Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/06/13 12:0 a.m.308 views

ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-081 June 6, 2012 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - --...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/06/13 12:0 a.m.60 views

ISC bind DoS

Crash on zero length RADTA processing...

8.5CVSS1.9AI score0.13405EPSS
Exploits1Affected Software1
securityvulns
securityvulns
added 2012/06/13 12:0 a.m.133 views

ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-083 June 6, 2012 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - -- Affected...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/06/13 12:0 a.m.99 views

ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-090 June 8, 2012 - -- CVE ID: CVE-2012-0297 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...

10CVSS0.72596EPSS
Exploits22
securityvulns
securityvulns
added 2012/06/13 12:0 a.m.76 views

ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-080 June 6, 2012 - -- CVE ID: CVE-2012-0754 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...

10CVSS0.5AI score0.9203EPSS
Exploits11
securityvulns
securityvulns
added 2012/06/13 12:0 a.m.66 views

ZDI-12-078 : Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-078 : Apple QuickTime SVQ3 Codec mbskiprun Parsing Remote Code Execution http://www.zerodayinitiative.com/advisories/ZDI-12-078 June 6, 2012 - -- CVE ID: CVE-2012-0669 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Apple - --...

9.3CVSS0.3AI score0.04997EPSS
Exploits1
securityvulns
securityvulns
added 2012/06/13 12:0 a.m.62 views

ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-079 June 6, 2012 - -- CVE ID: CVE-2012-0665 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors...

9.3CVSS0.7AI score0.04057EPSS
Exploits1
securityvulns
securityvulns
added 2012/06/13 12:0 a.m.54 views

ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-092 June 8, 2012 - -- CVE ID: CVE-2011-4247 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...

9.3CVSS0.5AI score0.03017EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/12 12:0 a.m.133 views

[USN-1467-1] MySQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-1467-1 June 11, 2012 mysql-5.1, mysql-5.5, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities ========================================================================== A security issue affects these...

5.1CVSS0.4AI score0.96188EPSS
Exploits9
securityvulns
securityvulns
added 2012/06/12 12:0 a.m.70 views

MySQL authentication vulnerability

Invalid hash calculation under some platforms allows access without password knowledge...

5.1CVSS2.2AI score0.96188EPSS
Exploits9References1Affected Software1
securityvulns
securityvulns
added 2012/06/12 12:0 a.m.159 views

APPLE-SA-2012-06-11-1 iTunes 10.6.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-06-11-1 iTunes 10.6.3 iTunes 10.6.3 is now available and addresses the following: iTunes Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later Impact: Importing a maliciously crafted .m3u playlist may lead to an...

9.3CVSS0.1AI score0.15357EPSS
Exploits17
securityvulns
securityvulns
added 2012/06/12 12:0 a.m.43 views

Apple iTunes security vulnerabilities

Buffer overflow on .m3u parsing, buffer overflow in embedded browser...

9.3CVSS4.6AI score0.15357EPSS
Exploits17References1Affected Software1
securityvulns
securityvulns
added 2012/06/06 12:0 a.m.21 views

Microsoft certificates vulnerability

Terminal Services activation certificate may be used to sign code on behalf of Microsoft...

2AI score
Exploits0References1
securityvulns
securityvulns
added 2012/06/06 12:0 a.m.130 views

US-CERT Alert TA12-156A -- Microsoft Windows Unauthorized Digital Certificates

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA12-156A Microsoft Windows Unauthorized Digital Certificates Original release date: June 04, 2012 Last revised: -- Source: US-CERT Systems Affected All supported versions of Microsoft Windows...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.80 views

Multiple vulnerabilities in Pligg CMS

Advisory ID: HTB23089 Product: Pligg CMS Vendor: Pligg, LLC. Vulnerable Versions: 1.2.1 and probably prior Tested Version: 1.2.1 Vendor Notification: 25 April 2012 Vendor Patch: 18 May 2012 Public Disclosure: 23 May 2012 Vulnerability Type: Local File Inclusion, Cross-Site Scripting XSS CVE...

