Securityvulns - Page 188 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2011/05/25 12:0 a.m.•33 views

Session hacking via authentication cookie on Oracle CRM on Demand

Vulnerability Title: Session hacking via authentication cookie on Oracle CRM on Demand Date: 20/05/2011 Vendor: Oracle Product: Oracle CRM on Demand Software Link: https://sso.crmondemand.com/ Summary: Oracle CRM on Demand is a web application to manage Customer information. Desc: On login proces...

securityvulns•added 2011/05/25 12:0 a.m.•68 views

[USN-1133-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1133-1 May 24, 2011 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

7.1CVSS0.8AI score0.01687EPSS

securityvulns•added 2011/05/25 12:0 a.m.•41 views

Bypassing Cisco's ICMPv6 Router Advertisement Guard feature

To bypass the Router Advertisement Guarding feature in the very few Cisco switches and images that support it: Attack: ======= Make the evil Router Advertisement fragmented and put the ICMPv6 into the second fragment, eg. by putting a very large Destination extension header before the ICMPv6 part...

securityvulns•added 2011/05/25 12:0 a.m.•32 views

FPD и XSS уязвимости в Easy Contact для WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и Cross-Site Scripting уязвимостях в плагине Easy Contact для WordPress. Full path disclosure WASC-13: http://site/wp-content/plugins/easy-contact/econtact.php http://site/wp-content/plugins/easy-contact/econtact-menu.php XSS...

securityvulns•added 2011/05/25 12:0 a.m.•36 views

[SECURITY] [DSA 2239-1] libmojolicious-perl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2239-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24, 2011 http://www.debian.org/security/faq -...

10CVSS1.7AI score0.00507EPSS

securityvulns•added 2011/05/25 12:0 a.m.•93 views

[ MDVSA-2011:096 ] python

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:096 http://www.mandriva.com/security/ Package : python Date : May 22, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities have been identified an...

6.4CVSS8.4AI score0.01407EPSS

securityvulns•added 2011/05/25 12:0 a.m.•31 views

HTB22986: SQL injection in ExtCalendar 2

Vulnerability ID: HTB22986 Reference: http://www.htbridge.ch/advisory/sqlinjectioninextcalendar2.html Product: ExtCalendar 2 Vendor: http://sourceforge.net/projects/extcal/ Vulnerable Version: 2.0b2 Vendor Notification: 05 May 2011 Vulnerability Type: SQL Injection Risk level: Medium Credit:...

securityvulns•added 2011/05/25 12:0 a.m.•58 views

[ MDVSA-2011:097 ] ruby

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:097 http://www.mandriva.com/security/ Package : ruby Date : May 23, 2011 Affected: 2009.0, 2010.1, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities have been identified and fixed in ruby:...

6.8CVSS7.1AI score0.02121EPSS

securityvulns•added 2011/05/25 12:0 a.m.•39 views

HTB22987: Multiple XSS in phpScheduleIt

Vulnerability ID: HTB22987 Reference: http://www.htbridge.ch/advisory/multiplexssinphpscheduleit.html Product: phpScheduleIt Vendor: php.brickhost.com Vulnerable Version: 1.2.12 Vendor Notification: 05 May 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: High-Tech Brid...

securityvulns•added 2011/05/25 12:0 a.m.•93 views

PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager)

PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage Insight Manager Vulnerability found: 6th June 2010 Date Published 20th May 2011 Severity: Medium Description: XSS vulnerabilities have been found within HP System Management; Arisin...

