Securityvulns - Page 145 of Securityvulns Vulnerabilities List

securityvulns•added 2012/04/09 12:0 a.m.•211 views

Cross-site scripting vulnerability in Invision Power Board version 3.2.3

Information -------------------- Name : Cross-site scripting vulnerability in Invision Power Board version 3.2.3 Software : Invision Power Board version 3.2.3 Vendor Homepage : http://www.invisionpower.com Vulnerability Type : Cross-site scripting Severity : High Researcher : Vasil A. [email protected]...

securityvulns•added 2012/04/09 12:0 a.m.•21 views

HP Business Availability Center crossite scripting

No description provided...

4.3CVSS0.7AI score0.00749EPSS

securityvulns•added 2012/04/09 12:0 a.m.•44 views

Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite

!-- Quest Toad for Oracle Explain Plan Display ActiveX Control QExplain2.dll 6.6.1.1115 Remote File Creation / Overwrite vendor site: http://www.quest.com/ file tested: QuestToad-Development-Suite-for-Oracle110R2.exe CLSID: F7014877-6F5A-4019-A3B2-74077F2AE126 Progid: QExplain2.ExplainPlanDisplay...

0.6AI score

securityvulns•added 2012/04/09 12:0 a.m.•50 views

'Hotel Booking Portal' SQL Injection (CVE-2012-1672)

'Hotel Booking Portal' SQL Injection CVE-2012-1672 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in getcity.php that allows for SQL injection of the 'country' POST parameter. II. TESTED VERSION...

7.5CVSS7.5AI score0.00356EPSS

securityvulns•added 2012/04/09 12:0 a.m.•68 views

[SECURITY] [DSA 2444-1] tryton-server security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2444-1 [email protected] http://www.debian.org/security/ Florian Weimer March 29, 2012 http://www.debian.org/security/faq -...

5.5CVSS2.4AI score0.00617EPSS

Exploits2

securityvulns•added 2012/04/09 12:0 a.m.•57 views

[SE-2012-01] Security vulnerabilities in Java SE

Dear Bugtraq, Security Explorations, a security and vulnerability research company from Poland, discovered multiple security issues in the latest version of Java Platform Standard Edition Java SE 1 software coming from Oracle Corporation 2. Discovered security issues violate many "Secure Coding...

0.6AI score

securityvulns•added 2012/04/09 12:0 a.m.•83 views

VMSA-2012-0006 VMware ESXi and ESX address several security issues

10CVSS7.6AI score0.92585EPSS

Exploits22

securityvulns•added 2012/04/09 12:0 a.m.•152 views

ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities

Title: ====== ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities Date: ===== 2012-04-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=437 VL-ID: ===== 437 Introduction: ============= ManageEngine® Firewall Analyzer is a web based tool for change management,...

0.8AI score

securityvulns•added 2012/04/09 12:0 a.m.•17 views

Quest Toad for Oracle ActiveX unauthorized access

It's possible to access files via unsafe methods...

4.6AI score

securityvulns•added 2012/04/09 12:0 a.m.•57 views

php(5.3.10-5.4.0)_XSS_vulns.txt

============================================================================================= Vulnerable Software: PHP 5.3.10/5.4.0 php-5.3.10-Win32-VC9-x86.zip MD5 SUM: af452dfa681ae03ff42eea6d1c7348cd php-5.4.0-Win32-VC9-x86.zip MD5 SUM: b1b0abe883f84eb6d76793aabf1aa612 Downloaded...

6.7AI score

securityvulns•added 2012/04/09 12:0 a.m.•81 views

Arbor Networks Peakflow SP web interface XSS

Exploit Title: Arbor Networks Peakflow SP XSS Date: 03 April 2012 Software Link: www.arbornetworks.com/peakflowsp ================================================================ - Login Page vulnerable to cross site scripting "XSS" https://127.0.0.2/index/"onmouseover="alert666;...

0.1AI score

securityvulns•added 2012/04/09 12:0 a.m.•120 views

[waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4

waraxe-2012-SA083 - Multiple Vulnerabilities in Uploadify 2.1.4 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-83.html Description of vulnerable software:...

0.4AI score

securityvulns•added 2012/04/09 12:0 a.m.•587 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.24771EPSS

Exploits45References34Affected Software25

securityvulns•added 2012/04/09 12:0 a.m.•50 views

Sony Bravia Remote Denial of Service - CVE-2012-2210

Exploit Title: Sony Bravia Remote Denial of Service Date: 04/04/2012 Author: Gabriel Menezes Nunes Version: Sony Bravia TV Tested on: Sony Bravia TV KDL-32CX525 CVE: CVE-2012-2210 Playing with my TV, I found a bug that can crash the device. Running a hping command against a Sony Bravia TV...

