Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2015/06/08 12:0 a.m.66 views

CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS]

Exploit Title: WordPress Free Counter Plugin Stored XSS Date: 2015/05/25 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://www.free-counter.org Software Link: https://wordpress.org/plugins/free-counter/ Version: 1.1 Tested on: WordPress 4.2.2...

4.3CVSS5.3AI score0.04579EPSS
Exploits5
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.110 views

CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4

Title: CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 Submitter: Nitin Venkatesh Product: Encrypted Contact Form Wordpress Plugin Product URL: https://wordpress.org/plugins/encrypted-contact-form/ Vulnerability Type: Cross-site...

6.8CVSS0.4AI score0.04727EPSS
Exploits5
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.52 views

ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability EMC Identifier: ESA-2015-091 CVE Identifier: CVE-2015-0541 Severity Rating: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected Products: · RSA Web Threat Detection versions prior to...

6.8CVSS0.2AI score0.00953EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.148 views

[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)

Hi, tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE. SysAid have informed me they all have been fixed in 15.2, but no re-test was performed. Full advisory below, and a copy can be obtained at 1. 5 Metasploit modules have been released and currently awaiting merge in the moderati...

8.5CVSS8AI score0.86643EPSS
Exploits28
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.62 views

[security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04695307 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04695307 Version: 1 HPSBGN03343 rev....

4CVSS0.5AI score0.08002EPSS
Exploits4
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.58 views

Enhanced SQL Portal 5.0.7961 XSS Vulnerability

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt Vendor: www.eliacom.com www.eliacom.com/mysql-gui-download.php Product: Enhanced SQL Portal 5.0.7961 web based MySQL administration application. Advisory...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.89 views

[SECURITY] [DSA 3278-1] libapache-mod-jk security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3278-1 [email protected] http://www.debian.org/security/ Markus Koschany June 03, 2015 http://www.debian.org/security/faq -...

5CVSS1.8AI score0.07109EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.83 views

CRUCMS Crucial Networking - SQL Injection Vulnerability

Document Title: =============== CRUCMS Crucial Networking - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1497 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID VL-ID: ==================================== 14...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.29 views

1 Click ActiveX buffer overflow

SkinCrafter.dll buffer overflow...

4.3AI score
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.87 views

AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability

Exploit Title: AnimaGallery 2.6 theme and lang cookie parameter Local File Include Vulnerability Date: 2015/06/07 Vendor Homepage: http://dg.no.sapo.pt/ Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip Version: 2.6 Tested on: Centos 6.5,php 5.3.2,magicquotesgpc=off Category: webapps...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.36 views

Apache mod_jk information disclosure

No description provided...

5CVSS1.1AI score0.07109EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.33 views

t1utils memory corruption

Memory corruption on fonts manipulation...

7.5CVSS1.8AI score0.06905EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.65 views

Symphony CMS XSS Vulnerability

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ Vendor: ================================ http://www.silverstripe.org/software/download Product: ================================ SilverStripe CMS & Framework v3.1.13 Advisory...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.57 views

Webgrind XSS vulnerability

Credits: John Page hyp3rlinx Domains: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/AS-WEBGRIND0520.txt Vendor: https://github.com/jokkedk/webgrind Product: Webgrind is a Xdebug Profiling Web Frontend in PHP. Advisory Information:...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.70 views

Xloner v3.1.2 wordpress plugin authenticated command execution and XSS

This advisory is in addition to the one I filed in November http://www.openwall.com/lists/oss-security/2014/11/06/1 that had the following CVEs assigned CVE-2014-8603 CVE-2014-8604 CVE-2014-8605 CVE-2014-8606 CVE-2014-8607, advisory http://www.vapid.dhs.org/advisory.php?v=110. Title: Xloner v3.1....

6.5CVSS6.1AI score0.07117EPSS
Exploits6
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.52 views

[SECURITY] [DSA 3275-1] fusionforge security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3275-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 30, 2015 http://www.debian.org/security/faq -...

10CVSS2.2AI score0.04496EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.87 views

vfront-0.99.2 CSRF & Persistent XSS

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt Vendor: ============== www.vfront.org Product: =================================================================================== vfront-0.99.2 is a PHP web...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.45 views

CA20150604-01: Security Notice for CA Common Services

-----BEGIN PGP SIGNED MESSAGE----- CA20150604-01: Security Notice for CA Common Services Issued: June 4, 2015 CA Technologies Support is alerting customers to multiple potential risks with products that bundle CA Common Services on Unix/Linux platforms. A local attacker may exploit these...

