Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•61 views

XSS vulnerability in Joomla 1.6.3

Information -------------------- Name : XSS vulnerability in Joomla 1.6.3. Software : All 1.6.x installs prior to and including 1.6.3 are affected. Vendor Hompeage : http://www.joomla.org Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur mesut at mavitunasecurity...

6.6AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•46 views

DVR Remote ActiveX code execution

It's possible to load dynamic library via DVRobot.DLL...

9.3CVSS4.4AI score0.03046EPSS
Exploits0References1
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•42 views

ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-330 November 16, 2011 - -- CVE ID: CVE-2011-4051 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --...

10CVSS0.9AI score0.70156EPSS
Exploits4
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•66 views

New XSS vulnerability in WP-Cumulus for WordPress and multiple web applications and millions web sites

Hello 3APA3A! I want to warn you about new Cross-Site Scripting vulnerability in WP-Cumulus for WordPress and multiple web applications and millions web sites. Earlier I wrote about XSS vulnerability in WP-Cumulus, which I've disclosed in 2009 http://securityvulns.com/Wdocument842.html, and many...

6.3AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•60 views

FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability

FreeWebshop = 2.2.9 R2 ajaxsavename.php Remote Code Execution Vulnerability author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom software link........: http://www.freewebshop.org/ affected versions....: from 0.9.12 to 2.2.3 - vulnerable code in...

0.8AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•90 views

Cisco Security Advisory: Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error Advisory ID: cisco-sa-20111109-telepresence-c-ex-series Revision 1.0 For Public Release 2011 November 9 16:00 UTC GMT...

0.8AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•115 views

wordpress Flexible Custom Post Type plugin Xss Vulnerabilities

a bug in wordpress Flexible Custom Post Type plugin that allows to us to occur a Cross-Site Scripting on a Remote machin. Islamic Republic Of Iran Security Team Www.IrIsT.Ir wordpress Flexible Custom Post Type plugin Xss Vulnerabilities Download......:...

0.1AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•91 views

[security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03035744 Version: 1 HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security...

4.3CVSS0.5AI score0.02327EPSS
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•77 views

Multiple vulnerabilities in webERP

Vulnerability ID: HTB23055 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinweberp.html Product: webERP Vendor: www.weberp.org http://www.weberp.org Vulnerable Version: 4.05 and probably prior Tested Version: 4.05 Vendor Notification: 26 October 2011 Vulnerability Type: XSS, S...

0.6AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•67 views

[FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities

============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2011-004 - Original release date: November 10, 2011 - Discovered by: Jose Carlos de Arriba - Senior Security Analyst at Foreground Security - Contact: jcarriba at foregroundsecurity dot com, dade a...

0.5AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•69 views

Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus

Vulnerability ID: VRPTH-2011-001 Reference: http://jameswebb.me/vulns/vrpth-2011-001.txt Vulnerability Summary ====================== Non-persistent XSS in Zoho ManageEngine ADSelfService Plus Test Environment ================= Windows 2008RC2 fully patched. ManageEngine ADSelfServicePlus version...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•54 views

[ GLSA 201111-03 ] OpenTTD: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 201111-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

7.5CVSS1.4AI score0.05007EPSS
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•80 views

ProFTPD memory corruption

Use after free...

9CVSS1.6AI score0.12804EPSS
Exploits4References1Affected Software1
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•88 views

[ GLSA 201111-04 ] phpDocumentor: Function call injection

Gentoo Linux Security Advisory GLSA 201111-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

7.5CVSS0.4AI score0.01954EPSS
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•192 views

Tiki Wiki CMS Groupware Multiple XSS vulnerabilities

Advisory: Tiki Wiki CMS Groupware Multiple XSS vulnerabilities Advisory ID: INFOSERVE-ADV2011-01 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Tiki 7.2 & 8.0 RC1 Vendor URL: http://info.tiki.org/ Vendor Status: fixed for Tiki 7 New Tiki 6 LTS...

6AI score0.00949EPSS
Exploits3
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•51 views

Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability

====================================================================== Secunia Research 17/11/2011 - DVR Remote ActiveX Control DVRobot Library Loading Vulnerability - ====================================================================== Table of Contents Affected...

