Securityvulns - Page 164 of Securityvulns Vulnerabilities List

securityvulns•added 2011/11/06 12:0 a.m.•79 views

phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit

phpLDAPadmin = 1.2.1.1 queryengine Remote PHP Code Injection Exploit author...............: EgiX mail.................: n0b0d13satgmaildotcom software link........: http://phpldapadmin.sourceforge.net/ affected versions....: from 1.2.0 to 1.2.1.1 - vulnerable code in /lib/functions.php 1002...

0.2AI score

securityvulns•added 2011/11/06 12:0 a.m.•135 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

7.5CVSS1.6AI score0.84398EPSS

Exploits5References17Affected Software12

securityvulns•added 2011/11/05 12:0 a.m.•27 views

Open VMS SMTP server DoS

No description provided...

5CVSS1AI score0.01409EPSS

securityvulns•added 2011/11/05 12:0 a.m.•65 views

[security bulletin] HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01915145 Version: 1 HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be act...

5CVSS0.3AI score0.01409EPSS

securityvulns•added 2011/11/05 12:0 a.m.•25 views

HP OpenVMS unauthorized access via POP3/IMAP server

No description provided...

5CVSS3.4AI score0.00689EPSS

securityvulns•added 2011/11/05 12:0 a.m.•67 views

[security bulletin] HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01908983 Version: 1 HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted...

5CVSS0.3AI score0.00689EPSS

securityvulns•added 2011/11/04 12:0 a.m.•36 views

EMC Documentum eRoom protection bypass

It's possible to bypass file type upload limitations...

8.5CVSS1.9AI score0.01209EPSS

securityvulns•added 2011/11/04 12:0 a.m.•100 views

Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability Advisory ID: cisco-sa-20111102-srp500 Revision 1.0 For Public Release 2011 November 2 16:00 UTC GMT...

9.3CVSS0.7AI score0.00227EPSS

securityvulns•added 2011/11/04 12:0 a.m.•35 views

Oracle Hyperion ActiveX security vulnerabilities

Buffer overflow in ODBC driver used by ActiveX component, unsafe methods...

3.4AI score

Exploits0References2

securityvulns•added 2011/11/04 12:0 a.m.•22 views

RSA Key Manager Appliance session termination vulnerabilty

Session may be not properly terminated after logout...

9.3CVSS4.2AI score0.02715EPSS

Exploits0References1Affected Software1

securityvulns•added 2011/11/04 12:0 a.m.•67 views

ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1 Advisories Updated October 28, 2011 Summary: RSA has delivered an update on RSA Key Manager...

9.3CVSS0.6AI score0.02715EPSS

securityvulns•added 2011/11/04 12:0 a.m.•24 views

Cisco Small Business SRP500 crossite request forgery

Crossite request forgery in administration interface...

9.3CVSS2.4AI score0.00227EPSS

securityvulns•added 2011/11/04 12:0 a.m.•49 views

Wireshark sniffer multipe security vulnerabilities

Uninitialized memory dereference, buffer overflow...

4.3CVSS3.3AI score0.01526EPSS

Exploits0Affected Software1

securityvulns•added 2011/11/04 12:0 a.m.•65 views

ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability. EMC Identifier: ESA-2011-032 CVE Identifier: CVE-2011-2739 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: EMC SW: EMC Documentum eRoom 7.3...

8.5CVSS1.6AI score0.01209EPSS

securityvulns•added 2011/11/04 12:0 a.m.•67 views

Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability

Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability tested against: Internet Explorer 8 Microsoft Windows Server 2003 r2 sp2 download url: http://www.oracle.com/technetwork/middleware/epm/downloads/index.html files tested: SystemInstaller-11121-win32.zi...

0.4AI score

securityvulns•added 2011/11/01 12:0 a.m.•33 views

PlotLineControl ActiveX integer overflow

Integer overflow in LinePutPoint method...

3.6AI score

securityvulns•added 2011/11/01 12:0 a.m.•24 views

YaTFTPSvr TFTP Server directory traversal

No description provided...

