Securityvulns - Page 142 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2012/05/01 12:0 a.m.•56 views

PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities

Exploit Title: PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities Date: 04/21/12 Author: G13 Twitter: @g13net Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Category: webapp php ToC 0x01 Description 0x02 XSS 0x03 SQL Injection 0x04 Vendor Notification 0x01...

securityvulns•added 2012/05/01 12:0 a.m.•60 views

NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI

======= Summary ======= Name: Websense Triton 7.6 stored XSS in report management UI Release Date: 30 April 2012 Reference: NGS00141 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine ========...

securityvulns•added 2012/05/01 12:0 a.m.•152 views

C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability

Title: ====== C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Date: ===== 2012-04-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=484 VL-ID: ===== 484 Introduction: ============= XPhone Unified Communications 2011 ist die leistungsstarkste Telefonie- und...

securityvulns•added 2012/05/01 12:0 a.m.•47 views

NGS00117 Technical Advisory: Symantec pcAnywhere insecure file permissions local privilege escalation

======= Summary ======= Name: Symantec pcAnywhere insecure file permissions local privilege escalation Release Date: 30 April 2012 Reference: NGS00117 Discoverer: Edward Torkington [email protected] Vendor: Symantec Vendor Reference: Systems Affected: Symantec pcAnywhere 12.5.x IT...

securityvulns•added 2012/05/01 12:0 a.m.•74 views

DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities

Title: ====== DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities Date: ===== 2012-04-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=509 VL-ID: ===== 509 Introduction: ============= DirectAdmin is a graphical web-based web hosting control panel designed to make...

securityvulns•added 2012/05/01 12:0 a.m.•90 views

Opera / Mozilla / Internet Explorer DoS

Large number of nested tags leads to buffer overflow...

Exploits0References2Affected Software3

securityvulns•added 2012/05/01 12:0 a.m.•40 views

NGS00140 Technical Advisory: Websense Triton 7.6 - unauthenticated remote command execution as SYSTEM

======= Summary ======= Name: Websense Triton 7.6 Unauthenticated remote command execution as SYSTEM Release Date: 30 April 2012 Reference: NGS00140 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: Critical Status: Published ========...

securityvulns•added 2012/05/01 12:0 a.m.•65 views

Pritlog v0.821 CMS - Multiple Web Vulnerabilities

Title: ====== Pritlog v0.821 CMS - Multiple Web Vulnerabilities Date: ===== 2012-04-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=534 VL-ID: ===== 534 Introduction: ============= PRITLOG is an extremely simple, small 500K uncompressed and powerful blog system. It...

securityvulns•added 2012/05/01 12:0 a.m.•74 views

Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress WPsc-MijnPress plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Exploit Title : Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities Author : BHG Security Center - IrIsT Security Team Discovered By : Am!r Home : http://Black-hg.Org -...

securityvulns•added 2012/05/01 12:0 a.m.•53 views

DIY CMS v1.0 Poll - Multiple Web Vulnerabilities

Title: ====== DIY CMS v1.0 Poll - Multiple Web Vulnerabilities Date: ===== 2012-04-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=518 VL-ID: ===== 518 Introduction: ============= Do It Yourslef Content Management System is a feature-rich, php-built, mysql-based,...

securityvulns•added 2012/05/01 12:0 a.m.•49 views

C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability

Title: ====== C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Date: ===== 2012-04-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=484 VL-ID: ===== 484 Introduction: ============= XPhone Unified Communications 2011 ist die leistungsstarkste Telefonie- und...

securityvulns•added 2012/05/01 12:0 a.m.•57 views

NGS00107 Patch Notification: Oracle Grid Engine sgepasswd Buffer Overflow

High Risk Vulnerability Oracle Grid Engine 30 April 2012 Edward Torkington of NGS Secure has discovered a High risk vulnerability in Oracle Grid Engine Impact: sgepasswd Buffer Overflow Versions affected: version 62u7 This has been addresses as part of oracle April update:...

securityvulns•added 2012/05/01 12:0 a.m.•103 views

[ MDVSA-2012:065 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:065 http://www.mandriva.com/security/ Package : php Date : April 27, 2012 Affected: 2010.1, 2011. Problem Description: Multiple vulnerabilities has been identified and fixed in php: The PDORow implementation...

