Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2011/10/24 12:0 a.m.62 views

Metasploit 4.1.0 Web UI stored XSS vulnerability

Advisory: Metasploit 4.1.0 Web UI stored XSS vulnerability Advisory ID: SSCHADV2011-033 Author: Stefan Schurtz Affected Software: Successfully tested on Metasploit Community Edition Vendor URL: http://metasploit.com/ Vendor Status: fixed EDB-ID: 18012 ========================== Vulnerability...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.38 views

AST-2011-012: Remote crash vulnerability in SIP channel driver

Asterisk Project Security Advisory - AST-2011-012 Product Asterisk Summary Remote crash vulnerability in SIP channel driver Nature of Advisory Remote crash Susceptibility Remote authenticated sessions Severity Critical Exploits Known No Reported On October 4, 2011 Reported By Ehsan Foroughi Poste...

6.8CVSS0.9AI score0.0238EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.39 views

Asterisk uninitilized memory reference

Crash on SIP request processing...

6.8CVSS1.8AI score0.0238EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.64 views

OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024)

OCS Inventory NG 2.0.1 Persistent XSS CVE-2011-4024 ------------------------------------------------------- Software : Open Computer and Software OCS Inventory NG Download : http://www.ocsinventory-ng.org/ Discovered by : Nicolas DEROUET nicolas.derouetgmailcom Discover : 2011-10-04...

4.3CVSS0.4AI score0.04699EPSS
Exploits6
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.50 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.04699EPSS
Exploits8References22Affected Software14
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.48 views

inCommand Technologies, Inc. Cross-site Scripting Vulnerability

------------In The Name Of God------------ inCommand Technologies, Inc. Cross-site Scripting Vulnerability AUTHOR: md.r00t Mail: [email protected] Website: www.r00t.gigfa.com Forum: http://ajaxtm.com/forum Google D0rk: "Website Design by inCommand Technologies, Inc." xss EXPLOIT:...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.29 views

Cisco CiscoWorks Common Services code execution

It's possible to execute code with LocalSystem privileges...

9CVSS4.6AI score0.15163EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.54 views

Joomla Component (com_sgicatalog) <= SQL Injection Vulnerability

Exploit Title: Joomla Component comsgicatalog = SQL Injection Vulnerability Google Dork: inurl:index.php?option=comsgicatalog Date: 2011-10-12 Author: BHG Security Center Home: Http://black-hg.org Software Link: http://joomlaapps.com/ Version: 1.x Tested on: Windows XP- Persian CVE : Webapps...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.62 views

Contao 2.10.1 Cross-site scripting vulnerability

Advisory: Contao 2.10.1 Cross-site scripting vulnerability Advisory ID: SSCHADV2011-025 Author: Stefan Schurtz Affected Software: Successfully tested on Contao 2.10.1 Vendor URL: http://www.contao.org/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.37 views

Security-Assessment.com Advisory: Destination Search Admin Console Access Control Bypass

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Destination Search Admin Console Access Control Bypass Vendor link: http://www.localmatters.com/ PDF:...

Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.132 views

WordPress Plugin BackWPUp 2.1.4 - Security Advisory - SOS-11-012

Sense of Security - Security Advisory - SOS-11-012 Release Date. 17-Oct-2011 Vendor Notification Date. 14-Oct-2011 Product. BackWPUp Platform. WordPress Affected versions. 2.1.4 Severity Rating. High Impact. System access Attack Vector. Remote without authentication Solution Status. Upgrade to...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.73 views

Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities Advisory ID: cisco-sa-20111019-sns Revision 1.0 For Public Release 2011 October 19 16:00 UTC GMT +--------------------------------------------------------------------- Summary...

7.5CVSS0.5AI score0.02177EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.26 views

Cisco Show and Share security vulnerabilities

Authentication bypass, code execution...

7.5CVSS3.5AI score0.02177EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.46 views

[PT-2011-14] SQL injection vulnerability in BoonEx Dolphin

---------------------------------------------------------------------- PT-2011-14 Positive Technologies Security Advisory SQL injection vulnerability in BoonEx Dolphin 6.1 ---------------------------------------------------------------------- --- Vulnerable platform BoonEx Dolphin 6.1 Link:...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.45 views

KaiBB 2.0.1 XSS and SQL Injection vulnerabilities

Advisory: KaiBB 2.0.1 XSS and SQL Injection vulnerabilities Advisory ID: SSCHADV2011-027 Author: Stefan Schurtz Affected Software: Successfully tested on KaiBB 2.0.1 Vendor URL: http://code.google.com/p/kaibb/ Vendor Status: informed CVE-ID: - ========================== Vulnerability Description...

Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.32 views

Daemon Tools DoS

Crash on IOCTL processing...

4.9CVSS2.4AI score0.00736EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.55 views

DAEMON Tools IOCTL local denial-of-service vulnerability

Advisory: DAEMON Tools IOCTL local denial-of-service vulnerability Advisory ID: JVNDB-2011-000085 Author: Satoshi TANDA Affected Software: Successfully tested on DAEMON Tools 4.40 Vendor URL: http://www.daemon-tools.cc/eng/home Vendor Status: fixed CVE-ID: CVE-2011-3987 ==========================...

4.9CVSS6.3AI score0.00736EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.54 views

Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability Advisory ID: cisco-sa-20111019-cs Revision 1.0 For Public Release 2011 October 19 16:00 UTC GMT...

9CVSS1.8AI score0.15163EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.102 views

TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR2, 11gR1 and 11gR2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of...

3.6CVSS6.3AI score0.01104EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.88 views

TeamSHATTER Security Advisory: Buffer Overflow in Oracle Database (CTXSYS.DRVDISP.TABLEFUNC_ASOWN function)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR1, 10gR2 and 11gR1 Remote exploitable: Yes Authentication to Database Server is needed Credits: This vulnerability was discovered a...

8.5CVSS0.3AI score0.0224EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.96 views

TeamSHATTER Security Advisory: SQL Injection Vulnerability in Oracle DROP INDEX for spatial datatypes

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2, 11gR1 and 11gR2 Remote exploitable: No Credits: This vulnerability was discovered and researched by Martin Rakhmanov of...

6.5CVSS0.4AI score0.01501EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.62 views

Google App Enging SDK Code Execution Vulnerability (CVE 2011-1364)

We recently identified an interesting code execution vulnerability in the Google App Engine SDK for Python. By combining a CSRF vulnerability in the administration web UI, with some other unique vulnerabilities we found in the Google python libraries, a remote hacker could gain remote code...

6.8CVSS1.1AI score0.00495EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.62 views

foofus.net Security Advisory - Toshiba eStudio Multifunction Printer Authentication Bypass

============================================================================ Foofus.net Security Advisory: foofus-20111016 ============================================================================ Title: Toshiba EStudio Multifunction Printer Authentication Bypass Version: e-Studio series devic...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.35 views

[security bulletin] HPSBPI02711 SSRT100647 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03052686 Version: 1 HPSBPI02711 SSRT100647 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Information Disclosure NOTICE: The information in this Security Bulletin should be act...

1.2CVSS0.2AI score0.00428EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.88 views

[security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03058866Version: 1 HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon a...

10CVSS1AI score0.1169EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.52 views

LedgerSMB 1.3.0 released, includes anti-XSRF framework

Hi all; LedgerSMB 1.3.0 has been released. One of the important enhancements this version has is protection against cross-site request forgery XSRF, notably missing in past versions. The codebase we inherited when beginning the project has not been very conducive to retrofitting security framewor...

6.8CVSS0.4AI score0.00594EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.83 views

Oracle / Sun / People Soft applications multiple security vulnerabilities

Quarterly CPU fixes 50 security vulnereabilities...

9.3CVSS2.1AI score0.98945EPSS
Exploits20References4Affected Software11
securityvulns
securityvulns
added 2011/10/24 12:0 a.m.74 views

Apple OS X multiple security vulnerabilities

Multiple vulnerabilities in different system components...

9.3CVSS2AI score0.98945EPSS
Exploits79References3Affected Software1
securityvulns
securityvulns
added 2011/10/23 12:0 a.m.58 views

VUPEN Security Research - Microsoft Internet Explorer "X-UA-COMPATIBLE" Use-after-free Vulnerability

VUPEN Security Research - Microsoft Internet Explorer "X-UA-COMPATIBLE" Use-after-free Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2011/10/23 12:0 a.m.36 views

acpid DoS

Large number of connections leads to endless loop...

5CVSS1.7AI score0.02312EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.60 views

[USN-1232-1] X.Org X server vulnerabilities

========================================================================== Ubuntu Security Notice USN-1232-1 October 18, 2011 xorg-server vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivative...

8.5CVSS0.8AI score0.05347EPSS
Exploits6
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.27 views

X.Org multiple security vulnerabilities

Memory corruprions, insecure lock file creation...

