Securityvulns - Page 148 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2012/03/19 12:0 a.m.•67 views

Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability

OVERVIEW Open-Realty 2.5.8 and lower versions are vulnerable to Local File Inclusion. 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site...

securityvulns•added 2012/03/19 12:0 a.m.•71 views

Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability

Title: Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability Product : Lastguru ASP GuestBook Version : Free Version Vendor: http://www.LastGuru.com Class: Input Validation Error CVE: Remote: Yes Local: No Published: 2012-03-04 Updated: Impact : Medium CVSSv2 Base : 7.5,...

securityvulns•added 2012/03/19 12:0 a.m.•56 views

[SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2432-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 12, 2012 http://www.debian.org/security/faq -...

5CVSS1.8AI score0.03855EPSS

securityvulns•added 2012/03/19 12:0 a.m.•68 views

Aurora WebOPAC SQL Injection - Security Advisory - SOS-12-004

Sense of Security - Security Advisory - SOS-12-004 Release Date. 12-Mar-2012 Last Update. - Vendor Notification Date. 24-Nov-2011 Product. Aurora WebOPAC Platform. Independent Affected versions. 3.5.0e, 3.4.6a, 3.5.3, 3.5.0i, 3.4.7b, 3.5.2.2, 3.4.7b, possibly others Severity Rating. High Impact...

securityvulns•added 2012/03/19 12:0 a.m.•25 views

notmuch special characters vulnerabilities

MML tags are not escaped...

Exploits0References1

securityvulns•added 2012/03/19 12:0 a.m.•40 views

pidgin / libpurple security vulnerabilities

DoS via XMPP and MSN messages, local information leakage...

6.4CVSS2.7AI score0.01136EPSS

Exploits1References2Affected Software1

securityvulns•added 2012/03/19 12:0 a.m.•595 views

OSQA CMS v3b - Multiple Persistent Vulnerabilities

Title: ====== OSQA CMS v3b - Multiple Persistent Vulnerabilities Date: ===== 2012-02-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=461 VL-ID: ===== 461 Introduction: ============= OSQA is the Open Source Q&A System. It is free software licensed under the GPL, and y...

securityvulns•added 2012/03/19 12:0 a.m.•35 views

Многочисленные уязвимости в EJBCA

Здравствуйте 3APA3A! Сообщаю вам о найденных мною 17.01.2012 многочисленных уязвимостях в Enterprise Java Beans Certificate Authority EJBCA. Это Cross-Site Scripting, Brute Force и Abuse of Functionality уязвимости. EJBCA - это PKI сервер. По информации из официального сайта: A Certification...

securityvulns•added 2012/03/19 12:0 a.m.•86 views

Vulnerability Description: XSS-(CROSS SITE SCRIPTING VULNERABILITIES) (ZAPHOD BREEBLEBROX'S BLOCKER A.K.A. ZB BLOCK)

-------------------------------------------------------------------------------------------------------------------- Vulnerable Software: // ZAPHOD BREEBLEBROX'S BLOCKER A.K.A. ZB BLOCK // VERSION 0.4.9 Final "Jaguar" 0.4.9Final Developed by HTTP://WWW.SPAMBOTSECURITY.COM...

securityvulns•added 2012/03/19 12:0 a.m.•75 views

[TSI-ADV-1201] Path Traversal on Polycom Web Management Interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===== Tempest Security Intelligence - Advisory 01 / 2012 ============ Path Traversal on Polycom Web Management Interface -------------------------------------------------- Authors: - Heyder Andrade: - @heyderandrade -...

securityvulns•added 2012/03/19 12:0 a.m.•137 views

Dropbear SSH server use-after-free vulnerability

Dropbear SSH server use-after-free vulnerability Impact: A remote authenticated user can execute arbitrary code on the target system. Class: Use After Free - CWE-416 CVE ID: CVE-2012-0920 CVSS: 8.5 AV:N/AC:M/AU:S/C:C/I:C/A:C Description: This vulnerability is located within the Dropbear daemon an...

