Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2011/12/26 12:0 a.m.50 views

Multiple vulnerabilities in epesi BIM

Vulnerability ID: HTB23061 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinepesibim.html Product: epesi BIM Vendor: Telaxus LLC http://www.epesibim.com/ Vulnerable Version: 1.2.0-rev8154 and probably prior Tested Version: 1.2.0-rev8154 Vendor Notification: 30 November 2011...

6AI score
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.68 views

TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface

Trustwave's SpiderLabs Security Advisory TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface https://www.trustwave.com/spiderlabs/advisories/TWSL2011-018.txt Published: 2011-12-20 Version: 1.0 Vendor: IBM http://www.ibm.com Product: TS3100/TS3200 Tape Library...

6.8CVSS0.2AI score0.01799EPSS
Exploits1
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.145 views

[SECURITY] [DSA 2365-1] dtc security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2365-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 18, 2011 http://www.debian.org/security/faq -...

6.5CVSS0.5AI score0.01555EPSS
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.111 views

[SECURITY] [DSA 2368-1] lighttpd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------------- Debian Security Advisory DSA-2368-1 [email protected] http://www.debian.org/security/ Nico Golde Dec 20th, 2011 http://www.debian.org/security/faq -...

5CVSS1.5AI score0.73327EPSS
Exploits12
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.63 views

[MATTA-2011-001] pfSense x509 Insecure Certificate Creation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com pfSense x509 Insecure Certificate Creation Advisory ID: MATTA-2011-001 CVE reference: CVE-2011-4197 Affected platforms: pfSense Version: 2.0 Date: 2011-October-09 Security risk: High...

7.5CVSS0.6AI score0.01997EPSS
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.607 views

Tiki Wiki CMS Groupware Stored Cross-Site-Scripting

Advisory: Tiki Wiki CMS Groupware Stored Cross-Site-Scripting Advisory ID: INFOSERVE-ADV2011-07 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Tiki 8.1 & 6.4 LTS affects all current releases Vendor URL: http://info.tiki.org/ Vendor Status: fixed...

4.3CVSS5.3AI score0.01642EPSS
Exploits1
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.122 views

SASHA v0.2.0 Mutiple XSS

Exploit Title: SASHA v0.2.0 Mutiple XSS Date: 12/16/11 Author: G13 Software Link: http://sourceforge.net/projects/sasha/files/ Version: 0.2.0 Category: webapps php Vulnerability When adding a new course to the schedule, the application relies on Client Side controls for input. This can easily be...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.43 views

libarchive library buffer overflow

Buffer overflow on ISO 9660 image parsing...

6.8CVSS5.2AI score0.04246EPSS
Exploits0References1
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.68 views

[SECURITY] [DSA 2370-1] unbound security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2370-1 [email protected] http://www.debian.org/security/ Florian Weimer December 22, 2011 http://www.debian.org/security/faq -...

7.8CVSS1.6AI score0.03097EPSS
Exploits0
securityvulns
securityvulns
added 2011/12/22 12:0 a.m.64 views

Microsoft Windows win32k.sys memory corruption

Integer overflow on the frame with large height...

2AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.134 views

0A29-11-3 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R1.9

================ Cross-Site Scripting vulnerabilities in Nagios XI 2011R1.9 Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Multiple XSS vulnerabilities exist within Nagios XI. It is entirely likely this...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.114 views

Multiple vulnerabilities in Browser CRM

Vulnerability ID: HTB23059 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinbrowsercrm.html Product: Browser CRM Vendor: BrowserCRM Limited http://www.browsercrm.com Vulnerable Version: 5.100.01 and probably prior Tested Version: 5.100.01 Vendor Notification: 23 November 2011...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.44 views

NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI

Medium Risk Vulnerability in Websense Triton 15 December 2011 Ben Williams of NGS Secure has discovered a Medium risk vulnerability in Websense Impact: Reflected XSS Versions affected include: Websense Web Security Gateway Anywhere v7.6 Websense Web Security Gateway v7.6 Websense Web Security v7....

