Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/03/19 12:0 a.m.74 views

Timesheet Next Gen 1.5.2 Multiple SQLi

Exploit Title: Timesheet Next Gen 1.5.2 Multiple SQLi Date: 02/23/12 Author: G13 Software Link: https://sourceforge.net/projects/tsheetx/ Version: 1.5.2 Category: webapps php Vulnerability The login.php page has multiple SQL injection vulnerabilities. Both the 'username' and 'password' parameters...

8.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.169 views

OSI Security: CheckPoint Firewall VPN - Information Disclosure

CheckPoint Firewall VPN1 - Information Disclosure Vulnerability http://www.osisecurity.com.au/advisories/checkpoint-firewall-securemote-hostname-information-disclosure Note: this is essentially a feature, but thought it may be useful for pen testers when deciding which system to attack. Release...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.88 views

Kongreg8 1.7.3 Mutiple XSS

Exploit Title: Kongreg8 1.7.3 Mutiple XSS Date: 02/24/12 Author: G13 Software Link: https://sourceforge.net/projects/kongreg8/ Version: 1.7.3 Category: webapps php Vulnerability Kongreg8 1.7.3 has multiple XSS vulnerabilites. These vulnerabilities are in the Add Member and Add Group functions...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.23 views

Endian UTM Firewall security vulnerabilities

XSS, CSRF...

3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.18 views

Polycom teleconferencing devices security vulnereabilities

Directory traversal, code injection...

4AI score
Exploits0References2
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.29 views

FlashFXP FTP client buffer overflow

Buffer overflow on server response parsing...

3.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.29 views

CheckPoint Firewall / VPN-1 information leakage

It's possible to obtain host names...

0.9AI score
Exploits0References1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.79 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.04852EPSS
Exploits6References36Affected Software30
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.27 views

VMware vCenter Chargeback Manager security vulnerabilities

Information leakage, DoS...

6.4CVSS2.3AI score0.01932EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.35 views

Многочисленные уязвимости в EJBCA

Здравствуйте 3APA3A! Сообщаю вам о найденных мною 17.01.2012 многочисленных уязвимостях в Enterprise Java Beans Certificate Authority EJBCA. Это Cross-Site Scripting, Brute Force и Abuse of Functionality уязвимости. EJBCA - это PKI сервер. По информации из официального сайта: A Certification...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.67 views

VMSA-2012-0002 VMware vCenter Chargeback Manager Information Leak and Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2012-0002 Synopsis: VMware vCenter Chargeback Manager Information Leak and Denial of Service Issue date: 2012-03-08 Updated on:...

6.4CVSS6.2AI score0.01932EPSS
Exploits1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.65 views

Wikidforum 2.10 Multiple security vulnerabilities

Advisory: Wikidforum 2.10 Multiple security vulnerabilities Advisory ID: SSCHADV2012-005 Author: Stefan Schurtz Affected Software: Successfully tested on Wikidforum 2.10 Vendor URL: http://www.wikidforum.com/ Vendor Status: informed ========================== Vulnerability Description...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.74 views

11in1 CMS v1.2.1 - SQL Injection Vulnerabilities

Title: ====== 11in1 CMS v1.2.1 - SQL Injection Vulnerabilities Date: ===== 2012-03-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=465 VL-ID: ===== 465 Introduction: ============= 11in1 is an open-source content management system CMS that is powered by PHP and MySQL...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.55 views

OSClass directory traversal (leads to arbitrary file upload)

Advisory ID: CSA-12004 Title: OSClass directory traversal vulnerability Product: OSClass Version: 2.3.5 and probably prior Vendor: osclass.org Vulnerability type: Directory traversal Risk level: 2 / 3 Credit: www.codseq.it Vendor notification: 2012-01-25 Public disclosure: 2012-03-07 Original...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.92 views

Case YVS Image Gallery

http://osvdb.org/show/osvdb/79477 The software "YVS Image Gallery" seems to be full of security issues. For example one can have lots of fun with this. Copy from installation.php: """ caseisset$POST'dbname': $host = $POST'host'; $dbname = $POST'dbname'; $dbusername = $POST'dbusername'; $dbpasswor...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.70 views

YVS Image Gallery Sql injection

-=--------------------ADVISORY-------------------=- YVS Image Gallery Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: YVS Image Gallery -=+ Version: 0.0.0.1 -=+ Vendor's URL: http://yvs.vacau.com/gallery.html -=+ Platform:...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.90 views

