Securityvulns - Page 190 of Securityvulns Vulnerabilities List | Vulners.com

SecurityvulnsRecent

Recent Most viewed

47153 matches found

securityvulns•added 2011/05/08 12:0 a.m.•32 views

VMWare vCenter Server / vSphere Client security vulnerabilities

Directory traversal, information leakage...

5CVSS3.4AI score0.00361EPSS

Exploits0References1Affected Software2

securityvulns•added 2011/05/08 12:0 a.m.•30 views

Cisco IOS UDP flood DoS

UDP packets flooding leads to CPU exhaustion...

Exploits0References3Affected Software1

securityvulns•added 2011/05/08 12:0 a.m.•34 views

ISC bind DoS

Crash on RRSIG request processing if Response Policy Zones are used...

Exploits0References1Affected Software1

securityvulns•added 2011/05/08 12:0 a.m.•34 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Exploits0References9Affected Software7

securityvulns•added 2011/05/08 12:0 a.m.•66 views

exim format string vulnerability

Format string vulnerability on DKIM data obtained from DNS...

7.5CVSS2.4AI score0.04718EPSS

Exploits0References1Affected Software1

securityvulns•added 2011/05/08 12:0 a.m.•146 views

HTB22969: CSRF (Cross-Site Request Forgery) in VCalendar

Vulnerability ID: HTB22969 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinvcalendar.html Product: VCalendar Vendor: UltraApps http://ultraapps.com Vulnerable Version: 1.1.5 Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level:...

securityvulns•added 2011/05/08 12:0 a.m.•81 views

[USN-1111-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-1111-1 May 05, 2011 linux-source-2.6.15 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

7.8CVSS1.4AI score0.06726EPSS

securityvulns•added 2011/05/08 12:0 a.m.•65 views

[SECURITY] [DSA 2232-1] exim4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2232-1 [email protected] http://www.debian.org/security/ Florian Weimer May 06, 2011 http://www.debian.org/security/faq -...

7.5CVSS2AI score0.04718EPSS

securityvulns•added 2011/05/08 12:0 a.m.•36 views

Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Response: Cisco IOS Software Denial of Service Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sr-20110505-ios.shtml Revision 1.0 For Public Release 2011 May 05 1600 UTC GMT Cisco Response ============== This is the Cisco...

securityvulns•added 2011/05/08 12:0 a.m.•36 views

Silently Pwning Protected-Mode IE9 and Innocent Windows Applications

Our advanced binary planting research goes on... and it's time to reveal some interesting hacks, for instance how to exploit binary planting or DLL hijacking, if you prefer the less suitable term to execute remote malicious code through Internet Explorer 9 in protected mode on Windows 7 - without...

securityvulns•added 2011/05/08 12:0 a.m.•77 views

HTB22971: XSRF (CSRF) in PHPDug

Vulnerability ID: HTB22971 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Ri...

securityvulns•added 2011/05/08 12:0 a.m.•28 views

Уязвимости в Silverstripe CMS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force, Insufficient Anti-automation и Abuse of Functionality уязвимостях в Silverstripe CMS. Brute Force WASC-11: http://site/Security/login Insufficient Anti-automation WASC-21: http://site/contact-us/ http://site/Security/lostpassword В...

securityvulns•added 2011/05/08 12:0 a.m.•50 views

Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: https://www.isc.org/CVE-2011-1907 is the authoritative source for this Security Advisory. Please check the source for any updates. Summary: When a name server is configured with a response policy zone RPZ, queries for type RRSIG can trigger a...

5CVSS8.4AI score0.22416EPSS

securityvulns•added 2011/05/08 12:0 a.m.•64 views

[SECURITY] [DSA 2231-1] otrs2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2231-1 [email protected] http://www.debian.org/security/ Florian Weimer June 6, 2011 http://www.debian.org/security/faq -...

4.3CVSS1.8AI score0.00454EPSS

securityvulns•added 2011/05/08 12:0 a.m.•36 views

HTB22973: XSS in AJAX Calendar

Vulnerability ID: HTB22973 Reference: http://www.htbridge.ch/advisory/xssinajaxcalendar.html Product: AJAX Calendar Vendor: OpenCrypt http://www.opencrypt.com Vulnerable Version: 1.0 Vendor Notification: 21 April 2011 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by Vendor Risk level...

securityvulns•added 2011/05/08 12:0 a.m.•128 views

HTB22970: Multiple XSS vulnerabilities in PHPDug

Vulnerability ID: HTB22970 Reference: http://www.htbridge.ch/advisory/multiplexssvulnerabilitiesinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type: XSS Cross Site...

securityvulns•added 2011/05/08 12:0 a.m.•81 views

HTB22972: Multiple SQL injection vulnerabilities in PHPDug

Vulnerability ID: HTB22972 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionvulnerabilitiesinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type: SQL...

securityvulns•added 2011/05/08 12:0 a.m.•73 views

PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management

PR10-13: Multiple XSS and Authentication flaws within BMC Remedy Knowledge Management Vulnerability found: 17th July 2010 Vendor informed: Vulnerability fixed: Severity: High Description: BMC Remedy Knowledge Management provides service desk analysts with a knowledge base of easy-to-find solution...

