Securityvulns - Page 18 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2015/05/12 12:0 a.m.•40 views

Palo Alto Traps Server XSS

Stored XSS in logs...

4.3CVSS1.5AI score0.04036EPSS

Exploits5References1Affected Software1

securityvulns•added 2015/05/12 12:0 a.m.•143 views

[ MDVSA-2015:186 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:186 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : March 31, 2015 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in phpmyadmin:...

5CVSS6.4AI score0.03263EPSS

securityvulns•added 2015/05/12 12:0 a.m.•100 views

[ MDVSA-2015:097 ] php-ZendFramework

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:097 http://www.mandriva.com/en/support/security/ Package : php-ZendFramework Date : March 28, 2015 Affected: Business Server 2.0 Problem Description: Updated php-ZendFramework packages fix multiple...

7.5CVSS10AI score0.02802EPSS

securityvulns•added 2015/05/12 12:0 a.m.•53 views

ESA-2015-049: EMC Isilon OneFS Privilege Escalation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-049: EMC Isilon OneFS Privilege Escalation Vulnerability EMC Identifier: ESA-2015-049 CVE Identifier: CVE-2015-0528 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products: • EMC Isilon OneFS 7.2.0.0 • EMC Isilon...

7.2CVSS1.1AI score0.00548EPSS

securityvulns•added 2015/05/12 12:0 a.m.•77 views

GoAutoDial 3.3 multiple vulnerabilities

Affected software: GoAutoDial Affected version: 3.3-1406088000 GoAdmin and previous releases of GoAutodial 3.3 Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845 Vendor advisory: http://goautodial.org/news/21 Abstract: Multiple vulnerabilties exist in the GoAutodial 3.3...

10CVSS0.7AI score0.71687EPSS

securityvulns•added 2015/05/12 12:0 a.m.•32 views

Open-Xchange crossite scripting

Crossite scripting via attachment...

4.3CVSS2.4AI score0.01538EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/05/12 12:0 a.m.•91 views

[ MDVSA-2015:200 ] mediawiki

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:200 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : April 10, 2015 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix security vulnerabilities: In...

7.1CVSS5.7AI score0.0271EPSS

securityvulns•added 2015/05/12 12:0 a.m.•46 views

[SECURITY] [DSA 3258-1] quassel security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3258-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 12, 2015 http://www.debian.org/security/faq -...

7.5CVSS2AI score0.0211EPSS

securityvulns•added 2015/05/12 12:0 a.m.•30 views

EMC Documentum xCelerated Management System information disclosure

Service password is stored in .bat file...

2.1CVSS2.1AI score0.0048EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/05/12 12:0 a.m.•43 views

CVE-2015-2223: Palo Alto Traps Server Stored XSS

------------------------------------------------------------------------ Product: Palo Alto Traps Server formerly Cyvera Endpoint Protection Vendor: Palo Alto Networks Vulnerable Versions: 3.1.2.1546 Tested Version: 3.1.2.1546 Advisory Publication: 29 March 2015 Vendor Notification: 17 October 20...

4.3CVSS0.2AI score0.04036EPSS

securityvulns•added 2015/05/12 12:0 a.m.•61 views

[CVE-2015-0779]: Novell ZenWorks Configuration Management remote code execution

Hi, I've found a reported an unrestricted file upload vulnerability in Novell ZenWorks Configuration Management which can be abused to achieve remote code execution. The full advisory text is below, and can also be obtained from my repo 1. A Metasploit module has been submitted and should hopeful...

10CVSS0.6AI score0.74516EPSS

securityvulns•added 2015/05/12 12:0 a.m.•58 views

Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability

Document Title: =============== Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1354 Security Bulletin FortiGuard: http://www.fortiguard.com/advisory/FG-IR-15-005/ PSI...

4.3CVSS0.3AI score0.02388EPSS

securityvulns•added 2015/05/12 12:0 a.m.•86 views

Reflected Cross-Site Scripting vulnerability in asdoc generated documentation

------------------------------------------------------------------------ Reflected Cross-Site Scripting vulnerability in asdoc generated documentation ------------------------------------------------------------------------ Radjnies Bhansingh, March 2014...

securityvulns•added 2015/05/12 12:0 a.m.•73 views

Avsarsoft Matbaa Script - Multiple Vulnerabilities

Title : Avsarsoft Matbaa Script - Multiple Vulnerabilities Author : ZoRLu / [email protected] Website : milw00rm.com / milw00rm.net / milw00rm.org Twitter : https://twitter.com/milw00rm or @milw00rm Test : Windows7 Ultimate Discovery : 15/04/15 Publish : 23/04/15 Thks : exploit-db.com,...

securityvulns•added 2015/05/12 12:0 a.m.•40 views

Open-Xchange Security Advisory 2015-04-27

Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 35982 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.6.1 Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.1-rev21...