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.27 views

Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability

====================================================================== Secunia Research 13/12/2011 - Sterling Trader Data Processing Buffer Overflow Vulnerability - ====================================================================== Table of Contents Affected...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.169 views

RedTeam Pentesting GmbH

Advisory: Owl Intranet Engine: Information Disclosure and Unsalted Password Hashes The Owl Intranet Engine uses no salting in the password hashing procedure. Furthermore, users in the "Administrators" group are able to see the MD5 password hashes of every user using the web interface. Details...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.28 views

EMC RSA Adaptive Authentication (On-Premise) security vulnerabilities

Protection bypass is possible...

6.8CVSS4.2AI score0.01287EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.27 views

[ MDVSA-2011:185 ] libcap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:185 http://www.mandriva.com/security/ Package : libcap Date : December 12, 2011 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in libcap...

4.6CVSS6AI score0.00379EPSS
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.26 views

libcap protection bypass

chdir is not called after chroot...

4.6CVSS1.8AI score0.00379EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.32 views

libpurple / Pidgin DoS

Crash on SILC protocol parsing, crash on OSCAR parsing AIM, ICQ...

5CVSS2.3AI score0.04697EPSS
Exploits3References2Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.105 views

PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability

Advisory: PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability Advisory ID: SSCHADV2011-035 Author: Stefan Schurtz Affected Software: Successfully tested on PHP-SCMS 1.6.8 Vendor URL: http://php-scms.sourceforge.net/ Vendor Status: unpatched no vendor feedback ========================== Vulnerabilit...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.24 views

Sterling Trader integer overflow

Interger overflow on network request parsing...

5.1AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.32 views

Restorepoint security vulnerabilities

Code execution, privileg escalation...

9.3CVSS3.5AI score0.02381EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.43 views

Websense multiple security vulnerabilities

Code execution, crossite scripting...

2.2AI score
Exploits0References4
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.80 views

NGS00138 Patch Notification: Websense Triton 7.6 - Authentication bypass in report management UI

High Risk Vulnerability in Websense Triton 15 December 2011 Ben Williams of NGS Secure has discovered a High risk vulnerability in Websense Impact: Authentication bypass Versions affected include: Websense Web Security Gateway Anywhere v7.6 Websense Web Security Gateway v7.6 Websense Web Security...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.32 views

zFTPServer irectory traversal

Directory traversal in rmdir command...

5.5CVSS3.1AI score0.02167EPSS
Exploits5References1Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.30 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References11Affected Software6
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.71 views

zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal

Advisory: zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal Advisory ID: INFOSERVE-ADV2011-09 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on zFTPServer Suite 6.0.0.52 Vendor URL: http://www.zftpserver.com/ Vendor Status: fixed CVE-ID:...

5.5CVSS6.2AI score0.02167EPSS
Exploits5
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.125 views

0A29-11-4 : Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9

================ Privilege escalation vulnerabilities in Nagios XI installer 2011R1.9 Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Multiple privilege escalations exist within Nagios XI installer. Tested...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.58 views

JasPer library security vulnerabilities

Buffer overflow and memory corruption on JPEG2000 parsing...

6.8CVSS4.9AI score0.10618EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.70 views

[MATTA-2011-003] Restorepoint Remote root command execution vulnerability - CVE-2011-4201 CVE-2011-4202

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matta Consulting - Matta Advisory https://www.trustmatta.com Restorepoint Remote root command execution vulnerability Advisory ID: MATTA-2011-003 CVE reference: CVE-2011-4201 - Code injection vulnerability CVE-2011-4202 - Privilege escalation through...

9.3CVSS1.2AI score0.02381EPSS
Exploits1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.37 views

[USN-1308-1] bzip2 vulnerability

========================================================================== Ubuntu Security Notice USN-1308-1 December 14, 2011 bzip2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.6CVSS0.9AI score0.01045EPSS
Exploits2
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.57 views

ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA® Adaptive Authentication On-Premise Advisories Updated December 6, 2011 Summary: An issue with RSA® Adaptive Authentication On-Premise was discovered whic...

6.8CVSS0.8AI score0.01287EPSS
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.87 views

Microsoft Windows multiple applications DLL hijacking

If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory...

9.3CVSS2.1AI score0.12123EPSS
Exploits1References44Affected Software3
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.119 views

BF, XSS, IAA и CSRF уязвимости в poMMo

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force, Cross-Site Scripting, Insufficient Anti-automation и Cross-Site Request Forgery уязвимостях в poMMo. Brute Force WASC-11: http://site/pommo/index.php XSS WASC-08:...

Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.35 views

Nova unauthroized access

It's possible to overwrite files...

6CVSS4.2AI score0.01941EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.34 views

bzip2 bzexe symbolic links vulnerability

Insecure temporary files creation...

4.6CVSS1.5AI score0.01045EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.275 views

Citrix Receiver, XenDesktop "Pass-the-hash" Attack

Tested against: Citrix XenDesktop, XenServer, Receiver 5.6 SP2 possibly other versions as well By default, the authentication between the Citrix Receiver client to the Web interface is not configured to use SSL. If a company elects not to use SSL for this, the XML transaction between the receiver...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.44 views

Adobe Acrobat / Reader multiple security vulnerabilities

Vulnerabilities are used in-the-wild for unauthorized access...

10CVSS3AI score0.86238EPSS
Exploits12
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.55 views

[ MDVSA-2011:183 ] pidgin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:183 http://www.mandriva.com/security/ Package : pidgin Date : December 10, 2011 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been discovered and corrected ...

5CVSS7.8AI score0.04697EPSS
Exploits3
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.50 views

NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI

High risk Vulnerability in Websense Triton 15 December 2011 Ben Williams of NGS Secure has discovered a High risk vulnerability in Websense Impact: Stored XSS Versions affected include: Websense Web Security Gateway Anywhere v7.6 Websense Web Security Gateway v7.6 Websense Web Security v7.6...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.38 views

NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM

Critical Vulnerability in Websense Triton 15 December 2011 Ben Williams of NGS Secure has discovered a Critical vulnerability in Websense Impact: Unauthenticated remote command execution as SYSTEM Versions affected include: Websense Web Security Gateway Anywhere v7.6 Websense Web Security Gateway...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.177 views

Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities

a bug in Wordpress the-welcomizer plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Iran Hack Security Team & Islamic Republic Of Iran Security Team http://IranHack.Org & http://irist.ir/forum/ Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.58 views

ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-039: RSA®, The Security Division of EMC, announces security fixes and improvements for RSASecurID® Software Token 4.1 for Microsoft®Windows® Advisories Updated December 12, 2011 Summary: RSA, The Security Division of EMC, announces security...

9.3CVSS0.8AI score0.02005EPSS
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.33 views

CS и XSS уязвимости в Zeema CMS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Content Spoofing и Cross-Site Scripting уязвимостях в системе Zeema CMS. Это украинская коммерческая CMS. Content Spoofing WASC-12: В связи с возможностью прямого обращения к скрипту http://site/counter/counter.php с подделкой параметра ref и...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.51 views

libxml library security vulnerabilities

Buffer overflow, unallocated memory reference...

9.3CVSS3.6AI score0.0531EPSS
Exploits3Affected Software1
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.128 views

[RT-SA-2011-005] Owl Intranet Engine: Authentication Bypass

Advisory: Owl Intranet Engine: Authentication Bypass During a penetration test, RedTeam Pentesting discovered an Authentication Bypass vulnerability in the Owl Intranet Engine, which allows unauthenticated users administrative access to the affected systems. Details ======= Product: Owl Intranet...

Exploits0
securityvulns
securityvulns
added 2011/12/19 12:0 a.m.124 views

Seotoaster SQL-Injection Admin Login Bypass

Advisory: Seotoaster SQL-Injection Admin Login Bypass Advisory ID: INFOSERVE-ADV2011-06 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Seotoaster v.1.9 Vendor URL: http://www.seotoaster.com/ Vendor Status: fixed ==========================...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/12/15 12:0 a.m.94 views

ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-348 December 13, 2011 - -- CVE ID: CVE-2011-3165 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...

10CVSS0.6AI score0.12003EPSS
Exploits0
securityvulns
securityvulns
added 2011/12/15 12:0 a.m.48 views

ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-347 December 13, 2011 - -- CVE ID: CVE-2011-1983 - -- CVSS: 9, AV:N/AC:L/Au:N/C:C/I:P/A:P - -- Affected Vendors:...

9.3CVSS0.5AI score0.22724EPSS
Exploits1
securityvulns
securityvulns
added 2011/12/15 12:0 a.m.33 views

Microsoft Active Directory buffer overflow

Buffer overflow on LDAP request parsing...

9CVSS4.9AI score0.23297EPSS
Exploits1
Total number of security vulnerabilities47153