Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/09/03 12:0 a.m.43 views

Social Engine v4.2.5 - Multiple Web Vulnerabilities

Title: ====== Social Engine v4.2.5 - Multiple Web Vulnerabilities Date: ===== 2012-07-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=672 VL-ID: ===== 672 Common Vulnerability Scoring System: ==================================== 3 Abstract: ========= A Laboratory...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.49 views

NGS00208 Patch Notification: Moodle CMS stored XSS

High risk vulnerability in Moodle CMS 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Moodle CMS Impact: Stored XSS Versions affected: Moodle v2.2.1 An updated version of the software has been released to address these vulnerabilities:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.54 views

tekno.Portal 0.1b - SQLi Vulnerability in "anket.php"

Title: tekno.Portal 0.1b - SQLi Vulnerability in "anket.php" Date: 07-25-2012 Author: Socket0x03 Alvaro J. Gene Email: [email protected] Website: www.teraexe.com Vulnerable Application: tekno.Portal Version: 0.1b File: anket.php SQL Injection:...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.66 views

NeoInvoice Blind SQL Injection (CVE-2012-3477)

NeoInvoice is a multi-tenant open source invoicing system, that currently contains an unauthenticated blind SQL injection condition in signupcheck.php. The input for the value field isn't being properly sanitized, and is used in string concatenation to create the SQL query. See here for the...

7.5CVSS0.5AI score0.01199EPSS
Exploits2
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.255 views

Joomla com_fireboard - SQL Injection Vulnerability

Title: ====== Joomla comfireboard - SQL Injection Vulnerability Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=655 VL-ID: ===== 655 Common Vulnerability Scoring System: ==================================== 7.3 Introduction: ============= Joomla i...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.82 views

TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer

Trustwave SpiderLabs Security Advisory TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Published: 07/27/12 Version: 1.0 Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 Build...

9.4CVSS0.6AI score0.52928EPSS
Exploits11
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.49 views

ME Mobile Application Manager v10 - SQL Vulnerabilities

Title: ====== ME Mobile Application Manager v10 - SQL Vulnerabilities Date: ===== 2012-07-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=628 VL-ID: ===== 628 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: =============...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.43 views

DataWatch Monarch Business Intelligence (BI) v5.1 client section stored cross-site scripting

DataWatch Monarch BI v5.1 client section stored cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI client section is prone to a stored...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.49 views

7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities

Title: ====== 7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities Date: ===== 2012-08-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=679 VL-ID: ===== 680 Common Vulnerability Scoring System: ==================================== 8.3 Abstract: ========= The...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.128 views

[USN-1543-1] Config-IniFiles vulnerability

========================================================================== Ubuntu Security Notice USN-1543-1 August 20, 2012 libconfig-inifiles-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

3.6CVSS0.3AI score0.00504EPSS
Exploits2
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.58 views

WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities

Advisory: WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-016 Author: Stefan Schurtz Affected Software: Successfully tested on Quick Post Widget 1.9.1 Vendor URL: http://qpw.famvanakkeren.nl/ Vendor Status: informed CVE-ID:...

4.3CVSS0.02041EPSS
Exploits2
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.422 views

Temenos T24 security vulnerabilities

Authentication bypass, crossite scripting...

2AI score
Exploits0References2
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.45 views

[SECURITY] [DSA 2533-1] pcp security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2533-1 [email protected] http://www.debian.org/security/ Florian Weimer August 23, 2012 http://www.debian.org/security/faq -...

5CVSS2.1AI score0.05753EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.45 views

pcp multiple security vulnerabilities

Buffer overflow, information leakage, DoS...

5CVSS2.4AI score0.05753EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.201 views

Total Shop UK eCommerce Generic Cross-Site Scripting

/------------------------------------------------------ | Total Shop UK eCommerce Generic Cross-Site Scripting | ------------------------------------------------------/ Summary ======= The open source version of Total Shop UK eCommerce based on CodeIgniter version 2.1.2 is subject to a cross-site...