4.3CVSS0.7AI score0.01538EPSS

securityvulns•added 2015/05/12 12:0 a.m.•52 views

[SECURITY] [DSA 3227-1] movabletype-opensource security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3227-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 15, 2015 http://www.debian.org/security/faq -...

7.5CVSS2.2AI score0.0374EPSS

securityvulns•added 2015/05/12 12:0 a.m.•91 views

CVE-2015-1773 Apache Flex reflected XSS vulnerability

CVE-2015-1773 Apache Flex reflected XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: All versions of Apache Flex before 4.14.1 Description: The asdoc tool produced JavaScript code that was vulnerable to a reflected XSS attack. A request with a specially...

4.3CVSS0.4AI score0.07049EPSS

securityvulns•added 2015/05/12 12:0 a.m.•178 views

Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability

,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / / / XXXXXX / / XXXXXX / / XXXXXX / ------' Exploit Title : Wolf CMS Arbitrary File Upload Exploit Date : 16 April 20...

securityvulns•added 2015/05/12 12:0 a.m.•105 views

WSO2 Identity Server multiple vulnerabilities

Hi, WSO2 Identity Server http://wso2.com/products/identity-server/ version 4.5.0/4.6.0/5.0.0 is prone to multiple vulnerabilities, including authentication bypass. Timeline: 09.10.2014 - Vendor notified 22.11.2014 - Vendor confirmed 04.12.2014 - Patches released 25.03.2015 - Bugtraq disclosure...

securityvulns•added 2015/05/12 12:0 a.m.•88 views

Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1

Affected software: GoAhead Web Server Affected versions: 3.0.0 - 3.4.1 3.x.x series before 3.4.2 CVE ID: CVE-2014-9707 Description: The server incorrectly normalizes HTTP request URIs that contain path segments that start with a "." but are not entirely equal to "." or ".." eg. ".x". By sending a...

7.5CVSS7.2AI score0.28417EPSS

securityvulns•added 2015/05/12 12:0 a.m.•103 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

10CVSS1.6AI score0.99974EPSS

Exploits50References28Affected Software20

securityvulns•added 2015/05/12 12:0 a.m.•1901 views

Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit

Hi guys, ref: http://www.milw00rm.com/exploits/5179 !/usr/bin/perl -w Title : Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit Vendor : http://www.encaps.net Download : http://sourceforge.net/projects/encapsnet/files/ Author : ZoRLu / [email protected] Website : milw00rm.com /...

securityvulns•added 2015/05/12 12:0 a.m.•81 views

[USN-2607-1] Module::Signature vulnerabilities

========================================================================== Ubuntu Security Notice USN-2607-1 May 12, 2015 libmodule-signature-perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

10CVSS1.2AI score0.05658EPSS

securityvulns•added 2015/05/12 12:0 a.m.•33 views

perl-Module-Signature content spoofing

Unsigned content can be interpreted as a signed...

10CVSS1.3AI score0.05658EPSS

Exploits0References2Affected Software1

securityvulns•added 2015/05/11 12:0 a.m.•30 views

dcraw / libraw integer overflow

Integer overflow in ljpegstart...

Exploits0References1Affected Software2

securityvulns•added 2015/05/11 12:0 a.m.•36 views

zeromq3 / libzmq downgrade attack

Protocol version downgrade attack is possible...

Exploits0References1Affected Software1

securityvulns•added 2015/05/11 12:0 a.m.•22 views

F5 BIG-IQ information disclosure

User accounts information disclosure...

Exploits0References1Affected Software1

securityvulns•added 2015/05/11 12:0 a.m.•39 views

CSRF/XSS In ClickBank ads Wordpress Plugin

================================================================ CSRF/Stored XSS Vulnerability in ClickBank Ads V 1.7 Plugin ================================================================ . contents:: Table Of Content Overview ======== Title :CSRF and Stored XSS Vulnerability in ClickBank Ads...

securityvulns•added 2015/05/11 12:0 a.m.•2144 views

TORNADO Computer Trading CMS - SQL Injection Vulnerability

Document Title: =============== TORNADO Computer Trading CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1489 Release Date: ============= 2015-05-05 Vulnerability Laboratory ID VL-ID: ====================================...

securityvulns•added 2015/05/11 12:0 a.m.•54 views

CSRF/XSS in embed-articles Wordpress Plugin

====================================================== CSRF/Stored XSS Vulnerability in embed articles Plugin ====================================================== . contents:: Table Of Content Overview ======== Title :CSRF and Stored XSS Vulnerability in embed-articles Wordpress Plugin Author:...

securityvulns•added 2015/05/11 12:0 a.m.•156 views

vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...

securityvulns•added 2015/05/11 12:0 a.m.•60 views

DokuWiki persistent Cross Site Scripting

Advisory ID: SGMA15-001 Title: DokuWiki persistent Cross Site Scripting Product: DokuWiki Version: 2014-09-29c and probably prior Vendor: www.dokuwiki.org Vulnerability type: Persistent XSS Risk level: Medium Credit: Filippo Cavallarin - segment.technology CVE: N/A Vendor notification: 2015-03-18...

securityvulns•added 2015/05/11 12:0 a.m.•30 views

BullGuard antiviral applications authentication bypass

Access limitation are checked in client application...

