Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•33 views

NGS00118 Technical Advisory: Symantec pcAnywhere Remote Code Execution as SYSTEM

======= Summary ======= Name: Symantec pcAnywhere Remote Code Execution Preauth Release Date: 30 April 2012 Reference: NGS00118 Discoverer: Edward Torkington [email protected] Vendor: Symantec Vendor Reference: Systems Affected: Symantec pcAnywhere 12.5.x IT Management Suite 7.0...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•36 views

Oracle TNS Poison vulnerability is actually a 0day with no patch available

Hi all, Short history: The remote pre-authenticated vulnerability with CVSS2 10 I published some days ago 1, the vulnerability I called Oracle TNS Poison reported to vendor in 2008, is a 0day affecting all database versions from 8i to 11g R2. There is no patch at all for this vulnerability and...

6.8AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•49 views

C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability

Title: ====== C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Date: ===== 2012-04-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=484 VL-ID: ===== 484 Introduction: ============= XPhone Unified Communications 2011 ist die leistungsstarkste Telefonie- und...

Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•43 views

DoS vulnerabilities in Firefox, Internet Explorer and Opera

Hello 3APA3A! I want to warn you about Denial of Service vulnerability in Mozilla Firefox, Internet Explorer and Opera. Earlier there was published DoS vulnerability in browser Opera 10.10 found by Inj3ct0r http://securityvulns.com/news/Opera/1002.html. And some time ago I've checked this exploit...

1.2AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•62 views

Car Portal CMS v3.0 - Multiple Web Vulnerabilities

Title: ====== Car Portal CMS v3.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=502 VL-ID: ===== 502 Introduction: ============= Car Portal is a php software product for running auto classifieds websites. It provid...

Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•61 views

NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI

======= Summary ======= Name: Websense Triton 7.6 stored XSS in report management UI Release Date: 30 April 2012 Reference: NGS00141 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine ========...

6.1AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•75 views

DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities

Title: ====== DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities Date: ===== 2012-04-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=509 VL-ID: ===== 509 Introduction: ============= DirectAdmin is a graphical web-based web hosting control panel designed to make...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•121 views

Re: The history of a -probably- 13 years old Oracle bug: TNS Poison

I wanted to comment on the workarounds for this problem: 1 Setting SQLNET.ENCRYPTIONSERVER=REQUIRED on the server is not enough to protect you. To avoid "man in the middle" attacks, you need to have an SSL certificate on the server and SSLSERVERDNMATCH=TRUE in the client's sqlnet.ora. 2 Another w...

1.5AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•2070 views

mysqldumper1.24.4_LFI_XSS_CSRF_PHPEXEC_TRAVERSAL_INFO_DISCLOS

================================================================================================ Vulnerable Software: MySQLDumper Version 1.24.4 Downloaded from: http://sourceforge.net/projects/mysqldumper/files/ MD5 SUM: b62357a0d5bbb43779d16427c30966a1 MySQLDumper1.24.4.zip...

8.2AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•67 views

Pritlog v0.821 CMS - Multiple Web Vulnerabilities

Title: ====== Pritlog v0.821 CMS - Multiple Web Vulnerabilities Date: ===== 2012-04-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=534 VL-ID: ===== 534 Introduction: ============= PRITLOG is an extremely simple, small 500K uncompressed and powerful blog system. It...

7.8AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•56 views

Opial CMS v2.0 - Multiple Web Vulnerabilities

Title: ====== Opial CMS v2.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=522 VL-ID: ===== 522 Introduction: ============= Opial lets you create audio mp3/ram/rm/avi/mpg/wav/ai f or any other format audio/video...

0.8AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•75 views

Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress WPsc-MijnPress plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Exploit Title : Wordpress WPsc-MijnPress plugin Cross-Site Scripting Vulnerabilities Author : BHG Security Center - IrIsT Security Team Discovered By : Am!r Home : http://Black-hg.Org -...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•30 views

Symantec PCAnywhere multiple security vulnerabilities

Code execution, privilege escalation...

10CVSS3.3AI score0.39308EPSS
Exploits10References5Affected Software2
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•47 views

IA, CSRF and FPD vulnerabilities in Organizer for WordPress

Hello 3APA3A! I want to warn you about multiple new security vulnerabilities in plugin Organizer for WordPress. This is the third in series of advisories concerning vulnerabilities in this plugin. These are Insufficient Authorization, Cross-Site Request Forgery and Full path disclosure...

0.1AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•100 views

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject() Security Bypass Remote Code Execution Vulnerability

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject Security Bypass Remote Code Execution Vulnerability tested against: Microsoft Windows Vista sp2 Microsoft Windows 2003 r2 sp2 Internet Explorer 7/8/9 product homepage:...

