Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/04/09 12:0 a.m.65 views

[SECURITY] [DSA 2445-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2445-1 [email protected] http://www.debian.org/security/ Florian Weimer March 31, 2012 http://www.debian.org/security/faq -...

5CVSS1AI score0.03091EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.140 views

[MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7

We don't release 0days... except when vendors show no interest in fixing their their bugs. http://umbraco.com/umbraco/dashboard/FeedProxy.aspx?url=http://en.wikipedia.org/wiki/Openproxy Have fun. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory...

7.5CVSS0.2AI score0.03481EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.35 views

Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite

!-- Quest vWorkspace 7.5 Connection Broker Client ActiveX Control pnllmcli.dll 7.5.304.547 SaveMiniLaunchFile Method Remote File Creation / Overwrite ie7/8 vendor site: http://www.quest.com/ file tested: QuestvWorkspace-75--32-bit75.zip Binary Path: C:WINDOWSsystem32pnllmcli.dll CLSID:...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.47 views

Sourcefire Defense Center - multiple vulnerabilities.

Hi list, -- Product description from vendor site: The Sourcefire Defense CenterR management console is the "nerve center" of the Sourcefire 3DR System. It provides a powerful, easy-to-use interface for categorizing events, generating recurring reports, scheduling automated IPS, NGIPS, and NGFW...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.20 views

Quest vWorkspace ActiveX unauthorized access

It's possible to modfi files via unsafe functions...

5.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.93 views

Multiple vulnerabilities in osCmax

Advisory ID: HTB23081 Product: osCmax Vendor: osCMax.com Vulnerable Versions: 2.5.0 and probably prior Tested Version: 2.5.0 Vendor Notification: 14 March 2012 Vendor Patch: 30 March 2012 Public Disclosure: 4 April 2012 Vulnerability Type: Cross-Site Scripting XSS, SQL Injection CVE References:...

7.5CVSS7.5AI score0.02861EPSS
Exploits3
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.86 views

VMSA-2012-0006 VMware ESXi and ESX address several security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0006 Synopsis: VMware ESXi and ESX address several security issues Issue date: 2012-03-29 Updated on: 2012-03-29 initial advisory C...

10CVSS7.6AI score0.95104EPSS
Exploits22
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.57 views

[security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03242623 Version: 1 HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center BAC Running on Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin should...

4.3CVSS0.3AI score0.01905EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.125 views

Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities

Title: ====== Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities Date: ===== 2012-04-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=487 VL-ID: ===== 487 Introduction: ============= Flatnux is no database CMS for accessible websites, corporate websites, e-commer...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.41 views

Intuit Help System Protocol File Retrieval

Intuit Help System Protocol File Retrieval Derek Soeder [email protected] Reported to [email protected] on March 15, 2012; vendor did not respond. Reported to CERT on March 22, 2012; vendor did not respond. Responsible disclosure failed with error code 10060. Published: March 30, 2012 AFFECT...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.60 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features Advisory ID: cisco-sa-20120328-mace Revision 1.0 For Public Release 2012 March 28 16:00 UTC GMT...

7.8CVSS0.2AI score0.02011EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.38 views

McAfee Email and Web Security Appliance multiple security vulnerabilities

XSS, authentication bypass, privilege escalation, information leakage, directory traversal...

3.9AI score
Exploits0References6Affected Software2
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.39 views

NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators

High Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a high risk vulnerability in the McAfee Email and Web Security Appliance Impact: Any logged-in user can bypass controls to reset passwords of other administrators If role-bas...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.49 views

Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution

Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution homepage: http://www.quest.com/intrust/ description: "InTrust securely collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems, helping you comply...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.35 views

Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability

Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite homepage: http://www.quest.com/intrust/ description: "InTrust securely collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems, helping you comply...

Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.29 views

HP-UX WBEM unauthorized access

No description provided...

5.8CVSS3.4AI score0.01843EPSS
Exploits1References1
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.100 views

NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked

Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.491 views

CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: libraptor - XXE in RDF/XML File Interpretation Release Date: 2012-03-24 Applications: libraptor / librdf...

4.3CVSS0.13682EPSS
Exploits2
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.40 views

NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens

High Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a high risk vulnerability in the McAfee Email and Web Security Appliance Impact: Reflective XSS allowing an attacker to gain session tokens Versions affected: All versions...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.71 views

Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability Advisory ID: cisco-sa-20120328-ike Revision 1.0 For Public Release 2012 March 28 16:00 UTC GMT +-------------------------------------------------------------------- Summary =====...

7.8CVSS0.7AI score0.03849EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.42 views

D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability

D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability tested against: Microsoft Windows Server 2003 r2 sp2 Internet Explorer 7/8 Live demo: http://203.125.227.70/eng/index.cgi username: dlink password: dlink product homepage:...

Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.35 views

TrendNet SecurView ActiveX buffer overflow

UltraMJCam control buffer overflow...

4.3AI score
Exploits0References1
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.36 views

[ MDVSA-2012:042 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:042 http://www.mandriva.com/security/ Package : wireshark Date : March 28, 2012 Affected: 2011. Problem Description: Multiple vulnerabilities was found and corrected in Wireshark: The ANSI A dissector could...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.71 views

Cisco IOS multiple security vulnerabilities

Multiple DoS conditions...

