Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2011/05/01 12:0 a.m.78 views

Mozilla Foundation Security Advisory 2011-17

Mozilla Foundation Security Advisory 2011-17 Title: WebGLES vulnerabilities Impact: Critical Announced: April 28, 2011 Products: Firefox Fixed in: Firefox 4.0.1 Description Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature and fixed in Firefox...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.72 views

[Onapsis Security Advisory 2011-011] Oracle JD Edwards JDENET Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-011: Oracle JD Edwards JDENET Buffer Overflow This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.62 views

ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability

ZDI-11-152: HP Data Protector Backup Client Service GETFILE Directory Traversal Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-152 April 29, 2011 -- CVE ID: CVE-2011-1736 -- CVSS: 7.8, AV:N/AC:L/Au:N/C:C/I:N/A:N -- Affected Vendors: Hewlett-Packard -- Affected Products:...

8.5CVSS0.6AI score0.09774EPSS
Exploits0
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.50 views

ZDI-11-148: HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability

ZDI-11-148: HP Data Protector Backup Client Service stutil Message Processing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-148 April 29, 2011 -- CVE ID: CVE-2011-1732 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected...

10CVSS0.8AI score0.24744EPSS
Exploits0
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.47 views

[Onapsis Security Advisory 2011-013] Oracle JD Edwards JDENET USRBROADCAST Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-013: Oracle JD Edwards JDENET USRBROADCAST Denial of Service This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access...

7AI score
Exploits0
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.56 views

ZDI-11-147: HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability

ZDI-11-147: HP Data Protector Backup Client Service EXECINTEGUTIL Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-147 April 29, 2011 -- CVE ID: CVE-2011-1731 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...

10CVSS1AI score0.14926EPSS
Exploits0
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.62 views

ZDI-11-144: HP Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability

ZDI-11-144: HP Data Protector Backup Client Service EXECBAR Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-144 April 29, 2011 -- CVE ID: CVE-2011-1728 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products:...

10CVSS1AI score0.13614EPSS
Exploits0
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.92 views

Mozilla Foundation Security Advisory 2011-13

Mozilla Foundation Security Advisory 2011-13 Title: Multiple dangling pointer vulnerabilities Impact: Critical Announced: April 28, 2011 Reporter: regenrecht Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.17 Firefox 3.5.19 SeaMonkey 2.0.14 Description Security researcher regenrecht reported...

10CVSS1.4AI score0.73655EPSS
Exploits15
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.126 views

Mozilla Foundation Security Advisory 2011-16

Mozilla Foundation Security Advisory 2011-16 Title: Directory traversal in resource: protocol Impact: Moderate Announced: April 28, 2011 Reporter: Soroush Dalili Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.17 Firefox 3.5.19 Thunderbird 3.1.10 SeaMonkey 2.0.14 Description...

5CVSS0.7AI score0.02795EPSS
Exploits1
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.62 views

Mozilla Foundation Security Advisory 2011-14

Mozilla Foundation Security Advisory 2011-14 Title: Information stealing via form history Impact: Moderate Announced: April 28, 2011 Reporter: Paul Stone Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.17 Firefox 3.5.19 SeaMonkey 2.0.14 Description Security researcher Paul Stone reported that ...

5CVSS9.2AI score0.02175EPSS
Exploits1
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.69 views

Mozilla Foundation Security Advisory 2011-15

Mozilla Foundation Security Advisory 2011-15 Title: Escalation of privilege through Java Embedding Plugin Impact: Critical Announced: April 28, 2011 Reporter: David Remahl Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.17 Firefox 3.5.19 SeaMonkey 2.0.14 Description David Remahl of Apple Produ...

7.5CVSS1.2AI score0.01779EPSS
Exploits0
securityvulns
securityvulns
added 2011/05/01 12:0 a.m.76 views

Mozilla Foundation Security Advisory 2011-18

Mozilla Foundation Security Advisory 2011-18 Title: XSLT generate-id function heap address leak Impact: Low Announced: April 28, 2011 Reporter: Chris Evans Products: Firefox, SeaMonkey Fixed in: Firefox 4.0.1 Firefox 3.6.17 Firefox 3.5.19 SeaMonkey 2.0.14 Description Chris Evans of the Chrome...

5CVSS7.6AI score0.02416EPSS
Exploits1
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.26 views

HP OpenView Storage Data Protector code execution

No description provided...