9.3CVSS1.4AI score0.03046EPSS
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•148 views

[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057508 Version: 2 HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information NOTICE: The information in...

5CVSS0.4AI score0.79415EPSS
Exploits28
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•43 views

ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-329 November 16, 2011 - -- CVE ID: CVE-2011-4052 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected...

9.3CVSS0.9AI score0.05944EPSS
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•28 views

InduSoft WebStudio ActiveX buffer overflow

Different ActiveX methods buffer overflows...

10CVSS3.8AI score0.70156EPSS
Exploits4References3Affected Software1
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•75 views

[security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02788734 Version: 2 HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access NOTICE: The information in this Security...

6.5CVSS0.5AI score0.01372EPSS
Exploits0
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•110 views

[SECURITY] [DSA 2346-1] proftpd-dfsg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2346-1 [email protected] http://www.debian.org/security/ Florian Weimer November 15, 2011 http://www.debian.org/security/faq -...

9CVSS1.6AI score0.16334EPSS
Exploits5
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•31 views

CA Directory buffer overflow

Buffer overflow on SNMP-packet parsing...

5CVSS5.3AI score0.01617EPSS
Exploits0References1
securityvulns
securityvulns
•added 2011/11/21 12:0 a.m.•38 views

CA20111116-01: Security Notice for CA Directory

-----BEGIN PGP SIGNED MESSAGE----- CA20111116-01: Security Notice for CA Directory Issued: November 16, 2011 CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition...

5CVSS1AI score0.01617EPSS
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•68 views

[DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability

DSECRG-11-038 SAP RSTXSCRP report - smb relay vulnerability SAP RSTXSCRP Report has path traversal vulnerability which can lead to SMB relay attack and full control on system. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.com Bugs: Path traversal, SMBRelay...

0.7AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•51 views

[DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS

SAP NetWeaver JavaMailExamples has linked XSS vulnerability. Digital Security Research Group DSecRG Advisory Internal DSecRG-00135 Application: SAP NetWeaver Versions Affected: SAP NetWeaver JavaMailExamples Vendor URL: http://www.SAP.com Bugs: XSS Exploits: YES Reported: 11.05.2010 Vendor...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•58 views

[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering)

DSECRG-11-041 SAP NetWeaver - Authentication bypass Verb Tampering Authentication bypass vulnerability in SAP NetWeaver CTC service can be exploited for unauthorized user management and OS command execution. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.co...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•46 views

system-config-printer content spoofing

Unsafe conneciton is used to download drivers...

7.5CVSS2.9AI score0.03493EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•29 views

SAP Crystal Report Server crossite scripting

Crossite scripting in pubDBLogon/...

1.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•126 views

[DSECRG-11-031] SAP RFC EPS_DELETE_FILE - Authorisation bypass, smbrelay

DSECRG-11-031 SAP RFC EPSDELETEFILE - Authorisation bypass, smbrelay Security vulnerability was founded in sap EPSDELETEFILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack. Digital Security Research Group...

7AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•64 views

[USN-1264-1] Bind vulnerability

========================================================================== Ubuntu Security Notice USN-1264-1 November 16, 2011 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS0.16747EPSS
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•67 views

[USN-1265-1] system-config-printer vulnerability

========================================================================== Ubuntu Security Notice USN-1265-1 November 17, 2011 system-config-printer vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

7.5CVSS1AI score0.03493EPSS
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•30 views

OpenLDAP buffer overflow

Off-by-one overflow on LDIF parsing...

4CVSS4.6AI score0.03713EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•59 views

[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose

DSECRG-11-032 SAP NetWeaver ipcpricing - information disclose com.sap.ipc.webapp.ipcpricing application has information disclose vulnerability Digital Security Research Group DSecRG Advisory DSECRG-11-032 Internal DSecRG-00197 Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL...

Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•56 views

bind DNS server DoS

Crash on packet parsing...

