Securityvulns - Page 143 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2012/04/24 12:0 a.m.•25 views

AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver

Asterisk Project Security Advisory - AST-2012-006 Product Asterisk Summary Remote Crash Vulnerability in SIP Channel Driver Nature of Advisory Remote Crash Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On April 16, 2012 Reported By Thomas Arimont Posted...

securityvulns•added 2012/04/24 12:0 a.m.•18 views

Astaro Security Gateway crossite scripting

Multiple crossite scripting possibilities...

Exploits0References1Affected Software1

securityvulns•added 2012/04/24 12:0 a.m.•34 views

VMWare ESXi / ESX weak permissions

VMWare Tools folder weak permissions...

8.3CVSS2.3AI score0.00908EPSS

Exploits1References1Affected Software5

securityvulns•added 2012/04/24 12:0 a.m.•23 views

Asterisk multiple security vulnerabilities

Buffer overflow on Skinny processing, DoS via SIP, Asterisk Manager code execution...

Exploits0References3Affected Software1

securityvulns•added 2012/04/24 12:0 a.m.•76 views

WebCalendar <= 1.2.4 Two Security Vulnerabilities

------------------------------------------------- WebCalendar = 1.2.4 Two Security Vulnerabilities ------------------------------------------------- author..........: Egidio Romano aka EgiX mail............: n0b0d13satgmaildotcom software link...: https://sourceforge.net/projects/webcalendar/ -...

securityvulns•added 2012/04/24 12:0 a.m.•57 views

ChurchCMS 0.0.1 'admin.php' Multiple SQLi

Exploit Title: ChurchCMS 0.0.1 'admin.php' Multiple SQLi Date: 04/21/12 Author: G13 Twitter: @g13net Software Link: http://sourceforge.net/projects/churchcms/?source=directory Version: 0.0.1 Category: webapps php Description ChurchCMS is the software to place on your church's website that is easi...

securityvulns•added 2012/04/24 12:0 a.m.•52 views

[SECURITY] [DSA 2448-1] inspircd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2448-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire April 10, 2012 http://www.debian.org/security/faq -...

7.5CVSS3.8AI score0.06354EPSS

securityvulns•added 2012/04/23 12:0 a.m.•77 views

Havalite CMS v1.0.4 - Multiple Web Vulnerabilities

Title: ====== Havalite CMS v1.0.4 - Multiple Web Vulnerabilities Date: ===== 2012-04-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=520 VL-ID: ===== 520 Introduction: ============= Havalite, a lightweight, open source CMS, based on php and SQLite. It's licensed unde...

securityvulns•added 2012/04/23 12:0 a.m.•62 views

DokuWiki Ver.2012/01/25 CSRF Add User Exploit

DokuWiki Ver.2012/01/25 Latest Version CSRF Add User Exploit Discovered by : Khashayar Fereidani Team Website : HTTP://IRCRASH.COM IRCRASH Security Community Facebook : http://facebook.com/fereidani Twitter : https://twitter.com/!/IRCRASH Facebook Page :...

securityvulns•added 2012/04/23 12:0 a.m.•220 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.22328EPSS

Exploits28References45Affected Software32

securityvulns•added 2012/04/23 12:0 a.m.•72 views

[SECURITY] [DSA 2455-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2455-1 [email protected] http://www.debian.org/security/ Nico Golde April 20, 2012 http://www.debian.org/security/faq -...

4.3CVSS0.3AI score0.00503EPSS

securityvulns•added 2012/04/23 12:0 a.m.•34 views

Cyberoam Unified Threat Management security vulnerabilities

Command execution, information leakage...

Exploits0References3

securityvulns•added 2012/04/23 12:0 a.m.•136 views

Liferay 6.1 can be compromised in its default configuration

Liferay 6.1 can be compromised in its default configuration Description: Liferay Portal is an enterprise portal written in Java By utilizing the json webservices exposed by the platform you can register a new user with any role in the system, including the built in administrator role. The problem...

securityvulns•added 2012/04/23 12:0 a.m.•75 views

Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: When abusing the X-FORWARDED-FOR header, an attacker could bypass the lockout policy allowing a possible brute-force discovery o...