4.3CVSS0.1AI score0.01633EPSS
Exploits2
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.22 views

Config::IniFiles symbolic links vulnerability

Symbolic links vulnerability on temporary files creation...

3.6CVSS1.5AI score0.00504EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.53 views

ME Application Manager 10 - Multiple Web Vulnerabilities

Title: ====== ME Application Manager 10 - Multiple Web Vulnerabilities Date: ===== 2012-07-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=627 VL-ID: ===== 627 Common Vulnerability Scoring System: ==================================== 7.2 Introduction: =============...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.87 views

Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities

Title: ====== Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities Date: ===== 2012-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=659 VL-ID: ===== 659 Common Vulnerability Scoring System: ==================================== 8.3 Introduction:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.41 views

ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities

Title: ====== ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities Date: ===== 2012-08-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=670 VL-ID: ===== 670 Common Vulnerability Scoring System: ==================================== 2.4 Introduction: =============...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.298 views

Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities

Title: ====== Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=656 VL-ID: ===== 656 Common Vulnerability Scoring System: ==================================== 2 Introduction: ============= Flog...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.120 views

Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008

Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform. ASP.NET Affected versions. Elcom Community Manager version 7.4.10 and...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.48 views

Wordpress (chenpress Plugin) Arbitrary File Upload Vulnerability

a bug in Wordpress chenpress Plugin that allows to us to occur a File Upload on a Remote machin. Exploit Title : Wordpress chenpress Plugin Arbitrary File Upload Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://wordpress.org Security Risk :...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.105 views

Group-Office Cleartext Credentials Stored in Cookies

/------------------------------------------------------ | Group-Office Cleartext Credentials Stored in Cookies | ------------------------------------------------------/ Summary ======= Group-Office 4.0.71 was found to display a behaviour that could potentially expose a user's username and clearte...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.50 views

DataWatch Monarch Business Intelligence (BI) v5.1 admin section stored cross-site scripting

DataWatch Monarch BI v5.1 admin section stored cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a stored...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.57 views

NGS00242 Patch Notification: SysAid Helpdesk stored XSS

High risk vulnerability in SysAid Helpdesk 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in SysAid Helpdesk Impact: Stored XSS Versions affected: SysAid Helpdesk Pro v8.5.04 An updated version of the software has been released to address these vulnerabilities...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.72 views

NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection

High risk vulnerability in SysAid Helpdesk 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in SysAid Helpdesk Impact: Blind SQL injection Versions affected: SysAid Helpdesk Pro v8.5.04 An updated version of the software has been released to address these...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.30 views

Citrix Access Gateway plugin security vulnerabilities

Buffer overflow, integer overflow...

9.3CVSS4.6AI score0.14857EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.50 views

XSS and SQL Injection Vulnerabilities in OrderSys

Information -------------------- Name : XSS and SQL Injection Vulnerabilities in OrderSys Software : OrderSys 1.6.4 and possibly below. Vendor Homepage : http://www.bioinformatics.org/phplabware/labwiki/index.php Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.61 views

ocPoral CMS 8.x | Session Hijacking Vulnerability

OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Session Hijacking flaw which could allow attackers to compromise administrator session. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.89 views

Dr. Web Control Center Admin UI Remote Script Code Injection

Dr. Web Control Center Admin UI Remote Script Code Injection ============================================================= Affected Products/Versions -------------------------- Product Name: Dr. Web Enterprise Server Version Number: 6.00.3.201111300 Product/Company Information...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.17 views

Dr. Web Enterprise Server crossite scripting

Crossite scripting via logs...

2.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.285 views

TEMENOS T24 R07.03 Authentication Bypass

TEMENOS T24 R07.03 authentication bypass Class: Access Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to an authentication bypass vulnerability as it fails to properly enfor...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.126 views

TCExam Edit SQL Injection

/--------------------------- | TCExam Edit SQL Injection | ---------------------------/ Summary ======= TCExam 11.3.007 is prone to a SQL injection flaw located in tceeditanswer.php and tceeditquestion.php. These files pass a 'subjectmoduleid' parameter into a SQL statement without satisfactory...

