Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SecurityvulnsRecent
RecentMost viewed

47153 matches found

securityvulns
securityvulnsadded 2012/04/02 12:0 a.m.111 views

NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI

Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...

0.6AI score
Exploits0
securityvulns
securityvulnsadded 2012/04/02 12:0 a.m.30 views

expat security vulnerability

Memory leaks, predictable hash function...

5CVSS1.5AI score0.00973EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.42 views

GnuTLS / libtasn1 security vulnerabilities

Vulnerabilities on TLS and ASN.1 records parsing...

4.3CVSS2.9AI score0.01319EPSS
Exploits0References1Affected Software2
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.72 views

Microsoft .Net multiple security vulnerabilities

DoS, multiple vulnerabilities in forms authentication...

9.3CVSS2AI score0.7197EPSS
Exploits5References2Affected Software1
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.73 views

Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability

!-- Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability when viewing the device web interface it asks to install an ActiveX control with the following settings: ProductName: PlayerPT ActiveX Control Module File...

0.5AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.83 views

[ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256

Everyone, Below is our announcement for the security issue reported to us from Codenomicon, via CERT-FI. All previous versions of Apache Traffic Server are vulnerable, and we urge users to upgrade to either v3.0.4 or v3.1.3 immediately. Both releases are available from our download site at...

5CVSS0.7AI score0.01643EPSS
Exploits1
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.48 views

[SECURITY] [DSA 2435-1] gnash security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2435-1 [email protected] http://www.debian.org/security/ Gabriele Giacone March 19, 2012 http://www.debian.org/security/faq - -...

6.8CVSS1.4AI score0.03574EPSS
Exploits0
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.67 views

[MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability

MajorSecurity-SA-2012-014Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability Details ============= Product: Apple Mobile Safari on iOS 5.1 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.apple.com/ Advisory-Status: published Credits ============= Discovered by: David...

6.6AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.82 views

Cyberoam Unified Threat Management: Insecure Password Handling

Hi, Please find below the details of a vulnerability I discovered in Cyberoam UTM device. The Vendor was notified, however I did not receive any response from Vendor despite repeated email reminders. SECURITY ADVISORY: cyberoam-utm-insecure-password-handling Affected Software: Cyberoam CR50ia...

0.5AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.37 views

Cisco PlayerPT ActiveX buffer overflow

Buffer overflow in SetSource method...

3.1AI score
Exploits0References1
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.44 views

CA20120320-01: Security Notice for CA ARCserve Backup

-----BEGIN PGP SIGNED MESSAGE----- CA20120320-01: Security Notice for CA ARCserve Backup Issued: March 20, 2012 CA Technologies Support is alerting customers to a potential risk with CA ARCserve Backup for Windows. A vulnerability exists that can allow a remote attacker to cause a denial of servi...

5CVSS0.6AI score0.0182EPSS
Exploits0
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.26 views

CA ARCserve Backup DoS

Crash on network request parsing...

3.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.30 views

Apache Traffic Server DoS

Server crash on oversized Host: header...

5CVSS2.2AI score0.01643EPSS
Exploits1References1
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.148 views

[SECURITY] [DSA 2438-1] raptor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2438-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 22, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.00897EPSS
Exploits2
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.77 views

Cyberoam Unified Threat Management: OS Command Execution

Hi, Please find below the details of a vulnerability I discovered in Cyberoam UTM device. The Vendor was notified, however I did not receive any response from Vendor despite repeated email reminders. SECURITY ADVISORY: cyberoam-utm-command-executaion Affected Software: Cyberoam CR50ia 10.01.0 bui...

0.2AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.104 views

Seeker Advisory: Insecure Redirect in .NET Form Authentication - Redirect From Login Mechanism (ReturnURL Parameter)

Seeker Research Center Security Advisory By Irene Abezgauz =========== I. Overview =========== An Insecure Redirect vulnerability has been identified in the .NET Form Authentication - in the Redirect From Login mechanism. This vulnerability allows an attacker to craft links that contain redirects...

