Securityvulns - Page 156 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2012/01/09 12:0 a.m.•40 views

XSS and IAA vulnerabilities in Register Plus Redux for WordPress

Hello 3APA3A! I want to warn you about multiple new vulnerabilities in plugin Register Plus Redux for WordPress. Last version of the plugin was checked. This is second advisory concerning new vulnerabilities in Register Plus Redux. These are Cross-Site Scripting and Insufficient Anti-automation...

securityvulns•added 2012/01/09 12:0 a.m.•126 views

Multiple vulnerabilities in ImpressCMS

Vulnerability ID: HTB23064 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinimpresscms.html Product: ImpressCMS Vendor: The ImpressCMS Project http://www.impresscms.org/ Vulnerable Version: 1.3 Final and probably prior Tested Version: 1.3 Final Vendor Notification: 14 December...

securityvulns•added 2012/01/09 12:0 a.m.•111 views

Multiple new vulnerabilities in Register Plus Redux for WordPress

Hello 3APA3A! I want to warn you about multiple new vulnerabilities in plugin Register Plus Redux for WordPress. Last version of the plugin was checked. These are Cross-Site Scripting, SQL Injection, Code Execution and Full path disclosure vulnerabilities. ------------------------- Affected...

securityvulns•added 2012/01/09 12:0 a.m.•110 views

OpenKM 5.1.7 OS Command Execution (XSRF based)

COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...

securityvulns•added 2012/01/09 12:0 a.m.•79 views

[security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03128469 Version: 1 HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities NOTICE: The information in this Security Bullet...

7.5CVSS0.6AI score0.63467EPSS

securityvulns•added 2012/01/09 12:0 a.m.•32 views

ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-006 January 5, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Novell - -- Affect...

securityvulns•added 2012/01/09 12:0 a.m.•72 views

[SECURITY] [DSA 2378-1] ffmpeg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2378-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 03, 2012 http://www.debian.org/security/faq -...

7.5CVSS2.6AI score0.0294EPSS

securityvulns•added 2012/01/09 12:0 a.m.•91 views

[security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03140700 Version: 1 HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files NOTICE: The information in this Security Bulletin should be acted upon as soon...

7.8CVSS0.3AI score0.01721EPSS

securityvulns•added 2012/01/09 12:0 a.m.•29 views

Oracle GlassFish Server authentication bypass

Unauthenticated administration console access via HTTP TRACE requests...

6.4CVSS3.4AI score0.67861EPSS

Exploits7References2

securityvulns•added 2012/01/09 12:0 a.m.•62 views

Tinyguestbook XSS

Exploit Title: Tinyguestbook XSS Date: 01/03/12 Author: G13 Software Link: http://code.google.com/p/tinyguestbook/ Category: webapps php Vulnerability There is no sanitation on the input of the msg variable. This allows malicious scripts to be added. This is a stored XSS Vendor Notification...

securityvulns•added 2012/01/09 12:0 a.m.•52 views

ZDI-12-001 : HP Managed Printing Administration img_id Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-001 : HP Managed Printing Administration imgid Multiple Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-12-001 January 5, 2012 - -- CVE ID: CVE-2011-4169 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors:...

7.5CVSS0.1AI score0.01067EPSS

securityvulns•added 2012/01/09 12:0 a.m.•85 views

ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-002 : HP OpenView NNM ov.dll OVBuildPath Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-002 January 5, 2012 - -- CVE ID: CVE-2011-3167 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

10CVSS0.5AI score0.73672EPSS

securityvulns•added 2012/01/09 12:0 a.m.•73 views

ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-005 January 5, 2012 - -- CVE ID: CVE-2011-3248 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Appl...

9.3CVSS0.7AI score0.02975EPSS

securityvulns•added 2012/01/09 12:0 a.m.•63 views

[SECURITY] [DSA 2384-1] cacti security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2384-1 [email protected] http://www.debian.org/security/ Luk Claes January 09, 2012 http://www.debian.org/security/faq -...

7.5CVSS2.4AI score0.10513EPSS

securityvulns•added 2012/01/09 12:0 a.m.•63 views

NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS

======= Summary ======= Name: Remote code execution in ImpressPages CMS Release Date: 5 January 2012 Reference: NGS00109 Discoverer: David Middlehurst [email protected] Vendor: ImpressPages Vendor Reference: Systems Affected: ImpressPages CMS 1.0.12 Risk: High Status: Published...

securityvulns•added 2012/01/09 12:0 a.m.•50 views

[SECURITY] [DSA 2383-1] super security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2383-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 08, 2012 http://www.debian.org/security/faq -...