Exploits0References3

securityvulns•added 2015/05/11 12:0 a.m.•21 views

SonicWall SonicOS crossite scripting

No description provided...

Exploits0References1Affected Software1

securityvulns•added 2015/05/11 12:0 a.m.•38 views

HP Data Protector multiple security vulnerabilities

DoS, code execution, privilege escalation...

9CVSS2.8AI score0.04903EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/05/11 12:0 a.m.•45 views

squid insufficient certificate validation

Insufficient check for server certificate...

2.6CVSS2.3AI score0.11402EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/05/11 12:0 a.m.•24 views

InFocus projectors authentication bypass

Few authentication bypass possibilities...

10CVSS3.8AI score0.03235EPSS

Exploits4References1

securityvulns•added 2015/05/11 12:0 a.m.•41 views

HP Integrated Lights-Out multiple security vulnereabilities

Code execution, privilege escalation, DoS, restrictions bypass...

10CVSS2.6AI score0.12883EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/05/11 12:0 a.m.•31 views

suricata DoS

Crash on SSL certificate parsing...

5CVSS3.1AI score0.01134EPSS

Exploits0References1Affected Software1

securityvulns•added 2015/05/11 12:0 a.m.•50 views

Wordpress WP Statistics persistent cross site scripting

=========================================================== Stored XSS Vulnerability in WP Statistics Wordpress Plugin =========================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin...

securityvulns•added 2015/05/11 12:0 a.m.•123 views

PDF Converter & Editor 2.1 iOS - File Include Vulnerability

Document Title: =============== PDF Converter & Editor 2.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1480 Release Date: ============= 2015-05-06 Vulnerability Laboratory ID VL-ID: ===================================...

securityvulns•added 2015/05/11 12:0 a.m.•66 views

Multiple Vulnerabilities in TheCartPress WordPress plugin

Advisory ID: HTB23254 Product: TheCartPress WordPress plugin Vendor: TheCartPress team Vulnerable Versions: 1.3.9 and probably prior Tested Version: 1.3.9 Advisory Publication: April 8, 2015 without technical details Vendor Notification: April 8, 2015 Public Disclosure: April 29, 2015 Vulnerabili...

5CVSS0.3AI score0.21674EPSS

securityvulns•added 2015/05/11 12:0 a.m.•77 views

[SECURITY] [DSA 3200-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3200-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2015 http://www.debian.org/security/faq -...

3.5CVSS1.5AI score0.01647EPSS

securityvulns•added 2015/05/11 12:0 a.m.•29 views

[security bulletin] HPSBMU03292 rev.1 - HP Operations Orchestration Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04595607 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04595607 Version: 1 HPSBMU03292 rev....

7.5CVSS0.3AI score0.04111EPSS

securityvulns•added 2015/05/11 12:0 a.m.•149 views

Sqlbuddy Path Traversal Vulnerability

Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.sqlbuddy.com Version: 1.3.3 SQL Buddy is an open source web based MySQL administration application. Advisory Information: ================== sqlbuddy suffers from directory traversal whereby a user can mov...

securityvulns•added 2015/05/11 12:0 a.m.•59 views

[security bulletin] HPSBMU03321 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04636829 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04636829 Version: 1 HPSBMU03321 rev....

9CVSS1.1AI score0.04903EPSS

securityvulns•added 2015/05/11 12:0 a.m.•54 views

Wordpress plugin Simple Ads Manager - Multiple SQL Injection

Vulnerability title: Wordpress plugin Simple Ads Manager - Multiple SQL Injection Product: Wordpress plugin Simple Ads Manager Vendor: https://profiles.wordpress.org/minimus/ Affected version: Simple Ads Manager 2.5.94 and 2.5.96 Download link: https://wordpress.org/plugins/simple-ads-manager/ CV...

7.5CVSS5.1AI score0.06259EPSS

securityvulns•added 2015/05/11 12:0 a.m.•71 views

Stored XSS Vulnerability In Manage Engine Device Expert

=============================================================================== Stored XSS Vulnerability In Manage Engine Device Expert =============================================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability I...

securityvulns•added 2015/05/11 12:0 a.m.•50 views

[oCERT-2015-006] dcraw input sanitization errors

2015-006 dcraw input sanitization errors Description: The dcraw photo decoder is an open source project for raw image parsing. The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concern...

securityvulns•added 2015/05/11 12:0 a.m.•50 views

CSRF/XSS In Embed ArticlesWordpress Plugin

====================================================== CSRF/Stored XSS Vulnerability in embed articles Plugin ====================================================== . contents:: Table Of Content Overview ======== Title :CSRF and Stored XSS Vulnerability in embed-articles Wordpress Plugin Author:...

Total number of security vulnerabilities47153