Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2011/11/06 12:0 a.m.140 views

XSS and SQL Injection Vulnerabilities on Symphony CMS 2.2.3

Information -------------------- Name : XSS and SQL Injection Vulnerabilities on Symphony CMS Software : Symphony CMS 2.2.3 and possibly below Vendor Homepage : http://symphony-cms.com Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Mesut Timur mesut a...

Exploits0
securityvulns
securityvulns
added 2011/11/06 12:0 a.m.51 views

jara 1.6 sql injection vulnerability

jara 1.6 sql injection vulnerability download http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/jara/view.php?id=SQL Injection...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2011/11/06 12:0 a.m.138 views

Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting

Advisory: Serendipity Plugin 'Karma Ranking' Multiple Cross-Site Scripting vulnerabilities Advisory ID: SSCHADV2011-017 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 with Karma Ranking Plugin version 1.1 Vendor URL: http://www.s9y.org Vendor Status: fixed...

6.5AI score
Exploits0
securityvulns
securityvulns
added 2011/11/06 12:0 a.m.48 views

Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability

Advisory: Serendipity 'serendipityfilterbp.ALT' Cross-Site Scripting vulnerability Advisory ID: SSCHADV2011-015 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 Vendor URL: http://www.s9y.org Vendor Status: fixed CVE-ID: - ========================== Vulnerability...

Exploits0
securityvulns
securityvulns
added 2011/11/05 12:0 a.m.66 views

[security bulletin] HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01915145 Version: 1 HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be act...

5CVSS0.3AI score0.02109EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/05 12:0 a.m.69 views

[security bulletin] HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01908983 Version: 1 HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted...

5CVSS0.3AI score0.01976EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/05 12:0 a.m.26 views

HP OpenVMS unauthorized access via POP3/IMAP server

No description provided...

5CVSS3.4AI score0.01976EPSS
Exploits0References1
securityvulns
securityvulns
added 2011/11/05 12:0 a.m.27 views

Open VMS SMTP server DoS

No description provided...

5CVSS1AI score0.02109EPSS
Exploits0References1
securityvulns
securityvulns
added 2011/11/04 12:0 a.m.22 views

RSA Key Manager Appliance session termination vulnerabilty

Session may be not properly terminated after logout...

9.3CVSS4.2AI score0.03396EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/11/04 12:0 a.m.68 views

ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability. EMC Identifier: ESA-2011-032 CVE Identifier: CVE-2011-2739 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: EMC SW: EMC Documentum eRoom 7.3...

8.5CVSS1.6AI score0.02685EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/04 12:0 a.m.101 views

Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability Advisory ID: cisco-sa-20111102-srp500 Revision 1.0 For Public Release 2011 November 2 16:00 UTC GMT...

9.3CVSS0.7AI score0.01802EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/04 12:0 a.m.49 views

Wireshark sniffer multipe security vulnerabilities

Uninitialized memory dereference, buffer overflow...

4.3CVSS3.3AI score0.03179EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2011/11/04 12:0 a.m.24 views

Cisco Small Business SRP500 crossite request forgery

Crossite request forgery in administration interface...

9.3CVSS2.4AI score0.01802EPSS
Exploits0References1
securityvulns
securityvulns
added 2011/11/04 12:0 a.m.35 views

Oracle Hyperion ActiveX security vulnerabilities

Buffer overflow in ODBC driver used by ActiveX component, unsafe methods...

3.4AI score
Exploits0References2
securityvulns
securityvulns
added 2011/11/04 12:0 a.m.68 views

ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1 Advisories Updated October 28, 2011 Summary: RSA has delivered an update on RSA Key Manager...

9.3CVSS0.6AI score0.03396EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/04 12:0 a.m.36 views

EMC Documentum eRoom protection bypass

It's possible to bypass file type upload limitations...

8.5CVSS1.9AI score0.02685EPSS
Exploits0References1
securityvulns
securityvulns
added 2011/11/04 12:0 a.m.67 views

Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability

Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability tested against: Internet Explorer 8 Microsoft Windows Server 2003 r2 sp2 download url: http://www.oracle.com/technetwork/middleware/epm/downloads/index.html files tested: SystemInstaller-11121-win32.zi...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.26 views

YaTFTPSvr TFTP Server directory traversal

No description provided...

2.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.29 views

Apple Mail.app DoS

Crash on large number of MIME parts...

1.9AI score
Exploits0References1Affected Software2
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.56 views

YaTFTPSvr TFTP Server Directory Traversal Vulnerability

Title: YaTFTPSvr TFTP Server Directory Traversal Vulnerability Software : YaTFTPSvr TFTP Server Software Version : 1.0.1.200 Vendor: http://sites.google.com/site/zhaojieding2/ Vulnerability Published : 2011-07-11 Vulnerability Update Time : Status : Impact : Medium Bug Description : YaTFTPSvr TFT...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.50 views

PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow

Title: PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow Software: PlotLineControl ActiveX ControlVersion 2.0 Vulnerability Published :2011-10-30 Vulnerability Update Time :2010-06-10 Vendor: No vendor response Impact: Median Bug Description: PlotLineControl is a free ActiveX Contro...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.37 views

D-Link DIR-300 multiple security vulnerabilities

Router management system for D-Link DIR-300 information leakage...