5CVSS0.1AI score0.00919EPSS

securityvulns•added 2011/05/25 12:0 a.m.•30 views

Gadu-Gadu 0-Day Remote Code Execution

Vendor: Gadu-Gadu http://gadu-gadu.pl Vulnerable Version: All Vulnerability Type: XSS, Remote Code Execution Risk level: Very High Credit: Kacper Szczesniak [email protected] Vulnerability Details: Gadu-Gadu improperly handles file transfer requests. It's possible to place 255 chars of HTML co...

securityvulns•added 2011/05/25 12:0 a.m.•25 views

NGS00054 Patch Notification: Lumension Device Control (formerly Sanctuary) remote memory corruption

Lumension Device Control formerly Sanctuary remote memory corruption 24/05/2011 Andy Davis of NGS Secure has discovered a high risk vulnerability in Lumension Device Control. Sending a specially crafted packet to a TCP service running on the Lumension Application Server results in a memory...

securityvulns•added 2011/05/25 12:0 a.m.•33 views

HTB22995: XSS in Ajax Chat

Vulnerability ID: HTB22995 Reference: http://www.htbridge.ch/advisory/xssinajaxchat.html Product: Ajax Chat Vendor: php-development.ru Vulnerable Version: 1 Vendor Notification: 10 May 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: High-Tech Bridge SA Security Resear...

securityvulns•added 2011/05/25 12:0 a.m.•68 views

Linux kernel EFI/XFS DoS

Buffer overflow on partiotion GUID parsing...

5.6CVSS4.7AI score0.00073EPSS

Exploits1References3Affected Software1

securityvulns•added 2011/05/25 12:0 a.m.•66 views

[ MDVSA-2011:100 ] cyrus-imapd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:100 http://www.mandriva.com/security/ Package : cyrus-imapd Date : May 24, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability has been identified and fix...

6.8CVSS8.9AI score0.37771EPSS

securityvulns•added 2011/05/21 12:0 a.m.•20 views

Cisco Unified Operations Manager multiple security vulnerabilities

Crossite scripting, SQL injection...

7.5CVSS2.2AI score0.37611EPSS

Exploits10References1Affected Software1

securityvulns•added 2011/05/21 12:0 a.m.•69 views

CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Packetninjas L.L.C www.packetninjas.net -= Security Advisory =- Advisory: Zeacom Chat Server JSESSIONID weak SessionID Vulnerability Release Date: unknown Last Modified: 09/27/2010 Author: Daniel Clemens daniel.clemensatpacketninjas.net Application:...

5.8CVSS0.2AI score0.00694EPSS

securityvulns•added 2011/05/21 12:0 a.m.•83 views

[ MDVSA-2011:094 ] pure-ftpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:094 http://www.mandriva.com/security/ Package : pure-ftpd Date : May 19, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A denial-of-service DoS attack related to glo...

4CVSS6.1AI score0.12281EPSS

securityvulns•added 2011/05/21 12:0 a.m.•72 views

PHPCaptcha / Securimage 2.0.2 - Authentication Bypass - SOS-11-007

Sense of Security - Security Advisory - SOS-11-007 Release Date. 20-May-2011 Last Update. - Vendor Notification Date. 04-Apr-2011 Product. Securimage / PHPCaptcha Platform. PHP Affected versions. 1.0.4 - 2.0.2 Severity Rating. Medium Impact. Authentication bypass Attack Vector. Remote without...

securityvulns•added 2011/05/21 12:0 a.m.•40 views

Уязвимости в Easy Contact для WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation, Abuse of Functionality и Cross-Site Scripting уязвимостях в плагине Easy Contact для WordPress. Insufficient Anti-automation WASC-21: Отсутствие капчи на странице контактов позволяет слать автоматизированные сообщения...

securityvulns•added 2011/05/21 12:0 a.m.•86 views

XSS vulnerability in TWiki < 5.0.2

Information ----------------------------------- Name : XSS vulnerability in TWiki Software : TWiki 5.0.1 and possibily below. Vendor Hompeage : http://twiki.org/ Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur mesut at mavitunasecurity dot com Advisory Reference...

4.3CVSS6.4AI score0.0904EPSS

securityvulns•added 2011/05/21 12:0 a.m.•58 views

Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006

Sense of Security - Security Advisory - SOS-11-006 Release Date. 18-May-2011 Last Update. - Vendor Notification Date. 28-Feb-2011 Product. Cisco Unified Operations Manager Common Services Framework Help Servlet Common Services Device Center CiscoWorks Homepage Note: All of the above products are...