securityvulns•added 2011/05/08 12:0 a.m.•142 views

HTB22968: XSS in PHP Directory Listing Script

Vulnerability ID: HTB22968 Reference: http://www.htbridge.ch/advisory/xssinphpdirectorylistingscript.html Product: PHP Directory Listing Script Vendor: http://www.evoluted.net http://www.evoluted.net Vulnerable Version: 3.1 Vendor Notification: 21 April 2011 Vulnerability Type: XSS Cross Site...

securityvulns•added 2011/05/08 12:0 a.m.•66 views

VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0008 Synopsis: VMware vCenter Server and vSphere Client security vulnerabilities Issue date: 2011-05-05 Updated on: 2011-05-05...

5CVSS5.7AI score0.00361EPSS

securityvulns•added 2011/05/05 12:0 a.m.•30 views

ICONICS WebHMI ActiveX buffer overflow

Stack buffer overflow in SetActiveXGUID method...

Exploits0References1

securityvulns•added 2011/05/05 12:0 a.m.•24 views

SIPDroid information leak

User information is leaked in reply to INVEITE message...

Exploits0References1Affected Software1

securityvulns•added 2011/05/05 12:0 a.m.•20 views

ZyXEL ZyWALL USG unauthorized access

Unauthenticated configuration access is possible, authorization is performed on client side...

Exploits0References2

securityvulns•added 2011/05/05 12:0 a.m.•21 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Exploits0References3

securityvulns•added 2011/05/05 12:0 a.m.•83 views

OpenSSH ssh-keysign information leak

File descriptor for private keys file is not closed on exeternal application execution...

Exploits0References1Affected Software1

securityvulns•added 2011/05/05 12:0 a.m.•38 views

CSRF (Cross-Site Request Forgery) in FREELANCER

Product: FREELANCER Vendor: http://www.got.my http://www.got.my/FREELANCER/ Vulnerable Version: 1.0.0 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Low Credit: Hector.x90 Vulnerability Details: The vulnerability exists due to failure in the "index.php" script to properly verify...

securityvulns•added 2011/05/05 12:0 a.m.•44 views

Revised: Portable OpenSSH security advisory: portable-keysign-rand-helper.adv

OpenSSH Security Advisory: portable-keysign-rand-helper.adv This document may be found at: http://www.openssh.com/txt/portable-keysign-rand-helper.adv 1. Vulnerability Portable OpenSSH's ssh-keysign utility may allow unauthorised local access to host keys on platforms if ssh-rand-helper is used. ...

securityvulns•added 2011/05/05 12:0 a.m.•73 views

[RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances

Advisory: Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances Unauthenticated users with access to the management web interface of certain ZyXEL ZyWALL USG appliances can download and upload configuration files, that are applied automatically. Details =======...

securityvulns•added 2011/05/05 12:0 a.m.•134 views

[RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface

Advisory: Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface The ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited acce...

securityvulns•added 2011/05/05 12:0 a.m.•76 views

XSS in CLASSIFIED ADS

Product: CLASSIFIED ADS Vendor: http://www.got.my http://www.got.my/CLASSIFIED-ADS/ Vulnerable Version: 2.9.1 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: Hector.x90 Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable application. The...

securityvulns•added 2011/05/05 12:0 a.m.•50 views

Security-Assessment.com Advisory: ICONICS WebHMI ActiveX Stack Overflow

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. ICONICS WebHMI ActiveX Stack Overflow Vendor Link: http://www.iconics.com/ PDF: http://www.security-assessment.com/files/documents/advisory/ICONICSWebHMI.pdf +-----------+...

securityvulns•added 2011/05/05 12:0 a.m.•50 views

Path disclousure in MEGA PORTAL

Product: MEGA PORTAL Vendor: http://www.got.my Demo: http://www.got.my/MEGA-PORTAL/ Vulnerability Type: Path disclosure Risk level: medium Credit: Hector.x90 Vulnerability Details: A remote user can determine the full path to the web root directory and other potentially sensitive information. The...

securityvulns•added 2011/05/05 12:0 a.m.•44 views

SIPDroid user/extension enum

=====Tempest Security Intelligence - Advisory 01/2011 ======================================================================================================================== User enumeration in SIPDroid Agent ---------------------------------- Author: Anibal Vaz Marques de Aguiar anibal.aguiar...

securityvulns•added 2011/05/05 12:0 a.m.•97 views

[USN-1129-1] Perl vulnerabilities

========================================================================== Ubuntu Security Notice USN-1129-1 May 03, 2011 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

8.5CVSS0.6AI score0.05757EPSS

securityvulns•added 2011/05/04 12:0 a.m.•80 views

TeamSHATTER Security Advisory: Oracle Malformed Network Package Spins CPU

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory April 21, 2011 Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2, 11gR1 and 11gR2 on Windows platform Remote exploitable: Yes Credits: This vulnerability was discovered and researched by...