7.8CVSS1.3AI score0.19367EPSS

Exploits5

securityvulns•added 2012/04/09 12:0 a.m.•112 views

vBulletin 4.1.10 Sql Injection Vulnerabilitiy

a bug in vBulletin 4.1.10 that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : vBulletin 4.1.10 Sql Injection Vulnerabilitiy Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir Software Link : http://vbulletin.com Security Risk : High Version : All Version Test...

1.7AI score

securityvulns•added 2012/04/09 12:0 a.m.•36 views

Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Advisory ID: cisco-sa-20120404-webex Revision 1.0 For Public Release 2012 April 4 16:00 UTC GMT +--------------------------------------------------------------------...

1.6AI score

securityvulns•added 2012/04/09 12:0 a.m.•199 views

Landshop v0.9.2 - Multiple Web Vulnerabilities

Title: ====== Landshop v0.9.2 - Multiple Web Vulnerabilities Date: ===== 2012-03-31 References: =========== http://vulnerability-lab.com/getcontent.php?id=485 VL-ID: ===== 485 Introduction: ============= The SAMEDIA LandShop® is an innovative tool for the marketing, sale or rent of any kind of re...

0.6AI score

securityvulns•added 2012/04/09 12:0 a.m.•59 views

struts2 xsltResult Local code execution vulnerability

the file: http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/xslt/XSLTResult.java String pathFromRequest = ServletActionContext.getRequest.getParameter"xslt.location"; path = pathFromRequest; URL resource =...

0.1AI score

securityvulns•added 2012/04/09 12:0 a.m.•67 views

XSS и Brute Force уязвимости в WordPress

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting та Brute Force уязвимостях в WordPress. XSS WASC-08: В 2007 году я писал об редиректорах http://websecurity.com.ua/1152/ в WordPress http://websecurity.com.ua/1179/, для которых я выпустил патч в MustLive Security Pack v.1.0.5...

5.8AI score

securityvulns•added 2012/04/09 12:0 a.m.•51 views

[ MDVSA-2012:054 ] libtiff

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:054 http://www.mandriva.com/security/ Package : libtiff Date : April 5, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in libtiff: An...

6.8CVSS8.3AI score0.06846EPSS

securityvulns•added 2012/04/09 12:0 a.m.•73 views

'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)

'phpMoneyBooks' Local File Inclusion CVE-2012-1669 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in index.php for module handling that allows for local file inclusion using a null-byte attack on the 'module' GET parameter...

4.3CVSS6AI score0.20055EPSS

securityvulns•added 2012/04/09 12:0 a.m.•71 views

'phpPaleo' Local File Inclusion (CVE-2012-1671)

'phpPaleo' Local File Inclusion CVE-2012-1671 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in index.php for language handling that allows for local file inclusion using a null-byte attack on the 'lang' GET parameter. II...

6.8CVSS5.9AI score0.09919EPSS

Exploits7

securityvulns•added 2012/04/09 12:0 a.m.•88 views

[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18

waraxe-2012-SA081 - Multiple Vulnerabilities in Coppermine 1.5.18 ============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-81.html Affected Software: Coppermine is a...

securityvulns•added 2012/04/09 12:0 a.m.•19 views

Quest vWorkspace ActiveX unauthorized access

It's possible to modfi files via unsafe functions...

5.6AI score

securityvulns•added 2012/04/09 12:0 a.m.•111 views

'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)

'PHP Grade Book' Unauthenticated SQL Database Export CVE-2012-1670 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the entire application database by...

5CVSS6.7AI score0.07493EPSS

securityvulns•added 2012/04/09 12:0 a.m.•71 views

seditio165_CSRF_and_world_readble_db_dumpissuses

============================================= Vulnerable Software: Seditio v165 Downloaded from: http://seditio-eklenti.com/datas/users/1-seditio.165.rar This version is under development of Kaan $ md5sum 1-seditio.165.rar 2eebc8d80f7fcd4e9a0d0659ef193488 1-seditio.165.rar...

securityvulns•added 2012/04/09 12:0 a.m.•32 views

Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite

!-- Quest vWorkspace 7.5 Connection Broker Client ActiveX Control pnllmcli.dll 7.5.304.547 SaveMiniLaunchFile Method Remote File Creation / Overwrite ie7/8 vendor site: http://www.quest.com/ file tested: QuestvWorkspace-75--32-bit75.zip Binary Path: C:WINDOWSsystem32pnllmcli.dll CLSID:...

1.3AI score

securityvulns•added 2012/04/09 12:0 a.m.•45 views

SQL injection in Wordpress plugin Buddypress

Hi, I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST messag...

0.4AI score

securityvulns•added 2012/04/09 12:0 a.m.•116 views

[security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03263573 Version: 1 HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator OA, Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service DoS, URL Redirection NOTICE: The...

7.6CVSS0.5AI score0.05395EPSS

Exploits14

securityvulns•added 2012/04/09 12:0 a.m.•56 views

[security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03242623 Version: 1 HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center BAC Running on Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin should...

