Securityvulns - Page 129 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2012/09/02 12:0 a.m.•49 views

AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users

Asterisk Project Security Advisory - AST-2012-013 Product Asterisk Summary ACL rules ignored when placing outbound calls by certain IAX2 users Nature of Advisory Unauthorized use of system Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known None Reported On 07/27/2012...

6CVSS0.01504EPSS

securityvulns•added 2012/09/02 12:0 a.m.•66 views

CommPort 1.01 <= SQL Injection Vulnerability

-------------------------------------------- CommPort 1.01 = SQL Injection Vulnerability -------------------------------------------- Discovered by: Jean Pascal Pereira [email protected] Vendor information: "A 'Community Portal' generator that can be tailored for any location. Each user gets a...

securityvulns•added 2012/09/02 12:0 a.m.•21 views

Novell ZENWorks AdminStudio ActiveX memory corruption

ISGrid.dll memory corruption...

Exploits0References1

securityvulns•added 2012/09/02 12:0 a.m.•38 views

ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-173 : 0Day HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-173 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

securityvulns•added 2012/09/02 12:0 a.m.•81 views

[SECURITY] [DSA 2537-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2537-1 [email protected] http://www.debian.org/security/ Florian Weimer August 30, 2012 http://www.debian.org/security/faq -...

4.6CVSS2.6AI score0.02065EPSS

securityvulns•added 2012/09/02 12:0 a.m.•49 views

[security bulletin] HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03473527 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03473527 Version: 1 HPSB3C02809...

10CVSS0.6AI score0.25275EPSS

securityvulns•added 2012/09/02 12:0 a.m.•49 views

ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-172 : 0Day HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-172 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - --...

securityvulns•added 2012/09/02 12:0 a.m.•49 views

[USN-1547-1] libGData, evolution-data-server vulnerability

========================================================================== Ubuntu Security Notice USN-1547-1 August 28, 2012 libgdata, evolution-data-server vulnerability ========================================================================== A security issue affects these releases of Ubuntu a...

5.1CVSS0.8AI score0.00933EPSS

securityvulns•added 2012/09/02 12:0 a.m.•40 views

squidGuard 1.4 - Remote Denial of Service - POC

We're using squidGuard 1.4 and discovered a possible denial of service. When a user is accessing a very long URL, a internal buffer is too small and squidguard is entering emergency mode. In this mode, no blocking is done anymore. The URL for reference:...

securityvulns•added 2012/09/02 12:0 a.m.•57 views

HP Application Lifecycle Management ActiveX memory ovewritting

Memory overwritting of user-controlled address in XGO.ocx...

Exploits0References1

securityvulns•added 2012/09/02 12:0 a.m.•33 views

HP iNode Management Center code execution

iNodeMngChecker.exe code execution on TCP/9090 request parsing...

10CVSS3.7AI score0.25275EPSS

Exploits0References2

securityvulns•added 2012/09/02 12:0 a.m.•29 views

ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-171 : 0Day Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-171 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

securityvulns•added 2012/09/02 12:0 a.m.•27 views

libgdata certificate spoofing

Certificate is not validated allowing man-in-the-middle attack...

5.1CVSS3AI score0.00933EPSS

Exploits0References1Affected Software1

securityvulns•added 2012/09/02 12:0 a.m.•64 views

AST-2012-012: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2012-012 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On July 13, 2012 Reported By Zubair Ashraf of...

9CVSS0.3AI score0.00465EPSS

securityvulns•added 2012/09/02 12:0 a.m.•61 views

ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-168 August 29, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

9.3CVSS0.1AI score0.44861EPSS

securityvulns•added 2012/09/02 12:0 a.m.•61 views

Asterisk security vulnerabilities

Asterisk Manager code execution, IAX2 protection bypass...

9CVSS3.1AI score0.01504EPSS

Exploits0References2Affected Software1

securityvulns•added 2012/09/02 12:0 a.m.•24 views

HP SiteScope multiple security vulnerabilities

Multiple code execution possibilities via SOAP calls and UploadFileHandler...

Exploits0References7

securityvulns•added 2012/09/02 12:0 a.m.•39 views

ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-170 : 0Day HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-170 August 29, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

securityvulns•added 2012/09/02 12:0 a.m.•24 views

Hewlett-Packard Intelligent Management Center buffer overflow

Buffer overflow in UDP/1811 service...