FrameJammer DOM based XSS

Software:FrameJammer Author:Hal Pawluk Software Description: FrameJammer is a little javascript code which prevents opening framed pages outside their frameset. FrameJammer used to be distributed as a Macromedia Dreamweaver extension, nowadays web developers are spreading it with copy-paste...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.89 views

ImgPals Photo Host Version 1.0 Admin Account Disactivation

-=--------------------ADVISORY-------------------=- ImgPals Photo Host Version 1.0 STABLE Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: ImgPals Photo Host -=+ Version: 1.0 STABLE -=+ Vendor's URL:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.56 views

WikyBlog 1.7.3RC2 XSS vulnerability

Advisory: WikyBlog 1.7.3RC2 XSS vulnerability Advisory ID: SSCHADV2012-006 Author: Stefan Schurtz Affected Software: Successfully tested on WikyBlog 1.7.3RC2 Vendor URL: http://www.wikyblog.com/ Vendor Status: informed ========================== Vulnerability Description =========================...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.232 views

Dropbear SSH server use-after-free

No description provided...

7.1CVSS1.1AI score0.06489EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.70 views

Aurora WebOPAC SQL Injection - Security Advisory - SOS-12-004

Sense of Security - Security Advisory - SOS-12-004 Release Date. 12-Mar-2012 Last Update. - Vendor Notification Date. 24-Nov-2011 Product. Aurora WebOPAC Platform. Independent Affected versions. 3.5.0e, 3.4.6a, 3.5.3, 3.5.0i, 3.4.7b, 3.5.2.2, 3.4.7b, possibly others Severity Rating. High Impact...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.47 views

Symfony2 Local File Disclosure - Security Advisory - SOS-12-002

Sense of Security - Security Advisory - SOS-12-002 Release Date. 05-Mar-2012 Last Update. - Vendor Notification Date. 24-Feb-2012 Product. Symfony2 Platform. PHP Affected versions. 2.0.x - 2.0.10 Severity Rating. Medium Impact. Exposure of sensitive information Attack Vector. Remote without...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.48 views

[SECURITY] [DSA 2431-1] libdbd-pg-perl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2431-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 11, 2012 http://www.debian.org/security/faq -...

5CVSS1.9AI score0.02744EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.149 views

Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities

Title: ====== Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=443 VL-ID: ===== 443 Introduction: ============= The Enterasys C5 is a scalable, high-performance Gigabit Ethernet switch...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.59 views

ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-033 February 22, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: ABB - -- Affected...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.70 views

Cisco Security Advisory: Cisco Small Business SRP 500 Series Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Small Business SRP 500 Series Multiple Vulnerabilities Advisory ID: cisco-sa-20120223-srp500 Revision 1.0 For Public Release 2012 February 23 16:00 UTC GMT Summary ======= Cisco Small Business SRP 500 Series Services Ready Platforms contain th...

9CVSS0.9AI score0.03241EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.75 views

Security advisory for Bugzilla 4.2 and 4.0.5

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: A CSRF vulnerability in the implementation of the XML-RPC API when running under modperl could be used to make changes to bugs or...

5.1CVSS6.1AI score0.00826EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.25 views

Cisco SRP 500 multiple security vulnerabilities

Commands injection, directory traversal, unauthorized configuration uplooad...

9CVSS2.9AI score0.03241EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.15 views

Barracuda CudaTel crossite scripting

Stored XSS in different configuration parameters...

2.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.84 views

[SECURITY] [DSA 2423-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2423-1 [email protected] http://www.debian.org/security/ Florian Weimer March 02, 2012 http://www.debian.org/security/faq -...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.81 views

Multiple XSS in Fork CMS

Advisory ID: HTB23075 Product: Fork CMS Vendor: Fork CMS Vulnerable Versions: 3.2.5 and probably prior Tested Version: 3.2.5 Vendor Notification: 15 February 2012 Vendor Patch: 28 February 2012 Public Disclosure: 7 March 2012 Vulnerability Type: Cross Site Scripting XSS CVE References:...

4.3CVSS5.9AI score0.04458EPSS
Exploits2
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.57 views

[SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2432-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 12, 2012 http://www.debian.org/security/faq -...

5CVSS1.8AI score0.02426EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.32 views

YAML::LibYAML format string vulnerability

Few format string vulnerabilities...

