Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/05/10 12:0 a.m.43 views

Samba file existance check

It's possible to check file existance by error message of mount.cifs...

2.1CVSS2AI score0.00729EPSS
Exploits0References1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.81 views

Advisory: Android SQLite Journal Information Disclosure (CVE-2011-3901)

1 Background ============ Android applications are executed in a sandbox environment, to ensure that no application can access sensitive information held by another, without adequate privileges. For example, The Browser application holds sensitive information such as cookies, cache and history, a...

0.00675EPSS
Exploits2
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.30 views

FireFox information leakage

DNS names for websockets requests are resolved via system DNS server instead of configured SOCKS...

2.8AI score
Exploits0References1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.37 views

rssh restrictions bypass

It's possible to bypass restrictions by manipulating with environment variables...

3.9AI score
Exploits0References1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.32 views

HP Performance Insight for Networks multiple security vulnerabilities

Crossite scripting, SQL injection, privilege escalation...

9CVSS1.4AI score0.03304EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.22 views

Apple Mac OS X filevault information leakage

Encrypted file system password is written in cleartext to log file...

1.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.26 views

HP System Health Application сode execution

No description provided...

7.5CVSS1.5AI score0.08329EPSS
Exploits0References1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.43 views

Samba privilege escalation

Unprivileged user can execute privileged RPC calls to modify accounts database...

6.5CVSS3.2AI score0.04803EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.75 views

[ MDVSA-2012:070 ] samba

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:070 http://www.mandriva.com/security/ Package : samba Date : May 4, 2012 Affected: 2010.1, Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in samba: A file existence...

2.1CVSS7.3AI score0.00729EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.49 views

SQL Injection and other issues in Micro Technology Services, Inc. Lynx

Summary The Micro Technology Services Inc. "Lynx Message Server 7.11.10.2" and/or "LynxTCPService version 1.1.62" web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a "Facility wide Duress and Emergency Notification" system...

Exploits0
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.45 views

Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability

Advisory: Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability Advisory ID: KORAMIS-ADV2012-001 Contact: [email protected] Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.6 Vendor URL: http://www.s9y.org Vendor Status: fixed...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.69 views

IAA, Redirector and XSS vulnerabilities in WordPress

Hello 3APA3A! I want to warn you about security vulnerabilities in WordPress. These are Insufficient Anti-automation, Redirector and Cross-Site Scripting vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are WordPress 2.0 - 3.3.1. ---------- Detail...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.78 views

[waraxe-2012-SA#088] - Reflected XSS in Joomla 2.5.4 admin sysinfo page

waraxe-2012-SA088 - Reflected XSS in Joomla 2.5.4 admin sysinfo page =============================================================================== Author: Janek Vind "waraxe" Date: 03. May 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-88.html CVE:...

5.8AI score
Exploits1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.79 views

Local File Inclusion in PluXml

Advisory ID: HTB23086 Product: PluXml Vendor: pluxml.org Vulnerable Versions: 5.1.5 and probably prior Tested Version: 5.1.5 Vendor Notification: 11 April 2012 Vendor Patch: 16 April 2012 Public Disclosure: 2 May 2012 Vulnerability Type: Local File Inclusion CVE References: CVE-2012-2227 Solution...

7.5CVSS6.3AI score0.09775EPSS
Exploits6
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.80 views

[security bulletin] HPSBMU02775 SSRT100853 rev.1 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03312417 Version: 1 HPSBMU02775 SSRT100853 rev.1 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting XSS, Privilege...

9.3CVSS0.6AI score0.23615EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.23 views

LAN Messenger v1.2.28 - Denial of Service Vulnerability

Title: ====== LAN Messenger v1.2.28 - Denial of Service Vulnerability Date: ===== 2012-05-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=537 VL-ID: ===== 537 Introduction: ============= LAN Messenger is a free and open source cross-platform instant messaging...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.25 views

HP SNMP Agents for Linux security vulnerabilities

Crossite scripting, URL redirection...

8.3CVSS0.8AI score0.04333EPSS
Exploits0References1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.40 views

VMWare privilege escalation

Uninitialized memory reference on guest system call processing...

9CVSS3.9AI score0.03505EPSS
Exploits1References3Affected Software3
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.56 views

VMware Backdoor Response Uninitialized Memory Potential VM Break

VMware Backdoor Response Uninitialized Memory Potential VM Break Derek Soeder [email protected] Reported: December 5, 2011 Published: May 3, 2012 AFFECTED VENDOR --------------- VMware, Inc. AFFECTED ENVIRONMENTS --------------------- The following VMware product versions are known to be...