Exploits0References1

securityvulns•added 2012/09/02 12:0 a.m.•70 views

ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-177 : 0Day HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-177 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

securityvulns•added 2012/09/02 12:0 a.m.•51 views

Sistem Biwes Multiple Vulnerability`

=================================================================== Sistem Biwes Multiple Vulnerability =================================================================== Author: eidelweiss @randyarios Product / software: SISTEM BIWES Vendor Site: http://sistembiwes.com/ Product Price: RM240 /...

securityvulns•added 2012/09/02 12:0 a.m.•56 views

Paliz CMS Full Path Disclosure Vulnerability

Title: Paliz CMS Full Path Disclosure Vulnerability Vulnerable Version: all versions Vendor URL: http://palizct.com Impact: Low =========================== Vulnerability Description: =========================== Full Path Disclosure Vulnerability, enable the attacker to see the root path...

securityvulns•added 2012/09/02 12:0 a.m.•98 views

[SECURITY] [DSA 2536-1] otrs2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2536-1 [email protected] http://www.debian.org/security/ Florian Weimer August 30, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.7AI score0.02427EPSS

securityvulns•added 2012/09/02 12:0 a.m.•101 views

Wordpress fckeditor Arbitrary File Upload Vulnerability

a bug in Wordpress fckeditor that allows to us to occur a File Upload Vulnerability on a Remote machin. Exploit Title : Wordpress fckeditor Arbitrary File Upload Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://wordpress.org Security Risk :...

securityvulns•added 2012/09/02 12:0 a.m.•20 views

GE Proficy Historian ActiveX code execution

KeyHelp code execution...

securityvulns•added 2012/09/02 12:0 a.m.•25 views

EMC ApplicationXtender unauthorized access

It's possible to upload files to affected system...

7.5CVSS3.3AI score0.01128EPSS

Exploits1References3Affected Software1

securityvulns•added 2012/09/02 12:0 a.m.•31 views

EMC Networker formatstring vulnerability

Format string vulnerability on RPC request parsing...

9.3CVSS3.9AI score0.69925EPSS

Exploits9References1Affected Software2

securityvulns•added 2012/09/02 12:0 a.m.•45 views

InduSoft Thin Client ActiveX buffer overflow

ISSymbol.ocx InternationalOrder paramter heap overflow...

9.3CVSS3.2AI score0.44861EPSS

Exploits12References2

securityvulns•added 2012/09/02 12:0 a.m.•48 views

ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-176 : 0Day HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-176 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

securityvulns•added 2012/09/02 12:0 a.m.•15 views

HP Operations Orchestration SQL injection

SQL injection in TCP/9001 RSScheduler service...

Exploits0References1

securityvulns•added 2012/09/02 12:0 a.m.•73 views

IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities

Hello 3APA3A! This month at 15th of August IBM released the advisory about IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities, which I've informed them about in May. This is only the part of all vulnerabilities, which I've found in their software, and they are worki...

4.3CVSS0.2AI score0.00266EPSS

securityvulns•added 2012/09/02 12:0 a.m.•93 views

Exploit Title: Mihalism Multi Host v 5.0

Exploit Title: Mihalism Multi Host v 5.0 Google Dork: intext:"powered by Mihalism Multi Host" Date: 2012/8/25 Discovered By : Explo!ter Software Link: http://www.mihalismscript.com/ Version: 5.0 Tested on: Linux Contact : Emperor-team.org Spt to : Stokke Details : ++++++++++++++++++++++++++ the...

securityvulns•added 2012/09/02 12:0 a.m.•44 views

ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-175 : 0Day HP SiteScope SOAP Call create Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-175 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Hewlett-Packard - ...

securityvulns•added 2012/09/02 12:0 a.m.•98 views

Chamilo 1.8.8.4 Multiple Vulnerabilities

Chamilo 1.8.8.4 Multiple Vulnerabilities ======================== CVE: CVE-2012-4029 Issue: Reflected XSS PHPSELF in third-party app, Stored XSS PHPSELF XSS http://chamilo-1.8.8.4/main/inc/lib/phpdocx/pdf/www/examples.php/'"img src=404 onerror=alert1 Stored XSS unfiltered input categoryname...

