Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2012/02/15 12:0 a.m.24 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References4Affected Software3
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.33 views

Skype v. 5.x.x - information disclosure

Hello, 3APA3A, Title: ====== Skype v. 5.x.x - information disclosure Date: ===== 2012-02-13 Introduction: ============= Skype is a proprietary voice-over-Internet Protocol service and software application. Abstract: ========= We have discovered improper chat logs handling, which cause in logs...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.59 views

ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision Advisories Updated January 25, 2012 Summary: RSA, The Security Division of EMC, announces security fixes to address a security vulnerability and provide an...

5CVSS0.5AI score0.01182EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.76 views

AoF and CSRF vulnerabilities in D-Link DAP 1150

Hello 3APA3A! I want to warn you about new security vulnerabilities in D-Link DAP 1150 Wi-Fi Access Point and Router. These are Abuse of Functionality and Cross-Site Request Forgery vulnerabilities. This is my third advisory from series of advisories about vulnerabilities in D-Link products. Abus...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.38 views

Multiple new vulnerabilities in Register Plus for WordPress

Hello 3APA3A! I want to warn you about multiple new vulnerabilities in plugin Register Plus for WordPress. These are Cross-Site Scripting, Code Execution and Full path disclosure vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are Register Plus...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.30 views

EMC RSA enVision information leakage

It's possible to obtain environment variables values...

5CVSS4.3AI score0.01182EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.56 views

[security bulletin] HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03171149Version: 1 HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should...

9.3CVSS0.6AI score0.09161EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.58 views

ME Monitoring Manager v9.x; v10.x - Multiple Vulnerabilities

Title: ====== ME Monitoring Manager v9.x; v10.x - Multiple Vulnerabilities Date: ===== 2012-01-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=115 VL-ID: ===== 115 Introduction: ============= Mit dem ManageEngine Applications Manager konnen IT-Administratoren von...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.405 views

Skype information leakage

Locally deleted messages are only marked as deleted without wipeing or squeezing the database...

2.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.369 views

TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution

Oracle Java Web Start Command Argument Injection Remote Code Execution TSL ID: TSL20120214-01 1. Affected Software Oracle Java Development Kit JDK 6 Update 30 and prior Oracle Java Development Kit JDK 7 Update 2 and prior Oracle JavaFX 2.0.2 and prior Oracle Java Runtime Environment JRE 6 Update ...

10CVSS9.8AI score0.59369EPSS
Exploits17
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.25 views

Nomachine NX Web Companion code spoofing

client.zip file is downloaded without signature check...

2.3AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.83 views

Multiple CSRF, DoS and XSS vulnerabilities in D-Link DAP 1150

Hello 3APA3A! I want to warn you about new security vulnerabilities in D-Link DAP 1150 Wi-Fi Access Point and Router. These are Cross-Site Request Forgery, Denial of Service and Cross-Site Scripting vulnerabilities. This is my fourth advisory from series of advisories about vulnerabilities in...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.37 views

sqlinjection bug in nova cms

Exploit Title: XRayCMS 1.1.1 SQL Injection Vulnerability Date: 2/12/2012 Author: Dr.web Software Link: http://sourceforge.net/projects/xraycms/files/latest/download Version: 1.1.1 Tested on: Ubuntu XRay CMS is vulnerable to a SQL Injection attack which allows authentication bypass into the admins...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.19 views

Mutant 200s tuner directory traversal

Directory traversal in embedded web server...

3.2AI score
Exploits0References1
securityvulns
securityvulns
added 2012/02/14 12:0 a.m.28 views

Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability

Title: ====== Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability Date: ===== 2012-02-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=434 VL-ID: ===== 434 Introduction: ============= Der Yahoo Messenger eigene Schreibung Yahoo! Messenger, kurz auch Y!M, YIM oder Y...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/02/14 12:0 a.m.31 views

Mozilla Firefox / Thunderbird / Seamonkey use-after-free

nsXBLDocumentInfo::ReadPrototypeBindings use-after-free...