1.4AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•48 views

NGS00117 Technical Advisory: Symantec pcAnywhere insecure file permissions local privilege escalation

======= Summary ======= Name: Symantec pcAnywhere insecure file permissions local privilege escalation Release Date: 30 April 2012 Reference: NGS00117 Discoverer: Edward Torkington [email protected] Vendor: Symantec Vendor Reference: Systems Affected: Symantec pcAnywhere 12.5.x IT...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•60 views

NGS00107 Patch Notification: Oracle Grid Engine sgepasswd Buffer Overflow

High Risk Vulnerability Oracle Grid Engine 30 April 2012 Edward Torkington of NGS Secure has discovered a High risk vulnerability in Oracle Grid Engine Impact: sgepasswd Buffer Overflow Versions affected: version 62u7 This has been addresses as part of oracle April update:...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•46 views

PHP Volunteer Management (get_messages.php) SQL Injection Vulnerabilities

Title: PHP Volunteer Management getmessages.php SQL Injection Vulnerabilities Author: eidelweiss Twitter: @AriosRandy Website: www.eidelweiss.info Software Site: https://sourceforge.net/projects/phpvolunteer/ Version: 1.0.2 Category: webapp php Greetz: Devilzc0de, exploit-db, G13 first vuln...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•45 views

[SECURITY] [DSA 2461-1] spip security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2461-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 26, 2012 http://www.debian.org/security/faq -...

0.9AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•72 views

NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI

======= Summary ======= Name: Websense Triton 7.6 Authentication-bypass in report management UI Release Date: 30 April 2012 Reference: NGS00138 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine...

7AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•153 views

C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability

Title: ====== C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability Date: ===== 2012-04-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=484 VL-ID: ===== 484 Introduction: ============= XPhone Unified Communications 2011 ist die leistungsstarkste Telefonie- und...

Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•52 views

Imagemagic multiple security vulnerabilities

Buffer overflows, insufficient user supplied data validation...

9.3CVSS3.2AI score0.29677EPSS
Exploits1References1
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•61 views

[SECURITY] [DSA 2462-1] imagemagick security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2462-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 29, 2012 http://www.debian.org/security/faq -...

9.3CVSS2.8AI score0.29677EPSS
Exploits1
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•78 views

NGS00137 Technical Advisory: Websense Triton 7.6 - reflected XSS in report management UI

======= Summary ======= Name: Websense Triton 7.6 reflected XSS in report management UI Release Date: 30 April 2012 Reference: NGS00137 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: Medium Status: Fixed ======== TimeLine ========...

6.6AI score
Exploits0
securityvulns
securityvulns
•added 2012/05/01 12:0 a.m.•105 views

[ MDVSA-2012:065 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:065 http://www.mandriva.com/security/ Package : php Date : April 27, 2012 Affected: 2010.1, 2011. Problem Description: Multiple vulnerabilities has been identified and fixed in php: The PDORow implementation...

7.5CVSS10AI score0.83911EPSS
Exploits21
securityvulns
securityvulns
•added 2012/04/26 12:0 a.m.•41 views

XSS, CSRF and AFU vulnerabilities in Organizer for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Organizer for WordPress. This is the second in series of advisories concerning vulnerabilities in this plugin. These are Cross-Site Scripting reflected and persistent, Cross-Site Request Forgery and Arbitrary File...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2012/04/26 12:0 a.m.•29 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.09432EPSS
Exploits7References2Affected Software2
securityvulns
securityvulns
•added 2012/04/26 12:0 a.m.•285 views

Linux kernel multiple security vulnerabilities

DoS, information leakage, privilege escalation...

10CVSS2.5AI score0.03431EPSS
Exploits10References2Affected Software1
securityvulns
securityvulns
•added 2012/04/26 12:0 a.m.•34 views

NVidia Linux / Unix drivers privilege escalation

Kernel memory access is possible...

4.6CVSS5.9AI score0.00725EPSS
Exploits0
securityvulns
securityvulns
•added 2012/04/26 12:0 a.m.•112 views

[USN-1406-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1406-1 March 27, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

10CVSS6.6AI score0.01014EPSS
Exploits4
securityvulns
securityvulns
•added 2012/04/26 12:0 a.m.•58 views

Multiple vulnerabilities in Piwigo

Advisory ID: HTB23085 Product: Piwigo Vendor: Piwigo project Vulnerable Versions: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 4 April 2012 Vendor Patch: 8 April 2012 Public Disclosure: 25 April 2012 Vulnerability Type: Directory Path Traversal, Cross-Site Scripting XSS CVE...