4.4CVSS1AI score0.00141EPSS

securityvulns•added 2012/01/09 12:0 a.m.•82 views

Open Redirection Vulnerability in Orchard 1.3.9

Information -------------------- Name : Open Redirection Vulnerability in Orchard Software : Orchard 1.3.9 and below. Vendor Homepage : http://orchardproject.net Vulnerability Type : Open Redirection Severity : Medium Researcher : Mesut Timur Advisory Reference : NS-12-002 Description...

securityvulns•added 2012/01/09 12:0 a.m.•70 views

SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2

SEC Consult Vulnerability Lab Security Advisory 20120104-0 ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 OpenSymphony XWork OpenSymphony OGNL vulnerable version: 2.3.1 and below fixed...

securityvulns•added 2012/01/09 12:0 a.m.•124 views

NGS00106 Technical Advisory: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability

======= Summary ======= Name: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability Release Date: 5 January 2012 Reference: NGS00106 Discoverer: David Spencer [email protected] Vendor: Oracle Vendor Reference: Systems Affecte...

6.4CVSS6.7AI score0.67861EPSS

securityvulns•added 2012/01/09 12:0 a.m.•47 views

IpTools security vulnerabilities

rcmd buffer overflow, Web server directory traversal...

Exploits0References2Affected Software1

securityvulns•added 2012/01/09 12:0 a.m.•82 views

TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System

Trustwave's SpiderLabs Security Advisory TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System Published: 1/03/12 Version: 1.0 Vendor: Textpattern http://textpattern.com/ Product: Textpattern Version affected: 4.4.1 before change set 3612 Product description:...

4.3CVSS5.7AI score0.02917EPSS

securityvulns•added 2012/01/09 12:0 a.m.•23 views

HServer webserver directory traversal

Directory traversal with HTML-encoded requests...

Exploits0References1Affected Software1

securityvulns•added 2012/01/09 12:0 a.m.•60 views

ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-004 January 5, 2012 - -- CVE ID: CVE-2011-3250 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Apple - -...

9.3CVSS0.7AI score0.01712EPSS

securityvulns•added 2012/01/09 12:0 a.m.•81 views

HP Managed Printing Administration multiple security vulnerabilities

Buffer overflows, unauthorized files access, directory raversal...

7.5CVSS3.5AI score0.63467EPSS

Exploits5References5

securityvulns•added 2012/01/09 12:0 a.m.•74 views

[RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator

Advisory: Bugzilla: Cross-Site Scripting in Chart Generator RedTeam Pentesting discovered a Cross-Site Scripting XSS vulnerability in Bugzilla's chart generator during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to such a link from an...

4.3CVSS5.4AI score0.00359EPSS

securityvulns•added 2012/01/09 12:0 a.m.•52 views

ffmpeg library multiple security vulnerabilities

Multiple memory corruptions on QDM2, VP5, VP6, VMD and SVQ1 files parsing...

7.5CVSS3.7AI score0.0294EPSS

Exploits0References1

securityvulns•added 2012/01/09 12:0 a.m.•87 views

SQL Injection Vulnerability in OpenEMR 4.1.0

Information -------------------- Name : SQL Injection Vulnerability in OpenEMR Software : OpenEMR 4.1.0 and possibly below. Vendor Homepage : http://www.open-emr.org Vulnerability Type : SQL Injection Severity : Critical Researcher : Canberk Bolat Advisory Reference : NS-12-001 Description...

securityvulns•added 2012/01/09 12:0 a.m.•66 views

Vulnerabilities in plugins for MODx CMS, XOOPS, uCoz, Magento and DSP CMS

Hello 3APA3A! Besides tens millions of vulnerable web sites with affected flash files and vulnerable multiple plugins for different engines, which I've wrote about earlier, there are a lot of other vulnerable plugins. Here are new ones some of them are vulnerable to two XSS holes. There are...

securityvulns•added 2012/01/09 12:0 a.m.•79 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.10513EPSS

Exploits7References19Affected Software15

securityvulns•added 2012/01/09 12:0 a.m.•39 views

HP OpenView Network Node Manager code execution

No description provided...

10CVSS1.7AI score0.73672EPSS

Exploits8References4Affected Software1

securityvulns•added 2012/01/09 12:0 a.m.•66 views

Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: When viewing tabular or graphical reports as well as new charts, an XSS vulnerability is possible in debug mode. The...

6.8CVSS5.8AI score0.00465EPSS

securityvulns•added 2012/01/09 12:0 a.m.•91 views

IpTools - Rcmd Remote Overflow Vulnerability

Title: IpToolsTiny TCP/IP server - Rcmd Remote Overflow Vulnerability Software : IpToolsTiny TCP/IP server Software Version : 0.1.4 Vendor: http://iptools.sourceforge.net/iptools.html Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-01-07 Updated: Impact : High Bug...

securityvulns•added 2012/01/09 12:0 a.m.•45 views

VertrigoServ 2.25 Cross-Site-Scripting vulnerability

Advisory: VertrigoServ 2.25 Cross-Site-Scripting vulnerability Advisory ID: INFOSERVE-ADV2011-11 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on VertrigoServ 2.25 Vendor URL: http://vertrigo.sourceforge.net/ Vendor Status: informed...

securityvulns•added 2012/01/09 12:0 a.m.•29 views

OpenSWAN use-after-free

Use-after-free in crypto helper...