Exploits0
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.67 views

Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1 TLS record handling vulnerability in GnuTLS MU-201202-01 ASN.1 length decoding vulnerability in Libtasn1 MU-201202-02 20 March 2012...

0.2AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/26 12:0 a.m.25 views

gnash multiple security vulnerabilities

Ingerer overflow on SWF parsing, unsafe cookie handling, symbolic links vulnerability...

6.8CVSS3.3AI score0.03574EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2012/03/25 12:0 a.m.49 views

[ MDVSA-2012:034 ] libzip

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:034 http://www.mandriva.com/security/ Package : libzip Date : March 23, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and corrected in libzi...

7.5CVSS10AI score0.01669EPSS
Exploits2
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.50 views

Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability

Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote Buffer Overflow Vulnerability Tested against: Microsoft Windows Vista SP2 Microsoft Windows XP SP3 Microsoft Windows 2003 R2 SP2 Internet Explorer 7/8/9 download url of a test version:...

0.2AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.99 views

Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ADVISORY NUMBER 031912 Advisory 1: TITLE OS Command Injection Vulnerability in Aruba Remote Access Point Diagnostic Web Interface. SUMMARY An OS command injection vulnerability has been discovered in the Aruba Remote Access Point's Diagnostic Web...

0.8AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.64 views

VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption (CVE-2012-0768)

VUPEN Security Research - Adobe Flash Player "Matrix3D" Remote Memory Corruption APSB12-05 / CVE-2012-0768 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application...

10CVSS0.2AI score0.06076EPSS
Exploits1
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.48 views

at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability

Title: at32 Reverse Proxy - Multiple HTTP Header Field Denial Of Service Vulnerability Product : at32 Reverse Proxy Version : v1.060.310 Vendor: http://www.at32.com/doc/rproxy.htm Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-03-14 Updated: Impact : Medium CVSS2 Base ...

0.8AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.26 views

Tor Browser Bundle information leakage

Debugging logging is always on...

2.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.97 views

[SECURITY] [DSA 2436-1] libapache2-mod-fcgid security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2436-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 19, 2012 http://www.debian.org/security/faq -...

5CVSS1.4AI score0.09726EPSS
Exploits0
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.26 views

EMC RSA enVision multiple security vulnerabilities

Crossite scripting, SQL injection, directory traversal, hardcoded accounts, restrictions bypass...

9.3CVSS2.3AI score0.00961EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.21 views

at32 reverse proxy buffer overflow

Buffer overflow on headers parsing...

4.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.17 views

Aruba Remote Access Point secuirty vulnerabilities

Commands injection, authentication bypass...

3.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.23 views

Dell Webcam ActiveX buffer overflow

Multiple buffer overflows in crazytalk4 ActiveX...

4AI score
Exploits0References1
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.26 views

Apache FCGID module resources exhaustion

FcgidMaxProcessesPerClass limit is no actually working...

5CVSS2AI score0.09726EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.51 views

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against: Microsoft Windows Server 2003 r2 sp2...

0.1AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.62 views

ESA-2012-014: RSA enVision Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-014: RSA enVision Multiple Vulnerabilities EMC Identifier:ESA-2012-014 CVE Identifiers: CVE-2012-0399, CVE-2012-0400, CVE-2012-0401, CVE-2012-0402, CVE-2012-0403 Severity Rating: CVSS Base Score: See below for scores for individual...

9.3CVSS0.6AI score0.00961EPSS
Exploits0
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.63 views

Security update available for Adobe Flash Player

Security update available for Adobe Flash Player Release date: March 5, 2012 Vulnerability identifier: APSB12-05 Priority: 2 CVE number: CVE-2012-0768, CVE-2012-0769 Platform: All Platforms SUMMARY These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and...

10CVSS1.8AI score0.06076EPSS
Exploits2
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.280 views

VMSA-20120005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0005 Synopsis: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security...

7.5CVSS7.4AI score0.23189EPSS
Exploits9
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.201 views

SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom

SEC Consult Vulnerability Lab Security Advisory 20120315-0 ======================================================================= title: Multiple permanent cross-site scripting vulnerabilities product: EMC Documentum eRoom vulnerable version: 7.33.498.98 fixed version: 7.4.4 impact: high homepag...