7.5CVSS0.3AI score0.37611EPSS

securityvulns•added 2011/05/21 12:0 a.m.•86 views

[ MDVSA-2011:095 ] apr

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:095 http://www.mandriva.com/security/ Package : apr Date : May 20, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: It was discovered that the fix for CVE-2011-0419...

4.3CVSS8.8AI score0.52868EPSS

securityvulns•added 2011/05/21 12:0 a.m.•47 views

apr / Apache mod_autoindex DoS

CPU resources exhaustion on request to indexed files with long names...

4.3CVSS2.2AI score0.52868EPSS

Exploits5References3Affected Software1

securityvulns•added 2011/05/21 12:0 a.m.•60 views

HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic

Vulnerability ID: HTB22981 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinphpcalendarbasic.html Product: PHP Calendar Basic Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.3 and probably prior versions Vendor Notification: 03 May 2011...

securityvulns•added 2011/05/21 12:0 a.m.•55 views

Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure

Security Advisory: MVSA-11-007 http://www.ventuneac.net/security-advisories/MVSA-11-007 CVE: CVE-2011-2088 Vendors: Apache Software Foundation, OpenSymphony Products: Struts 2, XWork , WebWork Vulnerabilities: Java Class Path Information Disclosure Risk: Medium Attack Vector: From Remote...

5CVSS0.1AI score0.00825EPSS

securityvulns•added 2011/05/21 12:0 a.m.•42 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

5.8CVSS1.6AI score0.0904EPSS

Exploits5References6Affected Software7

securityvulns•added 2011/05/20 12:0 a.m.•74 views

[ MDVSA-2011:092 ] perl-IO-Socket-SSL

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:092 http://www.mandriva.com/security/ Package : perl-IO-Socket-SSL Date : May 18, 2011 Affected: 2010.1 Problem Description: A vulnerability has been found and corrected in perl-IO-Socket-SSL: IO::Socket::SS...

4CVSS6.3AI score0.00564EPSS

securityvulns•added 2011/05/20 12:0 a.m.•53 views

perl multiple security vulnerabilities

Data injection and protection bypass in lc, lcfirst, uc, ucfirst functions and CGI module...

8.5CVSS3.6AI score0.05757EPSS

Exploits4References2Affected Software1

securityvulns•added 2011/05/17 12:0 a.m.•23 views

Ubuntu apturl DoS

Crash on oversized URL...

Exploits0References1Affected Software1

securityvulns•added 2011/05/17 12:0 a.m.•30 views

EMC NetWorker address spoofing

librpc.dll library accepts RPC commands in UDP packets with spoofed IPs...

6.4CVSS2.8AI score0.01647EPSS

Exploits1References2Affected Software1

securityvulns•added 2011/05/17 12:0 a.m.•21 views

Vmware vSphere Management Assistant privilege escalation

It's possible to elevate privileges via sudo because of invalid sudoers file...

Exploits0References1

securityvulns•added 2011/05/17 12:0 a.m.•28 views

[USN-1132-1] apturl vulnerability

========================================================================== Ubuntu Security Notice USN-1132-1 May 16, 2011 apturl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

securityvulns•added 2011/05/17 12:0 a.m.•39 views

Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation

======================================================================= Vmware vSphere Management Assistant vMA - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant vMA Severity : Medium...

securityvulns•added 2011/05/17 12:0 a.m.•67 views

ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability

ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-168 May 16, 2011 -- CVE ID: CVE-2011-0321 & CVE-2011-1210 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: IBM EMC -- Affected Products: IBM Informix EM...

6.4CVSS0.8AI score0.01647EPSS

securityvulns•added 2011/05/17 12:0 a.m.•84 views

[SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1582 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.12-7.0.13 - - Earlier versions are not affected Description: An error in the fixes for...

5.8CVSS0.3AI score0.16364EPSS

securityvulns•added 2011/05/17 12:0 a.m.•51 views

Apache Tomcat protection bypass

@ServletSecurity parameters are ignored...