7.5CVSS0.1AI score0.09432EPSS
Exploits7
securityvulns
securityvulns
•added 2012/04/26 12:0 a.m.•53 views

[USN-1413-1] Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1413-1 March 29, 2012 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

4CVSS0.6AI score0.02073EPSS
Exploits1
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•42 views

RuggedCom SCADA equipment backdoor

RuggedCom's Rugged Operating System backdoor account...

8.5CVSS2.3AI score0.49114EPSS
Exploits8References1
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•32 views

HP ProCurve switches compact flash cards virus

Some of the devices contain virus on compact flash card...

1.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•31 views

Android information leak

---------------------------- Vulnerability Description ---------------------------- We found that any android application can read all world-readable files in the "/proc" directory without specifying any permissions in their manifest files. This can leak sensitive information. For example, if the...

6.7AI score
Exploits0
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•34 views

AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver

Asterisk Project Security Advisory - AST-2012-005 Product Asterisk Summary Heap Buffer Overflow in Skinny Channel Driver Nature of Advisory Exploitable Heap Buffer Overflow Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On March 26, 2012 Reported By Russell...

0.5AI score
Exploits0
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•87 views

OpenSSL memory corruption

Memory corruption in asn1d2ireadbio/SMIMEreadPKCS7/SMIMEreadCMS...

7.5CVSS1.8AI score0.48298EPSS
Exploits8References2Affected Software1
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•27 views

Astaro Command Center crossite scripting

Multiple crossite scripting vulnerabilities...

2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•54 views

Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities

Title: ====== Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=8 VL-ID: ===== 8 Introduction: ============= Das Astaro Security Gateway 625 wurde speziell fur den Schutz gro?er Unternehm...

7AI score
Exploits0
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•58 views

ChurchCMS 0.0.1 'admin.php' Multiple SQLi

Exploit Title: ChurchCMS 0.0.1 'admin.php' Multiple SQLi Date: 04/21/12 Author: G13 Twitter: @g13net Software Link: http://sourceforge.net/projects/churchcms/?source=directory Version: 0.0.1 Category: webapps php Description ChurchCMS is the software to place on your church's website that is easi...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•80 views

VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0007 Synopsis: VMware hosted products and ESXi/ESX patches address privilege escalation Issue date: 2012-04-12 Updated on: 2012-04-...

8.3CVSS6.4AI score0.01719EPSS
Exploits1
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•46 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score0.79764EPSS
Exploits15References3Affected Software1
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•65 views

TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer

Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow a...

0.5AI score0.04247EPSS
Exploits10
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•18 views

Astaro Security Gateway crossite scripting

Multiple crossite scripting possibilities...

1.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•233 views

RuggedCom - Backdoor Accounts in my SCADA network? You don't say...

Title: Undocumented Backdoor Access to RuggedCom Devices Author: jc Organization: JC CREW Date: April 23, 2012 CVE: CVE-2012-1803 Background: RuggedCom is one of a handful of networking vendors who capitalize on the market for "Industrial Strength" and "Hardened" networking equipment. You'll find...

8.5CVSS0.9AI score0.49114EPSS
Exploits8
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•29 views

Plixer Scrutinizer NetFlow and sFlow Analyzer multiple security vulnerabilities

Authentication bypass, SQL injection, crossite scripting...

2.7AI score0.04247EPSS
Exploits10References1Affected Software1
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•37 views

VMWare ESXi / ESX weak permissions

VMWare Tools folder weak permissions...

8.3CVSS2.3AI score0.01719EPSS
Exploits1References1Affected Software5
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•26 views

AST-2012-004: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2012-004 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On February 23, 2011 Reported By David Woolley...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•54 views

PHP Ticket System Beta 1 'p' SQL Injection

Exploit Title: PHP Ticket System Beta 1 'p' SQL Injection Date: 04/16/12 Author: G13 Twitter: @g13net Software Site: http://sourceforge.net/projects/phpticketsystem/ Version: Beta 1 Category: webapp php Description PHP Ticket System is a small PHP MySQL trouble ticket or work ordersystem that is ...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2012/04/24 12:0 a.m.•81 views

[ MDVSA-2012:064 ] openssl0.9.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:064 http://www.mandriva.com/security/ Package : openssl0.9.8 Date : April 24, 2012 Affected: 2010.1 Problem Description: It was discovered that the fix for CVE-2012-2110 MDVSA-2012:060 was not sufficient to...

7.5CVSS7.8AI score0.48298EPSS
Exploits8
Total number of security vulnerabilities47153