7.1CVSS0.4AI score0.01803EPSS

securityvulns•added 2012/03/19 12:0 a.m.•43 views

phpMyVisites 2.4_XSS

============================================================ Vulnerable Software: phpMyVisites 2.4 version.php 238 2009-12-16 19:48:15Z matthieu $ More info can be found here: http://www.phpmyvisites.us/ ============================================================...

securityvulns•added 2012/03/19 12:0 a.m.•65 views

Synology Photo Station 5 - Reflected Cross-Site Scripting

Title : Photo Station 5 - Reflected Cross-Site Scripting Author : Simon Ganiere Vendor : http://www.sinology.com Advisory : CVE-2012-1556 Software : Photo Station 5 - DSM 3.2 1955 Date : 05/02/2012 30/01/2012 Issue Discovered 05/02/2012 Vendor Notified 06/03/2012 Vendor released DSM 4 Class:...

4.3CVSS0.9AI score0.00895EPSS

securityvulns•added 2012/03/19 12:0 a.m.•15 views

Barracuda CudaTel crossite scripting

Stored XSS in different configuration parameters...

Exploits0References1Affected Software1

securityvulns•added 2012/03/19 12:0 a.m.•18 views

Polycom teleconferencing devices security vulnereabilities

Directory traversal, code injection...

Exploits0References2

securityvulns•added 2012/03/19 12:0 a.m.•66 views

Multiple SQL injections in rivettracker <=1.03

Exploit Title: Multiple SQL injections in rivettracker =1.03 Date: 2/3/2012 Author: Ali Raheem Software Link: http://www.rivetcode.com/software/rivettracker/ Version: =1.03 Tested on: Linux guruplug-debian 3.1.7 2 PREEMPT Tue Jan 3 20:19:54 MST 2012 armv5tel GNU/Linux Greets: spyware, dividead...

securityvulns•added 2012/03/19 12:0 a.m.•29 views

CheckPoint Firewall / VPN-1 information leakage

It's possible to obtain host names...

Exploits0References1

securityvulns•added 2012/03/19 12:0 a.m.•86 views

ImgPals Photo Host Version 1.0 Admin Account Disactivation

-=--------------------ADVISORY-------------------=- ImgPals Photo Host Version 1.0 STABLE Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: ImgPals Photo Host -=+ Version: 1.0 STABLE -=+ Vendor's URL:...

securityvulns•added 2012/03/19 12:0 a.m.•96 views

Brute Force и XSS уязвимости в Webglimpse

Здравствуйте 3APA3A! После предыдущих многочисленных Cross-Site Scripting, Full path disclosure, Directory Traversal и Authorization bypass уязвимостей в Webglimpse SecurityVulns ID: 9436, 9443, 9778, 9876, сообщаю вам о найденных мною новых уязвимостях в Webglimpse. Это Brute Force и Cross-Site...

securityvulns•added 2012/03/19 12:0 a.m.•75 views

Security advisory for Bugzilla 4.2 and 4.0.5

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: A CSRF vulnerability in the implementation of the XML-RPC API when running under modperl could be used to make changes to bugs or...

5.1CVSS6.1AI score0.00176EPSS

securityvulns•added 2012/03/19 12:0 a.m.•67 views

Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities

OVERVIEW Etano 1.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND The community builder script we provide - Etano - was built entirely based on requests from customers of our previous dating package Dating Site Builder. Almost every feature ever requested was built into Etano to...

securityvulns•added 2012/03/19 12:0 a.m.•73 views

11in1 CMS v1.2.1 - SQL Injection Vulnerabilities

Title: ====== 11in1 CMS v1.2.1 - SQL Injection Vulnerabilities Date: ===== 2012-03-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=465 VL-ID: ===== 465 Introduction: ============= 11in1 is an open-source content management system CMS that is powered by PHP and MySQL...

securityvulns•added 2012/03/19 12:0 a.m.•88 views

Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities

Title: ====== Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities Date: ===== 2012-03-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=228 VL-ID: ===== 228 Introduction: ============= Einfach, schnell und zukunftssicher! Die ideale Losung, um Ihre...

securityvulns•added 2012/03/19 12:0 a.m.•74 views

Multiple vulnerabilities in Elefant CMS

Advisory ID: HTB23076 Product: Elefant CMS Vendor: Elefant CMS Vulnerable Versions: 1.1.3 beta and probably prior Tested Version: 1.1.3 beta Vendor Notification: 22 February 2012 Vendor Patch: 22 February 2012 Public Disclosure: 14 March 2012 Vulnerability Type: SQL Injection, XSS Cross Site...