5CVSS0.1AI score0.00705EPSS

securityvulns•added 2011/05/04 12:0 a.m.•182 views

Cisco IOS UDP Denial of Service Vulnerability

Cisco IOS UDP Denial of Service Vulnerability ------------------------------------------------------------------ I. Summary Cisco routers running IOS 15.0 allows a remote attacker to cause a denial of service via a flood of UDP packets a randomly chosen UDP port...

securityvulns•added 2011/05/04 12:0 a.m.•174 views

Cisco IOS SNMP Message Processing Denial Of Service Vulnerability

Cisco IOS SNMP Message Processing Denial Of Service Vulnerability ------------------------------------------------------------------ I. Summary Cisco Internetwork Operating System IOS 15.0 attempts to process SNMP solicited operations on improper ports UDP 161,162, which allows remote attackers t...

securityvulns•added 2011/05/04 12:0 a.m.•65 views

Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities

73 vulnerabilities in different applications...

10CVSS2.4AI score0.87545EPSS

Exploits39References14Affected Software15

securityvulns•added 2011/05/03 12:0 a.m.•25 views

Proofpoint Protection Server crossite scripting

Crossite scripting in web interface...

Exploits0References1Affected Software1

securityvulns•added 2011/05/03 12:0 a.m.•21 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Exploits0References8Affected Software6

securityvulns•added 2011/05/03 12:0 a.m.•86 views

Proofpoint Protection Server Cross-Site Scripting Vulnerability - SOS-11-005

Sense of Security - Security Advisory - SOS-11-005 Release Date. 03-May-2011 Last Update. - Vendor Notification Date. 28-Apr-2011 Product. Proofpoint Protection Server Platform. Appliance Affected versions. 5.5.5 verified, and possibly others Severity Rating. Medium Impact. Cookie/credential thef...

securityvulns•added 2011/05/03 12:0 a.m.•204 views

HTB22962: Multiple XSS in YaPiG

Vulnerability ID: HTB22962 Reference: http://www.htbridge.ch/advisory/multiplexssinyapig.html Product: YaPiG Yet Another PHP Image Gallery Vendor: http://yapig.sourceforge.net/ http://yapig.sourceforge.net/ Vulnerable Version: 0.95 Vendor Notification: 19 April 2011 Vulnerability Type: XSS Cross...

securityvulns•added 2011/05/03 12:0 a.m.•44 views

HTB22966: XSS in (e)2 interactive Photo Gallery

Vulnerability ID: HTB22966 Reference: http://www.htbridge.ch/advisory/xssine2interactivephotogallery.html Product: e2 interactive Photo Gallery Vendor: http://www.e2interactive.com http://www.e2interactive.com Vulnerable Version: 0.9 Vendor Notification: 19 April 2011 Vulnerability Type: XSS Cros...

securityvulns•added 2011/05/03 12:0 a.m.•69 views

SQL injection in 4images

Vendor: http://www.got.my http://www.got.my/LINK-EXCHANGE-Script Vulnerable Version: 1.8.9 Vulnerability Type: SQL Injection Risk level: High Credit: Hector.x90 Vulnerability Details: The vulnerability exists due to failure in the "/admin/categories.php" script to properly sanitize user-supplied...

securityvulns•added 2011/05/03 12:0 a.m.•83 views

XSS in DEAL INFORMER

Product: DEAL INFORMER Vendor: http://www.got.my http://www.got.my/DEAL-INFORMER/ Vulnerable Version: 4.8.0 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: Hector.x90 Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable application. The...

securityvulns•added 2011/05/03 12:0 a.m.•73 views

HTB22967: Multiple SQL Injection in Shutter

Vulnerability ID: HTB22967 Reference: http://www.htbridge.ch/advisory/sqlinjectioninshutter.html Product: Shutter Vendor: http://shutter.tenfourzero.net/ http://shutter.tenfourzero.net/ Vulnerable Version: 0.1.4 Vendor Notification: 19 April 2011 Vulnerability Type: SQL Injection Risk level: High...

securityvulns•added 2011/05/03 12:0 a.m.•57 views

XSS in GOT.MY CLASSMATES

Product: CLASSMATES Vendor: http://www.got.my http://www.got.my/CLASSMATES/ Vulnerable Version: 1.1.1 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: Hector.x90 Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable application. The...

securityvulns•added 2011/05/03 12:0 a.m.•34 views

Vino VNC server DoS

Crash on client request processing...

3.5CVSS2.7AI score0.01211EPSS

Exploits0References1

securityvulns•added 2011/05/03 12:0 a.m.•73 views

[USN-1128-1] Vino vulnerabilities

========================================================================== Ubuntu Security Notice USN-1128-1 May 02, 2011 vino vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

3.5CVSS0.2AI score0.01211EPSS

securityvulns•added 2011/05/03 12:0 a.m.•33 views

HTB22963: CSRF (Cross-Site Request Forgery) in SelectaPix Image Gallery

Vulnerability ID: HTB22963 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinselectapiximagegallery.html Product: SelectaPix Image Gallery Vendor: http://www.outofthetrees.co.uk/ http://www.outofthetrees.co.uk/ Vulnerable Version: 1.4.1 Vendor Notification: 19 April 2011...

Total number of security vulnerabilities47153