5CVSS3.1AI score0.16747EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•53 views

[USN-1266-1] OpenLDAP vulnerability

========================================================================== Ubuntu Security Notice USN-1266-1 November 17, 2011 openldap vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4CVSS0.6AI score0.03713EPSS
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•59 views

[DSECRG-11-037] SAP BW Doc - Multiple XSS

DSECRG-11-037 SAP BW Doc - Multiple XSS BW DOC metadata application in SAP NetWeaver is vulnerable to XSS attack. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.com Bugs: XSS Reported: 14.03.2011 Vendor response: 16.03.2011 Date of Public Advisory: 11.11.20...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•56 views

[DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability

DSECRG-11-033 SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability XSS vulnerability found in pubDBLogon.jsp page of SAP Crystal Report Server 2008. Application: SAP Crystal Report Server 2008 Versions Affected: SAP Crystal Report Server 2008 Vendor URL: http://www.sap.com Bugs: Linked...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•50 views

[DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW)

DSECRG-11-039 SAP NetWeaver THGREP module - Code injection vulnerability NEW THGREP report is vulnerable for command execution vulnerability which is working with previous patch note 1433101. Remote OS command execution is possible Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendo...

0.5AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•29 views

SAP NetWeaver multiple security vulnerabilities

Authentication bypass, crosste scripting, code injection, information leakage...

1.9AI score
Exploits0References10
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•59 views

[DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS

DSECRG-11-036 SAP NetWaver Virus Scan Interface - multiple XSS SAP Netweaver Virus Scan Interface has linked XSS vulnerabilities. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.com Bugs: XSS Reported: 01.04.2010 Vendor response: 08.04.2010 Date of Public...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•49 views

[DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose

DSECRG-11-034 SAP NetWeaver J2EE MeSync – information disclose Attacker can get information about mobile engine version and sometimes the name of the technical user. Application: SAP NetWeaver Versions Affected: SAP NetWeaver MI 2 Vendor URL: http://www.SAP.com Bugs: information disclosure...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•39 views

[DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation

DSECRG-11-040 SAP NetWeaver SPML - XML CSRF user creation Attacker can create a new user in J2EE Engine using CSRF attack on SPML service. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.com Bugs: CSRF Reported: 14.03.2011 Vendor response: 15.03.2011 Date of...

0.1AI score
Exploits0
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•46 views

Jetty Web server / VMware vCenter directory traversal

No description provided...

5CVSS3.1AI score0.59726EPSS
Exploits7References1Affected Software1
securityvulns
securityvulns
•added 2011/11/20 12:0 a.m.•64 views

VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2011-0014 Synopsis: VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability Issue date:...

5CVSS6AI score0.59726EPSS
Exploits7
securityvulns
securityvulns
•added 2011/11/16 12:0 a.m.•79 views

APPLE-SA-2011-11-14-1 iTunes 10.5.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-14-1 iTunes 10.5.1 iTunes 10.5.1 is now available and addresses the following: iTunes Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attacker may offer software that appears to...

7.5CVSS5.9AI score0.02617EPSS
Exploits1
securityvulns
securityvulns
•added 2011/11/16 12:0 a.m.•37 views

Apple iTunes insecure updates

Software updtes were checked insecurely...

7.5CVSS2.3AI score0.02617EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
•added 2011/11/16 12:0 a.m.•51 views

CORE-2011-0919: Apple OS X Sandbox Predefined Profiles Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Apple OS X Sandbox Predefined Profiles Bypass 1. Advisory Information Title: Apple OS X Sandbox Predefined Profiles Bypass Advisory ID: CORE-2011-0919 Advisory URL:...

7.6CVSS9.1AI score0.03533EPSS
Exploits11
securityvulns
securityvulns
•added 2011/11/16 12:0 a.m.•73 views

Apple Mac Os X sandbox protection bypass

It's possible to bypass sandbox restriction by controlling different applications...

7.6CVSS3.2AI score0.03533EPSS
Exploits11References1Affected Software1
securityvulns
securityvulns
•added 2011/11/16 12:0 a.m.•87 views

APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update iOS 5.0.1 Software Update is now available and addresses the following: CFNetwork Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch 3rd...

9.3CVSS0.05329EPSS
Exploits5
securityvulns
securityvulns
•added 2011/11/16 12:0 a.m.•57 views

Apple iPhone multiple security vulnerabilities

URL spoofing, memory corruption, protection bypass...

9.3CVSS2AI score0.05329EPSS
Exploits3References1Affected Software1
Total number of security vulnerabilities47153