Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/04/02 12:0 a.m.31 views

expat security vulnerability

Memory leaks, predictable hash function...

5CVSS1.5AI score0.05724EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/04/02 12:0 a.m.46 views

Intuit Help System Protocol URL Heap Corruption and Memory Leak

Intuit Help System Protocol URL Heap Corruption and Memory Leak Derek Soeder [email protected] Reported to [email protected] on March 15, 2012; vendor did not respond. Reported to CERT on March 22, 2012; vendor did not respond. Responsible disclosure failed with error code 10060. Published:...

Exploits0
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.30 views

Apache Traffic Server DoS

Server crash on oversized Host: header...

5CVSS2.2AI score0.03473EPSS
Exploits1References1
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.79 views

Cyberoam Unified Threat Management: OS Command Execution

Hi, Please find below the details of a vulnerability I discovered in Cyberoam UTM device. The Vendor was notified, however I did not receive any response from Vendor despite repeated email reminders. SECURITY ADVISORY: cyberoam-utm-command-executaion Affected Software: Cyberoam CR50ia 10.01.0 bui...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.85 views

[ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256

Everyone, Below is our announcement for the security issue reported to us from Codenomicon, via CERT-FI. All previous versions of Apache Traffic Server are vulnerable, and we urge users to upgrade to either v3.0.4 or v3.1.3 immediately. Both releases are available from our download site at...

5CVSS0.7AI score0.03473EPSS
Exploits1
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.106 views

Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter)

Seeker Research Center Security Advisory By Irene Abezgauz =========== I. Overview =========== An Insecure Redirect vulnerability has been identified in the .NET Form Authentication - in the Redirect From Login mechanism. This vulnerability allows an attacker to craft links that contain redirects...

Exploits0
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.37 views

Cisco PlayerPT ActiveX buffer overflow

Buffer overflow in SetSource method...

3.1AI score
Exploits0References1
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.25 views

gnash multiple security vulnerabilities

Ingerer overflow on SWF parsing, unsafe cookie handling, symbolic links vulnerability...

6.8CVSS3.3AI score0.04271EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.26 views

CA ARCserve Backup DoS

Crash on network request parsing...

3.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.48 views

[SECURITY] [DSA 2435-1] gnash security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2435-1 [email protected] http://www.debian.org/security/ Gabriele Giacone March 19, 2012 http://www.debian.org/security/faq - -...

6.8CVSS1.4AI score0.04271EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.45 views

CA20120320-01: Security Notice for CA ARCserve Backup

-----BEGIN PGP SIGNED MESSAGE----- CA20120320-01: Security Notice for CA ARCserve Backup Issued: March 20, 2012 CA Technologies Support is alerting customers to a potential risk with CA ARCserve Backup for Windows. A vulnerability exists that can allow a remote attacker to cause a denial of servi...

5CVSS0.6AI score0.02194EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.43 views

GnuTLS / libtasn1 security vulnerabilities

Vulnerabilities on TLS and ASN.1 records parsing...

4.3CVSS2.9AI score0.02386EPSS
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.84 views

Cyberoam Unified Threat Management: Insecure Password Handling

Hi, Please find below the details of a vulnerability I discovered in Cyberoam UTM device. The Vendor was notified, however I did not receive any response from Vendor despite repeated email reminders. SECURITY ADVISORY: cyberoam-utm-insecure-password-handling Affected Software: Cyberoam CR50ia...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.75 views

Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability

!-- Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability when viewing the device web interface it asks to install an ActiveX control with the following settings: ProductName: PlayerPT ActiveX Control Module File...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.74 views

Microsoft .Net multiple security vulnerabilities

DoS, multiple vulnerabilities in forms authentication...