4.6CVSS0.4AI score0.00459EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.79 views

Stored XSS in WP Photo Album Plus WordPress Plugin

Advisory ID: HTB23257 Product: WP Photo Album Plus WordPress Plugin Vendor: J.N. Breetvelt Vulnerable Versions: 6.1.2 and probably prior Tested Version: 6.1.2 Advisory Publication: April 29, 2015 without technical details Vendor Notification: April 29, 2015 Vendor Patch: April 29, 2015 Public...

4.3CVSS0.1AI score0.02424EPSS
Exploits3
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.131 views

DbNinja 3.2.6 Flash XSS Vulnerabilities

Exploit Title: DbNinja Flash XSS Exploit Google Dork: intitle: Flash XSS Date: May 27, 2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.dbninja.com Software Link: www.dbninja.com Version: 3.2.6 Tested on: Windows 7 Category: Flash XSS CVE : NA Source...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.44 views

[USN-2618-1] python-dbusmock vulnerability

========================================================================== Ubuntu Security Notice USN-2618-1 May 21, 2015 python-dbusmock vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

0.6AI score0.01815EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.30 views

dbusmock code execution

No description provided...

2.1AI score0.01815EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.53 views

CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection]

Exploit Title: CVE-2015-4109 - WordPress Users Ultra Plugin SQL injection Date: 2015/05/30 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/ Version: 1.5.15 Tested on: WordPre...

7.5CVSS1.5AI score0.02364EPSS
Exploits2
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.272 views

[CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability

Exploit Title: Wing FTP Server Remote Code Execution vulnerability Product: Wing FTP Server Vulnerable Versions: 4.4.6 and all previous versions Tested Version: 4.4.6 Advisory Publication: 05/06/2015 Latest Update: 05/06/2015 Vulnerability Type: Improper Control of Generation of Code CWE-94 CVE...

7.3AI score
Exploits1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.163 views

[SECURITY] [DSA 3280-1] php5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3280-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 07, 2015 http://www.debian.org/security/faq -...

7.5CVSS2.4AI score0.50129EPSS
Exploits6
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.24 views

redis restrictions bypass

Lua sandbox escaping...

2.5AI score
Exploits0References1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.36 views

Wing FTP Server security vulnerabilities

Code execution and CSRF in web interface...

2.8AI score
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.38 views

EMC RSA Web Threat Detection CSRF

No description provided...

6.8CVSS2.6AI score0.00953EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.62 views

Ektron CMS 9.10 SP1 - XSS Vulnerability

Vulnerability type: Cross-site Scripting Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = 9.10 SP1 Build 9.1.0.184.1.102 Patched version: 9.10 SP1 Build 9.1.0.184.1.114 Credit: Jerold Hoong PROOF OF CONCEPT XSS Cross-site scripting XSS vulnerability in...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.68 views

Symphony CMS 2.6.2

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt Vendor: ================================ www.getsymphony.com/download/ Product: ================================ Symphony CMS 2.6.2 Advisory Information:...

Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.106 views

Freebox OS Web interface 3.0.2 XSS, CSRF

Hello list, Here are two CVEs I reported to Freebox, a french ISP: - CVE-2014-9382 - CSRF in VPN user account creation - CVE-2014-9405 - XSS Vulnerable product: Freebox OS Web interface 3.0.2. CVE-2014-9382 - CSRF in Freebox OS Web interface 3.0.2 allowing VPN user account creation...

5.6AI score0.01505EPSS
Exploits3
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.38 views

HP WebInspect unauthorized access

No description provided...

4CVSS2.2AI score0.08002EPSS
Exploits4References1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.30 views

CA Common Services privilege escalation

Multiple privilege escalation vulnerabilities...

4.6CVSS3AI score0.00459EPSS
Exploits0References1Affected Software5
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.54 views

1 Click Audio Converter v2.3.6 - Activex Buffer Overflow

Document Title: =============== 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1504 http://www.vulnerability-lab.com/getcontent.php?id=1505 View Video: https://www.youtube.com/watch?v=Ad0wHlHz0KU...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.58 views

JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities

Credits: John Page hyp3rlinx Domains: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYADMIN0529.txt Vendor: code.google.com/p/jsp-myadmin Product: JSPAdmin 1.1 is a Java web based MySQL database management system. Advisory Information:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.34 views

Sendio ESP information disclosure

Session disclosure via Referer...

