Securityvulns - Page 163 of Securityvulns Vulnerabilities List

securityvulns•added 2011/11/11 12:0 a.m.•45 views

[USN-1255-1] libmodplug vulnerabilities

========================================================================== Ubuntu Security Notice USN-1255-1 November 09, 2011 libmodplug vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivative...

6.8CVSS1AI score0.08659EPSS

securityvulns•added 2011/11/11 12:0 a.m.•55 views

Oracle Java multiple security vulnerabilities

Quarterly CPU fixes 20 different vulnerabilities...

10CVSS2.4AI score0.92592EPSS

Exploits19References5Affected Software4

securityvulns•added 2011/11/11 12:0 a.m.•28 views

"Digicert Sdn. Bhd." weak certificates

Few weak certificates were issued by intermediate CA...

2.4AI score

Exploits0References1Affected Software1

securityvulns•added 2011/11/11 12:0 a.m.•46 views

LabWiki <= 1.1 Multiple Vulnerabilities

------------------------------------------------------------------------ LabWiki = 1.1 Multiple Vulnerabilities ------------------------------------------------------------------------ author............: muuratsalo Revshell.com contact...........: muuratsaloatgmaildotcom download..........:...

6.9AI score

securityvulns•added 2011/11/11 12:0 a.m.•33 views

Новые уязвимости в poMMo

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage, Insufficient Anti-automation и Abuse of Functionality уязвимостях в poMMo. Information Leakage WASC-13: После введения емайла на subscribe.php, на странице http://site/pommo/user/process.php выводится pendingcode в качестве...

7.1AI score

securityvulns•added 2011/11/11 12:0 a.m.•317 views

Cisco CUCM - Multiple Vulnerabilities

Recurity Labs GmbH http://www.recurity-labs.com [email protected] Date: 08.11.2011 Vendor: Cisco Systems Product: CUCM Environment Cisco Unified Communications Manager CallManager Cisco IP Phone CP-7975G Vulnerability: Directory Traversal Reversible Obfuscation Algorithm SCCP service...

7.5AI score

securityvulns•added 2011/11/11 12:0 a.m.•106 views

[SECURITY] [DSA 2343-1] openssl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2343-1 [email protected] http://www.debian.org/security/ Raphael Geissert November 09, 2011 http://www.debian.org/security/faq -...

2AI score

securityvulns•added 2011/11/11 12:0 a.m.•130 views

APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X...

10CVSS0.6AI score0.92592EPSS

Exploits19

securityvulns•added 2011/11/11 12:0 a.m.•33 views

Adobe Shockwave Player multiple security vulnerabilities

Multiple memory corruptions...

10CVSS2.4AI score0.04486EPSS

Exploits3References2Affected Software1

securityvulns•added 2011/11/11 12:0 a.m.•54 views

Multiple security vulnerabilities in AShop

Advisory: Multiple security vulnerabilities in AShop Advisory ID: INFOSERVE-ADV2011-02 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on AShop513 Vendor URL: http://www.ashopsoftware.com/ Vendor Status: fixed in Version 5.1.4 =========================...

7.3AI score

securityvulns•added 2011/11/11 12:0 a.m.•62 views

[CAL-2011-0052]Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability

CAL-2011-0052Adobe Shockwave Player Director File Parsing PAMM memory corruption vulnerability CAL ID: CAL-2011-0052 CVE ID: CVE-2011-2446 Discover: instruder of code audit labs of vulnhunt.com http://www.adobe.com/support/security/bulletins/apsb11-27.html 1 Affected Products ================= Te...

10CVSS0.4AI score0.04486EPSS

Exploits2

securityvulns•added 2011/11/11 12:0 a.m.•46 views

Apache Tomcat privilege escalation

Privilege escalation via manager app...

4.4CVSS3.7AI score0.00299EPSS

Exploits1References1Affected Software1

securityvulns•added 2011/11/11 12:0 a.m.•49 views

Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0

Advisory: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Advisory ID: INFOSERVE-ADV2011-03 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Dolibarr 3.1.0 other versions may also be affected Vendor URL: http://www.dolibarr.org/ Vendo...

6.2AI score

securityvulns•added 2011/11/11 12:0 a.m.•98 views

[SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.21 Description: This issue only affects environments running web applications that are n...

4.4CVSS1.4AI score0.00299EPSS

securityvulns•added 2011/11/11 12:0 a.m.•21 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

4.3CVSS1.6AI score0.00285EPSS

Exploits0References11Affected Software11

securityvulns•added 2011/11/11 12:0 a.m.•53 views

Xen multiple security vulnerabilities

Multiple DoS conditions, PCI passthorough privilege escalation...

