Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/04/23 12:0 a.m.76 views

DoS vulnerability in WordPress

Hello 3APA3A! I want to warn you new about security vulnerability in WordPress. This is Denial of Service vulnerability. Which exists in security functionality, which protects against Abuse of Functionality vulnerability in WordPress, which I've disclosed in 2009 and which was not fixed correctly...

Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.49 views

seditio_PmOS_plugin_XSS_vuln

============================================================================ Vulnerable Software: PmOS - Pm Okuma Sistemi plugin for Seditio CMS. http://seditio-eklenti.com/datas/users/1-pmoku.rar MD5 SUM: 88235c2b4b0613bff87545d2d887f042 1-pmoku.rar...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.73 views

ACC PHP eMail v1.1 - Multiple Web Vulnerabilites

Title: ====== ACC PHP eMail v1.1 - Multiple Web Vulnerabilites Date: ===== 2012-04-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=505 VL-ID: ===== 505 Introduction: ============= Acc PHP eMail is a email subscription and management script. Manage subscribers them an...

Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.51 views

XSS and Blind SQL Injection Vulnerabilities in ExponentCMS

Information -------------------- Name : XSS and Blind SQL Injection Vulnerabilities in ExponentCMS Software : ExponentCMS 2.0.5 and possibly below. Vendor Homepage : http://www.exponentcms.org Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Onur Y?lmaz...

Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.62 views

sfquickban_plugin_CSRF

================================================================ Vulnerable Software: SF - Quick Ban sfquickban version 1.0 is Plugin for Seditio CMS. http://www.seditioforge.com/plugins/administration/sf-quick-ban-i65.html http://www.seditioforge.com/page.php?id=65&a=dl MD5 SUM:...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.81 views

Netjuke 1.0 RC1 - SQL Injection Vulnerabilities

Title: ====== Netjuke 1.0 RC1 - SQL Injection Vulnerabilities Date: ===== 2012-04-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=506 VL-ID: ===== 506 Introduction: ============= The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database and all...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.187 views

DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities

Title: ====== DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=507 VL-ID: ===== 507 Introduction: ============= To demonstrate the rich possibilities of DHTMLX controls and to show how they work...

8.6AI score
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.50 views

phpMyBible 0.5.1 Mutiple XSS

Exploit Title: phpMyBible 0.5.1 Mutiple XSS Date: 04/15/12 Author: G13 Twitter: @g13net Software http://sourceforge.net/projects/phpmybible/?source=directory Version: 0.5.1 Category: webapps php Description phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.75 views

[SECURITY] [DSA 2455-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2455-1 [email protected] http://www.debian.org/security/ Nico Golde April 20, 2012 http://www.debian.org/security/faq -...

4.3CVSS0.3AI score0.01387EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.64 views

OCIPasswordChange API leaks information of password hash (CVE-2012-0511)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory OCIPasswordChange API leaks information of password hash. Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.4 and previous patchsets and 11gR1 11.1.0.7 and previous patchset...

6.4CVSS6.2AI score0.01379EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.49 views

Adobe Flash Player multiple security vulnerabilities

Different memory corruptions...

10CVSS2.2AI score0.15654EPSS
Exploits3References1Affected Software1
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.100 views

[SECURITY] [DSA 2454-1] openssl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2454-1 [email protected] http://www.debian.org/security/ Raphael Geissert April 19, 2012 http://www.debian.org/security/faq -...

7.5CVSS1.8AI score0.48298EPSS
Exploits8
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.33 views

Samsun TV and BD-players security vulnerabilities

DoS, buffer overflow in Remote Controller protocol...

3.6AI score
Exploits0References1
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.63 views

Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Oracle Enterprise Manager vulnerable to Session fixation. Risk Level: Low Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7 and previous patchsets Remote exploitable: Yes Credits:...

5.8CVSS0.3AI score0.01891EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.90 views

VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773)

VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability APSB12-07 / CVE-2012-0773 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based...