1.1AI score0.00532EPSS

securityvulns•added 2012/09/02 12:0 a.m.•362 views

XSS in PrestaShop

Advisory ID: HTB23091 Product: PrestaShop Vendor: PrestaShop, Inc. Vulnerable Versions: 1.4.7, 1.4.8 and probably prior Tested Version: 1.4.7, 1.4.8 Vendor Notification: May 9, 2012 Public Disclosure: August 29, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-2517...

6.4AI score0.00863EPSS

securityvulns•added 2012/09/02 12:0 a.m.•111 views

[SE-2012-01] New security issue affecting Java SE 7 Update 7

Hello All, Yesterday, an out-of-band patch was released by Oracle 1, which among other things incorporated fixes for the issues exploited by the recent Java SE 7 attack code ClassFinder / MethodFinder bugs. One of the fixes incorporated in the released update also addressed the exploitation vecto...

10CVSS9.6AI score0.9414EPSS

securityvulns•added 2012/09/02 12:0 a.m.•56 views

ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-181 August 29, 2012 - -- CVE ID: CVE-2011-4186 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affect...

9.3CVSS0.7AI score0.12104EPSS

securityvulns•added 2012/09/02 12:0 a.m.•45 views

SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor

SEC Consult Vulnerability Lab Security Advisory 20120829-0 ======================================================================= title: Support Backdoor product: Symantec Messaging Gateway vulnerable version: 9.5.x fixed version: 10.0 CVE number: CVE-2012-3579 impact: Critical homepage:...

7.9CVSS0.3AI score0.36373EPSS

securityvulns•added 2012/09/02 12:0 a.m.•26 views

squidguard DoS

Request to oversized URL causes protection to switch off...

Exploits0References1Affected Software1

securityvulns•added 2012/09/02 12:0 a.m.•374 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

5CVSS1.6AI score0.07637EPSS

Exploits10References13Affected Software9

securityvulns•added 2012/09/02 12:0 a.m.•67 views

[SECURITY] [DSA 2535-1] rtfm security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2535-1 [email protected] http://www.debian.org/security/ Florian Weimer August 29, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.7AI score0.00357EPSS

securityvulns•added 2012/09/02 12:0 a.m.•44 views

ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-178 : 0Day HP SiteScope SOAP Call update Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-178 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Hewlett-Packard - ...

securityvulns•added 2012/09/02 12:0 a.m.•54 views

ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-182 August 29, 2012 - -- CVE ID: CVE-2012-2289 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affect...

7.5CVSS0.4AI score0.01128EPSS

securityvulns•added 2012/09/02 12:0 a.m.•72 views

Cross-Site Scripting (XSS) in Phorum

Advisory ID: HTB23109 Product: Phorum Vendor: Phorum Team Vulnerable Versions: 5.2.18 and probably prior Tested Version: 5.2.18 Vendor Notification: August 8, 2012 Public Disclosure: August 29, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-4234 CVSSv2 Base Score: 4....

4.3CVSS6.6AI score0.07637EPSS

securityvulns•added 2012/09/02 12:0 a.m.•587 views

Java environment limitations bypass

There are few ways to bypass limitations and execute privileged code from the applet...

10CVSS3.7AI score0.9414EPSS

Exploits10References3Affected Software2

securityvulns•added 2012/09/02 12:0 a.m.•35 views

Novell iPrint buffer overflow

nipplib buffer overflow...

9.3CVSS3.6AI score0.12104EPSS

Exploits0References1Affected Software1

securityvulns•added 2012/08/29 12:0 a.m.•24 views

libgc integer overflows

Multiple integer overflows in malloc / calloc implementations...

5CVSS3.5AI score0.01653EPSS

Exploits1Affected Software1

securityvulns•added 2012/08/29 12:0 a.m.•68 views

US-CERT Alert TA12-240A - Oracle Java 7 Security Manager Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-240A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: August 27, 2012 Last revised: -- Systems Affected Any system using Oracle Java 7 1.7, 1.7.0 including: Java Platform...

securityvulns•added 2012/08/29 12:0 a.m.•51 views

OpenOffice security vulnerabilities

Multiple buffer overflows...

7.5CVSS3AI score0.05396EPSS

Exploits0References3Affected Software1

securityvulns•added 2012/08/29 12:0 a.m.•21 views

EMC Cloud Tiering Appliance authentication bypass

Authentication bypass is possible...

6.8CVSS3.6AI score0.00647EPSS

Exploits0References1Affected Software1

Total number of security vulnerabilities47153