Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/04/11 12:0 a.m.50 views

Microsoft Office buffer overflow

Buffer overflow on .wps files parsing...

9.3CVSS4.6AI score0.30052EPSS
Exploits1Affected Software2
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.114 views

'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)

'PHP Grade Book' Unauthenticated SQL Database Export CVE-2012-1670 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the entire application database by...

5CVSS6.7AI score0.07755EPSS
Exploits6
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.52 views

Sony Bravia Remote Denial of Service - CVE-2012-2210

Exploit Title: Sony Bravia Remote Denial of Service Date: 04/04/2012 Author: Gabriel Menezes Nunes Version: Sony Bravia TV Tested on: Sony Bravia TV KDL-32CX525 CVE: CVE-2012-2210 Playing with my TV, I found a bug that can crash the device. Running a hping command against a Sony Bravia TV...

7.8CVSS1.3AI score0.09174EPSS
Exploits5
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.27 views

Sony Bravia TV sets DoS

Flood attack with malcrafted packets causes device to hang...

7.8CVSS2.5AI score0.09174EPSS
Exploits5References1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.21 views

Sourcefire Defense Center multiple security vulnerabilities

Crossite scripting, unauthorized access...

1.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.73 views

Prado TJavaScript::encode() script injection vulnerability

Prado TJavaScript::encode script injection vulnerability Vulnerability severity : medium Vulnerability type : cross-site script injection attack cookie theft session hijacking stealing of sensitive information Remotely exploitable : yes Vulnerability discovery date : 2012/03/07 Vulnerability...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.69 views

[SECURITY] [DSA 2444-1] tryton-server security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2444-1 [email protected] http://www.debian.org/security/ Florian Weimer March 29, 2012 http://www.debian.org/security/faq -...

5.5CVSS2.4AI score0.01966EPSS
Exploits2
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.593 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.07755EPSS
Exploits45References34Affected Software25
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.107 views

DirectAdmin v1.403 - Cross Site Scripting Vulnerability

Title: ====== DirectAdmin v1.403 - Cross Site Scripting Vulnerability Date: ===== 2012-04-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=486 VL-ID: ===== 486 Introduction: ============= DirectAdmin is a graphical web-based web hosting control panel designed to make...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.57 views

php(5.3.10-5.4.0)_XSS_vulns.txt

============================================================================================= Vulnerable Software: PHP 5.3.10/5.4.0 php-5.3.10-Win32-VC9-x86.zip MD5 SUM: af452dfa681ae03ff42eea6d1c7348cd php-5.4.0-Win32-VC9-x86.zip MD5 SUM: b1b0abe883f84eb6d76793aabf1aa612 Downloaded...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.59 views

struts2 xsltResult Local code execution vulnerability

the file: http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/xslt/XSLTResult.java String pathFromRequest = ServletActionContext.getRequest.getParameter"xslt.location"; path = pathFromRequest; URL resource =...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.79 views

'e-ticketing' SQL Injection (CVE-2012-1673)

'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST parameters. II. TESTED VERSION...

7.5CVSS7.2AI score0.02224EPSS
Exploits6
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.25 views

Arbor Networks Peakflow SP crossite scripting

Crossite scripting in administration interface...

2.6AI score
Exploits0References1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.18 views

Quest Toad for Oracle ActiveX unauthorized access

It's possible to access files via unsafe methods...

4.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.29 views

PHP crossite scripting

XSS on error message if displayerrors enabled...

1.2AI score
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.85 views

VMSA-2012-0006 VMware ESXi and ESX address several security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0006 Synopsis: VMware ESXi and ESX address several security issues Issue date: 2012-03-29 Updated on: 2012-03-29 initial advisory C...

10CVSS7.6AI score0.95104EPSS
Exploits22
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.46 views

VMWare privilege escalation

It's possible to manipulate emulated ROM via backdoor interface...