7.5CVSS2.5AI score0.03079EPSS
Exploits1Affected Software3
securityvulns
securityvulns
added 2012/02/14 12:0 a.m.29 views

apr / aws libraries DoS

resources consumption because of collisions in a hash function...

5CVSS1.8AI score0.43346EPSS
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2012/02/14 12:0 a.m.25 views

Yahoo! Messenger buffer overflow

Buffer overflow on file transfer...

3.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/02/14 12:0 a.m.41 views

NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption

Critical Vulnerability in DataArmor and DriveArmor 24 January 2012 Stuart Passe of NGS Secure has discovered a Critical vulnerability in DataArmor and DriveArmor. Impact: Restricted Environment breakout, Privilege Escalation and Full Disk Decryption Versions affected: DataArmor 3.0.10 or greater...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2012/02/14 12:0 a.m.127 views

D-Link DIR-601 TFTP Directory Traversal Vulnerability

Vulnerability title: D-Link DIR-601 TFTP Directory Traversal Vulnerability CVSS Risk Rating: 7.8 High Product: D-Link DIR-601 Wireless N 150 Home Router Application Vendor: D-Link Vendor URL: www.dlink.com Public disclosure date: 1/20/2012 Discovered by: Rob Kraus and Solutionary Engineering...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/02/14 12:0 a.m.28 views

D-Link DIR-601 directory traversal

TFTP server directory traversal...

2.9AI score
Exploits0References1
securityvulns
securityvulns
added 2012/02/14 12:0 a.m.34 views

AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AdaCore Security Advisory ========================= SA-2012-L119-003 Hash collisions in AWS Problem: Impacted versions of AWS store key/value pairs from submitted form data in hash tables using a hash function that has predictable collisions. As a...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.26 views

Novell iPrint buffer overflow

Buffer overflow on TCP/631 request parsing...

7.5CVSS5.1AI score0.02974EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.25 views

sudo format string vulnerability

Format string vulnerability on logging...

2.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.59 views

ESA-2012-005: EMC NetWorker buffer overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-005: EMC NetWorker buffer overflow vulnerability. EMC Identifier: ESA-2012-005 EMC Identifier: NW135173 CVE Identifier: CVE-2012-0395 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected products: EMC NetWorker Server...

9.3CVSS2AI score0.03153EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.47 views

SQL injection in Bigware shop software

The Bigware shop software prior to version 2.15 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'lastname' in the module mainbigware43.php. A user must be created before exploitation. Proof of concept is at...

8AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.57 views

XSS phpLDAPadmin: 1.2.0.5 (Debian package) and 1.2.2 (sourceforge)

Attach some PoC analysis related to a XSS vulnerability to phpldapadmin. I previously coordinate with the Cert-US in order they contact with Sourceforge and Debian, but receive they was unable to put in contact with them. The first discover was on January 10 for 1.1.6 version, where after noticed...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.57 views

ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-12-028 February 8, 2012 - -- CVE ID: CVE-2011-1392 - -- CVSS: 9,...

9.3CVSS0.6AI score0.03585EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.27 views

CA Total Defense multiple security vulnerabilities

SQL injection, information leakage...

2AI score
Exploits0References3
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.60 views

Cyberoam Central Console v2.00.2 - File Include Vulnerability

Title: ====== Cyberoam Central Console v2.00.2 - File Include Vulnerability Date: ===== 2012-02-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=405 VL-ID: ===== 405 Introduction: ============= Cyberoam Central Console CCC appliances offer the flexibility of hardware...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.30 views

D-Link ShareCenter security vulnerabilities

Authentication bypass, information leakage...

2.6AI score
Exploits0References1
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.120 views

ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-022 : Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-022 February 8, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Tota...

Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.63 views

[SECURITY] [DSA 2395-1] wireshark security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2395-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2012 http://www.debian.org/security/faq -...

4.3CVSS0.6AI score0.06597EPSS
Exploits4
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.33 views

Wireshark multiple security vulnerabilities

LANalyzer buffer overflow, DoS...