6.7AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.51 views

VMWare applications multiple security vulnerabilities

Privilege escalation, cross application scripting, information leakage, crossite scripting...

7.5CVSS2.5AI score0.23189EPSS
Exploits9References1Affected Software8
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.23 views

ManageEngine DeviceExpert directory traversal

ScheduleResultViewer servlet directory traversal...

3.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.25 views

Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug"

"There is an EVIL bug in at least the Linux 2.2.35-8 Tor Browser Bundle start-tor-browser script. It will log things like domain names to a file in the root of the browser bundle." https://trac.torproject.org/projects/tor/ticket/5417 Ticket 5417 new defect RelativeLink.sh in Tor browser bundle ha...

7AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/20 12:0 a.m.36 views

EMC Documentum eRoom security vulnerabilities

replay attacks and crossite scripting...

7.5CVSS1.6AI score0.0046EPSS
Exploits0References2Affected Software1
securityvulns
securityvulnsadded 2012/03/19 12:0 a.m.15 views

Enterasys SecureStack Switch crossite scripting

Stored XSS in different configuration parameters...

2.1AI score
Exploits0References1
securityvulns
securityvulnsadded 2012/03/19 12:0 a.m.46 views

[SECURITY] [DSA 2431-1] libdbd-pg-perl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2431-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 11, 2012 http://www.debian.org/security/faq -...

5CVSS1.9AI score0.02719EPSS
Exploits0
securityvulns
securityvulnsadded 2012/03/19 12:0 a.m.28 views

DBD::Pg format string vulnerability

Format string vulnerability on server response parsing...

5CVSS3.3AI score0.02719EPSS
Exploits0References1
securityvulns
securityvulnsadded 2012/03/19 12:0 a.m.89 views

FrameJammer DOM based XSS

Software:FrameJammer Author:Hal Pawluk Software Description: FrameJammer is a little javascript code which prevents opening framed pages outside their frameset. FrameJammer used to be distributed as a Macromedia Dreamweaver extension, nowadays web developers are spreading it with copy-paste...

0.2AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/19 12:0 a.m.98 views

Wolf CMS v0.7.5 - Multiple Web Vulnerabilities

Title: ====== Wolf CMS v0.7.5 - Multiple Web Vulnerabilities Date: ===== 2012-02-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=452 VL-ID: ===== 452 Introduction: ============= Wolf CMS is a content management system and is Free Software published under the GNU...

0.7AI score
Exploits0
securityvulns
securityvulnsadded 2012/03/19 12:0 a.m.228 views

Dropbear SSH server use-after-free

No description provided...

7.1CVSS1.1AI score0.01803EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2012/03/19 12:0 a.m.67 views

VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2012-0002 Synopsis: VMware vCenter Chargeback Manager Information Leak and Denial of Service Issue date: 2012-03-08 Updated on:...

6.4CVSS6.2AI score0.00837EPSS
Exploits1
securityvulns
securityvulnsadded 2012/03/19 12:0 a.m.120 views

[SECURITY] [DSA 2421-1] moodle security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2421-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 29, 2012 http://www.debian.org/security/faq -...

6.8CVSS0.9AI score0.00666EPSS
Exploits0
securityvulns
securityvulnsadded 2012/03/19 12:0 a.m.28 views

ABB WebWare code execution

TCP/5512 port service code execution...

2.6AI score
Exploits0References1
securityvulns
securityvulnsadded 2012/03/19 12:0 a.m.30 views

YAML::LibYAML format string vulnerability

Few format string vulnerabilities...

5CVSS2AI score0.03855EPSS
Exploits0References1
securityvulns
securityvulnsadded 2012/03/19 12:0 a.m.85 views

[SECURITY] [DSA 2414-1] fex security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2413-1 [email protected] http://www.debian.org/security/ Nico Golde February 21, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.11917EPSS
Exploits0
Total number of security vulnerabilities47153