2.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.45 views

NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write

LibAVCodec AMV Out of Array Write 27/04/2011 Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.39 views

Code Execution в WordPress 2.5 - 3.1.1

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Code Execution уязвимости в WordPress. Возможна Code Execution WASC-31 атака в WordPress через аплоадер. Атака может быть проведена пользователями с правами Author, Editor и Administrator. В WordPress 2.5 - 2.8.4 можно загружать php скрипти 1.php ...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.35 views

CA Arcot WebFort Versatile Authentication Server security vulnerabilities

Crossite scripting, request spoofing...

5.8CVSS2.7AI score0.01363EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.110 views

XSS in Webmin 1.540 + exploit for privilege escalation

Information -------------------- Name : XSS vulnerability in Webmin Software : All versions prior to and including 1.540 are affected. Vendor Hompeage : http://www.webmin.com Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Javier Bassi javierbassi at gmail dot com...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.47 views

NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write

LibAVCodec AMV Out of Array Write 27/04/2011 Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.63 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager Document ID: 112878 Advisory ID: cisco-sa-20110427-cucm Revision 1.0 For Public Release 2011 April 27 1600 UTC GMT...

8.5CVSS1AI score0.24822EPSS
Exploits1
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.41 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

4.3CVSS1.6AI score0.03287EPSS
Exploits0References13Affected Software6
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.96 views

NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write

LibAVCodec AMV Out of Array Write 27/04/2011 Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.43 views

rsync memory corruption

Memory corruption on server reply parsing...

5.1CVSS3.1AI score0.03163EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.59 views

[security bulletin] HPSBMA02654 SSRT100441 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02781143 Version: 1 HPSBMA02654 SSRT100441 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as...

10CVSS0.7AI score0.81081EPSS
Exploits50
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.63 views

AST-2011-005: File Descriptor Resource Exhaustion

Asterisk Project Security Advisory - AST-2011-005 Product Asterisk Summary File Descriptor Resource Exhaustion Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated TCP Based Sessions TCP SIP, Skinny, Asterisk Manager Interface, and HTTP sessions Severity Moderate Exploits...

5CVSS0.2AI score0.02504EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.36 views

Asterisk security vulnerabilities

Privilege escalation DoS via resources exhaustion...

5CVSS3.8AI score0.02504EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2011/04/27 12:0 a.m.139 views

CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server

-----BEGIN PGP SIGNED MESSAGE----- CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server Issued: April 26, 2011 CA Technologies support is alerting customers to multiple security risks with CA Arcot WebFort Versatile Authentication Server. Two vulnerabilities exist...

5.8CVSS1AI score0.01363EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.74 views

HTB22956: XSS vulnerabilities in phpList

Vulnerability ID: HTB22956 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphplist.html Product: phpList Vendor: Tincan Ltd http://www.phplist.com/ Vulnerable Version: 2.10.13 and probably prior versions Vendor Notification: 12 April 2011 Vulnerability Type: XSS Risk level: Medium...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.108 views

AT-TFTP Server Remote Denial of Service Vulnerability

AT-TFTP Server v1.8 Remote Denial of Service Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1013 01/04/2011 Issue Discovered 04/04/2011 Vendor Notified No Response from the Vendor 25/04/2011 Advisory Released Class: Denial of Service Severity: High Overview:...

1AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.79 views

HTB22954: Path disclousure in yappa-ng Photo Gallery

Vulnerability ID: HTB22954 Reference: http://www.htbridge.ch/advisory/pathdisclousureinyappangphotogallery.html Product: yappa-ng Photo Gallery Vendor: http://www.zirkon.at/ http://www.zirkon.at/ Vulnerable Version: 2.3.2 Vendor Notification: 12 April 2011 Vulnerability Type: Path disclousure Ris...

Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.46 views

HTB22951: XSS in WP-Ajax-Recent-Posts wordpress plugin

Vulnerability ID: HTB22951 Reference: http://www.htbridge.ch/advisory/xssinwpajaxrecentpostswordpressplugin.html Product: WP-Ajax-Recent-Posts wordpress plugin Vendor: QiQiBoY http://www.qiqiboy.com/ Vulnerable Version: 1.0.1 Vendor Notification: 12 April 2011 Vulnerability Type: XSS Cross Site...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.143 views

[security bulletin] HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02735590 Version: 1 HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack PSP Running on Linux and Windows, Remote Cross Site Scripting XSS, URL Redirection, Information Disclosure NOTICE: The...

5CVSS0.2AI score0.02188EPSS
Exploits1
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.34 views

AT-TFTP DoS

Crash if no acknowledgment is recevied after file is retrieved...

3.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.21 views

Kaspersky administration Kit SMB relaying attack

Network is automatically scanned and hosts found are automatically connected via SMB with administrative permissions, making it possible SMB relaying attack...