5CVSS1.8AI score0.06651EPSS
Exploits6References1Affected Software1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.72 views

[USN-2627-1] t1utils vulnerability

========================================================================== Ubuntu Security Notice USN-2627-1 June 03, 2015 t1utils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.5CVSS0.8AI score0.06905EPSS
Exploits1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.43 views

1 Click Extract Audio v2.3.6 - Activex Buffer Overflow

Document Title: =============== 1 Click Extract Audio v2.3.6 - Activex Buffer Overflow References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1506 Video: http://www.vulnerability-lab.com/getcontent.php?id=1507 Release Date: ============= 2015-06-05 Vulnerabilit...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.49 views

[CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities

Exploit Title: Wing FTP Server Cross-site Request Forgery vulnerabilities Product: Wing FTP Server Vulnerable Versions: 4.4.6 and all previous versions Tested Version: 4.4.6 Advisory Publication: 05/06/2015 Latest Update: 05/06/2015 Vulnerability Type: Cross-site Request Forgery CWE-352 CVE...

6.5CVSS6.2AI score0.03748EPSS
Exploits7
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.53 views

Apache Jackrabbit XXE

XXE via WebDAV request...

6.4CVSS3.5AI score0.51488EPSS
Exploits6References1Affected Software1
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.85 views

IBM Watson (Cognea) - XSS and Redirect Vulnerabilities

Vulnerability type: Cross-site Scripting & Redirect Vendor: www.ibm.com Product: IBM Watson Cloud Computing SaaS Cognea Product Link: http://www.ibm.com/smarterplanet/us/en/ibmwatson/ Credit: Jerold Hoong The logout.jsp page function of the IBM Watson Cognea SaaS application is vulnerable to...

Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.96 views

[SECURITY] [DSA 3276-1] symfony security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3276-1 [email protected] http://www.debian.org/security/ David Prevot May 31, 2015 http://www.debian.org/security/faq -...

4.3CVSS1.3AI score0.08269EPSS
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.54 views

Ektron CMS 9.10 SP1 - CSRF Vulnerability

Vulnerability type: Cross-site Request Forgery Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = 9.10 SP1 Build 9.1.0.184.1.114 Patched version: 9.10 SP1 Build 9.1.0.184.1.120 CVE ID: CVE-2015-3624 Credit: Jerold Hoong PROOF OF CONCEPT CSRF Cross-site...

5.8CVSS0.3AI score0.02301EPSS
Exploits5
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.61 views

ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability

========================================================================================= CSRF Vulnerability in ManageEngine EventLog Analyzer Version :10.0, Build Number : 10001 ========================================================================================= . contents:: Table Of Conten...

Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.78 views

Ektron CMS 9.10 SP1 - XSS Vulnerability

Vulnerability type: Cross-site Scripting Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = 9.10 SP1 Build 9.1.0.184.1.102 Patched version: 9.10 SP1 Build 9.1.0.184.1.114 Credit: Jerold Hoong PROOF OF CONCEPT XSS Cross-site scripting XSS vulnerability in...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.59 views

CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]

Exploit Title: CVE-2015-4038 - WordPress WP Membership plugin Privilege escalation Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE:...

6.5CVSS0.4AI score0.08311EPSS
Exploits3
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.49 views

[SECURITY] [DSA 3279-1] redis security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3279-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini June 06, 2015 http://www.debian.org/security/faq -...

10CVSS2.2AI score0.09636EPSS
Exploits2
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.65 views

CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]

Exploit Title: CVE-2015-4039 - WordPress WP Membership plugin Stored XSS Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE: CVE-2015-4039...

5.2AI score0.02793EPSS
Exploits2
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.94 views

CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)

Dear readers, we just fixed a recently reported vulnerability in Apache Jackrabbit's WebDAV module; see - the attached CVE report - patches for all currently maintained Jackrabbit branches We just released Jackrabbit 2.10.1 see below and we'll get to the other branches shortly. Check the CVE for...

6.4CVSS0.1AI score0.51488EPSS
Exploits6
securityvulns
securityvulns
added 2015/06/08 12:0 a.m.37 views

StrongSwan certificate spoofing

Server's certificate is validated after credentials are sent...

2.6CVSS2.2AI score0.02028EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities47153