2.1AI score
Exploits0References2
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.22 views

Nova weak cryptography

It's possible to computer EC2SECRETKEY with known EC2ACCESSKEY...

2.6AI score
Exploits0References1
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.198 views

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow EDB-ID: 18007 CVE: N/A OSVDB-ID: N/A Author: rgod Published: 2011-10-20 Verified: Exploit Code: Vulnerable App: N/A Rating Overall: 0.0 Oracle DataDirect Multiple Native Wire Protocol ODBC...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.74 views

[PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router

---------------------------------------------------------------------- PT-2011-30 Positive Technologies Security Advisory Disclosure of sensitive information in D-Link DIR-300 Router ---------------------------------------------------------------------- ---Vulnerable software Router management...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.34 views

PlotLineControl ActiveX integer overflow

Integer overflow in LinePutPoint method...

3.6AI score
Exploits0References1
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.60 views

[PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300

---------------------------------------------------------------------- PT-2011-29 Positive Technologies Security Advisory Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300. ---------------------------------------------------------------------- ---Vulnerable...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.37 views

Apple's Mail.app mail of death

OVERVIEW Mail.app mail client is vulnerable to a DoS by sending a crafted email. VENDOR Apple Inc. Vendor contacted: 25 July 2011 Vendor reply: 20 September 2011. Vendor's actions: Details confidential. VULNERABILITY DESCRIPTION Send an email with 2023 MIME attachments to the vicim client. Upon...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.54 views

[SECURITY] [DSA 2323-1] radvd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq -...

7.5CVSS2AI score0.02771EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.36 views

radvd multiple security vulnerabilities

Privilege escalation, buffer overflow, DoS...

7.5CVSS3.3AI score0.03962EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/11/01 12:0 a.m.59 views

[USN-1247-1] Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1247-1 October 25, 2011 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.36 views

ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability

ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-298 October 26, 2011 -- CVE ID: CVE-2011-2436 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerabili...

9.3CVSS0.5AI score0.0594EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.45 views

ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability

ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-309 October 26, 2011 -- CVE ID: CVE-2011-3173 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Novell -- Affected Products: Novell...

7.5CVSS0.9AI score0.04893EPSS
Exploits4
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.56 views

ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability

ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-304 October 26, 2011 -- CVE ID: CVE-2011-3252 -- CVSS: 8.3, AV:N/AC:M/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple...

9.3CVSS0.8AI score0.05593EPSS
Exploits2
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.34 views

HP-UX Containers privilege escalation

No description provided...

6.8CVSS3.2AI score0.00331EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.44 views

Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player Advisory ID: cisco-sa-20111026-webex Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +----------------------------------------------------------------...

9.3CVSS0.1AI score0.03811EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.67 views

[security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057703 Version: 2 HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers SRP, Local Unauthorized Access and Increased Privileges NOTICE: The information in this Security Bulletin should be acted upon ...

6.8CVSS0.5AI score0.00331EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.37 views

Adobe Acrobat / Reader multiple security vulnerabilities

Privilege escalation, memory leakage, code executions, multiple buffer overflows...

9.3CVSS3.9AI score0.07964EPSS
Exploits12References16Affected Software2
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.41 views

tor information discosure

Combined attacks may be used to deaninmize user...

5.8CVSS0.9AI score0.01203EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.31 views

Novell iPrint buffer overflow

GetDriverSettings function buffer overflow...

7.5CVSS5.4AI score0.04893EPSS
Exploits4References1
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.38 views

Cisco Nexus switches protection bypass

It's possible to bypass ACL limitation. Local code execution...

6.8CVSS2.9AI score0.01992EPSS
Exploits1References3Affected Software2
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.43 views

ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability

ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-313 October 27, 2011 -- CVE ID: CVE-2011-3223 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple...

6.8CVSS0.7AI score0.03363EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.50 views

ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability

ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-296 October 26, 2011 -- CVE ID: CVE-2011-2438 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader --...

9.3CVSS0.3AI score0.0594EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.54 views

ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability

ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-310 October 26, 2011 -- CVE ID: CVE-2011-2441 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader...

9.3CVSS0.3AI score0.07964EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.70 views

ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability

ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-316 October 27, 2011 -- CVE ID: CVE-2011-3251 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

9.3CVSS0.6AI score0.03607EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.73 views

Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Unified Communications Manager Directory Traversal Vulnerability Advisory ID: cisco-sa-20111026-cucm Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +--------------------------------------------------------------------- Summary...

7.8CVSS0.1AI score0.26393EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.77 views

ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability

ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-315 October 27, 2011 -- CVE ID: CVE-2011-3249 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

9.3CVSS0.6AI score0.05134EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.64 views

Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Unified Contact Center Express Directory Traversal Vulnerability Advisory ID: cisco-sa-20111026-uccx Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +--------------------------------------------------------------------- Summary...

7.8CVSS0.4AI score0.26393EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.73 views

ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability

ZDI-11-303 : Apple QuickTime H264 Stream framecropping Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-303 October 26, 2011 -- CVE ID: CVE-2011-3219 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

9.3CVSS1AI score0.04756EPSS
Exploits2
securityvulns
securityvulns
added 2011/10/31 12:0 a.m.92 views

ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability

ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-307 October 26, 2011 -- CVE ID: CVE-2011-3545 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle...

10CVSS0.8AI score0.05445EPSS
Exploits1
Total number of security vulnerabilities47153