========== CodeIgniter http://codeigniter.com is a powerful PHP framework with a very small footprint, buil...

0.2AI score0.01863EPSS
Exploits2
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.20 views

DataWatch Monarch BI multiple security vulnerabilities

Crossite scripting, SQL injection in administration interface...

1.9AI score
Exploits0References5
Total number of security vulnerabilities47153