9CVSS0.5AI score0.03234EPSS
Exploits1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.76 views

[waraxe-2012-SA#087] - Reflected XSS in Joomla 1.5.26 "ja_purity" template

waraxe-2012-SA087 - Reflected XSS in Joomla 1.5.26 "japurity" template =============================================================================== Author: Janek Vind "waraxe" Date: 03. May 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-87.html CVE:...

4.3CVSS5.8AI score0.01206EPSS
Exploits2
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.66 views

Multiple vulnerabilities in OrangeHRM

Advisory ID: HTB23080 Product: OrangeHRM Vendor: OrangeHRM Inc. Vulnerable Versions: 2.7 RC and probably prior Tested Version: 2.7 RC Vendor Notification: 7 March 2012 Vendor Patch: 24 April 2012 Public Disclosure: 9 May 2012 Vulnerability Type: SQL Injection, Cross-Site Scripting XSS CVE...

6.5CVSS7.4AI score0.02355EPSS
Exploits2
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.38 views

Firefox security bug (proxy-bypass) in current Tor BBs

https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs "A user has discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This means when connecting to a websocket service, your Firefox will query your local DNS...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.28 views

Apple Legacy filevault barn door...

As someone said here recently, carefully built crypto has a unfortunate tendency to consist of three thick impregnable walls and a picket fence in the back with the gate left open. That seems to have happened to Apple's older "legacy" Filevault in the current release of MacOX Lion 10.7.3...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.64 views

VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break

VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break Derek Soeder [email protected] Reported: December 5, 2011 Published: May 3, 2012 AFFECTED VENDOR --------------- VMware, Inc. AFFECTED ENVIRONMENTS --------------------- The following VMware product versions ar...

9CVSS1.5AI score0.02458EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.23 views

Android information leakage

All local applications have unrestricted /proce access and access to SQLite journal files...

2.5AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.73 views

Cross-Site Scripting (XSS) in Pivotx

Advisory ID: HTB23087 Product: Pivotx Vendor: pivotx.net Vulnerable Versions: 2.3.2 and probably prior Tested Version: 2.3.2 Vendor Notification: 18 April 2012 Vendor Patch: 18 April 2012 Public Disclosure: 9 May 2012 Vulnerability Type: Cross-Site Scripting XSS CVE Reference: CVE-2012-2274...

4.3CVSS6.1AI score0.03262EPSS
Exploits1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.249 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.09775EPSS
Exploits18References9Affected Software9
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.48 views

VMSA-2012-0009 VMware Workstation, Player, ESXi and ESX patches address critical security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0009 Synopsis: VMware Workstation, Player, ESXi and ESX patches address critical security issues Issue date: 2012-05-03 Updated on:...

9CVSS9.3AI score0.03505EPSS
Exploits1
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.41 views

rssh security announcement

rssh is a shell for restricting SSH access to a machine to only scp, sftp, or a small set of similar applications. http://www.pizzashack.org/rssh/ Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. ...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.57 views

HPSBMU02771 SSRT100558 rev.1 - HP SNMP Agents for Linux, Remote Cross Site Scripting (XSS), URL Redirection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03301854 Version: 1 HPSBMU02771 SSRT100558 rev.1 - HP SNMP Agents for Linux, Remote Cross Site Scripting XSS, URL Redirection NOTICE: The information in this Security Bulletin should be acted upo...

8.3CVSS0.3AI score0.04333EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.86 views

[CVE-2012-1002] OpenConf <= 4.11 (author/edit.php) Blind SQL Injection Vulnerability

-------------------------------------------------------------------- OpenConf = 4.11 author/edit.php Blind SQL Injection Vulnerability -------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...

10CVSS0.8AI score0.04737EPSS
Exploits6
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.29 views

Adobe Shockwave Player multiple security vulnerabilities

Multiple memory corruptions...

10CVSS2.4AI score0.18339EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.47 views

[CAL-2011-0073]CVE-2012-2028 Adobe Photoshop parsing TIF heap buffer overflow vulnerability

hi dear, today, adobe publiced a bulletins about adboe photoshop. http://www.adobe.com/support/security/bulletins/apsb12-11.html nine8 of code audit labs of vulnhunt.com with "vulnhunt Fuzzing" discovered a vulnerability named CVE: CVE-2012-2028. more details see...

9.3CVSS1.3AI score0.07039EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.25 views

Adobe Flash Professional buffer overflow

Buffer overflow on files processing...

10CVSS3.6AI score0.11071EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.42 views

Adobe Illustrator multiple security vulnerabilities

Multiple memory corruptions on file processing...