4.3CVSS2.5AI score0.06597EPSS
Exploits4References1Affected Software1
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.48 views

ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-030 February 8, 2012 - -- CVE ID: CVE-2011-1388 - -- CVSS: 9,...

9.3CVSS1.3AI score0.03585EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.47 views

IBM ActiveX multiple security vulnerabilities

SPSS and Rational Rhapsody ActiveX multiple security vulnerabilities...

9.3CVSS2.6AI score0.04497EPSS
Exploits0References6
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.30 views

EMC Networker buffer overflow

Buffer overflow on RPC request parsing in indexd.exe...

9.3CVSS4.9AI score0.03153EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.59 views

SimpleGroupware 0.742 Cross-Site-Scripting vulnerability

Advisory: SimpleGroupware 0.742 Cross-Site-Scripting vulnerability Advisory ID: INFOSERVE-ADV2012-01 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on SimpleGroupware 0.742 Vendor URL: http://www.simple-groupware.de/ Vendor Status: fixed see Changelog...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.49 views

Multiple vulnerabilities in postfixadmin

Advisory ID: CSA-12002 Title: Multiple vulnerabilities in postfixadmin Product: postfixadmin Version: 2.3.4 and probably prior Vendor: www.postifixadmin.org Vulnerability type: SQL injection, XSS Vendor notification: 2012-01-10 Public disclosure: 2012-01-26 postfixadmin version 2.3.4 and probably...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.59 views

ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-019 : IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-019 January 30, 2012 - -- CVE ID: CVE-2012-0188 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:...

9.3CVSS0.3AI score0.03585EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.53 views

Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which coul...

5.1CVSS0.2AI score0.01013EPSS
Exploits3
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.51 views

ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-026 : IBM SPSS ExportHTML.dll ActiveX Control Render Method Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-026 February 8, 2012 - -- CVE ID: CVE-2012-0190 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...

9.3CVSS0.4AI score0.03546EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.59 views

ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-029 February 8, 2012 - -- CVE ID: CVE-2011-1391 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --...

9.3CVSS0.8AI score0.03585EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.46 views

Multiple vulnerabilities in OpenEMR

Advisory ID: HTB23069 Product: OpenEMR Vendor: OEMR Vulnerable Version: 4.1.0 and probably prior Tested Version: 4.1.0 Vendor Notification: 11 January 2012 Vendor Patch: 29 January 2012 Public Disclosure: 01 February 2012 Vulnerability Type: Local File Inclusion, Arbitrary Command Execution...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.74 views

Multiple vulnerabilities in OSclass

Advisory ID: HTB23068 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinosclass.html Product: OSclass Vendor: osclass.org http://osclass.org/ Vulnerable Version: 2.3.3 and probably prior Tested Version: 2.3.3 Vendor Notification: 04 January 2012 Vendor Patch: 16 January 2012...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.49 views

DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass

Title ----- DDIVRT-2011-39 SolarWinds Storage Manager Server SQL Injection Authentication Bypass Severity -------- High Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Date Discovered --------------- December 7, 2011 Vulnerability Description...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.45 views

CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache CXF 2.4.5 and 2.5.1 Description: CXF does not validate a WS-Security UsernameToken receiv...

7.5CVSS0.1AI score0.0354EPSS
Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.42 views

ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability. EMC Identifier: ESA-2012-009 EMC Identifier: CS-16072 EMC Identifier: CS-16073 CVE Identifier: CVE-2011-4144 Severity Rating: CVSS v2 Base Score: 6.8...

6.8CVSS1.6AI score0.00303EPSS
Exploits2
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.88 views

AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload

Exploit Title: AllWebMenus WordPress Menu Plugin Arbitrary file upload Version: 1.1.9 Date: 2012-01-19 Author: 6Scan http://6scan.com security team Software Link: http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/ Official fix: This advisory is released after the vendor was...

Exploits0
securityvulns
securityvulns
added 2012/02/13 12:0 a.m.41 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.0354EPSS
Exploits6References20Affected Software16
Total number of security vulnerabilities47153