Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/06/25 12:0 a.m.101 views

Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy

a bug in Mybb 1.6.8 'announcements.php' that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://www.mybb.com/ Security Risk...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.63 views

ZDI-12-096 : HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-096 : HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-096 June 21, 2012 - -- CVE ID: CVE-2012-0122 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

10CVSS0.5AI score0.10436EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.31 views

RealNetworks Helix Server code execution

Code execution during rn5auth authentication process...

7.5CVSS2.8AI score0.04168EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.70 views

ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-094 June 21, 2012 - -- CVE ID: CVE-2012-0942 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

7.5CVSS1.3AI score0.04168EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.62 views

ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-099 June 21, 2012 - -- CVE ID: CVE-2011-4165 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...

10CVSS0.5AI score0.08526EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.104 views

ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-100 June 21, 2012 - -- CVE ID: CVE-2012-0127 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

10CVSS0.7AI score0.23279EPSS
Exploits2
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.43 views

ZDI-12-097 : HP Data Protector Express Opcode 0x320 Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-097 : HP Data Protector Express Opcode 0x320 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-097 June 21, 2012 - -- CVE ID: CVE-2012-0121 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

10CVSS0.5AI score0.10436EPSS
Exploits4
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.92 views

[ MDVSA-2012:098 ] libxml2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:098 http://www.mandriva.com/security/ Package : libxml2 Date : June 21, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in libxml2: ...

6.8CVSS6.8AI score0.0266EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.36 views

HP DataDirect OpenAccess security vulnerabilities

Few buffer overflows on traffic parsing...

10CVSS3.6AI score0.08526EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.35 views

HP Data Protector Express multiple security vulnerabilities

DoS, code execution...

10CVSS1.7AI score0.62655EPSS
Exploits8References3Affected Software1
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.30 views

HP Performance Manager security vulnerabilities

DoS, code execution...

10CVSS1.6AI score0.23279EPSS
Exploits2References2Affected Software1
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.73 views

ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-095 June 21, 2012 - -- CVE ID: CVE-2012-0663 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors...

9.3CVSS0.7AI score0.28623EPSS
Exploits9
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.49 views

libxml off-by-one

No description provided...

6.8CVSS1.2AI score0.0266EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/06/24 12:0 a.m.40 views

ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-098 June 21, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.26 views

DT, XSS and FPD vulnerabilities in Organizer for WordPress

Hello 3APA3A! After previous vulnerabilities in plugin Organizer, I'll present five more security vulnerabilities in plugin Organizer for WordPress. This is the fourth in series of advisories concerning vulnerabilities in this plugin. These are Directory Traversal, Cross-Site Scripting and Full...

Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.62 views

QuickBlog v0.8 CMS - Multiple Web Vulnerabilities

Title: ====== QuickBlog v0.8 CMS - Multiple Web Vulnerabilities Date: ===== 2012-05-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=567 VL-ID: ===== 567 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= QuickBlo...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.69 views

Nuked Klan SP CMS v4.5 - SQL injection Vulnerability

Title: ====== Nuked Klan SP CMS v4.5 - SQL injection Vulnerability Date: ===== 2012-06-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=610 VL-ID: ===== 610 Common Vulnerability Scoring System: ==================================== 8 Introduction: =============...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.54 views

[SECURITY] [DSA 2485-1] imp4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2485-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 3, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.7AI score0.02437EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.95 views

[Suspected Spam] eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities

Title: ====== eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=575 VL-ID: ===== 575 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: =============...

Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.31 views

Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities

Title: ====== Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities Date: ===== 2012-06-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=592 VL-ID: ===== 592 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.43 views

Cells Blog CMS v1.1 - Multiple Web Vulnerabilites

Title: ====== Cells Blog CMS v1.1 - Multiple Web Vulnerabilites Date: ===== 2012-06-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=591 VL-ID: ===== 591 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: ============= Cells-bl...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.46 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.02437EPSS
Exploits6References21Affected Software16
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.84 views

SQL injection in Serendipity

Advisory ID: HTB23092 Product: Serendipity Vendor: Serendipity Team Vulnerable Versions: 1.6.1 and probably prior Tested Version: 1.6.1 Vendor Notification: 16 May 2012 Vendor Patch: 16 May 2012 Public Disclosure: 6 June 2012 Vulnerability Type: SQL injection CVE Reference: CVE-2012-2762 CVSSv2...

7.5CVSS7.2AI score0.02221EPSS
Exploits3
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.443 views

Vulnerabilities in JW Player and millions of web sites

Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player. These are Content Spoofing and Cross-Site Scripting vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are JW Player 5.9.2156 and 5.9.2206, except one vulnerability and...

6AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.97 views

Simple Forum PHP 2.1 - SQL Injection Vulnerabilities

Title: ====== Simple Forum PHP 2.1 - SQL Injection Vulnerabilities Date: ===== 2012-06-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=599 VL-ID: ===== 599 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= Simpl...

8.6AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.39 views

Jobs Portal v3.0 NetArtMedia - Multiple Web Vulnerabilites

Title: ====== Jobs Portal v3.0 NetArtMedia - Multiple Web Vulnerabilites Date: ===== 2012-06-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=595 VL-ID: ===== 595 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.42 views

iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites

Title: ====== iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites Date: ===== 2012-06-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=588 VL-ID: ===== 588 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.192 views

Interspire Shopping Cart v6 - Multiple Web Vulnerabilities

Title: ====== Interspire Shopping Cart v6 - Multiple Web Vulnerabilities Date: ===== 2012-06-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=593 VL-ID: ===== 593 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.36 views

0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0

================ 0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI 2011R3.0 Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Multiple reflected XSS vulnerabilities exist within Nagios XI 2011R3....