7.5CVSS10AI score0.86573EPSS

securityvulns•added 2012/05/01 12:0 a.m.•99 views

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject() Security Bypass Remote Code Execution Vulnerability

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject Security Bypass Remote Code Execution Vulnerability tested against: Microsoft Windows Vista sp2 Microsoft Windows 2003 r2 sp2 Internet Explorer 7/8/9 product homepage:...

securityvulns•added 2012/05/01 12:0 a.m.•71 views

NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI

======= Summary ======= Name: Websense Triton 7.6 Authentication-bypass in report management UI Release Date: 30 April 2012 Reference: NGS00138 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine...

securityvulns•added 2012/05/01 12:0 a.m.•47 views

IA, CSRF and FPD vulnerabilities in Organizer for WordPress

Hello 3APA3A! I want to warn you about multiple new security vulnerabilities in plugin Organizer for WordPress. This is the third in series of advisories concerning vulnerabilities in this plugin. These are Insufficient Authorization, Cross-Site Request Forgery and Full path disclosure...

securityvulns•added 2012/05/01 12:0 a.m.•77 views

NGS00137 Technical Advisory: Websense Triton 7.6 - reflected XSS in report management UI

======= Summary ======= Name: Websense Triton 7.6 reflected XSS in report management UI Release Date: 30 April 2012 Reference: NGS00137 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: Medium Status: Fixed ======== TimeLine ========...

securityvulns•added 2012/05/01 12:0 a.m.•42 views

[SECURITY] [DSA 2461-1] spip security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2461-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 26, 2012 http://www.debian.org/security/faq -...

securityvulns•added 2012/05/01 12:0 a.m.•40 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.061EPSS

Exploits7References17Affected Software12

securityvulns•added 2012/05/01 12:0 a.m.•30 views

Symantec PCAnywhere multiple security vulnerabilities

Code execution, privilege escalation...

10CVSS3.3AI score0.56994EPSS

Exploits10References5Affected Software2

securityvulns•added 2012/05/01 12:0 a.m.•51 views

Imagemagic multiple security vulnerabilities

Buffer overflows, insufficient user supplied data validation...

9.3CVSS3.2AI score0.01936EPSS

Exploits1References1

securityvulns•added 2012/05/01 12:0 a.m.•46 views

PHP Volunteer Management (get_messages.php) SQL Injection Vulnerabilities

Title: PHP Volunteer Management getmessages.php SQL Injection Vulnerabilities Author: eidelweiss Twitter: @AriosRandy Website: www.eidelweiss.info Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Category: webapp php Greetz: Devilzc0de, exploit-db, G13 first vuln...

securityvulns•added 2012/05/01 12:0 a.m.•118 views

Re: The history of a -probably- 13 years old Oracle bug: TNS Poison

I wanted to comment on the workarounds for this problem: 1 Setting SQLNET.ENCRYPTIONSERVER=REQUIRED on the server is not enough to protect you. To avoid "man in the middle" attacks, you need to have an SSL certificate on the server and SSLSERVERDNMATCH=TRUE in the client's sqlnet.ora. 2 Another w...

securityvulns•added 2012/05/01 12:0 a.m.•55 views

Opial CMS v2.0 - Multiple Web Vulnerabilities

Title: ====== Opial CMS v2.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=522 VL-ID: ===== 522 Introduction: ============= Opial lets you create audio mp3/ram/rm/avi/mpg/wav/ai f or any other format audio/video...

securityvulns•added 2012/05/01 12:0 a.m.•2066 views

mysqldumper1.24.4_LFI_XSS_CSRF_PHPEXEC_TRAVERSAL_INFO_DISCLOS

================================================================================================ Vulnerable Software: MySQLDumper Version 1.24.4 Downloaded from: http://sourceforge.net/projects/mysqldumper/files/ MD5 SUM: b62357a0d5bbb43779d16427c30966a1 MySQLDumper1.24.4.zip...

securityvulns•added 2012/04/26 12:0 a.m.•106 views

[USN-1406-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1406-1 March 27, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

10CVSS6.6AI score0.0078EPSS

securityvulns•added 2012/04/26 12:0 a.m.•40 views

XSS, CSRF and AFU vulnerabilities in Organizer for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Organizer for WordPress. This is the second in series of advisories concerning vulnerabilities in this plugin. These are Cross-Site Scripting reflected and persistent, Cross-Site Request Forgery and Arbitrary File...

securityvulns•added 2012/04/26 12:0 a.m.•54 views

Multiple vulnerabilities in Piwigo

Advisory ID: HTB23085 Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 4 April 2012 Vendor Patch: 8 April 2012 Public Disclosure: 25 April 2012 Vulnerability Type: Directory Path Traversal, Cross-Site Scripting XSS CVE...

7.5CVSS0.1AI score0.061EPSS

securityvulns•added 2012/04/26 12:0 a.m.•284 views

Linux kernel multiple security vulnerabilities

DoS, information leakage, privilege escalation...

10CVSS2.5AI score0.03356EPSS

Exploits10References2Affected Software1

securityvulns•added 2012/04/26 12:0 a.m.•28 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.061EPSS

Exploits7References2Affected Software2

securityvulns•added 2012/04/26 12:0 a.m.•51 views

[USN-1413-1] Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1413-1 March 29, 2012 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

4CVSS0.6AI score0.00475EPSS

securityvulns•added 2012/04/26 12:0 a.m.•34 views

NVidia Linux / Unix drivers privilege escalation

Kernel memory access is possible...