4.3CVSS7AI score0.00516EPSS

securityvulns•added 2012/03/19 12:0 a.m.•137 views

Iciniti Store SQL Injection - Security Advisory - SOS-12-003

Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impact. Manipulation of data Attack...

securityvulns•added 2012/03/19 12:0 a.m.•23 views

Endian UTM Firewall security vulnerabilities

XSS, CSRF...

Exploits0References1Affected Software1

securityvulns•added 2012/03/19 12:0 a.m.•27 views

VMware vCenter Chargeback Manager security vulnerabilities

Information leakage, DoS...

6.4CVSS2.3AI score0.00837EPSS

Exploits1References1Affected Software1

securityvulns•added 2012/03/19 12:0 a.m.•79 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.19244EPSS

Exploits6References36Affected Software30

securityvulns•added 2012/03/19 12:0 a.m.•29 views

FlashFXP FTP client buffer overflow

Buffer overflow on server response parsing...

Exploits0References1Affected Software1

securityvulns•added 2012/03/19 12:0 a.m.•59 views

ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-033 February 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: ABB - -- Affected...

securityvulns•added 2012/03/19 12:0 a.m.•87 views

Kongreg8 1.7.3 Mutiple XSS

Exploit Title: Kongreg8 1.7.3 Mutiple XSS Date: 02/24/12 Author: G13 Software Link: https://sourceforge.net/projects/kongreg8/ Version: 1.7.3 Category: webapps php Vulnerability Kongreg8 1.7.3 has multiple XSS vulnerabilites. These vulnerabilities are in the Add Member and Add Group functions...

securityvulns•added 2012/03/19 12:0 a.m.•55 views

OSClass directory traversal (leads to arbitrary file upload)

Advisory ID: CSA-12004 Title: OSClass directory traversal vulnerability Product: OSClass Version: 2.3.5 and probably prior Vendor: osclass.org Vulnerability type: Directory traversal Risk level: 2 / 3 Credit: www.codseq.it Vendor notification: 2012-01-25 Public disclosure: 2012-03-07 Original...

securityvulns•added 2012/03/19 12:0 a.m.•167 views

OSI Security: CheckPoint Firewall VPN - Information Disclosure

CheckPoint Firewall VPN1 - Information Disclosure Vulnerability http://www.osisecurity.com.au/advisories/checkpoint-firewall-securemote-hostname-information-disclosure Note: this is essentially a feature, but thought it may be useful for pen testers when deciding which system to attack. Release...

securityvulns•added 2012/03/19 12:0 a.m.•70 views

[TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===== Tempest Security Intelligence - Advisory 02 / 2012 ============ Polycom Web Management Interface O.S. Command Injection ------------------------------------------------------- Authors: - Joao Paulo Caldas Campello: - @jpcampello -...

securityvulns•added 2012/03/19 12:0 a.m.•73 views

Timesheet Next Gen 1.5.2 Multiple SQLi

Exploit Title: Timesheet Next Gen 1.5.2 Multiple SQLi Date: 02/23/12 Author: G13 Software Link: https://sourceforge.net/projects/tsheetx/ Version: 1.5.2 Category: webapps php Vulnerability The login.php page has multiple SQL injection vulnerabilities. Both the 'username' and 'password' parameters...

securityvulns•added 2012/03/19 12:0 a.m.•83 views

[SECURITY] [DSA 2423-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2423-1 [email protected] http://www.debian.org/security/ Florian Weimer March 02, 2012 http://www.debian.org/security/faq -...

securityvulns•added 2012/03/19 12:0 a.m.•40 views

[SECURITY] [DSA 2416-1] notmuch security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2416-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 22, 2012 http://www.debian.org/security/faq -...

securityvulns•added 2012/03/19 12:0 a.m.•38 views

FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability

Title: ====== FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability Date: ===== 2012-03-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=462 VL-ID: ===== 462 Introduction: ============= FlashFXP is a FTP File Transfer Protocol client for Windows, it offers you easy and...

securityvulns•added 2012/03/19 12:0 a.m.•70 views

Cisco Security Advisory: Cisco Small Business SRP 500 Series Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Small Business SRP 500 Series Multiple Vulnerabilities Advisory ID: cisco-sa-20120223-srp500 Revision 1.0 For Public Release 2012 February 23 16:00 UTC GMT Summary ======= Cisco Small Business SRP 500 Series Services Ready Platforms contain th...