7.4CVSS2.8AI score0.00617EPSS

Exploits1Affected Software1

securityvulns•added 2011/11/11 12:0 a.m.•45 views

TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon

Trustwave's SpiderLabs Security Advisory TWSL2011-017: Multiple Vulnerabilities in Merethis Centreon https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt Published: 2011-11-04 Version: 1.0 Vendor: Merethis http://www.merethis.com and http://www.centreon.com Product: Centreon Version...

securityvulns•added 2011/11/11 12:0 a.m.•57 views

OrderSys <= 1.6.4 Sql Injection Vulnerabilities

Dear All, I have found multiple sql injection vulnerabilities in OrderSys = 1.6.4. The vendor knows the vulnerabilities and he is fixing them as stated in the enclosed advisory. See also http://www.bioinformatics.org/phplabware/labwiki/index.php?page=releasenotes Since the developer is currently...

securityvulns•added 2011/11/11 12:0 a.m.•48 views

Local file inclusion in VtigerCRM

Vulnerability ID: HTB23054 Reference: https://www.htbridge.ch/advisory/localfileinclusioninvtigercrm.html Product: VtigerCRM Vendor: vtiger.com http://www.vtiger.com Vulnerable Version: 5.2.1 and probably prior Tested Version: 5.2.1 Vendor Notification: 19 October 2011 Vulnerability Type: Local...

0.9AI score

securityvulns•added 2011/11/11 12:0 a.m.•35 views

libmodplug library multiple security vulnerabilities

Memory corruptions on different media formats...

6.8CVSS3.3AI score0.08659EPSS

Exploits0References1Affected Software1

securityvulns•added 2011/11/11 12:0 a.m.•44 views

LabStoRe <= 1.5.4 Sql Injection Vulnerabilities

Dear All, I have found multiple sql injection vulnerabilities in LabStoRe = 1.5.4. The vendor knows the vulnerabilities and he is fixing them as stated in the enclosed advisory. See also http://www.bioinformatics.org/phplabware/labwiki/index.php?page=releasenotes Since the developer is currently...

securityvulns•added 2011/11/11 12:0 a.m.•40 views

[SECURITY] [DSA 2338-1] moodle security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2338-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 07, 2011 http://www.debian.org/security/faq -...

securityvulns•added 2011/11/11 12:0 a.m.•50 views

osCSS2 "_ID" parameter Local file inclusion

Advisory: osCSS2 "ID" parameter Local file inclusion Advisory ID: SSCHADV2011-034 Author: Stefan Schurtz Affected Software: Successfully tested on osCSS2 2.1.0 latest version Vendor URL: http://oscss.org/ Vendor Status: Fixed in svn branche 2.1.0 and reported in develop version 2.1.1...

securityvulns•added 2011/11/11 12:0 a.m.•42 views

Cisco Unified Communications Manager / Cisco Unified Contact Center Express directory traversal

Directory traversal in embedded web services on TCP/8080 and TCP/9080 ports...

7.8CVSS3.2AI score0.51148EPSS

Exploits0References4Affected Software2

securityvulns•added 2011/11/11 12:0 a.m.•69 views

[CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities

CAL-2011-0054Adobe Shockwave Player Director File Parsing data of rcsl chunk multiple DOS vulnerabilities CALID: CAL-2011-0054 CVE ID: CVE-2011-2448 Discover: instruder of code audit labs of vulnhunt.com http://www.adobe.com/support/security/bulletins/apsb11-27.html 1 Affected Products...

10CVSS6.2AI score0.04486EPSS

securityvulns•added 2011/11/09 12:0 a.m.•41 views

Microsoft Windows kernel UDP processing integer overflow

Integer overflow leads to code execution via the flow of UDP packets to closed port...

10CVSS4.9AI score0.42832EPSS

Exploits1Affected Software1

securityvulns•added 2011/11/09 12:0 a.m.•36 views

Microsoft Windows active directory authentication bypass

Certificate revocation list is not checked on LDAPs access...

9CVSS4.2AI score0.09508EPSS

securityvulns•added 2011/11/09 12:0 a.m.•44 views

Microsoft Windows DoS

Crash on TTF fonts parsing...

7.1CVSS3.4AI score0.47708EPSS

Exploits2Affected Software1

securityvulns•added 2011/11/06 12:0 a.m.•136 views

Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting

Advisory: Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting vulnerabilities Advisory ID: SSCHADV2011-017 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 with Karma Ranking Plugin version 1.1 Vendor URL: http://www.s9y.org Vendor Status: fixed...

6.5AI score

securityvulns•added 2011/11/06 12:0 a.m.•48 views

foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage

============================================================================ Foofus.net Security Advisory: foofus-20111026 ============================================================================ Title: Toshiba eStudio Multifunction Printer Information Leakage Version: e-Studio series devices...

securityvulns•added 2011/11/06 12:0 a.m.•55 views

CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMENT AND DIAGNOSTIC CONSOLE VULNERABILITY

CVE-2011-3682: 2WIRE-SINGTEL 2701HGV-E/2700HGV-2/2700HG GATEWAY ROUTER MANAGEMENT AND DIAGNOSTIC CONSOLE VULNERABILITY 1. BACKGROUND AND AFFECTED MODELS/FIRMWARE SingTel provides customized versions of 2Wire gateway routers to its Internet service subscribers for the purpose of accessing the web...