8.3CVSS4AI score0.00823EPSS
Exploits1References2Affected Software3
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.113 views

vBulletin 4.1.10 Sql Injection Vulnerabilitiy

a bug in vBulletin 4.1.10 that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : vBulletin 4.1.10 Sql Injection Vulnerabilitiy Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir Software Link : http://vbulletin.com Security Risk : High Version : All Version Test...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.57 views

[SE-2012-01] Security vulnerabilities in Java SE

Dear Bugtraq, Security Explorations, a security and vulnerability research company from Poland, discovered multiple security issues in the latest version of Java Platform Standard Edition Java SE 1 software coming from Oracle Corporation 2. Discovered security issues violate many "Secure Coding...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.45 views

SQL injection in Wordpress plugin Buddypress

Hi, I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST messag...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.140 views

[CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x Apache Wicket 1.3.x and 1.5.x are not affected Description: A Cross Site Scripting XSS attack is possible by manipulating the value of 'wicket:pageMapName' request parameter. Mitigation: Upgrade to...

2AI score0.03002EPSS
Exploits1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.163 views

Multiple vulnerabilities in Open Journal Systems (OJS)

Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...

6.5CVSS5.9AI score0.03482EPSS
Exploits4
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.90 views

Matthew1471s ASP BlogX - XSS Vulnerabilities

Title: Matthew1471s ASP BlogX - XSS Vulnerabilities Software : Matthew1471s ASP BlogX Software Version : 12 August 2008 Vendor: http://blogx.co.uk/ Vulnerability Published : 2012-03-26 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:P/I:N/A:N Bug Description...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.90 views

Minify and related plugins DOM-Based XSS Vulnerability

+-------------------------------------------------------------------------------------------+ Title : Minify and related plugins DOM-Based XSS Vulnerability Version : 2.1.3 & 2.1.4-Beta Credit : Ayoub Aboukir, Independent Security Researcher Contact : ay.aboukir at gmail d0t com Software Link :...

Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.55 views

'Hotel Booking Portal' SQL Injection (CVE-2012-1672)

'Hotel Booking Portal' SQL Injection CVE-2012-1672 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in getcity.php that allows for SQL injection of the 'country' POST parameter. II. TESTED VERSION...

7.5CVSS7.5AI score0.02224EPSS
Exploits6
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.77 views

'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)

'phpMoneyBooks' Local File Inclusion CVE-2012-1669 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in index.php for module handling that allows for local file inclusion using a null-byte attack on the 'module' GET parameter...

4.3CVSS6AI score0.03519EPSS
Exploits6
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.39 views

Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Advisory ID: cisco-sa-20120404-webex Revision 1.0 For Public Release 2012 April 4 16:00 UTC GMT +--------------------------------------------------------------------...

1.6AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.56 views

[security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03242623 Version: 1 HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center BAC Running on Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin should...

4.3CVSS0.3AI score0.01905EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.153 views

ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities

Title: ====== ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities Date: ===== 2012-04-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=437 VL-ID: ===== 437 Introduction: ============= ManageEngine® Firewall Analyzer is a web based tool for change management,...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.84 views

Arbor Networks Peakflow SP web interface XSS

Exploit Title: Arbor Networks Peakflow SP XSS Date: 03 April 2012 Software Link: www.arbornetworks.com/peakflowsp ================================================================ - Login Page vulnerable to cross site scripting "XSS" https://127.0.0.2/index/"onmouseover="alert666;...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.61 views

[CVE-2012-1089] Apache Wicket serving of hidden files vulnerability

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x and 1.5.x Description: It is possible to view the content of any file of a web application by using an Url to a Wicket resource which resolves to a 'null' package. With such a Url the attacker can...

1.1AI score0.05518EPSS
Exploits1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.64 views

Brute Force и XSS уязвимость в Wordpress

Здравствуйте 3APA3A! Сообщаю вам об ещё одной уязвимости в WordPress, о которой мне известно уже давно - это Brute Force через XML-RPC функционал в WordPress. Brute Force WASC-11: http://site/xmlrpc.php В данном функционале нет защиты от Brute Force атак. При отправке соответствующих POST-запросо...

8.4AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.89 views

[DCA-2011-0016] - Tufin SecureTrack Cross Site Script

Discussion - DcLabs Security Research Group advises about the following vulnerabilityies: Software - Tufin SecureTrack Vendor Product Description - Features powerful tools to track changes, analyze device configurations, optimize rule bases, and more on leading vendor firewalls, routers, switches...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.76 views

[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0

waraxe-2012-SA080 - Multiple Vulnerabilities in NextBBS 0.6.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-80.html Description of vulnerable software:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.54 views

Astaro Command Center v2.x - Multiple Web Vulnerabilities

Title: ====== Astaro Command Center v2.x - Multiple Web Vulnerabilities Date: ===== 2012-04-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=4 VL-ID: ===== 4 Introduction: ============= We are pleased to announce the General Availability of the Astaro Command Center...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.24 views

Oracle Java multiple security vulnerabilities

19 different vulnerabilities allow file access and code execution...