4.6CVSS5.9AI score0.00107EPSS

securityvulns•added 2012/04/24 12:0 a.m.•54 views

PHP Ticket System Beta 1 'p' SQL Injection

Exploit Title: PHP Ticket System Beta 1 'p' SQL Injection Date: 04/16/12 Author: G13 Twitter: @g13net Software Site: http://sourceforge.net/projects/phpticketsystem/ Version: Beta 1 Category: webapp php Description PHP Ticket System is a small PHP MySQL trouble ticket or work ordersystem that is ...

securityvulns•added 2012/04/24 12:0 a.m.•86 views

OpenSSL memory corruption

Memory corruption in asn1d2ireadbio/SMIMEreadPKCS7/SMIMEreadCMS...

7.5CVSS1.8AI score0.08744EPSS

Exploits8References2Affected Software1

securityvulns•added 2012/04/24 12:0 a.m.•43 views

Astaro Command Center v2.x - Multiple Web Vulnerabilities

Title: ====== Astaro Command Center v2.x - Multiple Web Vulnerabilities Date: ===== 2012-04-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=4 VL-ID: ===== 4 Introduction: ============= We are pleased to announce the General Availability of the Astaro Command Center...

securityvulns•added 2012/04/24 12:0 a.m.•30 views

HP ProCurve switches compact flash cards virus

Some of the devices contain virus on compact flash card...

Exploits0References1Affected Software1

securityvulns•added 2012/04/24 12:0 a.m.•27 views

Astaro Command Center crossite scripting

Multiple crossite scripting vulnerabilities...

Exploits0References1Affected Software1

securityvulns•added 2012/04/24 12:0 a.m.•42 views

RuggedCom SCADA equipment backdoor

RuggedCom's Rugged Operating System backdoor account...

8.5CVSS2.3AI score0.63489EPSS

Exploits8References1

securityvulns•added 2012/04/24 12:0 a.m.•53 views

Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities

Title: ====== Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=8 VL-ID: ===== 8 Introduction: ============= Das Astaro Security Gateway 625 wurde speziell fur den Schutz gro?er Unternehm...

securityvulns•added 2012/04/24 12:0 a.m.•30 views

Android information leak

---------------------------- Vulnerability Description ---------------------------- We found that any android application can read all world-readable files in the "/proc" directory without specifying any permissions in their manifest files. This can leak sensitive information. For example, if the...

securityvulns•added 2012/04/24 12:0 a.m.•43 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score0.88725EPSS

Exploits15References3Affected Software1

securityvulns•added 2012/04/24 12:0 a.m.•33 views

AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver

Asterisk Project Security Advisory - AST-2012-005 Product Asterisk Summary Heap Buffer Overflow in Skinny Channel Driver Nature of Advisory Exploitable Heap Buffer Overflow Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On March 26, 2012 Reported By Russell...

securityvulns•added 2012/04/24 12:0 a.m.•49 views

[security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03249176 Version: 1 HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus NOTICE: The information in this Security Bulletin should be acted upon as soon as possible...

3.7CVSS0.4AI score0.01138EPSS

securityvulns•added 2012/04/24 12:0 a.m.•64 views

TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer

Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow a...

0.5AI score0.14324EPSS

securityvulns•added 2012/04/24 12:0 a.m.•229 views

RuggedCom - Backdoor Accounts in my SCADA network? You don't say...

Title: Undocumented Backdoor Access to RuggedCom Devices Author: jc Organization: JC CREW Date: April 23, 2012 CVE: CVE-2012-1803 Background: RuggedCom is one of a handful of networking vendors who capitalize on the market for "Industrial Strength" and "Hardened" networking equipment. You'll find...

8.5CVSS0.9AI score0.63489EPSS

securityvulns•added 2012/04/24 12:0 a.m.•81 views

[ MDVSA-2012:064 ] openssl0.9.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:064 http://www.mandriva.com/security/ Package : openssl0.9.8 Date : April 24, 2012 Affected: 2010.1 Problem Description: It was discovered that the fix for CVE-2012-2110 MDVSA-2012:060 was not sufficient to...

7.5CVSS7.8AI score0.08744EPSS

securityvulns•added 2012/04/24 12:0 a.m.•28 views

Plixer Scrutinizer NetFlow and sFlow Analyzer multiple security vulnerabilities

Authentication bypass, SQL injection, crossite scripting...

2.7AI score0.14324EPSS

Exploits10References1Affected Software1

securityvulns•added 2012/04/24 12:0 a.m.•76 views

VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0007 Synopsis: VMware hosted products and ESXi/ESX patches address privilege escalation Issue date: 2012-04-12 Updated on: 2012-04-...

8.3CVSS6.4AI score0.00908EPSS

securityvulns•added 2012/04/24 12:0 a.m.•26 views

AST-2012-004: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2012-004 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On February 23, 2011 Reported By David Woolley...

securityvulns•added 2012/04/24 12:0 a.m.•32 views

InspIRCd buffer overflow

Buffer overflow on DNS request processing...

7.5CVSS4.1AI score0.06354EPSS

Exploits1References1Affected Software1

Total number of security vulnerabilities47153