Securityvulns - Page 128 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2012/09/03 12:0 a.m.•108 views

CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass

Affected products ============== CodeIgniter = 2.1.1 PHP framework and all CodeIgniter-based PHP applications using its built-in XSS filtering mechanism. CVE ==== CVE-2012-1915 Introduction ========== CodeIgniter http://codeigniter.com is a powerful PHP framework with a very small footprint, buil...

0.2AI score0.00296EPSS

securityvulns•added 2012/09/03 12:0 a.m.•77 views

[ MDVSA-2012:132 ] glpi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:132 http://www.mandriva.com/security/ Package : glpi Date : August 15, 2012 Affected: Enterprise Server 5.0 Problem Description: Multiple cross-site request forgery CSRF and cross-site scripting XSS flaws ha...

6.8CVSS6.2AI score0.00256EPSS

securityvulns•added 2012/09/03 12:0 a.m.•87 views

Dr. Web Control Center Admin UI Remote Script Code Injection

Dr. Web Control Center Admin UI Remote Script Code Injection ============================================================= Affected Products/Versions -------------------------- Product Name: Dr. Web Enterprise Server Version Number: 6.00.3.201111300 Product/Company Information...

securityvulns•added 2012/09/03 12:0 a.m.•49 views

ME Mobile Application Manager v10 - SQL Vulnerabilities

Title: ====== ME Mobile Application Manager v10 - SQL Vulnerabilities Date: ===== 2012-07-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=628 VL-ID: ===== 628 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: =============...

securityvulns•added 2012/09/03 12:0 a.m.•66 views

Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and...

4.3CVSS6AI score0.00388EPSS

securityvulns•added 2012/09/03 12:0 a.m.•64 views

Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities

Title: ====== Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities Date: ===== 2012-07-16 References: =========== http://vulnerability-lab.com/getcontent.php?id=561 Barracuda Networks Security ID: BNSEC-278 VL-ID: ===== 561 Common Vulnerability Scoring System:...

securityvulns•added 2012/09/03 12:0 a.m.•53 views

ME Application Manager 10 - Multiple Web Vulnerabilities

Title: ====== ME Application Manager 10 - Multiple Web Vulnerabilities Date: ===== 2012-07-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=627 VL-ID: ===== 627 Common Vulnerability Scoring System: ==================================== 7.2 Introduction: =============...

securityvulns•added 2012/09/03 12:0 a.m.•75 views

[ MDVSA-2012:143 ] python-django

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:143 http://www.mandriva.com/security/ Package : python-django Date : August 23, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

5CVSS6.5AI score0.01382EPSS

securityvulns•added 2012/09/03 12:0 a.m.•491 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

9.4CVSS1.6AI score0.79501EPSS

Exploits25References43Affected Software34

securityvulns•added 2012/09/03 12:0 a.m.•48 views

NGS00208 Patch Notification: Moodle CMS stored XSS

High risk vulnerability in Moodle CMS 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Moodle CMS Impact: Stored XSS Versions affected: Moodle v2.2.1 An updated version of the software has been released to address these vulnerabilities:...

securityvulns•added 2012/09/03 12:0 a.m.•165 views

TEMENOS T24 R07.03 Reflected Cross-Site Scripting

TEMENOS T24 R07.03 reflected cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to a reflected cross-site scripting vulnerability because it...

securityvulns•added 2012/09/03 12:0 a.m.•127 views

Vulnerabilities in JW Player Pro

Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player Pro. These are Content Spoofing and Cross-Site Scripting vulnerabilities. In June I've wrote about vulnerabilities in JW Player http://securityvulns.ru/docs28176.html. And these are vulnerabilities in licensed version of...

securityvulns•added 2012/09/03 12:0 a.m.•125 views

Cross-Site Scripting (XSS) in Jease

Advisory ID: HTB23104 Product: Jease Vendor: jease.org Vulnerable Versions: 2.8 and probably prior Tested Version: 2.8 Vendor Notification: July 25, 2012 Public Disclosure: August 15, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-4052 CVSSv2 Base Score: 4.3...

4.3CVSS6.5AI score0.00254EPSS

securityvulns•added 2012/09/03 12:0 a.m.•45 views

pcp multiple security vulnerabilities

Buffer overflow, information leakage, DoS...

5CVSS2.4AI score0.03579EPSS

Exploits0References1Affected Software1

securityvulns•added 2012/09/03 12:0 a.m.•71 views

[ MDVSA-2012:140 ] mono

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:140 http://www.mandriva.com/security/ Package : mono Date : August 20, 2012 Affected: 2011. Problem Description: A vulnerability has been discovered and corrected in mono: Cross-site scripting XSS...