8.5CVSS2.5AI score0.05347EPSS
Exploits6References1Affected Software1
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.84 views

ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient,Type Checking Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient Type Checking Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-288 October 15, 2011 - - -- CVE ID: CVE-2011-1999 - - -- CVSS: 7.5,...

9.3CVSS0.2AI score0.27959EPSS
Exploits2
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.99 views

ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerability

ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-290 October 15, 2011 - -- CVE ID: CVE-2011-2001 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Microsoft - -- Affected Products:...

9.3CVSS0.4AI score0.71802EPSS
Exploits5
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.214 views

Multiple HTTP servers DoS

Range: header processing can lead to memory exhaustion...

7.8CVSS1.4AI score0.98945EPSS
Exploits19References3Affected Software1
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.29 views

SystemTap DoS

Crash on ELF parsing...

1.2CVSS2.3AI score0.00301EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.45 views

[ MDVSA-2011:155 ] systemtap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:155 http://www.mandriva.com/security/ Package : systemtap Date : October 17, 2011 Affected: 2011. Problem Description: Multiple vulnerabilities has been discovered and corrected in systemtap: SystemTap 1.4 a...

1.2CVSS6.2AI score0.00301EPSS
Exploits0
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.91 views

ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code,Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-289 October 15, 2011 - -- CVE ID: CVE-2011-2000 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...

9.3CVSS0.2AI score0.18886EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/20 12:0 a.m.62 views

ZDI-11-287 : Internet Explorer Select Element Cache Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-287 : Internet Explorer Select Element Cache Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-287 October 15, 2011 - -- CVE ID: CVE-2011-1996 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors...

9.3CVSS0.3AI score0.60456EPSS
Exploits5
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.82 views

APPLE-SA-2011-10-11-1 iTunes 10.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-11-1 iTunes 10.5 iTunes 10.5 is now available and addresses the following: CoreFoundation Available for: Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack may lead to an unexpected application termination or arbitra...

10CVSS0.2AI score0.43195EPSS
Exploits32
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.33 views

HP Onboard Administrator unauthorized access

No description provided...

6.4CVSS2.5AI score0.01987EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.68 views

iDefense Security Advisory 10.11.11: Microsoft Internet Explorer Object Handling Memory Corruption Vulnerability

iDefense Security Advisory 10.11.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 11, 2011 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer,...

9.3CVSS6.2AI score0.14476EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.38 views

[ GLSA 201110-08 ] feh: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 201110-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

5.1CVSS0.2AI score0.06623EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.35 views

feh multiple security vulnerabilities

Different vulnerabilities in graphics format parsing...

5.1CVSS2.7AI score0.06623EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.57 views

NGS00062 Technical Advisory: Apple OSX / iPhone ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow

======= Summary ======= Name: Apple OSX / iPhone iOS ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow Reference: NGS00062 Discoverer: Dominic Chell [email protected] Vendor: Apple Vendor Reference: 145575681 Systems Affected: Apple OSX / iPhone iOS / Possibly others using LibTiff...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.46 views

Microsoft Forefront Unified Access Gateway multiple security vulnerabilities

Code execution, crossite scripting, DoS...

9.3CVSS2AI score0.17309EPSS
Exploits4References1Affected Software1
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.61 views

SEC Consult SA-20111012-0 :: Client-side remote file upload & command execution in Microsoft Forefront UAG Remote Access Agent (CVE-2011-1969)

SEC Consult Vulnerability Lab Security Advisory 20111012-0 ======================================================================= title: Client-side remote file upload & command execution product: Microsoft Forefront Unified Access Gateway Remote Access Agent signed Java applet vulnerable versio...

9.3CVSS0.1AI score0.17309EPSS
Exploits4
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.71 views

iDefense Security Advisory 10.12.11: Apple Mobile OfficeImport Framework Word Document Parsing Memory Corruption Vulnerability

iDefense Security Advisory 10.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 12, 2011 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office file...

6.8CVSS0.1AI score0.03353EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.117 views

iDefense Security Advisory 10.12.11: Apple MobileSafari Attachment Viewing Cross Site Scripting Vulnerability

iDefense Security Advisory 10.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 12, 2011 I. BACKGROUND MobileSafari is Apple's mobile we browser for iOS devices. For more information about MobileSafari, please the visit following website:...

4.3CVSS4.8AI score0.01821EPSS
Exploits1
securityvulns
securityvulns
added 2011/10/16 12:0 a.m.95 views

ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams)

Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...

0.6AI score
Exploits0
Total number of security vulnerabilities47153