4.3CVSS0.3AI score0.00749EPSS

securityvulns•added 2012/04/09 12:0 a.m.•36 views

HP Onboard Administrator multiple security vulnerabilities

URL redirection, unaurthorized access, information leakage...

7.6CVSS1.3AI score0.05395EPSS

securityvulns•added 2012/04/09 12:0 a.m.•25 views

Arbor Networks Peakflow SP crossite scripting

Crossite scripting in administration interface...

2.6AI score

Exploits0References1

securityvulns•added 2012/04/09 12:0 a.m.•53 views

Astaro Command Center v2.x - Multiple Web Vulnerabilities

Title: ====== Astaro Command Center v2.x - Multiple Web Vulnerabilities Date: ===== 2012-04-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=4 VL-ID: ===== 4 Introduction: ============= We are pleased to announce the General Availability of the Astaro Command Center...

7.5AI score

securityvulns•added 2012/04/09 12:0 a.m.•121 views

Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities

Title: ====== Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities Date: ===== 2012-04-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=487 VL-ID: ===== 487 Introduction: ============= Flatnux is no database CMS for accessible websites, corporate websites, e-commer...

0.2AI score

securityvulns•added 2012/04/09 12:0 a.m.•27 views

Sony Bravia TV sets DoS

Flood attack with malcrafted packets causes device to hang...

7.8CVSS2.5AI score0.19367EPSS

Exploits5References1

securityvulns•added 2012/04/09 12:0 a.m.•89 views

Minify and related plugins DOM-Based XSS Vulnerability

+-------------------------------------------------------------------------------------------+ Title : Minify and related plugins DOM-Based XSS Vulnerability Version : 2.1.3 & 2.1.4-Beta Credit : Ayoub Aboukir, Independent Security Researcher Contact : ay.aboukir at gmail d0t com Software Link :...

securityvulns•added 2012/04/09 12:0 a.m.•79 views

'e-ticketing' SQL Injection (CVE-2012-1673)

'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST parameters. II. TESTED VERSION...

7.5CVSS7.2AI score0.00804EPSS

securityvulns•added 2012/04/09 12:0 a.m.•104 views

DirectAdmin v1.403 - Cross Site Scripting Vulnerability

Title: ====== DirectAdmin v1.403 - Cross Site Scripting Vulnerability Date: ===== 2012-04-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=486 VL-ID: ===== 486 Introduction: ============= DirectAdmin is a graphical web-based web hosting control panel designed to make...

0.2AI score

securityvulns•added 2012/04/09 12:0 a.m.•139 views

[CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x Apache Wicket 1.3.x and 1.5.x are not affected Description: A Cross Site Scripting XSS attack is possible by manipulating the value of 'wicket:pageMapName' request parameter. Mitigation: Upgrade to...

2AI score0.0121EPSS

Exploits1

securityvulns•added 2012/04/09 12:0 a.m.•28 views

PHP crossite scripting

XSS on error message if displayerrors enabled...

1.2AI score

Exploits0References1Affected Software2

securityvulns•added 2012/04/09 12:0 a.m.•46 views

VMWare privilege escalation

It's possible to manipulate emulated ROM via backdoor interface...

8.3CVSS4AI score0.00273EPSS

Exploits1References2Affected Software3

securityvulns•added 2012/04/09 12:0 a.m.•24 views

Oracle Java multiple security vulnerabilities

19 different vulnerabilities allow file access and code execution...

4AI score

Exploits0References1Affected Software2

securityvulns•added 2012/04/09 12:0 a.m.•21 views

Sourcefire Defense Center multiple security vulnerabilities

Crossite scripting, unauthorized access...

1.7AI score

securityvulns•added 2012/04/09 12:0 a.m.•70 views

Prado TJavaScript::encode() script injection vulnerability

Prado TJavaScript::encode script injection vulnerability Vulnerability severity : medium Vulnerability type : cross-site script injection attack cookie theft session hijacking stealing of sensitive information Remotely exploitable : yes Vulnerability discovery date : 2012/03/07 Vulnerability...

7.1AI score

securityvulns•added 2012/04/09 12:0 a.m.•89 views

Matthew1471s ASP BlogX - XSS Vulnerabilities

Title: Matthew1471s ASP BlogX - XSS Vulnerabilities Software : Matthew1471s ASP BlogX Software Version : 12 August 2008 Vendor: http://blogx.co.uk/ Vulnerability Published : 2012-03-26 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:P/I:N/A:N Bug Description...

0.8AI score

securityvulns•added 2012/04/09 12:0 a.m.•76 views

[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0

waraxe-2012-SA080 - Multiple Vulnerabilities in NextBBS 0.6.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-80.html Description of vulnerable software:...

0.2AI score

securityvulns•added 2012/04/09 12:0 a.m.•84 views

[DCA-2011-0016] - Tufin SecureTrack Cross Site Script

Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software - Tufin SecureTrack Vendor Product Description - Features powerful tools to track changes, analyze device configurations, optimize rule bases, and more on leading vendor firewalls, routers, switches...

7.2AI score