5CVSS2AI score0.02426EPSS
Exploits0References1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.68 views

Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability

OVERVIEW Open-Realty 2.5.8 and lower versions are vulnerable to Local File Inclusion. 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.40 views

FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability

Title: ====== FlashFXP v4.1.8.1701 - Buffer Overflow Vulnerability Date: ===== 2012-03-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=462 VL-ID: ===== 462 Introduction: ============= FlashFXP is a FTP File Transfer Protocol client for Windows, it offers you easy and...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.76 views

[TSI-ADV-1201] Path Traversal on Polycom Web Management Interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===== Tempest Security Intelligence - Advisory 01 / 2012 ============ Path Traversal on Polycom Web Management Interface -------------------------------------------------- Authors: - Heyder Andrade: - @heyderandrade -...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.25 views

notmuch special characters vulnerabilities

MML tags are not escaped...

3.4AI score
Exploits0References1
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.88 views

Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities

Title: ====== Endian UTM Firewall v2.4.x & v2.5.0 - Multiple Web Vulnerabilities Date: ===== 2012-03-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=228 VL-ID: ===== 228 Introduction: ============= Einfach, schnell und zukunftssicher! Die ideale Losung, um Ihre...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.122 views

[SECURITY] [DSA 2421-1] moodle security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2421-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 29, 2012 http://www.debian.org/security/faq -...

6.8CVSS0.9AI score0.02149EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.87 views

[SECURITY] [DSA 2414-1] fex security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2413-1 [email protected] http://www.debian.org/security/ Nico Golde February 21, 2012 http://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.04852EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.42 views

[SECURITY] [DSA 2416-1] notmuch security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2416-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 22, 2012 http://www.debian.org/security/faq -...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.100 views

Wolf CMS v0.7.5 - Multiple Web Vulnerabilities

Title: ====== Wolf CMS v0.7.5 - Multiple Web Vulnerabilities Date: ===== 2012-02-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=452 VL-ID: ===== 452 Introduction: ============= Wolf CMS is a content management system and is Free Software published under the GNU...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.67 views

Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities

OVERVIEW Etano 1.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND The community builder script we provide - Etano - was built entirely based on requests from customers of our previous dating package Dating Site Builder. Almost every feature ever requested was built into Etano to...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.141 views

Dropbear SSH server use-after-free vulnerability

Dropbear SSH server use-after-free vulnerability Impact: A remote authenticated user can execute arbitrary code on the target system. Class: Use After Free - CWE-416 CVE ID: CVE-2012-0920 CVSS: 8.5 AV:N/AC:M/AU:S/C:C/I:C/A:C Description: This vulnerability is located within the Dropbear daemon an...

7.1CVSS0.4AI score0.06489EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.599 views

OSQA CMS v3b - Multiple Persistent Vulnerabilities

Title: ====== OSQA CMS v3b - Multiple Persistent Vulnerabilities Date: ===== 2012-02-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=461 VL-ID: ===== 461 Introduction: ============= OSQA is the Open Source Q&A System. It is free software licensed under the GPL, and y...

1AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.76 views

Multiple vulnerabilities in Elefant CMS

Advisory ID: HTB23076 Product: Elefant CMS Vendor: Elefant CMS Vulnerable Versions: 1.1.3 beta and probably prior Tested Version: 1.1.3 beta Vendor Notification: 22 February 2012 Vendor Patch: 22 February 2012 Public Disclosure: 14 March 2012 Vulnerability Type: SQL Injection, XSS Cross Site...

4.3CVSS7AI score0.01284EPSS
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.61 views

PHP Gift Registry 1.5.5 SQL Injection

Exploit Title: PHP Gift Registry 1.5.5 SQL Injection Date: 02/22/12 Author: G13 Software Link: https://sourceforge.net/projects/phpgiftreg/ Version: 1.5.5 Category: webapps php Vulnerability The userid parameter in the users.php file is vulnerable to SQL Injection. A user must be signed in to...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.97 views

Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities

Title: ====== Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=470 VL-ID: ===== 470 Introduction: ============= SysAid IT Enterprise Edition is an IT management solution that includes a suite of...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.139 views

Iciniti Store SQL Injection - Security Advisory - SOS-12-003

Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impact. Manipulation of data Attack...

Exploits0
securityvulns
securityvulns
added 2012/03/19 12:0 a.m.67 views

pidgin OTR information leakage

Pidgin transmits OTR off-the-record conversations over DBUS in plaintext. This makes it possible for attackers that have gained user-level access on a host, to listen in on private conversations associated with the victim account. Pidgin is a popular Instant Messenger application that runs on a...

5.5AI score0.00739EPSS
Exploits2
Total number of security vulnerabilities47153