4.3CVSS6.4AI score0.00319EPSS

securityvulns•added 2012/04/23 12:0 a.m.•44 views

t3_dbtools_seditio_plugin_CSRF

====================================================================== Vulnerable software: T3 DB Tools Version 1.6 seditio database management plugin. Developed by : http://www.t3-design.com/t3-db-tools/ MD5 SUM: 8ab362601793e238f504783fd9953dd4 dbtools.rar...

securityvulns•added 2012/04/23 12:0 a.m.•50 views

XSS and Blind SQL Injection Vulnerabilities in ExponentCMS

Information -------------------- Name : XSS and Blind SQL Injection Vulnerabilities in ExponentCMS Software : ExponentCMS 2.0.5 and possibly below. Vendor Homepage : http://www.exponentcms.org Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Onur Y?lmaz...

securityvulns•added 2012/04/23 12:0 a.m.•72 views

[CVE-2012-1622] Apache OFBiz information disclosure vulnerability

CVE-2012-1622: Apache OFBiz 10.04 and later allows remote attackers to execute arbitrary code via unspecified vectors Severity: Critical Vendor: The Apache Software Foundation - Apache OFBiz ======Versions Affected====== Apache OFBiz 10.04 also known as 10.04.01 ======Description====== Apache OFB...

7.5CVSS7.6AI score0.02894EPSS

securityvulns•added 2012/04/23 12:0 a.m.•77 views

Multiple XSS vulnerabilities in XOOPS

Advisory ID: HTB23062 Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability Type: XSS Cross Site Scripting CVE References: CVE-2012-098...

4.3CVSS6AI score0.22328EPSS

securityvulns•added 2012/04/23 12:0 a.m.•131 views

[CVE-2012-1574] Apache Hadoop user impersonation vulnerability

Hello, Users of Apache Hadoop should be aware of a security vulnerability recently discovered, as described by the following CVE. In particular, please note the "Users affected", "Versions affected", and "Mitigation" sections. Best, Aaron -- Aaron T. Myers Software Engineer, Cloudera CVE-2012-157...

6.5CVSS1.6AI score0.00626EPSS

securityvulns•added 2012/04/23 12:0 a.m.•61 views

sfquickban_plugin_CSRF

================================================================ Vulnerable Software: SF - Quick Ban sfquickban version 1.0 is Plugin for Seditio CMS. http://www.seditioforge.com/plugins/administration/sf-quick-ban-i65.html http://www.seditioforge.com/page.php?id=65&a=dl MD5 SUM:...

securityvulns•added 2012/04/23 12:0 a.m.•70 views

Specially crafted webdav request allows reading of local files on liferay 6.0.x

Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from a liferay server. and echo these ba...

securityvulns•added 2012/04/23 12:0 a.m.•81 views

TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0

TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 Published: 2012/04/18 Version 1.0 Affected products: ownCloud version 3.0.0 others not tested http://owncloud.org References: TC-SA-2012-01 www.tele-consulting.com/advisories/TC-SA-2012-01.txt used for updates CVE-2012-2269 - XSS in...

5.8CVSS0.14329EPSS

securityvulns•added 2012/04/23 12:0 a.m.•43 views

XSS and FPD vulnerabilities in Organizer for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Organizer for WordPress. This is the first in series of advisories concerning vulnerabilities in this plugin. These are Cross-Site Scripting reflected and persistent and Full path disclosure vulnerabilities...

securityvulns•added 2012/04/23 12:0 a.m.•66 views

Chengdu Bureau of Commerce - SQL Injection Vulnerability

Title: ====== Chengdu Bureau of Commerce - SQL Injection Vulnerability Date: ===== 2012-04-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=312 VL-ID: ===== 312 Introduction: ============= May 20, by my bureau composed of 10 members, participated in by the Chinese...

securityvulns•added 2012/04/23 12:0 a.m.•68 views

CsForum v0.8 - Cross Site Scripting Vulnerability

Title: ====== CsForum v0.8 - Cross Site Scripting Vulnerability Date: ===== 2012-04-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=496 VL-ID: ===== 496 Introduction: ============= Forum very simple installation, this script is very light and yet it has several...