4CVSS0.8AI score0.01149EPSS

Exploits0References1

securityvulns•added 2012/01/09 12:0 a.m.•33 views

ipmitool weak permissions

Weak permissions on pid file creation...

3.6CVSS1.4AI score0.00061EPSS

Exploits0References1Affected Software1

securityvulns•added 2012/01/09 12:0 a.m.•54 views

IpTools(Tiny TCP/IP server) - WebServer Directory Traversal Vulnerability

Title: IpToolsTiny TCP/IP server - WebServer Directory Traversal Vulnerability Software : IpToolsTiny TCP/IP server Software Version : 0.1.4 Vendor: http://iptools.sourceforge.net/iptools.html Class: Input Validation Error CVE: Remote: Yes Local: No Published: 2012-01-06 Updated: Impact : High Bu...

securityvulns•added 2012/01/09 12:0 a.m.•28 views

HP Database Archiving Software code execution

No description provided...

10CVSS1.4AI score0.21086EPSS

Exploits0References1

securityvulns•added 2012/01/09 12:0 a.m.•57 views

Ggb Guestbook - XSS Vulnerabilities

Title: Ggb Guestbook - XSS Vulnerabilities Software : Ggb Guestbook Software Version : 0.3.1 Vendor: http://gelin.ru/soft/project/ggb/ http://code.google.com/p/ggbook/ Vulnerability Published : 2012-01-05 Vulnerability Update Time : Status : Impact : Medium Bug Description : Ggb Guestbookversion...

securityvulns•added 2012/01/09 12:0 a.m.•82 views

Google Chrome HTTPS Address Bar Spoofing

Google awarded one of our security researchers a Chromium Security Reward for an HTTPS address bar spoofing bug in Chrome 14 and 15 although it may be present in older versions too. The bug was fixed in Chrome 16, most browsers seem to be updated and we're happy to share technical details with th...

securityvulns•added 2012/01/09 12:0 a.m.•125 views

[security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03128302 Version: 1 HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soo...

10CVSS0.7AI score0.21086EPSS

securityvulns•added 2012/01/09 12:0 a.m.•91 views

HServer webserver - Directory Traversal Vulnerability

Title: HServer webserver - Directory Traversal Vulnerability Software : HServer webserver Software Version : 0.1.1 Vendor: http://www.luizpicanco.com/index.php?s=hserver http://code.google.com/p/hserver/ Vulnerability Published : 2012-01-05 Vulnerability Update Time : Status : Impact : High Bug...

securityvulns•added 2012/01/09 12:0 a.m.•85 views

OpenKM 5.1.7 Privilege Escalation

COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-001 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Privilege Escalation, Improper Access Control Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...

securityvulns•added 2012/01/09 12:0 a.m.•59 views

SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities

Advisory: SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities Advisory ID: INFOSERVE-ADV2011-12 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on SQLiteManager 1.2.4 Vendor URL: http://www.sqlitemanager.org/ Vendor Status: informed...

securityvulns•added 2012/01/09 12:0 a.m.•55 views

Winn Guestbook v2.4.8c Stored XSS

Exploit Title: Winn Guestbook v2.4.8c Stored XSS Date: 12/29/11 Author: G13 Software Link: http://code.google.com/p/winn-guestbook/, http://www.winn.ws Version: 2.4.8c Category: webapps php CVE: 2011-5026 Vulnerability There is no sanitation on the input of the name variable. This allows maliciou...

securityvulns•added 2012/01/09 12:0 a.m.•43 views

CVE-2011-4073 Openswan crypto helper crasher

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Subject: CVE-2011-4073 Openswan crypto helper crasher Release date: Fri Oct 28, 2011 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2011-4073 Security Alert: This alert and any possible updates is available at the following URL:...

4CVSS0.3AI score0.01149EPSS

securityvulns•added 2012/01/09 12:0 a.m.•28 views

Google Chrome https address spoofing

Few different address spoofing techniques...

Exploits0References1Affected Software1

securityvulns•added 2012/01/09 12:0 a.m.•27 views

ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-007 January 5, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Novell - --...

securityvulns•added 2012/01/09 12:0 a.m.•83 views

[SECURITY] [DSA 2376-2] ipmitool security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2376-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst December 31, 2011 http://www.debian.org/security/faq -...

3.6CVSS1.5AI score0.00061EPSS

securityvulns•added 2012/01/09 12:0 a.m.•20 views

'super' script execution buffer overflow

Buffer overflow during logging...

4.4CVSS3.1AI score0.00141EPSS

Exploits0References1Affected Software1

securityvulns•added 2012/01/09 12:0 a.m.•73 views

ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-003 January 5, 2012 - -- CVE ID: CVE-2011-3166 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

10CVSS0.6AI score0.42815EPSS

Total number of security vulnerabilities47153