9.3CVSS2AI score0.58895EPSS
Exploits5References2Affected Software1
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.150 views

[SECURITY] [DSA 2438-1] raptor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2438-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 22, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.13682EPSS
Exploits2
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.68 views

Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1 TLS record handling vulnerability in GnuTLS MU-201202-01 ASN.1 length decoding vulnerability in Libtasn1 MU-201202-02 20 March 2012...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.69 views

[MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability

MajorSecurity-SA-2012-014Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability Details ============= Product: Apple Mobile Safari on iOS 5.1 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.apple.com/ Advisory-Status: published Credits ============= Discovered by: David...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2012/03/25 12:0 a.m.50 views

[ MDVSA-2012:034 ] libzip

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:034 http://www.mandriva.com/security/ Package : libzip Date : March 23, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in libzi...

7.5CVSS10AI score0.04024EPSS
Exploits2
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.102 views

Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ADVISORY NUMBER 031912 Advisory 1: TITLE OS Command Injection Vulnerability in Aruba Remote Access Point Diagnostic Web Interface. SUMMARY An OS command injection vulnerability has been discovered in the Aruba Remote Access Point's Diagnostic Web...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.52 views

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against: Microsoft Windows Server 2003 r2 sp2...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.21 views

at32 reverse proxy buffer overflow

Buffer overflow on headers parsing...

4.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.26 views

Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug"

"There is an EVIL bug in at least the Linux 2.2.35-8 Tor Browser Bundle start-tor-browser script. It will log things like domain names to a file in the root of the browser bundle." https://trac.torproject.org/projects/tor/ticket/5417 Ticket 5417 new defect RelativeLink.sh in Tor browser bundle ha...

7AI score
Exploits0
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.26 views

Tor Browser Bundle information leakage

Debugging logging is always on...

2.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.17 views

Aruba Remote Access Point secuirty vulnerabilities

Commands injection, authentication bypass...

3.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.23 views

ManageEngine DeviceExpert directory traversal

ScheduleResultViewer servlet directory traversal...

3.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.36 views

EMC Documentum eRoom security vulnerabilities

replay attacks and crossite scripting...

7.5CVSS1.6AI score0.01323EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.51 views

VMWare applications multiple security vulnerabilities

Privilege escalation, cross application scripting, information leakage, crossite scripting...

7.5CVSS2.5AI score0.15226EPSS
Exploits4References1Affected Software8
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.64 views

Security update available for Adobe Flash Player

Security update available for Adobe Flash Player Release date: March 5, 2012 Vulnerability identifier: APSB12-05 Priority: 2 CVE number: CVE-2012-0768, CVE-2012-0769 Platform: All Platforms SUMMARY These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and...

10CVSS1.8AI score0.06448EPSS
Exploits2
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.23 views

Dell Webcam ActiveX buffer overflow

Multiple buffer overflows in crazytalk4 ActiveX...

4AI score
Exploits0References1
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.203 views

SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom

SEC Consult Vulnerability Lab Security Advisory 20120315-0 ======================================================================= title: Multiple permanent cross-site scripting vulnerabilities product: EMC Documentum eRoom vulnerable version: 7.33.498.98 fixed version: 7.4.4 impact: high homepag...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.65 views

VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption (CVE-2012-0768)

VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption APSB12-05 / CVE-2012-0768 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application...

10CVSS0.2AI score0.06448EPSS
Exploits1
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.49 views

at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability

Title: at32 Reverse Proxy - Multiple HTTP Header Field Denial Of Service Vulnerability Product : at32 Reverse Proxy Version : v1.060.310 Vendor: http://www.at32.com/doc/rproxy.htm Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-03-14 Updated: Impact : Medium CVSS2 Base ...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.26 views

EMC RSA enVision multiple security vulnerabilities

Crossite scripting, SQL injection, directory traversal, hardcoded accounts, restrictions bypass...

9.3CVSS2.3AI score0.02074EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.65 views

ESA-2012-014: RSA enVision Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-014: RSA enVision Multiple Vulnerabilities EMC Identifier:ESA-2012-014 CVE Identifiers: CVE-2012-0399, CVE-2012-0400, CVE-2012-0401, CVE-2012-0402, CVE-2012-0403 Severity Rating: CVSS Base Score: See below for scores for individual...

