Securityvulns - Page 127 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2012/09/07 12:0 a.m.•49 views

VMWare Tools susceptible to binary planting by hijack

Security Advisory - VMWare Tools susceptible to binary planting by hijack ========================================================================= Summary : VMWare Tools susceptible to binary planting Date : 4 September 2012 Affected versions : Product versions prior to - Workstation 8.0.4 Playe...

6.9CVSS0.0029EPSS

securityvulns•added 2012/09/07 12:0 a.m.•28 views

HP Business Availability Center security vulnerabilities

Crossite scripting, requests spoofing, sessions hijacking...

6.8CVSS0.8AI score0.00623EPSS

Exploits0References1Affected Software1

securityvulns•added 2012/09/07 12:0 a.m.•66 views

Admidio 2.3.5 Multiple security vulnerabilities

Advisory: Admidio 2.3.5 Multiple security vulnerabilities Advisory ID: SSCHADV2012-019 Author: Stefan Schurtz Affected Software: Successfully tested on Admidio 2.3.5 Vendor URL: http://www.admidio.org/ Vendor Status: fixed ========================== Vulnerability Description...

securityvulns•added 2012/09/07 12:0 a.m.•24 views

QNAP Turbo NAS privilege escalation

It's possible to manipulate files by absolute path...

Exploits0References1

securityvulns•added 2012/09/07 12:0 a.m.•100 views

eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities

Title: ====== eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=668 VL-ID: ===== 668 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

securityvulns•added 2012/09/07 12:0 a.m.•118 views

Cross-Site Scripting (XSS) Vulnerabilities in Flogr

Advisory ID: HTB23110 Product: Flogr Vendor: Flogr Vulnerable Versions: 2.5.6 and probably prior Tested Version: 2.5.6 Vendor Notification: August 15, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-4336 CVSSv2 Base Score: 4.3...

4.3CVSS6.5AI score0.00628EPSS

securityvulns•added 2012/09/07 12:0 a.m.•63 views

Cross-Site Scripting (XSS) in Kayako Fusion

Advisory ID: HTB23095 Product: Kayako Fusion Vendor: Kayako Vulnerable Versions: 4.40.1148 and probably prior Tested Version: 4.40.1148 Vendor Notification: June 6, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-3233 CVSSv2 Base...

4.3CVSS6.5AI score0.01146EPSS

securityvulns•added 2012/09/07 12:0 a.m.•100 views

[CVE-2012-3373] Apache Wicket XSS vulnerability via manipulated URL parameter

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x and 1.5.x Description: https://wicket.apache.org/2012/09/06/cve-2012-3373.html It is possible to inject JavaScript statements into an ajax link by adding an encoded null byte to a URL pointing to a...

4.3CVSS0.01795EPSS

securityvulns•added 2012/09/07 12:0 a.m.•78 views

[security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Web Session Hijacking

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03475750 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03475750 Version: 1 HPSBMU02811...

6.8CVSS0.1AI score0.00623EPSS

securityvulns•added 2012/09/07 12:0 a.m.•69 views

eFront Educational v3.6.11 - Multiple Web Vulnerabilities

Title: ====== eFront Educational v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=666 VL-ID: ===== 666 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

securityvulns•added 2012/09/07 12:0 a.m.•76 views

QNAP Turbo NAS Multiple Path Injection

Vulnerability: Multiple Path Injection Product: QNAP Turbo NAS Vendor: QNAP Version affected: = 3.7.3 build 20120801 Status: Unpatched Website: http://web.qnap.com/prodetailfeature.asp?pid=202 Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it This...

securityvulns•added 2012/09/07 12:0 a.m.•66 views

Group-Office Calendar SQL Injection

/------------------------------------- | Group-Office Calendar SQL Injection | -------------------------------------/ Summary ======= Versions of Group-Office a web app for online collaboration prior to 4.0.90 are subject to a SQL injection vulnerability located in the calendar module. A PHP file...

6.5CVSS7.3AI score0.02471EPSS

securityvulns•added 2012/09/07 12:0 a.m.•57 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.01799EPSS

Exploits13References13Affected Software11

securityvulns•added 2012/09/07 12:0 a.m.•37 views

VMWare Tools privilege escalation

It's possible to execute code via DLL hijacking...

6.9CVSS4.3AI score0.0029EPSS

Exploits1References1Affected Software5

securityvulns•added 2012/09/07 12:0 a.m.•76 views

[SECURITY] [DSA 2539-1] zabbix security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2539-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 06, 2012 http://www.debian.org/security/faq -...