securityvulns•added 2012/04/23 12:0 a.m.•75 views

DoS vulnerability in WordPress

Hello 3APA3A! I want to warn you new about security vulnerability in WordPress. This is Denial of Service vulnerability. Which exists in security functionality, which protects against Abuse of Functionality vulnerability in WordPress, which I've disclosed in 2009 and which was not fixed correctly...

securityvulns•added 2012/04/23 12:0 a.m.•69 views

XSS in Kaseya version 6.2.0.0 web interface

Summary The Kaseya version 6.2.0.0 web interface and possibly other versions is vulnerable to Cross-Site Scripting in the "adminName" variable. 2. Description By submitting malicious input such as the following, it is possible to render javascript in the security context of the Kaseya server:...

securityvulns•added 2012/04/23 12:0 a.m.•96 views

Microsoft Windows multiple security vulnerabilities

MSCOMCTL.ocx code execution, .Net code execution, WinVerifyTrust digital signature validation vulnerability...

9.3CVSS2.7AI score0.94314EPSS

Exploits14References1Affected Software1

securityvulns•added 2012/04/23 12:0 a.m.•74 views

Netjuke 1.0 RC1 - SQL Injection Vulnerabilities

Title: ====== Netjuke 1.0 RC1 - SQL Injection Vulnerabilities Date: ===== 2012-04-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=506 VL-ID: ===== 506 Introduction: ============= The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database and all...

securityvulns•added 2012/04/23 12:0 a.m.•52 views

[waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin

waraxe-2012-SA085 - Reflected XSS in Uploadify Integration Wordpress plugin =============================================================================== Author: Janek Vind "waraxe" Date: 06. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-85.html Description of vulnerabl...

securityvulns•added 2012/04/23 12:0 a.m.•45 views

Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities

Title: ====== Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities Date: ===== 2012-04-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=504 VL-ID: ===== 504 Introduction: ============= Siche search v.0.5 for Zerboard is search module to known CMS named Zeroboard...

securityvulns•added 2012/04/23 12:0 a.m.•89 views

[waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0

waraxe-2012-SA086 - Local File Inclusion in Invision Power Board 3.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-86.html CVE:...

9.5AI score0.13027EPSS

securityvulns•added 2012/04/23 12:0 a.m.•48 views

seditio_PmOS_plugin_XSS_vuln

============================================================================ Vulnerable Software: PmOS - Pm Okuma Sistemi plugin for Seditio CMS. http://seditio-eklenti.com/datas/users/1-pmoku.rar MD5 SUM: 88235c2b4b0613bff87545d2d887f042 1-pmoku.rar...

securityvulns•added 2012/04/23 12:0 a.m.•76 views

Matterdaddy Market v1.1 - SQL Injection Vulnerabilities

Title: ====== Matterdaddy Market v1.1 - SQL Injection Vulnerabilities Date: ===== 2012-04-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=499 VL-ID: ===== 499 Introduction: ============= Matterdaddy Market is a application that allows you to run your own online...

securityvulns•added 2012/04/23 12:0 a.m.•73 views

Acuity CMS 2.6.x <= Cross Site Scripting

OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION...

securityvulns•added 2012/04/23 12:0 a.m.•34 views

New XSS vulnerabilities in Register Plus Redux for WordPress

Hello 3APA3A! I want to warn you new about security vulnerabilities in Register Plus Redux for WordPress. These are Cross-Site Scripting vulnerabilities. After finding and fixing of 36 vulnerabilities in plugin Register Plus Redux in the end of previous year, I've released my version of the plugi...

securityvulns•added 2012/04/23 12:0 a.m.•49 views

phpMyBible 0.5.1 Mutiple XSS

Exploit Title: phpMyBible 0.5.1 Mutiple XSS Date: 04/15/12 Author: G13 Twitter: @g13net Software http://sourceforge.net/projects/phpmybible/?source=directory Version: 0.5.1 Category: webapps php Description phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as...

securityvulns•added 2012/04/23 12:0 a.m.•38 views

.NET Framework EncoderParameter integer overflow vulnerability

------------------------------------------------------------------------ .NET Framework EncoderParameter integer overflow vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2011...