4.3CVSS6.1AI score0.00295EPSS

securityvulns•added 2012/09/03 12:0 a.m.•49 views

XSS Vulnerabilities in LabWiki

Information -------------------- Name : XSS Vulnerabilities in LabWiki Software : LabWiki 1.5 and possibly below. Vendor Homepage : http://www.bioinformatics.org/phplabware/labwiki/index.php Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory Referenc...

securityvulns•added 2012/09/03 12:0 a.m.•48 views

XSS and SQL Injection Vulnerabilities in OrderSys

Information -------------------- Name : XSS and SQL Injection Vulnerabilities in OrderSys Software : OrderSys 1.6.4 and possibly below. Vendor Homepage : http://www.bioinformatics.org/phplabware/labwiki/index.php Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical...

securityvulns•added 2012/09/03 12:0 a.m.•70 views

NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection

High risk vulnerability in SysAid Helpdesk 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in SysAid Helpdesk Impact: Blind SQL injection Versions affected: SysAid Helpdesk Pro v8.5.04 An updated version of the software has been released to address these...

securityvulns•added 2012/09/03 12:0 a.m.•87 views

[USN-1552-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1552-1 September 03, 2012 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

4.9CVSS0.9AI score0.01949EPSS

securityvulns•added 2012/09/03 12:0 a.m.•39 views

OpenStack Keystone limitations bypass

Administrative user limitations and token lifetime limitations bypass...

4.9CVSS2.2AI score0.01949EPSS

Exploits1References1Affected Software1

securityvulns•added 2012/09/03 12:0 a.m.•47 views

7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities

Title: ====== 7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities Date: ===== 2012-08-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=679 VL-ID: ===== 680 Common Vulnerability Scoring System: ==================================== 8.3 Abstract: ========= The...

securityvulns•added 2012/09/03 12:0 a.m.•42 views

DataWatch Monarch Business Intelligence (BI) v5.1 Blind SQL injection

DataWatch Monarch BI v5.1 admin section blind SQL injection Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI client section is prone to a blind SQL...

securityvulns•added 2012/09/03 12:0 a.m.•101 views

Group-Office Cleartext Credentials Stored in Cookies

/------------------------------------------------------ | Group-Office Cleartext Credentials Stored in Cookies | ------------------------------------------------------/ Summary ======= Group-Office 4.0.71 was found to display a behaviour that could potentially expose a user's username and clearte...

securityvulns•added 2012/09/03 12:0 a.m.•59 views

apache struts2 remote code execute

this method was published at xcon2012 xcon.xfocus.net. kxlzx http://www.inbreak.net flow this and step by step: 1, down load struts2-showcase from struts.apache.org 2, run struts2-showcase. 3, open url: http://localhost:8080/struts2-showcase/skill/edit.action?skillName=SPRING-DEV 4, write skill...

securityvulns•added 2012/09/03 12:0 a.m.•43 views

Social Engine v4.2.5 - Multiple Web Vulnerabilities

Title: ====== Social Engine v4.2.5 - Multiple Web Vulnerabilities Date: ===== 2012-07-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=672 VL-ID: ===== 672 Common Vulnerability Scoring System: ==================================== 3 Abstract: ========= A Laboratory...

securityvulns•added 2012/09/03 12:0 a.m.•79 views

TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer

Trustwave SpiderLabs Security Advisory TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Published: 07/27/12 Version: 1.0 Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 Build...

9.4CVSS0.6AI score0.79501EPSS

securityvulns•added 2012/09/03 12:0 a.m.•55 views

XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS

Information -------------------- Name : XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS Software : Banana Dance CMS vB.2.1 Vendor Homepage : http://www.doyoubananadance.com Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Canberk Bolat...

securityvulns•added 2012/09/03 12:0 a.m.•65 views

NeoInvoice Blind SQL Injection (CVE-2012-3477)

NeoInvoice is a multi-tenant open source invoicing system, that currently contains an unauthenticated blind SQL injection condition in signupcheck.php. The input for the value field isn't being properly sanitized, and is used in string concatenation to create the SQL query. See here for the...

7.5CVSS0.5AI score0.00466EPSS

securityvulns•added 2012/09/03 12:0 a.m.•48 views

Wordpress (chenpress Plugin) Arbitrary File Upload Vulnerability

a bug in Wordpress chenpress Plugin that allows to us to occur a File Upload on a Remote machin. Exploit Title : Wordpress chenpress Plugin Arbitrary File Upload Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://wordpress.org Security Risk :...

securityvulns•added 2012/09/03 12:0 a.m.•293 views

Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities

Title: ====== Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=656 VL-ID: ===== 656 Common Vulnerability Scoring System: ==================================== 2 Introduction: ============= Flog...

securityvulns•added 2012/09/03 12:0 a.m.•57 views

Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow

====================================================================== Secunia Research 01/08/2012 - Citrix Access Gateway Plug-in for Windows - - "nsepacom" ActiveX Integer Overflow Vulnerability - ====================================================================== Table of Contents Affected...