6.5CVSS0.1AI score0.02527EPSS
Exploits3
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.146 views

Multiple vulnerabilities in LogAnalyzer

Advisory ID: CSA-12005 Title: Multiple vulnerabilities in LogAnalyzer Product: LogAnalyzer Version: 3.4.2 and probably prior Vendor: adiscon.com Vulnerability type: SQL injection, XSS, Arbitrary File Read Risk level: 2 / 3 Credit: www.codseq.it CVE: Vendor notification: 2012-05-21 Public...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.125 views

Acuity CMS 2.6.x <= Arbitrary File Upload

OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION Acuity...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.94 views

[SECURITY] [DSA 2480-2] request-tracker3.8 regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2480-2 [email protected] http://www.debian.org/security/ Florian Weimer May 29, 2012 http://www.debian.org/security/faq -...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.60 views

Multiple XSS in pragmaMx

Advisory ID: HTB23090 Product: pragmaMx Vendor: pragmaMx Team Vulnerable Versions: 1.12.1 and probably prior Tested Version: 1.12.1 Vendor Notification: 2 May 2012 Vendor Patch: 4 May 2012 Public Disclosure: 23 May 2012 Vulnerability Type: Cross-Site Scripting XSS CVE Reference: CVE-2012-2452...

6.5AI score0.01699EPSS
Exploits3
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.37 views

HP Diagnostics Server buffer overflow

Buffer overflow on TCP/23472 request parsing...

10CVSS4.3AI score0.64803EPSS
Exploits8References2Affected Software1
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.115 views

b2ePMS 1.0 Authentication Bypass Vulnerability

b2ePMS 1.0 Authentication Bypass Vulnerability Discovered by: Jean Pascal Pereira [email protected] Vendor Information: "b2ePMS stands for Browser to Email Phone Message System. It is intended to replace the standard paper/carbon phone message slips commonly used in offices, with the capability o...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.52 views

[security bulletin] HPSBMU02785 SSRT100526 rev.1 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03216705 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03216705 Version: 1 HPSBMU02785...

10CVSS1.1AI score0.64803EPSS
Exploits8
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.123 views

Guests can view names and emailadresses of all Liferay users in liferay 6.1

Guests can view names and emailadresses of all Liferay users in liferay 6.1 Description: Liferay Portal is an enterprise portal written in Java As an unauthenticated user it is possible to retrieve the names and email adresses of all Liferay users. To retrieve a list of all users simply issue the...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.78 views

Liferay 6.1 can be compromised without having an account on the portal

Liferay 6.1 can be compromised without having an account on the portal Description: Liferay Portal is an enterprise portal written in Java Liferay in it's default configuration exposes a number of remotely accessible webservices. Access to these services is restricted by an ip block. It is possib...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.47 views

Новая XSS уязвимость в Yandex.Server

Здравствуйте 3APA3A! Сообщаю вам о новой Cross-Site Scripting уязвимости в Yandex.Server Яндекс.Сервер. Ранее я уже сообщал о других XSS в Yandex.Server CVE-2007-3485 и в 2007 году о них сообщал Яндексу. Который должен был исправить уязвимости и не допускать новых. Но Яндекс с этим не справился и...

4.3CVSS5.4AI score0.01022EPSS
Exploits1
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.105 views

CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF)

Social Engine 4.2.2 Multiples Vulnerabilities Earlier versions are also possibly vulnerable. INFORMATION Product: Social Engine 4.2.2 Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Discovered by: Tiago Natel de Moura aka "i4k" Discovered at: 10/04/2012 CVE Notified: 10/04/2012 CVE...

0.7AI score
Exploits5
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.135 views

DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass

Title ----- DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass Severity -------- High Date Discovered --------------- April 2, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.184 views

Ganesha Digital Library 4.0 Multiple Vulnerabilities

===================================================== Ganesha Digital Library 4.0 Multiple Vulnerabilities ===================================================== :---------------------------------------------------------------------------------------------------------------------------------------...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.77 views

script-fu buffer overflow in GIMP 2.6

Vulnerability Summary ================= There is a buffer overflow in the script-fu server component of GIMP the GNU Image Manipulation Program in all 2.6 versions Windows and Linux versions affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu serv...

7.5CVSS0.1AI score0.81722EPSS
Exploits14
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.72 views

Multiple xss issues in Liferay

Multiple xss issues in Liferay Description: Liferay Portal is an enterprise portal written in Java Multiple xss vulnerabilities where found in liferay. Because liferay has a "remember me" option in their login screen that stores an encrypted password in a cookie this is more problematic than it...

Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.100 views

DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection

Title ----- DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection Severity -------- High Date Discovered --------------- April 12, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Chris Graham and r@b13$ Vulnerability Description...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.336 views

Mapserver for Windows (MS4W) Remote Code Execution

------------------- 1 Overview Title: Mapserver for Windows MS4W Remote Code Execution Product: Mapserver for Windows MS4W Product URL: http://maptools.org/ms4w/ Vendor: Gateway Geomatics Affected Versions: =3.0.4 through 2.0 Unaffected Versions: 2.0 CVE-ID: CVE-2012-2950 Vendor notified:...