9.3CVSS0.6AI score0.02074EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.283 views

VMSA-20120005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0005 Synopsis: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security...

7.5CVSS7.4AI score0.15226EPSS
Exploits4
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.51 views

Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability

Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability Tested against: Microsoft Windows Vista SP2 Microsoft Windows XP SP3 Microsoft Windows 2003 R2 SP2 Internet Explorer 7/8/9 download url of a test version:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.26 views

Apache FCGID module resources exhaustion

FcgidMaxProcessesPerClass limit is no actually working...

5CVSS2AI score0.04864EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.100 views

[SECURITY] [DSA 2436-1] libapache2-mod-fcgid security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2436-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 19, 2012 http://www.debian.org/security/faq -...

5CVSS1.4AI score0.04864EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.72 views

[TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===== Tempest Security Intelligence - Advisory 02 / 2012 ============ Polycom Web Management Interface O.S. Command Injection ------------------------------------------------------- Authors: - Joao Paulo Caldas Campello: - @jpcampello -...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.41 views

pidgin / libpurple security vulnerabilities

DoS via XMPP and MSN messages, local information leakage...

6.4CVSS2.7AI score0.03549EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.28 views

ABB WebWare code execution

TCP/5512 port service code execution...

2.6AI score
Exploits0References1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.67 views

Multiple SQL injections in rivettracker <=1.03

Exploit Title: Multiple SQL injections in rivettracker =1.03 Date: 2/3/2012 Author: Ali Raheem Software Link: http://www.rivetcode.com/software/rivettracker/ Version: =1.03 Tested on: Linux guruplug-debian 3.1.7 2 PREEMPT Tue Jan 3 20:19:54 MST 2012 armv5tel GNU/Linux Greets: spyware, dividead...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.50 views

Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities

Title: ====== Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=442 VL-ID: ===== 442 Introduction: ============= Designed to enable seamless voice and video communication, the CudaTel...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.44 views

phpMyVisites 2.4_XSS

============================================================ Vulnerable Software: phpMyVisites 2.4 version.php 238 2009-12-16 19:48:15Z matthieu $ More info can be found here: http://www.phpmyvisites.us/ ============================================================...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.16 views

Enterasys SecureStack Switch crossite scripting

Stored XSS in different configuration parameters...

2.1AI score
Exploits0References1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.76 views

Multiple XSS in Chyrp

Advisory ID: HTB23073 Product: Chyrp Vendor: Chyrp Vulnerable Versions: 2.5b1 and probably prior Tested Version: 2.5b1 Vendor Notification: 1 February 2012 Vendor Patch: 2 February 2012 Public Disclosure: 22 February 2012 Vulnerability Type: Cross Site Scripting XSS CVE References: CVE-2012-1001...

6.6AI score0.03558EPSS
Exploits2
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.62 views

Mobile Mp3 Search Engine HTTP Response Splitting

-=--------------------ADVISORY-------------------=- Mobile Mp3 Search Engine 2.0 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mobile Mp3 Search Engine -=+ Version: 2.0 -=+ Vendor's URL:...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.74 views

[security bulletin] HPSBMU02746 SSRT100781 rev.1 - HP Data Protector Express, Remote Denial of Service (DoS), Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03229235 Version: 1 HPSBMU02746 SSRT100781 rev.1 - HP Data Protector Express, Remote Denial of Service DoS, Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be...

10CVSS0.5AI score0.62655EPSS
Exploits8
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.66 views

Synology Photo Station 5 - Reflected Cross-Site Scripting

Title : Photo Station 5 - Reflected Cross-Site Scripting Author : Simon Ganiere Vendor : http://www.sinology.com Advisory : CVE-2012-1556 Software : Photo Station 5 - DSM 3.2 1955 Date : 05/02/2012 30/01/2012 Issue Discovered 05/02/2012 Vendor Notified 06/03/2012 Vendor released DSM 4 Class:...

4.3CVSS0.9AI score0.03262EPSS
Exploits2
Total number of security vulnerabilities47153