6.8CVSS0.0239EPSS
Exploits2
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.60 views

ShopperPress v2.7 Wordpress - SQL Injection Vulnerability

Title: ====== ShopperPress v2.7 Wordpress - SQL Injection Vulnerability Date: ===== 2012-08-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=669 VL-ID: ===== 669 Common Vulnerability Scoring System: ==================================== 6.1 Introduction: =============...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.167 views

TEMENOS T24 R07.03 Reflected Cross-Site Scripting

TEMENOS T24 R07.03 reflected cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to a reflected cross-site scripting vulnerability because it...

7AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.48 views

ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability

OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Cross-site Request Forgery CSRF / XSRF. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful feature-set means there's always a way to...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.45 views

DataWatch Monarch Business Intelligence (BI) v5.1 Blind SQL injection

DataWatch Monarch BI v5.1 admin section blind SQL injection Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI client section is prone to a blind SQL...

2.4AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.47 views

Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities

Title: ====== Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities Date: ===== 2012-07-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=631 VL-ID: ===== 631 Common Vulnerability Scoring System: ==================================== 2 Introduction: =============...

Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.34 views

Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow

====================================================================== Secunia Research 01/08/2012 - Citrix Access Gateway Plug-in for Windows - - "nsepacom" ActiveX Buffer Overflow Vulnerability - ====================================================================== Table of Contents Affected...

9.3CVSS0.8AI score0.14857EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.67 views

Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and...

4.3CVSS6AI score0.01553EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.73 views

[ MDVSA-2012:140 ] mono

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:140 http://www.mandriva.com/security/ Package : mono Date : August 20, 2012 Affected: 2011. Problem Description: A vulnerability has been discovered and corrected in mono: Cross-site scripting XSS...

4.3CVSS6.1AI score0.01914EPSS
Exploits1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.73 views

ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities

Title: ====== ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=667 http://www.vulnerability-lab.com/news/getnews.php?id=95 Manage Engine Ticket ID: 46119 VL-ID: ===== 667 Common Vulnerability...

Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.42 views

DataWatch Monarch Business Intelligence (BI) v5.1 Admin Section Blind XPath Injection

DataWatch Monarch BI v5.1 admin section blind XPath injection Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a blind XPath...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.60 views

apache struts2 remote code execute

this method was published at xcon2012 xcon.xfocus.net. kxlzx http://www.inbreak.net flow this and step by step: 1, down load struts2-showcase from struts.apache.org 2, run struts2-showcase. 3, open url: http://localhost:8080/struts2-showcase/skill/edit.action?skillName=SPRING-DEV 4, write skill...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/02 12:0 a.m.34 views

SOAP и UploadFileHandler.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-178 : 0Day HP SiteScope SOAP Call update Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-178 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Hewlett-Packard - ...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/09/02 12:0 a.m.22 views

Novell ZENWorks AdminStudio ActiveX memory corruption

ISGrid.dll memory corruption...

2.8AI score
Exploits0References1
securityvulns
securityvulns
added 2012/09/02 12:0 a.m.64 views

AST-2012-012: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2012-012 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On July 13, 2012 Reported By Zubair Ashraf of...

9CVSS0.3AI score0.03558EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/02 12:0 a.m.57 views

HP Application Lifecycle Management ActiveX memory ovewritting

Memory overwritting of user-controlled address in XGO.ocx...

1.5AI score
Exploits0References1
securityvulns
securityvulns
added 2012/09/02 12:0 a.m.67 views

[SECURITY] [DSA 2535-1] rtfm security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2535-1 [email protected] http://www.debian.org/security/ Florian Weimer August 29, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.7AI score0.01187EPSS
Exploits0
securityvulns
securityvulns
added 2012/09/02 12:0 a.m.15 views

HP Operations Orchestration SQL injection

SQL injection in TCP/9001 RSScheduler service...

1.9AI score
Exploits0References1
Total number of security vulnerabilities47153