securityvulns•added 2012/04/23 12:0 a.m.•48 views

idev Game Site CMS v1.0 - Multiple Web Vulnerabilites

Title: ====== idev Game Site CMS v1.0 - Multiple Web Vulnerabilites Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=494 VL-ID: ===== 494 Introduction: ============= Start your own Flash web game website. Search engine optimized. Embed your Adsense...

securityvulns•added 2012/04/23 12:0 a.m.•85 views

[waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1

waraxe-2012-SA084 - Multiple Vulnerabilities in OpenCart 1.5.2.1 =============================================================================== Author: Janek Vind "waraxe" Date: 06. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-84.html Description of vulnerable software:...

securityvulns•added 2012/04/23 12:0 a.m.•125 views

FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities

OVERVIEW Fastpath WebChat is vulnerable to Cross Site Scripting. 2. BACKGROUND Fastpath WebChat is part of the Fastpath product. It provides a way for users to begin chatting with support agents using Fastpath. Fastpath is a plugin of OpenFire, a real time collaboration RTC server for instant...

securityvulns•added 2012/04/23 12:0 a.m.•70 views

ACC PHP eMail v1.1 - Multiple Web Vulnerabilites

Title: ====== ACC PHP eMail v1.1 - Multiple Web Vulnerabilites Date: ===== 2012-04-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=505 VL-ID: ===== 505 Introduction: ============= Acc PHP eMail is a email subscription and management script. Manage subscribers them an...

securityvulns•added 2012/04/23 12:0 a.m.•105 views

Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities

Title: ====== Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities Date: ===== 2012-04-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=498 VL-ID: ===== 498 Introduction: ============= Cyberoam Unified Threat Management appliances offer comprehensive securit...

securityvulns•added 2012/04/23 12:0 a.m.•66 views

online newspaper university"newsdesc.php" SQL Injection Vulnerabilities

Title : online newspaper university "newsdesc.php" SQL Injection Vulnerabilities Discovered By: CrAzY CrAcKeR Home : Null Email : [email protected] date : 12/4/2012 d0rk:- inurl:"inurl:news/newsdesc.php" +-+-+-+-+-+-+-+-+-+-+ --+CrAzY CrAcKeR+-- +-+-+-+-+-+-+-+-+-+-+ Example:- -...

securityvulns•added 2012/04/23 12:0 a.m.•95 views

GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities

Title: ====== GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities Date: ===== 2012-04-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=501 VL-ID: ===== 501 Introduction: ============= epesi BIM stands for Business Information Manager. We just did not like the...

securityvulns•added 2012/04/23 12:0 a.m.•32 views

EMC Data Protection Advisor security vulnerabilities

Integer overflow, NULL pointer dereference...

7.8CVSS4.6AI score0.09035EPSS

Exploits1References1Affected Software1

securityvulns•added 2012/04/23 12:0 a.m.•184 views

DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities

Title: ====== DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=507 VL-ID: ===== 507 Introduction: ============= To demonstrate the rich possibilities of DHTMLX controls and to show how they work...

securityvulns•added 2012/04/23 12:0 a.m.•69 views

osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities

Title: ====== osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=497 VL-ID: ===== 497 Introduction: ============= osCMax is a powerful e-commerce/shopping cart web application. There are many...

securityvulns•added 2012/04/23 12:0 a.m.•80 views

Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress

Advisory ID: HTB23082 Product: All-in-One Event Calendar Plugin for WordPress Vendor: The Seed Studio Vulnerable Versions: 1.4 and probably prior Tested Version: 1.4 Vendor Notification: 21 March 2012 Public Disclosure: 11 April 2012 Vulnerability Type: Cross-Site Scripting XSS CVE References:...

4.3CVSS6.1AI score0.00427EPSS

securityvulns•added 2012/04/23 12:0 a.m.•70 views

seditio-build170.20120302_sql_injection_CSRF_info_disclosure_XSS.txt

============================================================ Vulnerable Software: Seditio 170 seditio-build170.20120302 Downloaded from:http://www.neocrome.net/files/code/seditio-build170.20120302.rar MD5 SUM:beb6adc6abb56f947698c1efdbae9430 seditio-build170.20120302.rar...

Total number of security vulnerabilities47153