0.5AI score

securityvulns•added 2011/11/06 12:0 a.m.•92 views

DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359]

Title ----- DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal CVE-2011-1359 Severity -------- High Date Discovered --------------- July 28, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Javier Castro,...

5CVSS0.7AI score0.00193EPSS

securityvulns•added 2011/11/06 12:0 a.m.•60 views

Multiple vulnerabilities in Efront

Vulnerability ID: HTB23053 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinefront.html Product: Efront Vendor: EPIGNOSIS Ltd http://www.efrontlearning.net/ Vulnerable Version: 3.6.10 build 11944 and probably prior Tested Version: 3.6.10 build 11944 Vendor Notification: 12...

securityvulns•added 2011/11/06 12:0 a.m.•62 views

[PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS

---------------------------------------------------------------------- PT-2011-20 Positive Technologies Security Advisory Authorization bypass vulnerability in OneOrZero AIMS ---------------------------------------------------------------------- ---Vulnerable software OneOrZero AIMS Version: 2.7....

0.2AI score

securityvulns•added 2011/11/06 12:0 a.m.•27 views

Toshiba eStudio authentication bypass

Known URLs can be accessed without authentication...

4AI score

Exploits0References2

securityvulns•added 2011/11/06 12:0 a.m.•64 views

[SECURITY] [DSA 2330-1] simplesamlphp security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2330-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 27, 2011 http://www.debian.org/security/faq -...

securityvulns•added 2011/11/06 12:0 a.m.•66 views

[PT-2011-21] SQL injection vulnerability in OneOrZero AIMS

---------------------------------------------------------------------- PT-2011-21 Positive Technologies Security Advisory SQL injection vulnerability in OneOrZero AIMS ---------------------------------------------------------------------- ---Vulnerable software OneOrZero AIMS Version: 2.7.0 and...

securityvulns•added 2011/11/06 12:0 a.m.•46 views

Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability

Advisory: Serendipity 'serendipityfilterbp.ALT' Cross-Site Scripting vulnerability Advisory ID: SSCHADV2011-015 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 Vendor URL: http://www.s9y.org Vendor Status: fixed CVE-ID: - ========================== Vulnerability...

securityvulns•added 2011/11/06 12:0 a.m.•138 views

XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3

Information -------------------- Name : XSS and SQL Injection Vulnerabilities on Symphony CMS Software : Symphony CMS 2.2.3 and possibly below Vendor Homepage : http://symphony-cms.com Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Mesut Timur mesut a...

securityvulns•added 2011/11/06 12:0 a.m.•71 views

CmyDocument Content Management Application - XSS Vulnerabilities

Title: CmyDocument Content Management Application - XSS Vulnerabilities Software : CmyDocument Content Management Application Software Version : Unknownversion update : 2010-01-10 Vendor: http://cmydocument.com/ Vulnerability Published : 2011-07-11 Vulnerability Update Time : Status : Impact :...

securityvulns•added 2011/11/06 12:0 a.m.•45 views

Strictly social XSS уязвимость в WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в WordPress. Которую я нашёл ещё 15.10.2008 и к которой уязвимы все версии WordPress. В WordPress имеет место Cross-Site Scripting уязвимость, в данном случае Strictly social XSS http://websecurity.com.ua/5469/, на...

securityvulns•added 2011/11/06 12:0 a.m.•78 views

[ GLSA 201110-23 ] Apache mod_authnz_external: SQL injection

Gentoo Linux Security Advisory GLSA 201110-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

7.5CVSS0.2AI score0.05055EPSS

securityvulns•added 2011/11/06 12:0 a.m.•63 views

[SECURITY] [DSA 2334-1] mahara security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2334-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 04, 2011 http://www.debian.org/security/faq -...

6.8CVSS1.6AI score0.00887EPSS

securityvulns•added 2011/11/06 12:0 a.m.•143 views

eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities

---------------------------------------------------------------- eFront = 3.6.10 build 11944 Multiple Security Vulnerabilities ---------------------------------------------------------------- author.............: EgiX mail...............: n0b0d13satgmaildotcom software link......:...

securityvulns•added 2011/11/06 12:0 a.m.•49 views

jara 1.6 sql injection vulnerability

jara 1.6 sql injection vulnerability download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/jara/view.php?id=SQL Injection...

1.1AI score

securityvulns•added 2011/11/06 12:0 a.m.•57 views

XSS Vulnerabilities in eFront

Information --------------------------------- Name : XSS Vulnerabilities in eFront Software : eFront 3.6.10 build 11944 and possibly below. Vendor Homepage : http://efrontlearning.net/ Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Canberk Bolat Advisory Reference :...

7AI score