10CVSS2AI score0.15165EPSS
Exploits1
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.63 views

Adobe Flash Player memory corruption

Memory corruption due to invalid objects handling...

9.3CVSS1.7AI score0.85698EPSS
Exploits10Affected Software1
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.47 views

[CAL-2011-0073]CVE-2012-2028 Adobe Photoshop parsing TIF heap buffer overflow vulnerability

hi dear, today, adobe publiced a bulletins about adboe photoshop. http://www.adobe.com/support/security/bulletins/apsb12-11.html nine8 of code audit labs of vulnhunt.com with "vulnhunt Fuzzing" discovered a vulnerability named CVE: CVE-2012-2028. more details see...

9.3CVSS1.3AI score0.07039EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.62 views

CORE-2011-1123: Windows Kernel ReadLayoutFile Heap Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Windows Kernel ReadLayoutFile Heap Overflow 1. Advisory Information Title: Windows Kernel ReadLayoutFile Heap Overflow Advisory ID: CORE-2011-1123 Advisory URL:...

7.2CVSS6.2AI score0.03401EPSS
Exploits1
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.53 views

Adobe Shockwave Player Remote Code Execution (CVE-2012-2031)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Qualys Vulnerability & Malware Research Labs VMRL http://www.dissect.pe Memory corruption when Adobe Shockwave Player parses .dir media file CVE-2012-2031 INTRODUCTION Adobe Shockwave Player is the Adobe plugin to many different browsers to view...

10CVSS0.8AI score0.18339EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.48 views

Adobe Shockwave Player Remote Code Execution (CVE-2012-2030)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Qualys Vulnerability & Malware Research Labs VMRL http://www.dissect.pe Memory corruption when Adobe Shockwave Player parses .dir media file CVE-2012-2030 INTRODUCTION Adobe Shockwave Player is the Adobe plugin to many different browsers to view...

10CVSS0.7AI score0.06238EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.57 views

Adobe Shockwave Player Remote Code Execution (CVE-2012-2029)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Qualys Vulnerability & Malware Research Labs VMRL http://www.dissect.pe Memory corruption when Adobe Shockwave Player parses .dir media file CVE-2012-2029 INTRODUCTION Adobe Shockwave Player is the Adobe plugin to many different browsers to view...

10CVSS1.6AI score0.06321EPSS
Exploits0
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.34 views

Apple iOS multiple security vulnerabilities

URL spoofing, crossite scripting, memory corruptions...

10CVSS1.5AI score0.04871EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.92 views

APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update iOS 5.1.1 Software Update is now available and addresses the following: Safari Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch 3rd generation and later, iPad, iPad 2 Impact: A maliciously...

10CVSS0.2AI score0.04871EPSS
Exploits1
securityvulns
securityvulns
added 2012/05/09 12:0 a.m.76 views

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Multiple memory corruptions in main code and different libraries, crossite scripting, information leakage...

10CVSS2.3AI score0.10098EPSS
Exploits3Affected Software5
securityvulns
securityvulns
added 2012/05/01 12:0 a.m.42 views

NGS00140 Technical Advisory: Websense Triton 7.6 - unauthenticated remote command execution as SYSTEM

======= Summary ======= Name: Websense Triton 7.6 Unauthenticated remote command execution as SYSTEM Release Date: 30 April 2012 Reference: NGS00140 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: Critical Status: Published ========...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/05/01 12:0 a.m.41 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.09432EPSS
Exploits7References17Affected Software12
securityvulns
securityvulns
added 2012/05/01 12:0 a.m.90 views

Opera / Mozilla / Internet Explorer DoS

Large number of nested tags leads to buffer overflow...

2.9AI score
Exploits0References2Affected Software3
securityvulns
securityvulns
added 2012/05/01 12:0 a.m.38 views

McAfee Virtual Technician ActiveX code execution

GetObject unsafe function...

3.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/05/01 12:0 a.m.57 views

PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities

Exploit Title: PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities Date: 04/21/12 Author: G13 Twitter: @g13net Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Category: webapp php ToC 0x01 Description 0x02 XSS 0x03 SQL Injection 0x04 Vendor Notification 0x01...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/05/01 12:0 a.m.54 views

DIY CMS v1.0 Poll - Multiple Web Vulnerabilities

Title: ====== DIY CMS v1.0 Poll - Multiple Web Vulnerabilities Date: ===== 2012-04-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=518 VL-ID: ===== 518 Introduction: ============= Do It Yourslef Content Management System is a feature-rich, php-built, mysql-based,...

0.4AI score
Exploits0
Total number of security vulnerabilities47153