3.5AI score0.02395EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.60 views

[SECURITY] [DSA 2474-1] ikiwiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2474-1 [email protected] http://www.debian.org/security/ Raphael Geissert May 16, 2012 http://www.debian.org/security/faq -...

4.3CVSS2AI score0.02108EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.142 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.12608EPSS
Exploits12References21Affected Software13
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.115 views

[SECURITY] [DSA 2477-1] sympa security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2477-1 [email protected] http://www.debian.org/security/ Florian Weimer May 20, 2012 http://www.debian.org/security/faq -...

7.5CVSS2.1AI score0.03207EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.60 views

Liferay 6.1 json webservices are subject to cross-site request forgery attacks

Liferay 6.1 json webservices are subject to cross-site request forgery attacks Description: Liferay Portal is an enterprise portal written in Java If a user is currently logged in to the portal or has ticked the remember me box then with a little help of social engineering like sending a link via...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.59 views

Liferay users can assign themselves to organizations, leading to possible privilege escalation

Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user can assign hem or her self to any...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.128 views

Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access

OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Path Traversal. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION The issue is...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.123 views

[SECURITY] [DSA 2480-1] request-tracker3.8 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2480-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2012 http://www.debian.org/security/faq -...

6.8CVSS1.5AI score0.03101EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.61 views

[SECURITY] [DSA 2483-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2483-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez May 31, 2012 http://www.debian.org/security/faq -...

7.5CVSS2.1AI score0.03324EPSS
Exploits0
securityvulns
securityvulns
added 2012/06/03 12:0 a.m.31 views

strongswan authentication bypass

Invalid authentication data check if gmp plugin is used...

7.5CVSS3.1AI score0.03324EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.23 views

WinRADIUS buffer overflow

Buffer overflow on oversized password option...

4.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.26 views

Sony VAIO Wireless Manager ActiveX security vulnerabilities

Few different buffer overflows...

9.3CVSS3.9AI score0.12984EPSS
Exploits6References1Affected Software1
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.40 views

tftpd32 buffer overflow

Buffer overflow in embedded DNS server...

3.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.80 views

WinRadius Server Denial Of Service Vulnerability

Title: WinRadius Server Denial Of Service Vulnerability Software : WinRadius Software Version : v2009 Vendor: http://www.elite-school.com/saas/WinRadius/ Vulnerability Published : 2012-05-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P Bug...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.31 views

Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco IOS XR Software Route Processor Denial of Service Vulnerability Advisory ID: cisco-sa-20120530-iosxr Revision 1.0 For Public Release 2012 May 30 16:00 UTC GMT +--------------------------------------------------------------------- Summary =====...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.148 views

Tftpd32 DNS Server Denial Of Service Vulnerability

Title: Tftpd32 DNS Server Denial Of Service Vulnerability Software : Tftpd32 Software Version : v4.00 Vendor: http://tftpd32.jounin.net/ Vulnerability Published : 2012-05-26 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P Bug Description : Tftpd32 ...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.57 views

AST-2012-007: Remote crash vulnerability in IAX2 channel driver.

Asterisk Project Security Advisory - AST-2012-007 Product Asterisk Summary Remote crash vulnerability in IAX2 channel driver. Nature of Advisory Remote crash Susceptibility Established calls Severity Moderate Exploits Known No Reported On March 21, 2012 Reported By mgrobecker Posted On May 29, 20...

2.6CVSS6.1AI score0.02333EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.46 views

ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities. EMC Identifier: ESA-2012-020 CVE Identifier: CVE-2012-0409 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected products: EMC AutoStart 5.3.x EMC AutoStart...

7.5CVSS1.1AI score0.04754EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.46 views

2 Buffer Overflows in Wireless Manager Sony VAIO

Advisory ID: HTB23063 Product: Wireless Manager Sony VAIO Vendor: Sony Computers Vulnerable Versions: 4.0.0.0 and probably prior Tested Version: 4.0.0.0 Vendor Notification: 7 December 2011 Vendor Patch: 20 January 2012 Public Disclosure: 30 May 2012 Vulnerability Type: Buffer Overflow CVE...

9.3CVSS7.3AI score0.12984EPSS
Exploits6
Total number of security vulnerabilities47153