3.5AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.52 views

[security bulletin] HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02789514 Version: 1 HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure NOTICE: The information in this Security Bulletin...

5CVSS0.2AI score0.02436EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.93 views

[security bulletin] HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Document ID: c02807712 Version: 1 HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting XSS and HTML Injection NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-04-21 Last Update...

4.3CVSS0.2AI score0.03287EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.52 views

HTB22948: Path disclosure in Cotonti

Vulnerability ID: HTB22948 Reference: http://www.htbridge.ch/advisory/pathdisclosureincotonti.html Product: Cotonti Vendor: Cotonti Team http://www.cotonti.com/ Vulnerable Version: Siena 0.9.0 Vendor Notification: 12 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech...

Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.51 views

HP Proliant Support Pack multiple security vulneraebilities

Crossite scripting, information leakage...

5CVSS1.1AI score0.02188EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.52 views

HP Insight Control multiple security vulnerabilities

Privilege escalation, code execution, information leakage, DoS...

7.6CVSS2.2AI score0.22145EPSS
Exploits0References1
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.181 views

[security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02794777 Version: 1 HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux IC-Linux, Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information...

7.6CVSS0.7AI score0.22145EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.39 views

Уязвимости во многих темах и компонентвх для Joomla

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах и компонентах для Joomla. Подобно уязвимостям во многих темах для WordPress, Drupal и ExpressionEngine, также уязвимыми являются...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.34 views

XSS in Webmin 1.540 + exploit for privilege escalation

Information -------------------- Name : XSS vulnerability in Webmin Software : All versions prior to and including 1.540 are affected. Vendor Hompeage : http://www.webmin.com Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Javier Bassi javierbassi at gmail dot com...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.63 views

HTB22957: XSRF (CSRF) in phpList

Vulnerability ID: HTB22957 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphplist.html Product: phpList Vendor: Tincan Ltd http://www.phplist.com/ Vulnerable Version: 2.10.13 and probably prior versions Vendor Notification: 12 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery...

Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.90 views

HP System Management Homepage multiple security vulnerabilities

Crossite scripting, code execution, DoS...

10CVSS1.1AI score0.13333EPSS
Exploits10References1Affected Software1
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.84 views

HTB22953: XSS in Max's PHP Photo Album

Vulnerability ID: HTB22953 Reference: http://www.htbridge.ch/advisory/xssinmaxsphpphotoalbum.html Product: Max's PHP Photo Album Vendor: http://www.phpf1.com http://www.phpf1.com Vulnerable Version: 2008-04-01 Vendor Notification: 12 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.34 views

AST-2011-006: Asterisk Manager User Shell Access

Asterisk Project Security Advisory - AST-2011-006 Product Asterisk Summary Asterisk Manager User Shell Access Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known Yes Reported On February 10, 2011 Reported By Mark Murawski markm AT...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.136 views

HTB22955: Path disclosure in BuddyPress WordPress plugin

Vulnerability ID: HTB22955 Reference: http://www.htbridge.ch/advisory/pathdisclosureinbuddypresswordpressplugin.html Product: BuddyPress Vendor: BuddyPress http://buddypress.org/ Vulnerable Version: 1.2.8 Vendor Notification: 12 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credi...

7AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.40 views

[DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay

Digital Security Research Group DSecRG Advisory DSECRG-11-018 Application: Kaspersky Administration Kit Versions Affected: from 6.0 Vendor URL: http://www.kaspersky.com Bug: Design flaw Exploits: YES Reported: 22.01.2011 Vendor response: 22.01.2011 Solution: disable IP scan Date of Public Advisor...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.205 views

[security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02735910 Version: 1 HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service DoS NOTICE:...

10CVSS0.5AI score0.13333EPSS
Exploits10
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.64 views

HTB22952: XSS vulnerabilities in Noah's Classifieds

Vulnerability ID: HTB22952 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinnoahsclassifieds.html Product: Noah's Classifieds Vendor: Noah's Classifieds http://www.noahsclassifieds.org/ Vulnerable Version: 5.0.4 and probably prior versions Vendor Notification: 12 April 2011...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/04/26 12:0 a.m.55 views

Re: [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay

It was closed only for relayng to the same host but it is imposible to close relayng on another host which run processes st the same account. And also smbrelay patch did not work on clusters http://dsecrg.blogspot.com/2011/01/passthehash-bible-1-attacking.html...

7.1AI score
Exploits0
Total number of security vulnerabilities47153