5.8CVSS3.3AI score0.16364EPSS

Exploits1References2Affected Software1

securityvulns•added 2011/05/17 12:0 a.m.•47 views

[security bulletin] HPSBMA02681 SSRT100493 rev.1 - HP Business Availability Center (BAC) Running on Windows and Solaris, Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02823184 Version: 1 HPSBMA02681 SSRT100493 rev.1 - HP Business Availability Center BAC Running on Windows and Solaris, Remote Cross Site Scripting XSS NOTICE: The information in this Security...

4.3CVSS0.00701EPSS

securityvulns•added 2011/05/16 12:0 a.m.•29 views

Linux kernel ICMP DoS

Crash on ICMP handling may be blindly remotely exploited from spoofed addresses...

Exploits0References1Affected Software1

securityvulns•added 2011/05/16 12:0 a.m.•47 views

Adobe Audition buffer overflow

Buffer overflow on .ses files parsing...

9.3CVSS4.9AI score0.07997EPSS

Exploits2References1Affected Software1

securityvulns•added 2011/05/16 12:0 a.m.•27 views

FastStone multiple security vulnerabilities

Multiple vulnerabilities on ZIP files processing...

Exploits0References1

securityvulns•added 2011/05/16 12:0 a.m.•19 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Exploits0References2Affected Software2

securityvulns•added 2011/05/16 12:0 a.m.•18 views

Novell eDirectoryr / Netware DoS

Memory exhaustion on LDAP-SSL processing...

Exploits0References1

securityvulns•added 2011/05/16 12:0 a.m.•25 views

NSENSE-2011-002: Novell eDirectory/Netware LDAP-SSL daemon

nSense Vulnerability Research Security Advisory NSENSE-2011-002 --------------------------------------------------------------- Affected Vendor: Novell Affected Product: Netware, eDirectory Platform: Netware / Linux Impact: Remote Denial of Service Vendor response: Patch CVE: None Credit: Knud /...

securityvulns•added 2011/05/16 12:0 a.m.•34 views

Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer

The FastStone image viewer http://www.faststone.org/ and most probably other FastStone products too contains a 3rd party ZipDll.dll 1.6.0.0 dated 2001-10-28. This DLL was originally written by Chris Vleghert and Eric W. Engler, based on InfoZIPs http://infozip.org code from 2000. It is but...

securityvulns•added 2011/05/16 12:0 a.m.•52 views

[ MDVSA-2011:083 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:083 http://www.mandriva.com/security/ Package : wireshark Date : May 12, 2011 Affected: 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: This advisory updates wireshark to the latest...

9.3CVSS8.2AI score0.77213EPSS

securityvulns•added 2011/05/16 12:0 a.m.•50 views

ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability. EMC Identifier: ESA-2011-016 CVE Identifier: CVE-2011-1424 Severity Rating: CVSS v2 Base Score: 6.8 AV:N/AC:L/Au:S/C:C/I:N/A:N Affected products: EMC SW: EMC...

3.5CVSS6.3AI score0.00162EPSS

securityvulns•added 2011/05/16 12:0 a.m.•35 views

Linux Kernel 2.6.38 Remote NULL Pointer Dereference

Linux Kernel 2.6.38 Remote NULL Pointer Dereference ==================================================== Advisory Information Title: Linux kernel 2.6.38: Remote NULL pointer dereference Release date: 11/05/2011 Last update: 11/05/2011 Credits: Aristide Fattori, Universitа degli Studi di Milano...

securityvulns•added 2011/05/16 12:0 a.m.•46 views

PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web Conferencing)

PR10-15: Multiple XSS flaws within Mitel's AWC Mitel Audio and Web Conferencing Vulnerability found: 21st July 2010 Vendor informed: 26th July 2010 Vulnerability fixed: Severity: High Description: Mitel Audio and Web Conferencing AWC are a simple, cost-effective and scalable audio and web...

securityvulns•added 2011/05/16 12:0 a.m.•44 views

CORE-2011-0204: Adobe Audition vulnerability processing malformed session file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Adobe Audition vulnerability processing malformed session file 1. Advisory Information Title: Adobe Audition vulnerability processing malformed session file Advisory ID:...

9.3CVSS7.8AI score0.07997EPSS

Total number of security vulnerabilities47153