7.5CVSS1.9AI score0.01799EPSS

securityvulns•added 2012/09/07 12:0 a.m.•51 views

ES Job Search Engine v3.0 - SQL injection vulnerability

Title: ====== ES Job Search Engine v3.0 - SQL injection vulnerability Date: ===== 2012-08-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=675 VL-ID: ===== 675 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: ============= ES...

securityvulns•added 2012/09/07 12:0 a.m.•70 views

Сross-Site Request Forgery (CSRF) in TestLink

Advisory ID: HTB23088 Product: TestLink Vendor: teamst.org Vulnerable Versions: 1.9.3 and probably prior Tested Version: 1.9.3 Vendor Notification: April 18, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Request Forgery CWE-352 CVE Reference: CVE-2012-2275 CVSSv2 Base...

6.8CVSS6.3AI score0.00487EPSS

securityvulns•added 2012/09/07 12:0 a.m.•75 views

Ektron CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-009

Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...

securityvulns•added 2012/09/07 12:0 a.m.•41 views

Group-Office Calendar SQL Injection

Title: ====== eFront Educational v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=666 VL-ID: ===== 666 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

securityvulns•added 2012/09/04 12:0 a.m.•26 views

MAPower / Sitecom / Conceptronic storage devices directory traversal

Directory traversal via web interface...

Exploits0References2

securityvulns•added 2012/09/04 12:0 a.m.•50 views

Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic GrabnGo Network Storage

Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= - System Access - Exposur...

securityvulns•added 2012/09/04 12:0 a.m.•55 views

[slackware-security] glibc (SSA:2012-244-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security glibc SSA:2012-244-01 New glibc packages are available for Slackware 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...

4.6CVSS6.8AI score0.00291EPSS

securityvulns•added 2012/09/04 12:0 a.m.•49 views

GNU libc buffer overflow

Buffer overflow in strtod, strtof, strtold, and strtodl string functions...

4.6CVSS3.9AI score0.00291EPSS

Exploits0References1Affected Software1

securityvulns•added 2012/09/04 12:0 a.m.•35 views

Adobe Photoshop buffer overflow

Buffer overflow on TIFF parsing...

10CVSS5AI score0.23639EPSS

Exploits0References1

securityvulns•added 2012/09/04 12:0 a.m.•48 views

Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow

====================================================================== Secunia Research 03/09/2012 - Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow - ====================================================================== Table of Contents Affected...

10CVSS1AI score0.23639EPSS

securityvulns•added 2012/09/04 12:0 a.m.•50 views

Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center

Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= - System Access - Exposure of...

securityvulns•added 2012/09/03 12:0 a.m.•38 views

Ad Manager Pro v. 4 Remote FLI

-=--------------------ADVISORY-------------------=- Ad Manager Pro v. 4 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Ad Manager Pro -=+ Version: 4 -=+ Vendor's URL: http://www.phpwebscripts.com/ad-manager-pro/ -=+...

securityvulns•added 2012/09/03 12:0 a.m.•50 views

DataWatch Monarch BI v5.1 admin section reflected cross-site scripting

Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a reflected cross-site scripting vulnerability because it fails to sufficientl...

securityvulns•added 2012/09/03 12:0 a.m.•117 views

Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008

Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform. ASP.NET Affected versions. Elcom Community Manager version 7.4.10 and...

securityvulns•added 2012/09/03 12:0 a.m.•251 views

Joomla com_fireboard - SQL Injection Vulnerability

Title: ====== Joomla comfireboard - SQL Injection Vulnerability Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=655 VL-ID: ===== 655 Common Vulnerability Scoring System: ==================================== 7.3 Introduction: ============= Joomla i...

securityvulns•added 2012/09/03 12:0 a.m.•44 views

ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability

OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Cross-site Request Forgery CSRF / XSRF. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful feature-set means there's always a way to...

securityvulns•added 2012/09/03 12:0 a.m.•72 views

ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities

Title: ====== ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=667 http://www.vulnerability-lab.com/news/getnews.php?id=95 Manage Engine Ticket ID: 46119 VL-ID: ===== 667 Common Vulnerability...

securityvulns•added 2012/09/03 12:0 a.m.•33 views

Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow

====================================================================== Secunia Research 01/08/2012 - Citrix Access Gateway Plug-in for Windows - - "nsepacom" ActiveX Buffer Overflow Vulnerability - ====================================================================== Table of Contents Affected...

9.3CVSS0.8AI score0.1761EPSS

securityvulns•added 2012/09/03 12:0 a.m.•279 views

TEMENOS T24 R07.03 Authentication Bypass

TEMENOS T24 R07.03 authentication bypass Class: Access Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to an authentication bypass vulnerability as it fails to properly enfor...

securityvulns•added 2012/09/03 12:0 a.m.•59 views

ShopperPress v2.7 Wordpress - SQL Injection Vulnerability

Title: ====== ShopperPress v2.7 Wordpress - SQL Injection Vulnerability Date: ===== 2012-08-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=669 VL-ID: ===== 669 Common Vulnerability Scoring System: ==================================== 6.1 Introduction: =============...

securityvulns•added 2012/09/03 12:0 a.m.•140 views

TCExam Edit Cross-Site Scripting

/---------------------------------- | TCExam Edit Cross-Site Scripting | ----------------------------------/ Summary ======= TCExam 11.3.007 is subject to a cross-site scripting vulnerability. A 'questionsubjectid' parameter is not sufficiently sanitised before being written to the...