9CVSS0.9AI score0.01142EPSS

securityvulns•added 2012/03/19 12:0 a.m.•59 views

PHP Gift Registry 1.5.5 SQL Injection

Exploit Title: PHP Gift Registry 1.5.5 SQL Injection Date: 02/22/12 Author: G13 Software Link: https://sourceforge.net/projects/phpgiftreg/ Version: 1.5.5 Category: webapps php Vulnerability The userid parameter in the users.php file is vulnerable to SQL Injection. A user must be signed in to...

securityvulns•added 2012/03/19 12:0 a.m.•25 views

Cisco SRP 500 multiple security vulnerabilities

Commands injection, directory traversal, unauthorized configuration uplooad...

9CVSS2.9AI score0.01142EPSS

Exploits0References1Affected Software1

securityvulns•added 2012/03/19 12:0 a.m.•79 views

Multiple XSS in Fork CMS

Advisory ID: HTB23075 Product: Fork CMS Vendor: Fork CMS Vulnerable Versions: 3.2.5 and probably prior Tested Version: 3.2.5 Vendor Notification: 15 February 2012 Vendor Patch: 28 February 2012 Public Disclosure: 7 March 2012 Vulnerability Type: Cross Site Scripting XSS CVE References:...

4.3CVSS5.9AI score0.11318EPSS

securityvulns•added 2012/03/19 12:0 a.m.•58 views

Mobile Mp3 Search Engine HTTP Response Splitting

-=--------------------ADVISORY-------------------=- Mobile Mp3 Search Engine 2.0 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mobile Mp3 Search Engine -=+ Version: 2.0 -=+ Vendor's URL:...

securityvulns•added 2012/03/19 12:0 a.m.•65 views

Wikidforum 2.10 Multiple security vulnerabilities

Advisory: Wikidforum 2.10 Multiple security vulnerabilities Advisory ID: SSCHADV2012-005 Author: Stefan Schurtz Affected Software: Successfully tested on Wikidforum 2.10 Vendor URL: http://www.wikidforum.com/ Vendor Status: informed ========================== Vulnerability Description...

securityvulns•added 2012/03/19 12:0 a.m.•102 views

CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability

Title: CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability Product : CJWSoft ASPGuest GuestBook Version : Free Version Vendor: http://www.cjwsoft.com/aspguest/default.asp Class: Input Validation Error CVE: Remote: Yes Local: No Published: 2012-02-24 Updated: Impact : Medium CVSSv2...

securityvulns•added 2012/03/19 12:0 a.m.•96 views

Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities

Title: ====== Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=470 VL-ID: ===== 470 Introduction: ============= SysAid IT Enterprise Edition is an IT management solution that includes a suite of...

securityvulns•added 2012/03/19 12:0 a.m.•75 views

Multiple XSS in Chyrp

Advisory ID: HTB23073 Product: Chyrp Vendor: Chyrp Vulnerable Versions: 2.5b1 and probably prior Tested Version: 2.5b1 Vendor Notification: 1 February 2012 Vendor Patch: 2 February 2012 Public Disclosure: 22 February 2012 Vulnerability Type: Cross Site Scripting XSS CVE References: CVE-2012-1001...

6.6AI score0.19244EPSS

securityvulns•added 2012/03/19 12:0 a.m.•56 views

SAP Business Objects XI R2 Infoview Multiple XSS

Class Input Validation Error Remote Yes Published 10 February 11:00AM Vulnerable XI R2 SAP Business Objects is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

securityvulns•added 2012/03/19 12:0 a.m.•54 views

WikyBlog 1.7.3RC2 XSS vulnerability

Advisory: WikyBlog 1.7.3RC2 XSS vulnerability Advisory ID: SSCHADV2012-006 Author: Stefan Schurtz Affected Software: Successfully tested on WikyBlog 1.7.3RC2 Vendor URL: http://www.wikyblog.com/ Vendor Status: informed ========================== Vulnerability Description =========================...

securityvulns•added 2012/03/19 12:0 a.m.•49 views

Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities

Title: ====== Barracuda CudaTel v2.0.029.1 - Multiple Web Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=442 VL-ID: ===== 442 Introduction: ============= Designed to enable seamless voice and video communication, the CudaTel...

Total number of security vulnerabilities47153