Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
added 2011/04/19 12:0 a.m.55 views

ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability

ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-129 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...

10CVSS0.7AI score0.88655EPSS
Exploits12
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.87 views

About the security content of Safari 5.0.5

About the security content of Safari 5.0.5 Last Modified: April 14, 2011 Article: HT4596 Email this article Print this page Summary This document describes the security content of Safari 5.0.5. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until...

10CVSS0.1AI score0.09754EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.45 views

HTB22939: Multiple SQL Injection in Universal Post Manager wordpress plugin

Vulnerability ID: HTB22939 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectioninuniversalpostmanagerwordpressplugin.html Product: Universal Post Manager wordpress plugin Vendor: ProfProjects Artyom Chakhoyan http://www.profprojects.com/ Vulnerable Version: 1.0.9 Vendor Notification: 0...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.27 views

IBM Tivoli Directory Server buffer overflow

Buffer overflow in LDAP TCP/389 CRAM-MD5 authentication...

10CVSS3.7AI score0.15723EPSS
Exploits5References1
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.50 views

ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability

ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-130 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...

10CVSS0.6AI score0.88655EPSS
Exploits12
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.36 views

HTB22941: CSRF (Cross-Site Request Forgery) in Dalbum

Vulnerability ID: HTB22941 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryindalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ http://www.dalbum.org/ Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.61 views

HTB22937: Path disclosure in Universal Post Manager wordpress plugin

Vulnerability ID: HTB22937 Reference: http://www.htbridge.ch/advisory/pathdisclosureinuniversalpostmanagerwordpressplugin.html Product: Universal Post Manager wordpress plugin Vendor: ProfProjects Artyom Chakhoyan http://www.profprojects.com/ Vulnerable Version: 1.0.9 Vendor Notification: 05 Apri...

Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.39 views

Уязвимости во многих темах для ExpressionEngine

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах для ExpressionEngine. Уязвимыми являются следующие темы для ExpressionEngine: Fresh News, Inspire, City Guide, Delegate, Optimize,...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.39 views

ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability. EMC Identifier: ESA-2011-013 CVE Identifier: CVE-2011-1421 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products: EMC SW: EMC...

6.9CVSS2.9AI score0.00308EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.67 views

HTB22932: Multiple XSS in webSPELL

Vulnerability ID: HTB22932 Reference: http://www.htbridge.ch/advisory/multiplexssinwebspell.html Product: webSPELL Vendor: http://www.webspell.org/ http://www.webspell.org/ Vulnerable Version: 4.2.2a Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Mediu...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.74 views

ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability

ZDI-11-135: Pwn2Own WebKit WBR Tag Removal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-135 April 14, 2011 -- CVE ID: CVE-2011-1344 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPointTM IP...

6.8CVSS0.3AI score0.05916EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.37 views

HTB22940: XSS in SocialGrid wordpress plugin

Vulnerability ID: HTB22940 Reference: http://www.htbridge.ch/advisory/xssinsocialgridwordpressplugin.html Product: SocialGrid wordpress plugin Vendor: Michael Whalen http://whalesalad.com Vulnerable Version: 2.3 Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.48 views

ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication On-Premise Flash File Security Patch Advisories Updated April 14, 2011 Summary: A potential cross-site scripting vulnerability has been identified in RSA...

4.3CVSS0.3AI score0.01269EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.52 views

HTB22934: SQL Injection in WP-StarsRateBox wordpress plugin

Vulnerability ID: HTB22934 Reference: http://www.htbridge.ch/advisory/sqlinjectioninwpstarsrateboxwordpressplugin.html Product: WP-StarsRateBox wordpress plugin Vendor: www.starsrate.com www.starsrate.com Vulnerable Version: 1.1 Vendor Notification: 05 April 2011 Vulnerability Type: SQL Injection...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.33 views

EMC Networker weak permissions

Weak permissions for executable file...

6.9CVSS2.3AI score0.00308EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.24 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References14Affected Software9
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.57 views

ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability

ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-131 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...

10CVSS0.7AI score0.88655EPSS
Exploits12
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.92 views

VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)

VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability CVE-2011-1344 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser,...

6.8CVSS9.5AI score0.05916EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.74 views

ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability

ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-134 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total...

10CVSS0.8AI score0.88655EPSS
Exploits12
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.54 views

HTB22943: XSS in Dalbum

Vulnerability ID: HTB22943 Reference: http://www.htbridge.ch/advisory/xssindalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ http://www.dalbum.org/ Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: High-Tec...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.41 views

HTB22931: XSS vulnerability in InTerra Blog Machine

Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachine.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31 March 2011...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.66 views

[DCA-2011-0011] - Ocomon Multiple SQL Injection

DCA-2011-0011 Discussion - DcLabs Security Research Group advises about following vulnerabilityies: Software - Ocomon Vendor Product Description - The OCOMON came in March 2002 as a personal project of programmer Franque Custodio, with the initial characteristics of the registration, monitoring,...

8.4AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.74 views

ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability

ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-127 April 13, 2011 -- CVE ID: CVE-2011-1655 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Tota...

7.5CVSS1AI score0.11975EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.43 views

HTB22942: Path disclousure in Dalbum

Vulnerability ID: HTB22942 Reference: http://www.htbridge.ch/advisory/pathdisclousureindalbum.html Product: Dalbum Vendor: http://www.dalbum.org/ http://www.dalbum.org/ Vulnerable Version: 1.43 Vendor Notification: 05 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tec...