7.8CVSS1.8AI score0.03849EPSS
Exploits0References6Affected Software2
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.21 views

PHP DoS

Resouces exhaustion on POSIX regular expressions functions...

2.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.26 views

Intuit QuickBook сode execution

Code execution and memory corruption in intu-help-qb5: protocol handler...

2.6AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.71 views

Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability Advisory ID: cisco-sa-20120328-smartinstall Revision 1.0 For Public Release 2012 March 28 16:00 UTC GMT...

7.8CVSS1.3AI score0.02994EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.58 views

Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability Advisory ID: cisco-sa-20120328-rsvp Revision 1.0 For Public Release 2012 March 28 16:00 UTC GMT +---------------------------------------------------------------------...

7.8CVSS0.6AI score0.02011EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.54 views

PHP 5.4/5.3 deprecated eregi() memory_limit bypass

PHP 5.4/5.3 deprecated eregi memorylimit bypass Author: Maksymilian Arciemowicz Website: http://cxsecurity.com/ Date: 30.03.2012 Original link: http://cxsecurity.com/issue/WLB-2012030272 PoC's: memorylimit poc http://cxsecurity.com/issue/WLB-2012030271 openbasedir poc...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.66 views

Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability Advisory ID: cisco-sa-20120328-nat Revision 1.0 For Public Release 2012 March 28 16:00 UTC GMT +-------------------------------------------------------------------...

7.8CVSS0.2AI score0.02011EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.25 views

Wireshark multiple security vulnerabilities

DoS via ANSI A, IEEE 802.11, MP2T protocols...

2.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.24 views

Quest InTrust ActiveX buffer overflows

ArDoc.dll and AnnotateX.dll buffer overflows...

3.9AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.77 views

TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow

TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow camera demo http://67.203.184.58:9193/admin/view.cgi?profile=0 username=guest password=guest Background: The mentioned product, when browsing the device w...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.84 views

[security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03221589 Version: 1 HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data NOTICE: The information in this Security Bulletin should be acted upon as soon as...

5.8CVSS0.8AI score0.01843EPSS
Exploits1
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.39 views

D-Link SecuriCam ActiveX buffer overflow

Buffer overflow in DcsCliCtrl.dll control...

3.9AI score
Exploits0References1
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.89 views

[SECURITY] [DSA 2443-1] linux-2.6 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2443-1 [email protected] http://www.debian.org/security/ Dann Frazier March 26, 2012 http://www.debian.org/security/faq -...

7.2CVSS1.3AI score0.03431EPSS
Exploits8
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.75 views

NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts

Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Session hijacking and bypassing client-side session timeouts Versions affected: All...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.65 views

NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user

Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Arbitrary file download is possible with a crafted URL, when logged in as any user Versio...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.79 views

[security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03255321 Version: 1 HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service DoS NOTICE: The...

10CVSS0.9AI score0.23279EPSS
Exploits2
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.117 views

Quake 3 / ioquake3 traffic amplification vulnerability

Source of getstatus UDP message is not checked...

7.8CVSS2.3AI score0.0211EPSS
Exploits0References1Affected Software4
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.69 views

Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability Advisory ID: cisco-sa-20120328-ssh Revision 1.0 For Public Release 2012 March 28 16:00 UTC GMT...

7.8CVSS0.7AI score0.03118EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.113 views

NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI

Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.74 views

[ MDVSA-2012:038 ] openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:038 http://www.mandriva.com/security/ Package : openssl Date : March 26, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in...

5CVSS7.8AI score0.13075EPSS
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.40 views

OpenSSL security vulnerabilities

DoS, CMS implementation vulnerabilities...

5CVSS2.6AI score0.13075EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.40 views

raptor library (libreoffice / openoffice) file injection

It's possible to inject file via XML...

4.3CVSS3.6AI score0.13682EPSS
Exploits2References2Affected Software1
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.46 views

Intuit Help System Protocol URL Heap Corruption and Memory Leak

Intuit Help System Protocol URL Heap Corruption and Memory Leak Derek Soeder [email protected] Reported to [email protected] on March 15, 2012; vendor did not respond. Reported to CERT on March 22, 2012; vendor did not respond. Responsible disclosure failed with error code 10060. Published:...

Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.110 views

VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation

VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation Derek Soeder [email protected] Reported: December 5, 2011 Published: March 30, 2012 AFFECTED VENDOR --------------- VMware, Inc. AFFECTED ENVIRONMENTS --------------------- The following VMware product versions are known to be...

8.3CVSS0.6AI score0.29253EPSS
Exploits13
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.59 views

Traffic amplification via Quake 3-based servers

It has been discovered that spoofed "getstatus" UDP requests are being used by attackers0123 to direct status responses from multiple Quake 3-based servers to a victim, as a traffic amplification mechanism for a denial of service attack on that victim. Open-source games derived from the Quake 3...

1.9AI score
Exploits0
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.50 views

[PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip

PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2012-02 Released on: 21st March 2012 Affected products: libzip = 0.10 PHP 5.4.0 PHP = 5.3.10 zipruby = 0.3.6 Impact: heap overflow, information leak Credit: - Thomas Klausner - Timo Warns PRESENSE Technologies GmbH CVE...

7.5CVSS0.3AI score0.04024EPSS
Exploits2
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.31 views

expat security vulnerability

Memory leaks, predictable hash function...

5CVSS1.5AI score0.05724EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities47153