4AI score
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.36 views

HP Onboard Administrator multiple security vulnerabilities

URL redirection, unaurthorized access, information leakage...

7.6CVSS1.3AI score0.08545EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.52 views

[ MDVSA-2012:054 ] libtiff

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:054 http://www.mandriva.com/security/ Package : libtiff Date : April 5, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in libtiff: An...

6.8CVSS8.3AI score0.06918EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.47 views

Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite

!-- Quest Toad for Oracle Explain Plan Display ActiveX Control QExplain2.dll 6.6.1.1115 Remote File Creation / Overwrite vendor site: http://www.quest.com/ file tested: QuestToad-Development-Suite-for-Oracle110R2.exe CLSID: F7014877-6F5A-4019-A3B2-74077F2AE126 Progid: QExplain2.ExplainPlanDisplay...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.123 views

Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities

Title: ====== Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities Date: ===== 2012-04-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=487 VL-ID: ===== 487 Introduction: ============= Flatnux is no database CMS for accessible websites, corporate websites, e-commer...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.57 views

Wordpress taggator plugin Sql Injection Vulnerabilities

a bug in Wordpress taggator plugin that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : Wordpress taggator plugin Sql Injection Vulnerabilities Author : BHG Security Center - IrIsT Security Team Discovered By : Am!r Home : http://Black-hg.Org - http://IrIsT.Ir Software...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.201 views

Landshop v0.9.2 - Multiple Web Vulnerabilities

Title: ====== Landshop v0.9.2 - Multiple Web Vulnerabilities Date: ===== 2012-03-31 References: =========== http://vulnerability-lab.com/getcontent.php?id=485 VL-ID: ===== 485 Introduction: ============= The SAMEDIA LandShop® is an innovative tool for the marketing, sale or rent of any kind of re...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.212 views

Cross-site scripting vulnerability in Invision Power Board version 3.2.3

Information -------------------- Name : Cross-site scripting vulnerability in Invision Power Board version 3.2.3 Software : Invision Power Board version 3.2.3 Vendor Homepage : http://www.invisionpower.com Vulnerability Type : Cross-site scripting Severity : High Researcher : Vasil A. [email protected]...

Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.73 views

seditio165_CSRF_and_world_readble_db_dumpissuses

============================================= Vulnerable Software: Seditio v165 Downloaded from: http://seditio-eklenti.com/datas/users/1-seditio.165.rar This version is under development of Kaan $ md5sum 1-seditio.165.rar 2eebc8d80f7fcd4e9a0d0659ef193488 1-seditio.165.rar...

Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.22 views

HP Business Availability Center crossite scripting

No description provided...

4.3CVSS0.7AI score0.01905EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.91 views

[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18

waraxe-2012-SA081 - Multiple Vulnerabilities in Coppermine 1.5.18 ============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-81.html Affected Software: Coppermine is a...

Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.66 views

[ MDVSA-2012:050 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:050 http://www.mandriva.com/security/ Package : phpmyadmin Date : April 3, 2012 Affected: Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in phpmyadmin: It wa...

4.3CVSS5.6AI score0.02234EPSS
Exploits3
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.74 views

'phpPaleo' Local File Inclusion (CVE-2012-1671)

'phpPaleo' Local File Inclusion CVE-2012-1671 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in index.php for language handling that allows for local file inclusion using a null-byte attack on the 'lang' GET parameter. II...

6.8CVSS5.9AI score0.02573EPSS
Exploits7
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.98 views

[waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0

waraxe-2012-SA082 - File Existence Disclosure in Uploadify 3.0.0 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-82.html Description of vulnerable software:...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.122 views

[waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4

waraxe-2012-SA083 - Multiple Vulnerabilities in Uploadify 2.1.4 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-83.html Description of vulnerable software:...

0.4AI score
Exploits0
Total number of security vulnerabilities47153