7AI score
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.66 views

ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability

ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-133 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense...

10CVSS0.7AI score0.88655EPSS
Exploits12
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.79 views

[security bulletin] HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02788734 Version: 1 HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access NOTICE: The information in this Security...

6.5CVSS0.5AI score0.01372EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.97 views

ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability

ZDI-11-104: Pwn2Own Webkit CSS Text Element Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-104 April 14, 2011 -- CVE ID: CVE-2011-1290 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit --...

10CVSS1.1AI score0.09754EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.25 views

EMC RSA Adaptive Authenticatio crossite scripting

Flash file crossite scripting...

4.3CVSS2.3AI score0.01269EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.70 views

ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability

ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-126 April 13, 2011 -- CVE ID: CVE-2011-1654 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total Defense Suite ...

7.5CVSS0.8AI score0.11423EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.54 views

ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability

ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-132 April 13, 2011 -- CVE ID: CVE-2011-1653 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: CA -- Affected Products: CA Total...

10CVSS0.6AI score0.88655EPSS
Exploits12
securityvulns
securityvulns
added 2011/04/19 12:0 a.m.160 views

[USN-1110-1] KDE-Libs vulnerabilities

========================================================================== Ubuntu Security Notice USN-1110-1 April 14, 2011 kde4libs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

4.3CVSS0.5AI score0.02673EPSS
Exploits2
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.61 views

Microsoft Windows multiple security vulnerabilities

SMB client and server memory corruption, Fax Cover Page Editor memory corruption, MFC library unsafe DLL loading, MHTML library information leak, GDI+ library integer overflow, DNS client memory corruption, memory corruption in .Net Framework, memory corruption in JScript / VBScript engines, stac...

10CVSS3.1AI score0.68084EPSS
Exploits7References2Affected Software1
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.46 views

XSS, AoF и IAA уязвимости в PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Abuse of Functionality и Insufficient Anti-automation уязвимостях в PHP-Nuke. XSS WASC-08: POST запрос на странице http://site/modules.php?name=Downloads " style="-moz-binding:url'http://websecurity.com.ua/webtools/xss.xmlxss...

7AI score
Exploits0
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.78 views

VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034)

VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability CVE-2011-0034 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft...

9.3CVSS0.2AI score0.27925EPSS
Exploits1
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.68 views

VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption (CVE-2011-1345)

VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption CVE-2011-1345 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows li...

9.3CVSS8.3AI score0.40875EPSS
Exploits1
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.26 views

Уязвимости во многих темах для Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах для Drupal. Уязвимыми являются следующие темы для Drupal: Fresh News, Inspire, Spectrum, Delegate, Optimize, Bueno, Headlines, Daily...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.52 views

Microsoft Internet Explorer multiple security vulnerabilities

Multiple memory corruptions and information leaks...

9.3CVSS1.8AI score0.40875EPSS
Exploits4References4Affected Software1
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.34 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References3Affected Software2
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.65 views

VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034)

VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability CVE-2011-0034 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft...

9.3CVSS0.2AI score0.27925EPSS
Exploits1
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.90 views

VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability (CVE-2011-0094)

VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability CVE-2011-0094 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows...

9.3CVSS0.21905EPSS
Exploits1
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.60 views

VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability (CVE-2011-0105)

VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability CVE-2011-0105 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share...

9.3CVSS0.71129EPSS
Exploits10
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.267 views

The BodgeIt Store - another vulnerable web app

Hi folks, I've recently open sourced a vulnerable web app, called The BodgeIt Store: http://code.google.com/p/bodgeit/ Why? Well, you can never have too many vulnerable apps to test against, but also because I've found that many of the existing apps are non trivial to install - they either have a...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2011/04/17 12:0 a.m.76 views

Microsoft Office multiple security vulnerabilities

Multiple memory corruptions in Excel and PowerPoint, unsafe DLL loading, memory corruption in Office Graphic...

9.3CVSS2.8AI score0.71129EPSS
Exploits31References9
securityvulns
securityvulns
added 2011/04/14 12:0 a.m.31 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

1.6AI score
Exploits0References4Affected Software2
securityvulns
securityvulns
added 2011/04/14 12:0 a.m.49 views

[security bulletin] HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02777287 Version: 1 HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as...

6.8CVSS0.3AI score0.02924EPSS
Exploits0
securityvulns
securityvulns
added 2011/04/14 12:0 a.m.36 views

MIT Kerberos 5 memory corruption

Invalid pointer free during password change request processing...

10CVSS2.9AI score0.17945EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/04/14 12:0 a.m.29 views

HP-UX NFS/ONCplus DoS

No description provided...

6.8CVSS0.7AI score0.02924EPSS
Exploits0References1
securityvulns
securityvulns
added 2011/04/14 12:0 a.m.29 views

McAfee Firewall Reporter unauthenticated access

Bug in application logic allows authentication bypass...

4AI score
Exploits0References1
securityvulns
securityvulns
added 2011/04/14 12:0 a.m.34 views

TOTVS ERP Microsiga Protheus buffer overflow

Buffer overflow on network request parsing...

4.8AI score
Exploits0References1
securityvulns
securityvulns
added 2011/04/14 12:0 a.m.19 views

Linksys WRT54G information leakage

Access passwords are stored in the files available via anonymous FTP...

2.5AI score
Exploits0References1
Total number of security vulnerabilities47153