2.1AI score

Exploits0References1Affected Software1

securityvulns•added 2011/11/01 12:0 a.m.•48 views

PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow

Title: PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow Software: PlotLineControl ActiveX ControlVersion 2.0 Vulnerability Published :2011-10-30 Vulnerability Update Time :2010-06-10 Vendor: No vendor response Impact: Median Bug Description: PlotLineControl is a free ActiveX Contro...

1.8AI score

securityvulns•added 2011/11/01 12:0 a.m.•35 views

Apple's Mail.app mail of death

OVERVIEW Mail.app mail client is vulnerable to a DoS by sending a crafted email. VENDOR Apple Inc. Vendor contacted: 25 July 2011 Vendor reply: 20 September 2011. Vendor's actions: Details confidential. VULNERABILITY DESCRIPTION Send an email with 2023 MIME attachments to the vicim client. Upon...

0.2AI score

securityvulns•added 2011/11/01 12:0 a.m.•197 views

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow EDB-ID: 18007 CVE: N/A OSVDB-ID: N/A Author: rgod Published: 2011-10-20 Verified: Exploit Code: Vulnerable App: N/A Rating Overall: 0.0 Oracle DataDirect Multiple Native Wire Protocol ODBC...

0.5AI score

securityvulns•added 2011/11/01 12:0 a.m.•52 views

[SECURITY] [DSA 2323-1] radvd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq -...

7.5CVSS2AI score0.00513EPSS

securityvulns•added 2011/11/01 12:0 a.m.•37 views

D-Link DIR-300 multiple security vulnerabilities

Router management system for D-Link DIR-300 information leakage...

2.1AI score

Exploits0References2

securityvulns•added 2011/11/01 12:0 a.m.•54 views

YaTFTPSvr TFTP Server Directory Traversal Vulnerability

Title: YaTFTPSvr TFTP Server Directory Traversal Vulnerability Software : YaTFTPSvr TFTP Server Software Version : 1.0.1.200 Vendor: http://sites.google.com/site/zhaojieding2/ Vulnerability Published : 2011-07-11 Vulnerability Update Time : Status : Impact : Medium Bug Description : YaTFTPSvr TFT...

0.4AI score

securityvulns•added 2011/11/01 12:0 a.m.•22 views

Nova weak cryptography

It's possible to computer EC2SECRETKEY with known EC2ACCESSKEY...

2.6AI score

securityvulns•added 2011/11/01 12:0 a.m.•58 views

[USN-1247-1] Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1247-1 October 25, 2011 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

0.4AI score

securityvulns•added 2011/11/01 12:0 a.m.•28 views

Apple Mail.app DoS

Crash on large number of MIME parts...

1.9AI score

Exploits0References1Affected Software2

securityvulns•added 2011/11/01 12:0 a.m.•73 views

[PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router

---------------------------------------------------------------------- PT-2011-30 Positive Technologies Security Advisory Disclosure of sensitive information in D-Link DIR-300 Router ---------------------------------------------------------------------- ---Vulnerable software Router management...

0.3AI score

securityvulns•added 2011/11/01 12:0 a.m.•59 views

[PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300

---------------------------------------------------------------------- PT-2011-29 Positive Technologies Security Advisory Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300. ---------------------------------------------------------------------- ---Vulnerable...

1.2AI score

securityvulns•added 2011/11/01 12:0 a.m.•36 views

radvd multiple security vulnerabilities

Privilege escalation, buffer overflow, DoS...

7.5CVSS3.3AI score0.0187EPSS

Exploits0References1Affected Software1

securityvulns•added 2011/10/31 12:0 a.m.•57 views

ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability

ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-300 October 26, 2011 -- CVE ID: CVE-2011-2433 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader --...

9.3CVSS0.4AI score0.08181EPSS

Exploits3

securityvulns•added 2011/10/31 12:0 a.m.•77 views

DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315]

Title ----- DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal CVE-2011-3315 Severity -------- High Date Discovered --------------- August 9, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description...

7.8CVSS0.7AI score0.51148EPSS

securityvulns•added 2011/10/31 12:0 a.m.•76 views

RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.