10CVSS0.3AI score0.05476EPSS
Exploits1
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.42 views

Vulnerabilities in Samsung TV (remote controller protocol)

Luigi Auriemma Application: Samsung devices with support for remote controllers http://www.samsung.com Versions: current Platforms: the vulnerable protocol is used on both TV and blue-ray devices so both of them should be vulnerable my tests were performed only on a D6000 TV with the latest...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.68 views

SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager searchPage web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 and previous patchsets Oracle Enterprise Manager...

4.9CVSS6.8AI score0.00979EPSS
Exploits2
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.56 views

Incomplete protection of Oracle Database locked accounts (CVE-2012-0510)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Incomplete protection of Oracle Database locked accounts. Risk Level: Low Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.5 and previous patchsets and 11gR1 11.1.0.7 and previous patchsets...

6.4CVSS6.2AI score0.01581EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.124 views

The history of a -probably- 13 years old Oracle bug: TNS Poison

tl;dr - Patch your database ASAP with Oracle Critical Patch Update April 2012. Introduction ------------ The following advisory explains a vulnerability I found in 2008 in all versions of Oracle Database server until very recently. The bug is probably available in any Oracle Database version sinc...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.74 views

HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager pageName parameter. Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 and previous patchsets Orac...

4.3CVSS5.9AI score0.01927EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.81 views

OCIPasswordChange API leaks information of password hash (CVE-2012-0511)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory OCIPasswordChange API leaks information of password hash. Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.4 and previous patchsets and 11gR1 11.1.0.7 and previous patchset...

6.4CVSS6.2AI score0.01379EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.20 views

Comodo Internet Ssecurity DoS

BSOD on PE execution if ImageBase points to kernel space...

4.9CVSS2.5AI score0.00495EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.69 views

HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory HTTP Response Splitting in Oracle Enterprise Manager prevPage parameter. Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 and previous patchsets Orac...

4.3CVSS5.9AI score0.01927EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.63 views

[CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64)

affected software Comodo Internet Security, until 5.9 description BSOD under Windows 7 x64 if a 32b PE with a kernel ImageBase is executed. such files are very unusual, but work perfectly if the PE contains relocations, as shown at http://pe.corkami.comImageBase and http://pe.corkami.comrelocatio...

0.5AI score0.00495EPSS
Exploits2
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.77 views

SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager compareWizFirstConfig web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2 and previous patchsets Oracle...

5.5CVSS6.9AI score0.01097EPSS
Exploits2
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.59 views

Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Incomplete protection of Oracle Database locked accounts. Risk Level: Low Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.5 and previous-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1...

6.4CVSS6.1AI score0.01581EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.78 views

[ MDVSA-2012:059 ] python-sqlalchemy

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:059 http://www.mandriva.com/security/ Package : python-sqlalchemy Date : April 16, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: It was discovered that SQLAlchemy did not sanitize values f...

7.5CVSS6.9AI score0.02862EPSS
Exploits2
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.18 views

Microsoft SQL Server privilege escalation

Privilege escalation via RESTORE DATABASE...

3.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.65 views

CVE-2012-0769, the case of the perfect info leak

Hi, During the last few months I have been researching Adobe's Flash vulnerabilities ranging from type confusion vulnerabilities, AS3 API vulnerabilities CVE-2012-0769, sandbox escapes CVE-2012-0724 & CVE-2012-0725, etc. I am pleased to announce the release of part of this research. In this case,...

10CVSS6.1AI score0.0472EPSS
Exploits2
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.58 views

SQLAlchemy SQL injection

SQL request data is not checked...

7.5CVSS2.5AI score0.02862EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.36 views

[security bulletin] HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03281869 Version: 1 HPSBOV02765 SSRT100828 rev.1 - HP OpenVMS, local Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date...

4.9CVSS6AI score0.00444EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.27 views

HP OpenVMS DoS

No description provided...

4.9CVSS0.5AI score0.00444EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.38 views

Adobe Flash Player security vulnerabilities

Few memory corruptions...

10CVSS2.3AI score0.06448EPSS
Exploits2References3Affected Software1
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.47 views

TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE command

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability wa...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.107 views

VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172)

VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution MS12-023 / CVE-2012-0172 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft...