6.8CVSS0.7AI score0.03623EPSS

securityvulns•added 2012/09/03 12:0 a.m.•40 views

DataWatch Monarch Business Intelligence (BI) v5.1 Admin Section Blind XPath Injection

DataWatch Monarch BI v5.1 admin section blind XPath injection Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a blind XPath...

securityvulns•added 2012/09/03 12:0 a.m.•51 views

Nike+ Panel & Mobile App - Multiple Web Vulnerabilities

Title: ====== Nike+ Panel & Mobile App - Multiple Web Vulnerabilities Date: ===== 2012-08-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=663 VL-ID: ===== 663 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= Da...

securityvulns•added 2012/09/03 12:0 a.m.•121 views

[USN-1543-1] Config-IniFiles vulnerability

========================================================================== Ubuntu Security Notice USN-1543-1 August 20, 2012 libconfig-inifiles-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

3.6CVSS0.3AI score0.00056EPSS

securityvulns•added 2012/09/03 12:0 a.m.•39 views

ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities

Title: ====== ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities Date: ===== 2012-08-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=670 VL-ID: ===== 670 Common Vulnerability Scoring System: ==================================== 2.4 Introduction: =============...

securityvulns•added 2012/09/03 12:0 a.m.•56 views

NGS00242 Patch Notification: SysAid Helpdesk stored XSS

High risk vulnerability in SysAid Helpdesk 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in SysAid Helpdesk Impact: Stored XSS Versions affected: SysAid Helpdesk Pro v8.5.04 An updated version of the software has been released to address these vulnerabilities...

securityvulns•added 2012/09/03 12:0 a.m.•16 views

Dr. Web Enterprise Server crossite scripting

Crossite scripting via logs...

Exploits0References1Affected Software1

securityvulns•added 2012/09/03 12:0 a.m.•20 views

DataWatch Monarch BI multiple security vulnerabilities

Crossite scripting, SQL injection in administration interface...

Exploits0References5

securityvulns•added 2012/09/03 12:0 a.m.•42 views

DataWatch Monarch Business Intelligence (BI) v5.1 client section stored cross-site scripting

DataWatch Monarch BI v5.1 client section stored cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI client section is prone to a stored...

securityvulns•added 2012/09/03 12:0 a.m.•46 views

Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities

Title: ====== Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities Date: ===== 2012-07-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=631 VL-ID: ===== 631 Common Vulnerability Scoring System: ==================================== 2 Introduction: =============...

securityvulns•added 2012/09/03 12:0 a.m.•53 views

WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities

Advisory: WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-016 Author: Stefan Schurtz Affected Software: Successfully tested on Quick Post Widget 1.9.1 Vendor URL: http://qpw.famvanakkeren.nl/ Vendor Status: informed CVE-ID:...

4.3CVSS0.00233EPSS

securityvulns•added 2012/09/03 12:0 a.m.•83 views

Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities

Title: ====== Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities Date: ===== 2012-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=659 VL-ID: ===== 659 Common Vulnerability Scoring System: ==================================== 8.3 Introduction:...

securityvulns•added 2012/09/03 12:0 a.m.•306 views

XSS and IL vulnerabilities in IBM Lotus Domino

Hello 3APA3A! I want to warn you about Cross-Site Scripting and Information Leakage vulnerabilities in IBM Lotus Domino. At 15th of August IBM released the advisory concerning these Cross-Site Scripting vulnerabilities. CVE ID: CVE-2012-3302. ------------------------- Affected products:...

4.3CVSS0.1AI score0.00266EPSS

securityvulns•added 2012/09/03 12:0 a.m.•47 views

DataWatch Monarch Business Intelligence (BI) v5.1 admin section stored cross-site scripting

DataWatch Monarch BI v5.1 admin section stored cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a stored...

securityvulns•added 2012/09/02 12:0 a.m.•37 views

ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability

ZDI-12-174 : 0Day HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-174 August 29, 2012 -- CVE ID: -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard SiteScope --...

securityvulns•added 2012/09/02 12:0 a.m.•33 views

SOAP и UploadFileHandler.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-178 : 0Day HP SiteScope SOAP Call update Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-178 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Hewlett-Packard - ...

securityvulns•added 2012/09/02 12:0 a.m.•46 views

ESA-2012-038: EMC NetWorker Format String Vulnerability

ESA-2012-038.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-038: EMC NetWorker Format String Vulnerability EMC Identifier: ESA-2012-038 CVE Identifier: CVE-2012-2288 Severity Rating: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected products: EMC NetWorker 7.6.3 EMC NetWorker 7.6.4 EMC NetWorke...

9.3CVSS0.8AI score0.69925EPSS

securityvulns•added 2012/09/02 12:0 a.m.•48 views

ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-180 August 29, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Novel...

securityvulns•added 2012/09/02 12:0 a.m.•65 views

Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP...

5CVSS5.9AI score0.006EPSS

securityvulns•added 2012/09/02 12:0 a.m.•53 views

ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-179 August 29, 2012 - -- CVE ID: CVE-2012-2289 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:...

7.5CVSS0.6AI score0.01128EPSS

Total number of security vulnerabilities47153