Hello, This is Paul Oxman with Cisco PSIRT. Please confirms the vulnerability reported by Peter Adkins, and has published an Intellishield response http://tools.cisco.com/security/center/viewAlert.x?alertId=24458 Additional information below. For current updates to Cisco PSIRT response, please se...

6.8CVSS0.3AI score0.00061EPSS

securityvulns•added 2011/10/31 12:0 a.m.•67 views

ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability

ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-311 October 27, 2011 -- CVE ID: CVE-2011-3220 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

4.3CVSS0.9AI score0.00735EPSS

securityvulns•added 2011/10/31 12:0 a.m.•70 views

ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability

ZDI-11-303 : Apple QuickTime H264 Stream framecropping Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-303 October 26, 2011 -- CVE ID: CVE-2011-3219 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

9.3CVSS1AI score0.03571EPSS

Exploits2

securityvulns•added 2011/10/31 12:0 a.m.•315 views

[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057508 Version: 1 HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information NOTICE: The information in...

5CVSS0.3AI score0.92431EPSS

Exploits28

securityvulns•added 2011/10/31 12:0 a.m.•47 views

ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability

ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-296 October 26, 2011 -- CVE ID: CVE-2011-2438 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader --...

9.3CVSS0.3AI score0.08459EPSS

securityvulns•added 2011/10/31 12:0 a.m.•96 views

APPLE-SA-2011-10-26-1 QuickTime 7.7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-26-1 QuickTime 7.7.1 QuickTime 7.7.1 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application...

9.3CVSS0.6AI score0.03571EPSS

Exploits7

securityvulns•added 2011/10/31 12:0 a.m.•52 views

ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability

ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-308 October 26, 2011 -- CVE ID: CVE-2011-4004 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Cisco -- Affected Products: Cisco WebEx --...

9.3CVSS0.2AI score0.02762EPSS

securityvulns•added 2011/10/31 12:0 a.m.•56 views

ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability

ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-312 October 27, 2011 -- CVE ID: CVE-2011-3221 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple...

6.8CVSS1.3AI score0.01774EPSS

securityvulns•added 2011/10/31 12:0 a.m.•69 views

[SECURITY] [DSA 2331-1] tor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2331-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 28, 2011 http://www.debian.org/security/faq -...

5.8CVSS7.3AI score0.00263EPSS

securityvulns•added 2011/10/31 12:0 a.m.•48 views

ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability

ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-297 October 26, 2011 -- CVE ID: CVE-2011-2437 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability...

9.3CVSS0.6AI score0.08181EPSS

Exploits3

securityvulns•added 2011/10/31 12:0 a.m.•118 views

ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability

ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-306 October 26, 2011 -- CVE ID: CVE-2011-3521 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java...

10CVSS1.1AI score0.08565EPSS

securityvulns•added 2011/10/31 12:0 a.m.•117 views

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-305 October 26, 2011 -- CVE ID: CVE-2011-3544 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

10CVSS9.7AI score0.92592EPSS

Exploits13

securityvulns•added 2011/10/31 12:0 a.m.•53 views

ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability

ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-310 October 26, 2011 -- CVE ID: CVE-2011-2441 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader...

9.3CVSS0.3AI score0.26993EPSS

securityvulns•added 2011/10/31 12:0 a.m.•41 views

Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Advisory ID: cisco-sa-20111026-webex Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +----------------------------------------------------------------...

9.3CVSS0.1AI score0.02937EPSS

securityvulns•added 2011/10/31 12:0 a.m.•65 views

[security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057703 Version: 2 HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers SRP, Local Unauthorized Access and Increased Privileges NOTICE: The information in this Security Bulletin should be acted upon ...

6.8CVSS0.5AI score0.0004EPSS

securityvulns•added 2011/10/31 12:0 a.m.•31 views

Novell iPrint buffer overflow

GetDriverSettings function buffer overflow...

7.5CVSS5.4AI score0.12265EPSS

Exploits4References1

securityvulns•added 2011/10/31 12:0 a.m.•35 views

ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability

ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-298 October 26, 2011 -- CVE ID: CVE-2011-2436 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerabili...

9.3CVSS0.5AI score0.08459EPSS