9.3CVSS7AI score0.21897EPSS
Exploits1
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.32 views

RealNetworks Helix Server security vulnerabilities

Information leakage, SNMP DoS...

2.1CVSS1.1AI score0.38252EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.41 views

ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting

Adobe issued an update for Adobe Reader X new version is 10.1.3, which, among other issues, fixes an outside-the-sandbox msiexec.exe EXE planting vulnerability we reported to them earlier this year. This article explains the vulnerability and how it could have been exploited...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.76 views

Squid URL Filtering Bypass

Exploit Title: Squid URL Filtering Bypass Date: 16/04/2012 Author: Gabriel Menezes Nunes Version: Squid Proxy Tested on: Squid Proxy 3.1.19 CVE: CVE-2012-2213 I found a vulnerability in Squid Proxy that allows access to filtered sites. The software believes in the Host field of HTTP Header using...

5CVSS0.1AI score0.12314EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.39 views

Samba array index overflow

Array index overflow on RPC request processing...

10CVSS3.6AI score0.74034EPSS
Exploits9
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.40 views

Microsoft Internet Explorer multiple security vulnerabilities

Multple vulnerabilities allow remote code execution...

9.3CVSS2.8AI score0.30421EPSS
Exploits5References1Affected Software1
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.44 views

Adobe Acrobat / Reader multiple security vulnerabilities

Memory corruptions, integer overflow, code execution...

10CVSS4.1AI score0.15654EPSS
Exploits4References2Affected Software2
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.133 views

Squid / McAfee Web Gateway URL filtering bypass

Server trusts to Host: header in CONNECT request...

5CVSS1.2AI score0.12314EPSS
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.46 views

Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue

====================================================================== Secunia Research 09/04/2012 - RealNetworks Helix Server Credentials Disclosure Security Issue - ====================================================================== Table of Contents Affected...

2.1CVSS0.7AI score0.38252EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.61 views

[SECURITY] [DSA 2453-1] gajim security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2453-1 [email protected] http://www.debian.org/security/ Nico Golde April 16, 2012 http://www.debian.org/security/faq -...

7.5CVSS2.1AI score0.03179EPSS
Exploits2
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.41 views

gajim jabber client multiple security vulnerabilities

Unescaped shell characters, symbolic links vulnerability, SQL injections...

7.5CVSS1.9AI score0.02553EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.40 views

Mathematica8.0.4 on Linux /tmp/MathLink vulnerability

The problem reported for Mathematica became worse at version 8.0.4, present for the command-line interface "math" also. Cheers, Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia ---...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.747 views

McAfee Web Gateway URL Filtering Bypass

Exploit Title: McAfee Web Gateway URL Filtering Bypass Date: 16/04/2012 Author: Gabriel Menezes Nunes Version: McAfee Web Gateway Tested on: McAfee Web Gateway 7.0 CVE: CVE-2012-2212 I found a vulnerability in McAfee Web Gateway 7 that allows access to filtered sites. The appliance believes in th...

5CVSS0.01445EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.50 views

Security updates available for Adobe Reader and Acrobat

Security updates available for Adobe Reader and Acrobat Release date: April 10, 2012 Last updated: April 17, 1012 Vulnerability identifier: APSB12-08 Priority rating: See table below CVE numbers: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777 Platform: All SUMMARY Adobe released...

10CVSS0.6AI score0.15654EPSS
Exploits4
securityvulns
securityvulns
added 2012/04/19 12:0 a.m.43 views

Secunia Research: Helix Server SNMP Master Agent Service Two Denial of Service Vulnerabilities

====================================================================== Secunia Research 09/04/2012 - RealNetworks Helix Server SNMP Master Agent - - Two Denial of Service Vulnerabilities - ====================================================================== Table of Contents Affected...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/04/11 12:0 a.m.42 views

Microsoft Forefront Unified Access Gateway information leakage

Request redirection, access restrictions bypass...

5.8CVSS3.7AI score0.3562EPSS
Exploits2Affected Software1
Total number of security vulnerabilities47153