2.1CVSS5.6AI score0.00181EPSS

securityvulns•added 2012/09/03 12:0 a.m.•29 views

Barracuda SSL VPN crossite scripting

Multiple crossite scripting conditions...

Exploits0References1Affected Software1

securityvulns•added 2012/09/03 12:0 a.m.•74 views

SaltOS 3.1 Cross-Site Scripting vulnerability

Advisory: SaltOS 3.1 Cross-Site Scripting vulnerability Advisory ID: SSCHADV2012-018 Author: Stefan Schurtz Affected Software: Successfully tested on SaltOS 3.1 r4908 Vendor URL: http://www.saltos.net Vendor Status: fixed ========================== Vulnerability Description...

securityvulns•added 2012/09/03 12:0 a.m.•121 views

TCExam Edit SQL Injection

/--------------------------- | TCExam Edit SQL Injection | ---------------------------/ Summary ======= TCExam 11.3.007 is prone to a SQL injection flaw located in tceeditanswer.php and tceeditquestion.php. These files pass a 'subjectmoduleid' parameter into a SQL statement without satisfactory...

6.8CVSS0.00463EPSS

securityvulns•added 2012/09/03 12:0 a.m.•63 views

NGS00330 Patch Notification: Squiz CMS Directory Traversal

High risk vulnerability in Squiz CMS 20 August 2012 Robert Ray of NCC Group has discovered a High risk vulnerability in Squiz CMS Impact: Directory Traversal Versions affected: Squiz CMS V11654 An updated version of the software has been released to address these vulnerabilities:...

securityvulns•added 2012/09/03 12:0 a.m.•86 views

Dr. Web Control Center Admin UI Remote Script Code Injection

Dr. Web Control Center Admin UI Remote Script Code Injection ============================================================= Affected Products/Versions -------------------------- Product Name: Dr. Web Enterprise Server Version Number: 6.00.3.201111300 Product/Company Information...

securityvulns•added 2012/09/03 12:0 a.m.•29 views

Citrix Access Gateway plugin security vulnerabilities

Buffer overflow, integer overflow...

9.3CVSS4.6AI score0.1761EPSS

Exploits0References2Affected Software1

securityvulns•added 2012/09/03 12:0 a.m.•52 views

ME Application Manager 10 - Multiple Web Vulnerabilities

Title: ====== ME Application Manager 10 - Multiple Web Vulnerabilities Date: ===== 2012-07-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=627 VL-ID: ===== 627 Common Vulnerability Scoring System: ==================================== 7.2 Introduction: =============...

securityvulns•added 2012/09/03 12:0 a.m.•111 views

Magy cms v 2.0.1121 BETA Blind Sql injection

Hello Dear ЗАРАЗА, Please see attach. Attached file is commented and complete exploit which is written in AUTOIT. It exploits targetted cms using time based way and obtains default 5 usernames + corresponding MD5 passwords from target site. If anything unclear please let us know. TIA as always...

securityvulns•added 2012/09/03 12:0 a.m.•197 views

Total Shop UK eCommerce Generic Cross-Site Scripting

/------------------------------------------------------ | Total Shop UK eCommerce Generic Cross-Site Scripting | ------------------------------------------------------/ Summary ======= The open source version of Total Shop UK eCommerce based on CodeIgniter version 2.1.2 is subject to a cross-site...

4.3CVSS0.1AI score0.05454EPSS

securityvulns•added 2012/09/03 12:0 a.m.•44 views

[SECURITY] [DSA 2533-1] pcp security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2533-1 [email protected] http://www.debian.org/security/ Florian Weimer August 23, 2012 http://www.debian.org/security/faq -...

5CVSS2.1AI score0.03579EPSS

securityvulns•added 2012/09/03 12:0 a.m.•63 views

Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities

Title: ====== Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities Date: ===== 2012-07-16 References: =========== http://vulnerability-lab.com/getcontent.php?id=561 Barracuda Networks Security ID: BNSEC-278 VL-ID: ===== 561 Common Vulnerability Scoring System:...

securityvulns•added 2012/09/03 12:0 a.m.•48 views

ME Mobile Application Manager v10 - SQL Vulnerabilities

Title: ====== ME Mobile Application Manager v10 - SQL Vulnerabilities Date: ===== 2012-07-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=628 VL-ID: ===== 628 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: =============...

securityvulns•added 2012/09/03 12:0 a.m.•65 views

Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and...

4.3CVSS6AI score0.00388EPSS

securityvulns•added 2012/09/03 12:0 a.m.•21 views

Config::IniFiles symbolic links vulnerability

Symbolic links vulnerability on temporary files creation...

3.6CVSS1.5AI score0.00056EPSS

Exploits2References1Affected Software1

Total number of security vulnerabilities47153