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.56 views

SQL injection in Bigware shop software

The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Proof of concept is at: http://files.dw-itsecurity.de/54.zip Time line: 01/23/2012: Vendor contacted...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.40 views

ADICO CMS v1.1 - Blind SQL Injection Vulnerability

Title: ====== ADICO CMS v1.1 - Blind SQL Injection Vulnerability Date: ===== 2012-05-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=582 VL-ID: ===== 582 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: ============= ADICO i...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.94 views

Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities

Title: ====== Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities Date: ===== 2012-05-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=515 VL-ID: ===== 515 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ============...

8.1AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.78 views

Multiple vulnerabilities in TinyWebGallery

Advisory ID: HTB23093 Product: TinyWebGallery Vendor: www.tinywebgallery.com Vulnerable Versions: 1.8.7 and probably prior Tested Version: 1.8.7 Vendor Notification: 23 May 2012 Vendor Patch: 24 May 2012 Public Disclosure: 13 June 2012 Vulnerability Type: Сross-Site Request Forgery CSRF, Arbitrar...

6.8CVSS7.6AI score0.0144EPSS
Exploits3
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.56 views

Arbitrary File Upload/Execution in Collabtive

TITLE: Arbitrary File Upload/Execution in Collabtive DATE: 06-04-2012 PRODUCT: Collabtive Web-Based Project Management Software http://collabtive.o-dyn.de/ VERSIONS: 0.7.5, 0.6.1 confirmed. All versions = 0.7.5 probable RESEARCHER: Mark Hoopes [email protected]/ ADDITIONAL INFORMATION:...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.48 views

MYRE Real Estate Mobile 2012|2 - Multiple Vulnerabilities

Title: ====== MYRE Real Estate Mobile 2012|2 - Multiple Vulnerabilities Date: ===== 2012-05-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=516 VL-ID: ===== 516 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.110 views

Boonex Dolphin v7.0.9 CMS & Mobile App - Multiple Web Vulnerabilities

Title: ====== Boonex Dolphin v7.0.9 CMS - Multiple Web Vulnerabilities Date: ===== 2012-05-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=565 http://www.vulnerability-lab.com/getcontent.php?id=566 ID: Changeset 16256 VL-ID: ===== 565 Common Vulnerability Scoring...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.84 views

[CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability

CAL-2012-0023Microsoft IE Developer Toolbar Remote Code Execution Vulnerability CVE ID: CVE-2012-1874 http://technet.microsoft.com/en-us/security/bulletin/ms12-037 http://blog.vulnhunt.com/index.php/2012/06/13/cal-2012-0023microsoft-ie-developer-toolbar-remote-code-execution-vulnerability/ 1...

9.3CVSS0.24103EPSS
Exploits1
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.42 views

IObit Protected Folder Authentication Bypass

From IObit: "Protected Folder is designed to password-protect your folders and files from being seen, read or modified in Windows 7, Vista, XP and Server 2008, 2003. It works like a safety box, just drag and drop the folders or files you want to hide or protect into Protected Folder, then no one...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.65 views

ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-088 June 6, 2012 - -- CVE ID: CVE-2011-4163 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

10CVSS0.5AI score0.08526EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.113 views

CSNC-2012-004 Generic XSS in AdNovum nevisProxy

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: NevisProxy Vendor: AdNovum CVD ID: CSNC-2012-004 Subject: Cross-site scripting XSS within 302 Redirections Risk: High Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date: 02/23/2012...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.33 views

IObit Protected Folder protection bypass

It's possible to bypass protection, e.g. by changing return value of password checking function...

2.1AI score
Exploits0References1
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.91 views

[MATTA-2012-002] CVE-2012-1493; F5 BIG-IP remote root authentication bypass Vulnerability

Matta Consulting - Matta Advisory https://www.trustmatta.com F5 BIG-IP remote root authentication bypass Vulnerability Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: 11.x 10.x 9.x Date: 2012-February-16 Security risk: High...

7.8CVSS0.8AI score0.63078EPSS
Exploits15
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.53 views

[ MDVSA-2012:087 ] nut

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:087 http://www.mandriva.com/security/ Package : nut Date : June 5, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in nut: Buffer...

7.5CVSS7.5AI score0.06243EPSS
Exploits1
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.80 views

[CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability

CAL-2012-0026 Microsfot IE Same ID Property Remote Code Execution Vulnerability CVE ID: CVE-2012-1875 http://technet.microsoft.com/en-us/security/bulletin/ms12-037 http://blog.vulnhunt.com/index.php/2012/06/13/cal-2012-0026-microsfot-ie-same-id-property-remote-code-execution-vulnerability/ 1...

9.3CVSS8.1AI score0.61655EPSS
Exploits11
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.27 views

AdNovum NevisProxy XSS

Crossite scripting via 302 redirection...

2.7AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.79 views

F5 BIG-IP authentication bypass

Full device acces is possible...

7.8CVSS3.8AI score0.63078EPSS
Exploits15References1Affected Software1
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.31 views

Network UPS Tools buffer overflow

Buffer overflow on oversized string...

7.5CVSS4.5AI score0.06243EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.32 views

arpwatch protection bypass

Elevated privileges are dropped incorrectly...

10CVSS3.5AI score0.03202EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.60 views

AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2012-009 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 30, 2012 Reported By Christoph Hebeisen,...

4CVSS0.6AI score0.01728EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.23 views

Sielco Sistemi Winlog buffer overflow

Buffer overflow on TCP/46824 traffic parsing...

4.9AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities47153